EU spyware inquiry fails to put Spain on list of fact-finding trips

EuroActiv Politico News

European lawmakers are planning a series of fact-finding missions to EU member countries to investigate how spyware like Pegasus is used and potentially abused across Europe.

But the single largest country where Pegasus’ use has kicked off a major institutional crisis, Spain, has been bumped off the European Parliament’s itinerary for fear of embarrassing Spanish politicians — including a former Spanish interior minister who sits on the Pegasus inquiry committee — three European Parliament members involved in the planning told POLITICO.

The Parliament’s inquiry committee to investigate the use of Pegasus and other spyware (PEGA) will head to Israel, Poland and Hungary in July, September and October this year but scrapped Spain from its original list of destinations, the officials said. The mission to Spain is now “frozen,” one official added, and the committee could be heading to Washington first.

A visit to Spain hasn’t been ruled out entirely, other members of Parliament said. Not traveling there would appear to be a huge omission for the committee, since Madrid has most recently been plunged into a deep political crisis over Pegasus.

“It seems surprising that there is no majority to approve a delegation to a member state where many cases of the use of Pegasus were discovered — some with judicial authorization,” said one Spanish MEP on the committee, requesting not to be named. “We are going to Washington but not to Spain?!”

A report in the New Yorker magazine in April revealed how the devices of more than 60 people linked to the separatist movement in Spain’s northeastern region of Catalonia had been hacked by Pegasus and other spyware. This triggered fury from Catalan officials, who demanded answers about Madrid’s potential involvement in the hacks.

At least five EU countries have used the Israeli spyware, Pegasus | Joel Saget/AFP via Getty Images

Just two weeks later, in May, the Madrid government said its highest-level officials — including Prime Minister Pedro Sánchez and his defense minister — also fell victim to spyware, with data pointing to the Moroccan government as a plausible suspect. The Moroccan government, however, recently denied it uses Pegasus spyware.

The Spanish government has launched an official investigation into the conduct of its intelligence agency CNI and the agency’s boss was replaced in May, with local media reporting she was sacked over the scandal.

The Parliament’s failure to send its members to Spain to check in on these investigations is a clear illustration of how European politicians have struggled to crack down on spyware, in part because the hacking tools have been used by many EU governments themselves in recent years. Pegasus’ maker, the Israeli firm NSO Group, told the inquiry committee in June that at least five EU countries had purchased the tool.

The two largest groups within the European Parliament — the European People’s Party (EPP) and the Socialists and Democrats (S&D) — have been blocking approval for the trip, three officials said.

Spain’s Prime Minister Sánchez is part of Europe’s network of center-left parties that form the S&D group. A spokesperson for the parliamentary group said it didn’t block any mission and that “all groups proposed missions and then coordinators agreed on a list of priorities.”

For the center-right EPP group, it’s Spanish MEP Juan Ignacio Zoido Álvarez who coordinates the work in the committee. Zoido served as Spain’s interior minister under the government of Mariano Rajoy from 2016 to 2018 — a time frame that overlaps with when the hacking of Catalan separatists happened, according to the Toronto-based research organization Citizen Lab, which has led investigations into Pegasus.

While Spain’s hacking scandal largely revolves around its intelligence agency, which falls under the ministry of defense, the interior ministry also possessed spyware and hacking tools as early as 2014, an email published by WikiLeaks previously showed.

Three MEPs who spoke to POLITICO, most on condition that they wouldn’t be named, believe that Zoido swayed the committee to avoid a mission to Spain. 

In a response to POLITICO, Zoido said a mission to Spain “should not be a priority” for the committee because it “was created on the basis of allegations of the misuse of cybersurveillance tools in countries with ongoing breaches of the rule of law, such as Hungary or Poland.”

“In Spain, both intelligence agencies and security forces fully respect the rule of law, use such tools proportionally and are subject to strict judicial oversight,” he said.

Catalan members of the European Parliament are “trying to hijack the work of the committee in a coordinated effort to spread their propaganda,” Zoido said. “They want to portray Spain as a dictatorial country that does not respect neither the rule of law nor human rights, which is a blatant lie.”

Zoido said he could “neither disclose nor deny any specific information related to the use of surveillance tools” during his term as interior minister.

Diana Riba i Giner, vice chair of the committee and a Catalan member of the Greens, said it was strange that someone who served as interior minister during a time when a national government was believed to have used Pegasus was on the committee to review its use, but added that Zoido was picked as coordinator before the news of the Catalan hacks broke in April. 

The committee may still decide to also visit Germany and Greece, after a German parliament committee found the government had bought Pegasus in 2019 and Greek authorities have been found to use Predator, developed by the North Macedonian company Cytrox.

Assita Kanko, a Belgian conservative member of the PEGA committee, said she “would be worried” if the committee is meeting obstacles in any of its visits.

“If you have nothing to hide, it doesn’t make sense to stop an inquiry committee from paying a visit,” Kanko said about the committee’s upcoming missions.

Laurens Cerulus contributed reporting.

This article is part of POLITICO Pro

The one-stop-shop solution for policy professionals fusing the depth of POLITICO journalism with the power of technology

Exclusive, breaking scoops and insights

Customized policy intelligence platform

A high-level public affairs network