The European Union needs to draw a line between what is acceptable use of hacking tools by law enforcement and what is malicious use of spyware for political and corporate espionage and against journalists and civil society, the bloc’s Vice President Margaritis Schinas said Thursday.
“We need some order, we need a framework, we need judicial guarantees and we need an EU approach to end the malicious use of these products,” Schinas said.
The use of hacking tools has sparked political crises in Poland, Hungary, Spain and Greece, following revelations that political opposition figures, members of civil society and journalists were targeted with hacking software.
Schinas, a Greek national, was nominated to the European Commission by the Greek government and is a member of the ruling New Democracy party of Prime Minister Kyriakos Mitsotakis – a party that’s under heavy fire from political opposition and human rights groups over alleged abuse of spyware by government authorities.
Greece’s bugging furor escalated dramatically on August 5, when two top officials from the center-right administration of Prime Minister Kyriakos Mitsotakis lost their jobs after it transpired that the phone of Nikos Androulakis, head of the center-left Pasok party, had been wiretapped. Mitsotakis’s government admitted it acted wrongly but said the wiretap was conducted legally by the spy service — though it is still refusing to say why, citing national security.
Muddying the case, a separate attempt was made to hack Androulakis’ phone around the same time with illegal software called Predator, but Athens is strenuously denying that its secret agents had any connection with that.
The European Commission itself has also been a victim of spyware. Reuters reported in April that Commissioner Didier Reynders was among several top EU officials who had been targeted by spyware called Pegasus, and POLITICO confirmed that one of those officials was a staffer for European Commission Vice President Věra Jourová.
The European Parliament launched a special inquiry committee to investigate its use but the Commission has struggled to take action against national governments, which have claimed the use of hacking tools falls under national sovereignty. Still, the EU in past years has legislated and litigated how surveillance tools like data retention are used by national security authorities and how it strikes a balance between privacy and security on issues like encryption.
“We do not have such a system for spyware. And this annoys me,” Schinas said.
The vice president said the need to strike “the right balance” between the necessity for intelligence services to “chase the bad guys” while respecting EU rule of law in terms of judicial control and data protection.
The Commission chief was speaking to reporters in Brussels for the launch of a new EU cybersecurity bill, the Cyber Resilience Act, which aims to better protect internet-connected devices from hackers.
The new Internet of Things cybersecurity law could better protect smartphones and software products from spyware intrusions. But the Commission’s proposal steers clear from regulating the use of hacking tools for malicious purposes.
The EU executive will present another bill on Friday to better protect journalists and media across the bloc, called the Media Freedom Act. A draft of the proposal obtainted by POLITICO would stop governments from hacking phones and devices used by journalists and their families to track them. However, it would still leave national capitals with the possibility of using such tools if they can cite national security or a serious crime investigation, POLITICO reported earlier.
UPDATED: This article was updated to include details about Schinas’ political affiliation and the Greek debate around spyware.