PEGA | “Cyprus as a surveillance software export hub”
Defence Redefined
Published on 11/11/2022 at 09:30

The role of Cyprus as a central export hub for the surveillance industry, the difference between the applicable legislation and its implementation, the categories for surveillance in Cyprus, and the close cooperation with Israel are included, among others, in the published draft report of MEP Sofia In ‘t Veld, rapporteur of the European Parliament’s inquiry committee on the use of Pegasus and equivalent software (PEGA).

As CNA reports, the 13-page chapter (out of a total of 159) concerning Cyprus states that Cyprus is “an important European export hub for the surveillance industry,” adding that on paper there is a strong legal framework, including EU rules, but in practice, Cyprus is an attractive place for companies selling surveillance technologies.

It is also noted that recent scandals have taken a toll on the country’s reputation and that a new framework of legislative initiatives to strengthen the legal framework for exports is expected to be completed in 2023.

Also read: Spain | Authorities detect spyware on Prime Minister’s and Defence Minister’s cell phones

There are still reports of close links between Cyprus and Greece on spyware, of the fact that Tal Dilian’s Intellexa is based in Greece, and that the Predator spyware has been used in the tapping scandals in Greece.

It is also noted that the Cypriot government itself is said to have used surveillance systems, although less is known about the victims compared to other member-states, nor is it clear whether spyware or other surveillance methods, or both, were used, referring specifically to the complaints of journalist Makarios Drousiotis.

According to the draft report, on paper, there is a legal framework that provides for the protection of private communications, the management of personal data, and the individual right to information. Yet, in practice, when national security is invoked there are no clear rules for the use of wiretapping mechanisms and the protection of citizens’ constitutional rights.

Out of the 159 pages of the draft, a 13-page special chapter is devoted to Cyprus and the mission’s findings in Cyprus and Greece in the context of investigating allegations of surveillance in Greece using the Predator software.

Also read: CYPSEC 2021 | Malloc Antistalker guarantees protection of personal data on mobile devices

The chapter on Cyprus

The draft refers to the legal framework governing the import-export of dual-use (military and civilian) items and in its response to a letter from PEGA to all the member-states the Cypriot Government explained that it assesses all licenses separately on the basis of all human rights sanction regimes.

It is added that, according to the information of PEGA, the Ministry of Commerce regularly uses the opinions of an advisory committee regarding export licenses that includes representatives of the Ministries of Defence, Justice, Foreign Affairs, and the Department of Customs, on the basis of which the state has several times refused to issue an export permit.

They also mention that the Minister of Trade, Natasa Pileidou, and the Deputy Minister of Digital Policy, Kyriakos Kokkinos, informed PEGA in their meeting that there was a decrease in the number of companies in Cyprus and that of the 32 registered in the country, only 8 to 10 are active, of which only three or four produce spyware.

In practice, however, according to the committee cited by an Inside Story publication, Cyprus is allegedly “lenient” in granting export licenses, while companies use tricks to get around the rules, such as sending the equipment without the software, which is sent separately.

Also read: Finland | Finnish diplomats’ cell phones monitored using Pegasus software

The draft report also makes extensive reference to the legal framework for the protection of personal data and for the conduct of legal surveillance as well as how these practices are overseen by the state.

The report also contains specific chapters on PEGA’s findings obtained so far in Poland, Hungary, Greece, and Spain, while brief references are made to findings concerning other Member-States and institutions, the spyware industry in Europe, and legal parameters at the EU level as well as the ways in which the EU can address the issue.

The report is based on the findings of the commission’s hearings and missions and the questionnaires it sent to member-states as well as other written sources. As reported by Ms. In ‘t Veld’s office, PEGA members will begin at the end of November to work on the draft, aiming at its adoption by the plenary in March or in June if the mission of the committee is extended.

Also read: CYPSEC 2021 – Interview | Use of A.I for personal data protection by MALLOC




Pin It on Pinterest

Share This