The European Union's data protection authority on Tuesday called for a ban on the development and the use of Pegasus-like commercial spyware in the region, stating that the technology's "unprecedented level of intrusiveness" could endanger users' right to privacy.
"Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy," the European Data Protection Supervisor (EDPS) said in its preliminary remarks. "This fact makes its use incompatible with our democratic values."
Pegasus is a piece of highly advanced military-grade intrusion software developed by Israeli company NSO Group that's capable of breaking into smartphones running Android and iOS, turning the devices into a remote monitoring tool capable of extracting sensitive information, recording conversations, and tracking users' movements.
Besides granting unrestricted access to the targeted devices, Pegasus is stealthily installed on devices by leveraging zero-click exploits, such as KISMET and FORCEDENTRY, that require no interaction from the users.
While NSO Group has repeatedly claimed that the software is sold only to governments for the purpose of fighting crime and terrorism, and that's it's on a "life-saving mission," a growing list of evidence has uncovered widespread abuse of Pegasus to hack into the phones of journalists, political figures, dissidents, and activists in several countries, including Israel.
According to a series of disclosures by the business publication Calcalist in recent weeks, dozens of citizens in the country were targeted by Israel Police with the NSO Group's spyware to gather intelligence without a search warrant authorizing the surveillance.
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Stating that Pegasus shouldn't be compared to law enforcement interception tools so much as government trojans, the EDPS said "'National security' cannot be used as an excuse to an extensive use of such technologies nor as an argument against the involvement of the European Union."
Furthermore, the watchdog has proposed better supervision over the use of surveillance measures, a stricter implementation of data protection regulations, and strengthening legislation outlawing the use of sophisticated hacking tools such as Pegasus to safeguard against unlawful use.