2 minute read
INTRODUCTION
1.1. Overview
This report builds on a study published in 2017 on “Legal Frameworks for Hacking by Law Enforcement: Identification, Evaluation and Comparison of Practices” 2F 3. The study examined the legal frameworks and practices for hacking by law enforcement by analysing the international and EUlevel debates on the topic. The term “hacking” was used in the study as a technique to bypass encryption and carry out surveillance and/or gathering evidence by law enforcement authorities. The present study provides an update on the 2017 one, extending its scope to focus on Pegasus and equivalent surveillance spyware. It also extend its scope by describing the use of such tools by a wider range of actors, including intelligence agencies. This report provides an update on to Member States covered by the 2017 study, namely France, Germany, Italy, the Netherlands and Poland as well as information on Hungary, Spain and Greece. The study focusses on the acquisition and use of surveillance spyware such as Pegasus. The objectives of the project are as follow: • Objective 1 - describe the existing legal framework in selected EU Member States for the acquisition and use of Pegasus and equivalent surveillance spyware, in relation to law enforcement agencies, intelligence services, the police, the military, companies and private parties; • Objective 2 - describe the regimes for ex ante and ex post judicial and democratic oversight; and redress mechanisms in case of illegal use by the abovementioned actors; • Objective 3 - describe the ECHR and EU law and jurisprudence requirements in terms of compatibility with international standards; • Objective 4 - make recommendations to the EU and its institutions, to Member States, to stakeholders, on the above issues based on the best practices identified.
1.2. Structure of the final report
This report is structured as follows:
Executive summary
• 1. Introduction – this section sets out the scope of the study and its objectives; • 2. General Framework – setting out the context for this study as well as key definitions. • 3. The use of Pegasus and similar spyware provides an overview of the use of Pegasus and similar spyware in the focus countries; • 4. Legal framework for acquisition and use provides an overview of the legal frameworks on the acquisition and use of Pegasus and other similar software including sanctions and penalties; • 5. Oversight and redress describes the ex-ante and ex-post oversight and redress mechanisms in place in the focus countries;
3 European Parliament, Legal Frameworks for Hacking by Law Enforcement: Identification, Evaluation and Comparison of
Practices, 2017, available at: https://www.europarl.europa.eu/RegData/etudes/STUD/2017/583137/IPOL_STU(2017)583137_EN.pdf
• 6. Fundamental Rights considerations provides a discussion of international fundamental rights standards, including a summary of relevant CJEU and ECtHR case law as well as standards set out by the Venice Commission . • 7. Conclusions and recommendations.
