Europol was unaware that Pegasus spyware was being used in the European Union and learned of it thanks to revelations of Canadian research centre CitizenLab, which also, in April, broke the scandal of the CatalanGate espionage against Catalonia's independence movement. This was what the deputy executive director of the European Union Agency for Law Enforcement Cooperation, Jean-Philippe Lecouffe, said in his intervention before the European parliamentary committee investigating the use of the powerful surveillance software in the EU. Lecouffe added that up till now, his agency has not asked any EU country to investigate espionage using the software developed by the firm NSO, despite the fact that new regulations give the agency the initiative to request such investigations from member states, which then have to decide whether they they will carry them out or not. According to the Europol executive, the agency is still "assessing" whether to call for investigations from the states where spying via Pegasus has occurred.
When MEPs in the committee responded with criticism of Europol's apparent inaction in the face of evidence of espionage, Lecouffe remarked that they have not ruled out asking member states to investigate and that they are still "evaluating" it. "How long will we wait? I don't know, we have to assess the situation and see what we do," he added. Should member states themselves ask Europol for help in an investigation, they will provide it, the executive director has said. However, he pointed out that so far no state has asked.
Dutch MEP for the liberal D66 party Sophie in’t Veld was one committee member who was aghast at the responses from the Europol deputy director Lecouffe, expressing surprise that while journalists had uncovered cybersecurity attacks in Europe, "Europol claims not to have been aware of anything", and not only that, but also, "it refuses to investigate":
It is rather embarrassing how brave and diligent journalists have uncovered continent-wide attacks on cybersecurity with the illegitimate use of spyware, while @Europol claims not to have been aware of anything. And not it knows, but refuses to investigate. #BigFatFail
— Sophie in 't Veld (@SophieintVeld) August 30, 2022
Amnesty International demands transparency from EU states
In the hearing of the special European Parliament committee on Pegasus spyware, Amnesty International's security expert Claudio Guarnieri asked for transparency from member states. "You can't say that there can be no transparency on national security issues," said Guarnieri, who demanded more information about who obtains access to the espionage systems and how they are used.
According to Guarnieri, it is an industry that is "out of control". "We need to stop an industry that has gone crazy," he said, noting that reparations to victims must also be addressed. "There are many risks for human rights," he added.
Meanwhile, the legal director of the European Centre for Constitutional and Human Rights, Miriam Saage-Maaß, has called for a moratorium on the sale and export of software such as Pegasus until a "robust human rights regime" is created for the import of these systems. According to Saage-Maaß, a human rights risk assessment should be completed before authorizing the purchase of software such as Pegasus.
Spanish government's decision
Just a week ago, the Spanish government informed the National Audience criminal court that it has no intention of declassifying documents relating to the Pegasus case. The Pedro Sánchez executive replied to judge José Luis Calama, who is investigating the espionage against the Spanish PM himself and two of his ministers, but is not looking into the large scale surveillance of the Catalan independence movement, that "there are no secrets to be revealed" that could affect the testimony as a witness of defence minister Margarita Robles and interior minister Fernando Grande-Marlaska.