Read in Catalan

New breaches of the rights of Catalan people and groups. Members of the pro-Catalan language organization Plataforma per la Llengua have testified in a Belgian court that they were spied on by the Spanish state with Pegasus software. Specifically, they described the spyware hacking of five private mobile phones belonging to people in the group, three of whom reside in Belgium, in 2021, and that they were able to certify this at the end of last year. The president of the language NGO, Òscar Escuder, who is one of the people spied on, gave details of the complaint this Thursday to Barcelona's Journalists Association, together with Plataforma per la Llengua director Rut Carandell, also spied on, and lawyers Josep Jover and Catherine Forget, experts in EU and ICT law. "I don't know what they were looking for on our phones. We don't do anything illegal," said Escuder.

So far, members of Catalan pro-independence parties and organizations have reported their espionage to Spanish courts. Mostly, this began after the CatalanGate report was published by the University of Toronto's Citizen Lab centre, affirming that the mobile phones of at least 65 people from Catalan pro-independence circles had been hacked with Pegasus, spyware made by the NSO Group which is only sold to a country's national authorities. Little of the affair has been clarified - with Spain's intelligence only admitting to having spied on 18 of the 65 people with court permission - and thus it has now been demanded that the Spanish government lift the secrecy from a number of judicial investigations, such as those against people holding senior positions in the ERC party.

A Belgian judge

Belgian justice has already agreed to hear the cyberespionage complaint lodged by Plataforma per la Llengua. Specifically, the group explains that the judge of the court of first instance in Brussels, Olivier Anciaux, is in charge of investigating this complaint (procedure BR.20.99.570/23 Dossier 2023/035), which was initially directed against officials of the Spanish state. Josep Jover told that, on the one hand, their case denounces the breaching of fundamental rights of individuals and on the other, the breaching of the European directive of 2019, which establishes that the sole jurisdiction in data protection is in the hands of the European Union. The Catalan NGO expects the Belgian judiciary to "act forcefully" and get to the bottom of this attack on the fundamental rights of individuals, who, moreover, do not hold any political or public office.

Plataforma per la Llengua. Rut Carandell, Òscar Escuder i Josep Jover. Foto: Miquel Muñoz
Rut Carandell, Òscar Escuder and Josep Jover, at the press conference this Thursday. / Photo: Miquel Muñoz

Six crimes against the Spanish state

Specifically, Plataforma per la Llengua accuses the Spanish state of six crimes under Belgian law. They are: intrusion into the IT systems of mobile phones; arbitrary interference in the fundamental freedoms of the people being spied on; the interception of messages from mobile phones; breaches of computer data, and of the secrecy of communications - and specifically, of electronic communications in particular. They explained that Article 550 of the Belgian criminal code penalizes those who access a computer system knowing that they are not authorized; and Article 314 punishes anyone who intercepts, records or publishes communications not accessible to the public without the consent of all participants. There are also other legal provisions that punish behaviour that violates the secrecy of electronic communications.


Experts know where stolen data was sent

Members of the Plataforma per la Llengua group suspected that they were being spied on last summer, and asked Aspertic, the Mediterranean Association of ICT Experts, to analyze the personal mobile phones of the management of the Catalan language NGO, and five of them tested positive, according to an expert report completed at the end of 2022. On one of the mobiles there was evidence of hacking via Pegasus (or Predator, a similar program, according to Jover), and that it was carried out and executed from the Spanish state. Moreover, the evidence shows that the stolen information was sent to a mobile number in Spain, and now they have asked the Belgian judge to demand the telephone company to reveal the name of its owner, as Josep Jover explained.

In addition, the judge has been asked to ask Eurojust, the EU agency in charge of judicial cooperation between member states, "if the Spanish state asked for the necessary permissions for interfering with telephone communications in Belgian territory". It is recalled that, according to European regulations, if a state wants to legally bug a telephone, it must do so through a request to Eurojust, based in The Hague, via a specific letter.

The whistleblower directive 

In this regard, Josep Jover recalls that European Directive 2019/1937 on corruption whistleblowers, which came into force last March in Spain, "establishes that EU sovereignty covers all attacks on data privacy and protection".

In this regard, Jover recalled that recently the former vice president of the European Parliament, Eva Kaili, recognized that the Spanish state has continued to monitor dissidents, even in the European chamber's Pegasus committee, which was itself investigating cyberespionage carried out by Spanish bodies.

Jover specified that, according to evidence from different sources, Pegasus was acquired by the Spanish defence and interior ministries, and that in addition to the CNI intelligence service, it was also used by units of the Civil Guard and the Spanish National Police.


In the main photo, Óscar Escuder, president of Plataforma per la Llengua. / Photo: Carlos Baglietto