In mid-July 2021, the Forbidden Stories consortium and its international partners reported on a leaked list of 50 000 phone numbers that had been proposed by clients of the NSO Group as potential targets for NSO’s spyware product, Pegasus. Pegasus can give complete remote control over the target phone, including access to messages, emails, location, calendar, contact list, etc., and to activate its microphone and camera. Many of the phones in question belonged to journalists, human rights defenders, opposition politicians, and foreign politicians – even French President Macron. According to Forbidden Stories and Amnesty International, 85% of the target phones that they analysed showed signs of infection or attempted infection by Pegasus.
Whilst the existence of Pegasus had already been known, the apparent scale and manner of its use by governments from around the world are shocking. Its potential impact on media freedom and democratic institutions is of profound concern. After the revelations by Edward Snowden that led to Parliamentary Assembly Resolution 2045 (2015) “Mass surveillance”, the Pegasus revelations show that stronger international protection of privacy and personal data is necessary. In particular, stricter safeguards against misuse of such technology by public authorities, especially those of oppressive and authoritarian regimes, are needed.
The Assembly should therefore prepare a report on the Pegasus revelations, with a view to making policy proposals to Council of Europe member States and other relevant actors.