By Vera Rodriguez Corcho,
A few years ago, many celebrated the birth of the internet as a place where netizens (citizens of the internet) acted with altruism. When “.com” fell, those platforms that celebrated free access to knowledge, or services, were the only survivors: YouTube, Wikipedia, etc. Early scholarly commentary on the digital realm was overwhelmingly positive. As the world advanced to 2011, it saw the internet as a vessel for dissent, enabling protests against authoritarian regimes during the Arab Spring. In 2025, the narrative above is shattered. Elon Musk’s many controversies have ignited public discourse on the ownership of social media platforms and disinformation. Private control of massive mediums has, thus, gained traction in public debate. With this, other latent and menacing threats pose similar questions.
We all have phones in our pockets. Many firms now orbit around social media and digital technology, scrubbing information about our personal lives, relationships, and habits. Most do so to target the user with advertisements. However, some specialize in another highly profitable market: defense, law enforcement, and intelligence agencies. NSO is such a company. The Israeli-based firm is a powerful spyware manufacturer, and its flagship product is Pegasus. This software, the strongest on the market, intercepts all emails and texts, turning on audio and video applications and silently tracking the target’s location. Nonetheless, it remains far from being the only surveillance technology on the market. Hacking Team, Gamma Group, FinFisher, and Candiru are among many similar wares that remain undetected despite continuous investigations.
The spyware contains malicious code and apps that spy on what the user does on the device. Then, it collects that data, reports it, and disappears from the device. In other words, it can copy messages the target sends or receives, harvest photos, and record calls. It might secretly film the aim at their phone’s camera or activate the microphone to record your conversations. It might access the location and know who the person has met.
This technology has enabled truly horrific scenes: Human Rights activist, Omar Abdulaziz, discovered his phone was hacked. He alerted Washington Post columnist Jamal Khashoggi, who published his story. A day after, Khashoggi was murdered in the Saudi consulate in Turkey. The enterprises responsible for this spyware have no moral filters —they do not make contracts only with clients that will use it ethically, a decision that directly scars the civil society tissue in both non-liberal and democratic states. In Spain, at least 65 Catalan separatist politicians have been targeted with Pegasus. According to Amnesty International, journalists, opposition leaders, and activists in Belgium, France, Greece, Hungary, Poland, and the United Kingdom repeat this story. The company under this program, NSO Group, has not taken adequate action despite “the fact that (they) either knew or arguably ought to have known that this was taking place.”
In 2022, the European Parliament’s PEGA Committee was created to investigate the use of this spyware. The group states in its first draft report that national governments are “deliberately ignoring and violating EU laws.” The Commission also addressed the issue, calling for more ethical practices and stricter controls on these wares. Combating these practices is a harsher endeavor than it initially appears. The competence for these matters remains in the EU member states, and they will not likely change this situation. Mor so in a context where the state retains sole sovereignty over the matter. In simpler terms, the culprits of spyware malpractice are not likely to punish themselves. In 2015, the EU Agency for Fundamental Rights warned about the feeble definition of “national security” and its repercussions on surveillance practices across the EU. They were worried that any state could invoke a “national security threat” to use this software.
Is then spyware ever compatible with democracy? Practitioners and scholars have outlined some solutions for a more ethical future with spyware. For instance, policymakers should examine the technology’s deployment and use more closely. Moreover, collective pressure from big trading partners, such as the US and the EU, is key. Creating a blocklist and a safelist of spyware vendors would encourage other trading partners to follow suit by imposing stricter regulations on the programs. Acting together is essential to tackling these challenges; perhaps that will be the most difficult task.
References
- RON DEIBERT. “Protecting Society from Surveillance Spyware”. Issues in Science and Technology. pp. 15-17.
- Spain: EU must act to end spyware abuse after prominent Catalans targeted with Pegasus. Amnesty International. Available here
- What is Pegasus spyware and how does it hack phones? The Guardian. Available here
- Europe vs. Spyware. GMF. Available here
- Curb your snooping, Commission tells EU governments. POLITICO. Available here
- EU: Civil society demands action against spyware threats. Article 19. Available here
- Surveilled. HBO. Available here
