Big Tech accuses governments of driving demand for surveillance technology –

Google, Meta and Microsoft jointly appeared before European lawmakers on Tuesday (June 14), urging governments to stop investing in surveillance companies and limit the growing use of sophisticated software like Pegasus.

Representatives of large technology companies named “Big Technologies”were invited this week by European lawmakers to share their views on the use of spyware in Europe, two months after the Pegasus Commission of Inquiry (PEGA) began its work.

“This industry seems to be thriving”Charlie Snyder, Google’s chief political officer, told MEPs, pointing out that she “fueled by government demand”.

“While the use of surveillance technologies may be legal under national or international law, it often turns out that they are used by governments for purposes contrary to European values: against dissidents, journalists, human rights activists and opposition party politicians.”he added.

These tools are far from the prerogative of authoritarian governments or far-flung countries: several member states, including Hungary and Poland, have admitted to being clients of the NSO Group, the Israeli company that offers Pegasus, but have denied any undesirable actions.

Spain has been added to the list after a recent “Catalangate”a series of revelations indicating that national intelligence agencies were spying on Catalan independence activists using Pegasus spyware.

“Note, with growing concern, that the misuse of these technologies could have a much wider and unintended effect, endangering large parts of the ecosystem.”Kaya Chiglik, director of digital diplomacy at Microsoft, said.

David Agranovich, director of security policy at Meta, the parent company of Facebook, Instagram and WhatsApp, added that “These types of surveillance tools have traditionally been the preserve of governments, sophisticated surveillance, access and capabilities in personal devices, Internet accounts, which in democratic governments are usually subject to democratic control. »

He pointed out, however, that “The problem with the surveillance-for-hire industry is that it makes such democratic surveillance difficult, if not impossible.”.

The three companies also point out that Pegasus spyware, although most infamous since the revelations made last July by a consortium of 17 media organizations, is not the only tool on the market for such purposes.

“[Le]threat analysis team [de Google] actively monitors more than 30 vendors of varying levels of sophistication and publicity that sell exploits or surveillance capabilities to government-backed individuals.”Google’s Mr. Snyder said.

Initially, an invited Apple representative did not participate in the discussions.

due diligence

The tech giants pointed to“great wiggle room” available to European governments to take action to address problems associated with these technologies.

One burning question is how lawmakers can hold spyware users accountable.

“Ironically, the groups that sell malicious tools are very careful about privacy related to the products, services, contracts and prices associated with their offensive tools.”said Ms. Ciglic of Microsoft.

Member States must apply “due diligence that might be expected from other sectors”such as obligation “know your customer”– said Mr. Agranovich.

In the current state of affairs, “Anyone who is willing to pay, whether it be an authoritarian regime or an individual involved in lawsuits, can simply hire these companies and use very sophisticated options against anyone.”he added.

The three companies also stressed the need for lawmakers to regulate the use of these types of surveillance tools more strictly. Even when used legally, these tools can have detrimental effects, especially against vulnerabilities like “zero day”that is, vulnerabilities and backdoors that cyber mercenaries can exploit that have not been publicly documented or patched.

He ” vital “ Snyder said a policy needs to be put in place and strengthened to securely disclose these weaknesses to industry operators so that they can be corrected. “Vendors that secretly store zero-day vulnerabilities can pose a serious threat to the Internet when the provider itself is compromised”he declared.

The industry has also highlighted the need to protect people doing research, whether they work for large technology companies or small companies.

As investigations sometimes uncover users of state-backed surveillance tools, Google, Meta and Microsoft have urged lawmakers to create a safe space for companies to work on the issue.

“After the reports were published, we received threats”Google’s Mr. Snyder said.

The PEGA Inquiry Commission is due to complete its work by April 2023 and is expected to make recommendations on how to deal with this illegal practice. At the next meeting (June 21), representatives of the NSO group will be heard.