A building crisis involving the alleged past use of controversial mobile spyware by Poland’s governing party against an opposition politician generates concerns about the legality of the country’s next parliamentary elections, which are scheduled for April 2019.
The Internet watchdog Citizen Lab discovered that the renowned spyware Pegasus, developed by the NSO Group, was used to spy on three opponents of the Polish government. Krzysztof Brejza, a member of the Polish Senate whose phone was hacked hundreds of times in the run-up to legislative elections in 2019, was one of the targets.
As part of an apparent smear campaign, text messages seized from Brejza’s phone were doctored and shown on state-controlled television in the run-up to the election. Brejza’s left-leaning political party, Civic Platform, lost the country’s 2019 legislative election by a razor-thin margin after winning the presidential election in 2017. When asked about election fairness, Brejza said that the governing party would have had access to his campaign’s preparations, according to the Associated Press, which broke the story of the hacking first.
A prior denial by the Polish government on whether or not it had utilized Pegasus, mobile spyware that provides its government clients with near-complete access to a target’s device — including their data (such as images and texts), as well as their exact position.
Even as the leader of Poland’s Law and Justice party and deputy prime minister, Jaroslaw Kaczynski, denied that the country’s security services were using Pegasus spyware to spy on its political opponents, he told Polish media last week that it “would be bad” if the country’s security services were denied access to mobile spying technology while other countries were given access.
According to Polish media sources, the government acquired Pegasus in 2017 using money from the so-called Justice Fund, intended to assist victims of crime and rehabilitate convicts who have committed crimes.
Amnesty International confirmed that Brezja’s phone had been hacked in an independent investigation last week.
The results of the Associated Press and Citizen Lab, according to Polish Prime Minister Mateusz Morawiecki, were “false news,” and he speculated that a foreign intelligence agency might be to blame. The administration’s claim was disputed by critics, who said that no other government would be interested in the three Polish objectives.
According to the organization, the other two verified Polish targets by Citizen Lab are Roman Giertych, a lawyer who defends opposition lawmakers in several politically sensitive cases, and prosecutor Ewa Wrzosek. It was only in December that Apple started contacting phone eavesdropping victims after filing a lawsuit against NSO to prevent the spyware firm from accessing any of Apple’s technology, which would make it substantially more difficult for NSO to infiltrate its targets.
Governments in autocratic countries such as Bahrain, Saudi Arabia, Rwanda, and the United Arab Emirates deploy Pegasus surveillance systems to snoop on journalists, politicians, and human rights campaigners. However, according to recent information published last year, numerous European Union countries, including Germany, Hungary, and Poland, are Pegasus clients.
Mr. Donald Tusk, the head of Poland’s opposition Civic Platform since October 2021, has demanded that a parliamentary probe into the government’s deployment of the Pegasus missile system be launched. In an interview with TechCrunch, Guy Verhofstadt, a liberal member of the European Parliament for Renew Europe, said that the claims must be thoroughly probed to have a whole picture of how the Polish government is utilizing Pegasus.
“However, what we do know is concerning,” he continued. “This poses a danger to both the rule of law and free and fair elections — and, as a result, to both EU laws and the integrity of the European Union,” says the author. “If that isn’t sufficient justification for a comprehensive European probe, what is?”
In response to a request for comment, an unidentified spokesperson for NSO Group declined to confirm or deny the company’s customers but added: “The use of cyber tools to monitor dissidents, activists, and journalists is a severe misuse of any technology and goes against the intended use of such critical tools.” A global regulatory framework is required because the international community should have a zero-tolerance stance against such activities. NSO has shown in the past that it has zero tolerance for this sort of misappropriation by canceling several contracts.”
A human rights organization, Amnesty International, has termed the results “shocking, but not unexpected,” and has called on the European Union to impose targeted penalties on NSO Group in a similar manner to what the United States government has done.
It demonstrates once again that the unrestricted use of Pegasus poses a danger not just to politicians but also to civil society organizations all around the globe. Amnesty International’s Likhita Banerji, a researcher, and adviser told TechCrunch that “so far, not enough has been done to rein in illegal targeted monitoring.”
To protect human rights, countries must immediately adopt a worldwide ban on the sale, transfer, and use of spyware until appropriate human rights regulatory protections exist.