Press play to listen to this article
Europe’s spyware scandal just hit the Continent’s top ranks.
The Spanish government on Monday said that Prime Minister Pedro Sánchez was hacked with Pegasus software, an Israeli-made digital hacking tool to snoop on phone communication. Sánchez as well as Defense Minister Margarita Robles fell victim to the malicious software in May and June 2021, in what Madrid called an “illegal and external” intrusion of government communication.
It’s a stark reminder that even the phones of Europe’s most powerful leaders aren’t safe from digital espionage.
Sánchez is the first confirmed head of a European and NATO country to have fallen victim to the spyware. But evidence of political espionage using spyware has been mounting in Europe for months. Researchers revealed last month that scores of political figures in Catalonia were victims of digital spying. Top European Union officials and U.K. government staff may have also been targeted with Pegasus spyware, and there’s also been documented use of Pegasus in Poland and Hungary.
The latest twist in the Pegasus saga ratchets up pressure on lawmakers to curtail the use of spyware, which is used by government agencies worldwide to tap into phones and snoop on targets’ data and communications.
“Our democracy and the security of the European Union are threatened. It requires a firm reaction from the European authorities,” said Saskia Bricmont, member of a European Parliament inquiry committee into Pegasus’ use in Europe. She and other lawmakers are calling for “a strict ban on illegal spying software.”
But the European Parliament will have a way to go before it convinces national governments of the need to crack down on spy software.
European governments have been wary to get into details of spyware — in part because the use of digital hacking tools like Pegasus has served security authorities across the world to fight crime and ward off national security threats.
Spain’s Minister of the Presidency Félix Bolaños on Monday said the hacks of Sánchez’s and Robles’ phones were “illegal and external … They are alien to state agencies and do not have judicial authorization from any official agency.”
The Spanish government’s decision to declassify the intelligence about its leader’s phone is also a shift from how it responded to the news of Pegasus on Catalan leaders’ phones.
Last month, Madrid denied illegally spying on dozens of Catalan independence leaders — but it gave away few to no details about the use of Pegasus by its own intelligence agency CNI. The Catalan government has persisted in its belief that Spanish government authorities are behind the hacks, demanding an investigation into the matter.
On Monday, Catalan regional President Pere Aragonès accused Madrid of double standards. “When mass espionage is conducted against Catalan institutions and independence, we get silence and excuses. Today, everything is in a hurry,” he said on Twitter.
“I know what it’s like to feel spied on … But the double standard is obvious,” he added.
The confirmed hacking of a prime minister’s phone could be the watershed moment that activists and experts have been waiting for.
“There’s an endemic problem with big political incident bodies not understanding the absolutely sharp danger posed by this kind of political hacking,” John Scott-Railton, a leading expert on Pegasus at Canadian research institute Citizen Lab, said in an interview last month.
The European Parliament’s Pegasus inquiry will meet Wednesday in Strasbourg. Lawmakers have sought to move quickly, hoping to use the avalanche of reported hacks as a way to forge consensus on stopping spyware in Europe.
However, the European Commission has so far brushed aside suggestions that it should act, insisting that it is up to national capitals to investigate any instances of spying.
Top Brussels officials have even betrayed a cavalier attitude to digital spying, with the bloc’s digital czar Margrethe Vestager last month appearing to downplay the threat posed by Pegasus and European Justice Commissioner Didier Reynders denying he had received any information on a possible hack of his device.
This article is part of POLITICO Pro
The one-stop-shop solution for policy professionals fusing the depth of POLITICO journalism with the power of technology
Exclusive, breaking scoops and insights
Customized policy intelligence platform
A high-level public affairs network