Authoritarian governments from Azerbaijan to Uganda first deployed it. Now democratic EU governments are joining in.
Two Eastern illiberal leaders, Hungary and Poland, have admitted that they have deployed the Pegasus hacking software system. The revelations will intensify the EU’s efforts to investigate abuse of spyware and tighten privacy rules. Within Europe, the Polish admissions have caused the most internal fallout, with some observers predicting that they will become the country’s equivalent to Watergate.
Produced by Israeli surveillance company NSO Group, Pegasus gives complete access to mobile devices. It extracts details such as passwords, messages, and browsing history, and even activates the device’s microphone and camera, offering a user the ability to spy on targets in real-time.
“Pegasus is a program used by crime and corruption departments in many countries,” Jarosław Kaczyński, the chairman of the ruling right-wing Law and Justice (PiS) party, admitted in an interview. “It would be a pity if the Polish services did not have this kind of tool.”
After the revelations about Pegasus first appeared, the U.S. cracked down. The Commerce Department’s Bureau of Industry and Security blacklisted Pegasus’s manufacturer, the Israeli NSO Group. In its statement, the Commerce Department cited evidence that the company “developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, business people, activists, academics, and embassy workers.”
In Poland, the accusations relate to the 2019 parliamentary elections, which the Law and Justice party won. In his interview, Kaczyński denied that Pegasus was used during the election campaign. “No Pegasus, no services, no secretly-obtained information played any role in the 2019 election campaign,” he said, adding that the opposition simply lost the elections.
Yet the Civic Platform centrist opposition party accuses Law and Justice of spying on one of its senators, Krzysztof Brejza, who ran its 2019 parliamentary election campaign. Brejza’s phone was hacked 33 times ahead of the elections, between April 26 and Oct. 23, 2019, according to findings by the University of Toronto’s nonprofit Citizen Lab, which has long been tracking government abuses of NSO malware. Text messages were taken from his phone and used by the public television broadcaster, TVP, which is loyal to the ruling party.
The revelations have caused a political uproar. On January 12, the opposition-controlled Senate, the upper chamber of Poland’s parliament, established an extraordinary committee to look into the use of Pegasus. Brejza’s party submitted a motion to establish a committee of inquiry in the Sejm, the lower chamber of parliament, which would have greater powers than the Senate committee.
The revelations have caused ripples in the EU. Earlier reports that the Hungarian government deployed Pegasus had led to calls to reinforce privacy protections. Speaking in the European Parliament in September 2021, EU Justice Commissioner Didier Reynders condemned the illegal interception of devices. “Any indication that such intrusion of privacy actually occurred needs to be thoroughly investigated and all responsible for a possible breach have to be brought to justice,” Reynders said.
The new Polish disclosures will increase the pressure for action. Renew Europe, the liberal grouping in the European Parliament, is demanding that the chamber establish a committee of inquiry on abuse of Pegasus spyware throughout the EU. “The European Commission must follow the United States’ example and quickly blacklist Pegasus’ parent company NSO,” said Dutch MEP Sophie in ’t Veld, who co-initiated the inquiry. “Our democracy is at stake.”
Outside of Europe, the ramifications also could be extensive. Amnesty International confirmed the hacking of Polish Senator Brejza’s phone and reaffirmed the need for tighter international rules on surveillance. “These revelations demonstrate yet again why there is an urgent need for a commitment from governments to stop any forms of surveillance that breach human rights and the need for a global moratorium on the export, sale, transfer, and use of surveillance equipment,” said Amnesty International Poland’s Director Anna Błaszczak in a statement.
Polish voters expect explanations: according to a recent poll, almost two-thirds of respondents say that the Polish special services’ use of the Pegasus surveillance needs to be clarified. This week, the head of Poland’s Supreme Audit Office summoned Kaczynski to testify about how the illegal software was used.
Yet Pegasus is unlikely to bring down the Law and Justice government. It has ridden out other scandals in the past. Yet even if the Pegasus affair blows over, it once again shows how the Polish government and the EU see the world differently and will be another issue that divides Warsaw and Brussels.
Annabelle Chapman is a Europe-based journalist. Her articles from Poland and elsewhere have been published in The Economist and other leading international publications. She holds a doctorate from the University of Oxford.
January 20, 2022