Silent Guardians or Silent Threats? The Shadowy Role of Spyware in Government Surveillance
By Sara Kornya and Marton Toth
A stronger and more contemptuous stand from the European Union (EU) is needed regarding member states’ use of spyware contrary to regulations, such as the GDPR, and the rule of law surrounding checks and balances. The EU must demonstrate that there will be consequences for those who do not respect the democratic processes and rights of their citizens, whom they should protect rather than keep under surveillance.
The Promise of Technology for Terrorist Detection
Spyware is “a type of malicious software — or malware — that is installed on a computing device without the end user’s knowledge. It invades the device, steals sensitive information and internet usage data, and relays it to advertisers, data firms or external users”. Despite its controversial public image regarding its misuse during espionage and surveillance, it has a significant role in anti-terrorist efforts by governments and security services. Its use in counter-terrorist activity today involves, for example, harnessing data from terrorism incident databases, intercepting communication fractions by military forces, and neutralizing threats based on this intel. Utilizing technological advancements, counter-terrorism activities increasingly rely on data science and artificial intelligence to process and analyze the vast amount of relevant data and identify patterns to predict potential terrorist activities, enabling swift preventative action.
Such activity now also includes the monitoring of online behaviors and communications on social media platforms, so that authorities can intervene before violent acts occur. These processes were augmented to an extreme level of efficiency by the use of spyware. The now infamous Pegasus spyware filled a gaping hole in the ‘market’ for anti-terrorism utilities, and the NSO Group software has become a necessary tool in modern security operations in a time where encryption technology enables criminals to evade detection. Thus, while spyware has become notorious today for its invasive nature and potential for misuse, it has become an indispensable tool for modern counter-terrorism efforts through data analysis, AI, and monitoring online activities.
The Dark Side — Undermining the Rule of Law
Despite such functions, in modern European countries with low levels of threat of terrorist extremism, the benefits of invasive surveillance such as Pegasus risk being outweighed by the threat it poses to democracy. For example, there have been many recent scandals surrounding the Predator spyware in Hungary, Poland, and Greece; where spyware attacks were launched against civil journalists, academics, and politicians. These espionage scandals serve as an example of how spyware systems can be abused by governments to spy on their own citizens. Thus, whilst spywares plays an important role regarding issues such as national defense and state security, the ‘dark’ side of spyware remains in the lack of regulation and risk of it ending up in the wrong hands, despite the EU having relatively advanced data security regulations such as the the EU General Data Protection Regulation (GDPR), ePrivacy Directive, and the Law Enforcement Directive.
The abuse of such a system by a government or other official agency could lead to a serious disruption of checks and balances. Hungary is a prime example of a country not operating fully by the principle of the rule of law, which according to the definition of the European Council “requires that everyone enjoys equal protection under the law and prevents the arbitrary use of power by governments and further ensures that basic political and civil rights, as well as civil liberties, are protected and upheld”. On multiple occasions, the country has been called out by the EU to adapt its operation regarding its checks and balances, since it is a mandatory criteria for accessing EU funds. In addition to other existing violations of the rule of law, it has surfaced that over 300 people have been targeted by the Pegasus spyware in Hungary in 2021, including lawyers, academics, politicians and government officials — all critics of Orbán’s party. The government purchased the technology from Israel and they used it to spy not only on critics, but also on government officials closely related to Orbán, showcasing that even no one is ‘playing a fair game’ when it comes to the use of spyware technology.
Abusing such technology clearly undermines democratic processes because there is an apparent disadvantage regarding the power dynamics of individuals who are under observation and those monitoring them. There is a clear imbalance of information and individuals might feel that they are restricted in numerous ways once it is revealed that they are a target of such a software. Furthermore, it is a definitive violation of the rule of law regarding the checks and balances since the government abuses its power for its own benefit. Individuals suspected of being monitored are also restricted from freely engaging in any type of activity since fear and intimidation lingers in the air. “I felt indignation and humiliation to see myself and other prominent journalists on a list of targets together with convicted criminals and known mob figures”, said Szabolcs Panyi, one of the most well-known targets of the Hungarian Pegasus scandal. Monitoring critical journalists deter them from acting or speaking out against the government, thus silencing them through constant supervision. This risks threatening freedom of speech and movement, leading to self-censorship among journalists, activists, and ordinary citizens, who fear reprisals for their views or activities.
Poland also experienced a Pegasus scandal, similar to Hungary. It turns out that the incumbent government interfered with the 2019 Polish elections, using the spyware to anticipate their opponents political actions and campaign strategy; thus jeopardizing candidates’ equal opportunity when running for office and placing the fairness of its outcome into question. In his testimony after being under surveillance by Pegasus spyware, Senator Krzysztof Brejza said that he was placed in an unfair position, and mentioned that data — in particular text messages — obtained by the spyware were used by the Polish government in a defamatory campaign against him. Furthermore, abuse of a spyware has the possibility to undermine fair and free economic competition, by using its power against competitors on the market to forecast their next step.
The examples outlined all demonstrate the potential undermining of the rule of law resulting from the abuse of spyware. Thus, a system like Pegasus is very useful in detecting and fighting terrorists; however, in the wrong hands it can lead to severe obstructions of democratic processes.
The Need for a Global Moratorium on Spyware
These cases of misuse highlight the threat spyware poses to the integrity of democracy, especially in countries with poor human rights records. The scandals showcase how abuse can happen even in the European Union due to the lack of adequate regulation and the possibility of loopholes. The UN acknowledged the necessity of filling this regulatory gap, reigning in these technologies with effective regulation grounded in international human rights standards. This includes the establishment of an international moratorium on the use and sale of hacking tools, to limit the use of spyware on civilians until the adequate safeguards to protect human privacy rights are established. Until then, the EU should try and vigorously punish the perpetrators who undermined the rule of law by using the spyware against their citizens within the Union. This could be achieved by enacting sanctions; setting a daunting example in the hope of deterring governments from abusing spyware to manipulate the very citizens they are meant to be protecting.
Conclusion
Protecting democratic values requires vigilance and proactive measures to guard against the misuse of surveillance technologies. The abuse of spyware by government authorities underscores a critical paradox of the digital age where a tool that, if used correctly, has the potential to save so many lives poses a devastating threat to democratic societies. The discovery of software, such as Pegasus, being used to surveil regime-critical journalists, activists, and other civilians underscores the need for comprehensive regulation on the use of invasive spyware. If these tools remain unchecked in the EU their use will further erode the rule of law and threaten the foundation of democracy in states such as Hungary and Poland. These examples show that the potential of abuse is not only relevant for authoritarian regimes but also democracies. The UN’s call for a global moratorium on invasive software represents a crucial step toward safeguarding privacy, freedom of speech, and democratic integrity. Only through cooperative international efforts for more stringent oversight can the balance between national security and individual freedoms be preserved while utilizing technology.
Sara Kornya is a Bachelor’s student at the University of Amsterdam, studying Politics, Psychology, Law and Economics (PPLE), majoring in Law. Her research interests include human rights law, international criminal law, and business law.
Marton Toth is a Bachelor’s student at the University of Amsterdam, majoring in Economics. His research interests include housing affordability in Eastern Europe, development policy, and psychedelic research.
Sara and Marton are both 2023–24 European Horizons Transatlantic Fellows.
