Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy EU Security

Pegasus Spyware Should Be Banned, EU Data Agency Warns (bloomberg.com) 26

NSO Group's controversial Pegasus spyware should be banned in the European Union, the bloc's in-house privacy watchdog warned on Tuesday. From a report: "The ban on the development and the deployment of spyware with the capability of Pegasus in the EU would be the most effective option to protect our fundamental rights and freedoms," the European Data Protection Supervisor said in a statement on Tuesday. The warning comes amid increasing scrutiny of abuses of surveillance technologies meant to help intelligence and law enforcement agencies fight serious crime and terrorism. While the EU regulator doesn't make decisions for member countries, its influence at the top echelons of the bloc's institutions may encourage other authorities to crack down on surveillance software.
This discussion has been archived. No new comments can be posted.

Pegasus Spyware Should Be Banned, EU Data Agency Warns

Comments Filter:
  • by kmoser ( 1469707 ) on Tuesday February 15, 2022 @09:58AM (#62269163)
    Why can't the companies whose vulnerabilities are exploited by Pegasus buy a copy, reverse-engineer it, and fix their products so they are no longer vulnerable?
    • This, shouldn't be rocket science to do it through a shell company. At the very least, you'd expect them to try to bait attackers into going after honeypot devices - set up a new regime-critical news outlet/activist organization with contact numbers tied to honeypot device SIMs, for example.

      • by Anonymous Coward

        But they might have to violate a EULA!

        • They dont have to tell anyone. Just issue software updates for issues they report!

          Honestly if I knew someone in law enforcement with access to that kind of software, I would pay them to get me a copy and in a disconnected lab environment, I would reverse engineer or decompile it, and submit bug bounties to split with said LEO.
    • They only sell to government agencies.

      • and to anyone who finds a torrent seed, (sarcasm, only partly)

        A ban will have about as much effect as banning the distribution of that old DVD region-breaking key.

  • A ban will just force it underground.

    • im not sure in the DSA (i call that divided states of america since texax and florida became their own and musk tries to buy texas since moving to china would be treason and reason for assassination likely) but in europe "banned" means "can only be used by the state" as das maedchen said (or as her good friends called her "mother THerorista" - its a nice place too here which you probably dont get to see over there) : "for raison d'état" (its a poster they had over her migrant policies after the fiasco
  • ...what technology enables.
    • The issue at hand is that the willful production and sale of exploits for the purpose of infecting devices that they and their customers do not provably own is not illegal within their operating jurisdiction.

      The law cannot prevent any creation of hacking/malware technologies, but it can indeed prevent such creations from being born by the hands of a registered taxpaying company. In the US, for example, businesses are not permitted to acquire income from purposefully illegal means, and doing so voids the pro

    • Then what do you think the copyright laws are? When the printing press was (re-)invented, suddenly everyone could sell books cheap.
  • National security agencies will of course be exempted, or exempt themselves regardless, which were the ones abusing it in the first place. So how does this help?

    Killing development of these kinds of tools in the EU will just reduce EU know how without providing any privacy benefit.

    • 1) It's "virtual signaling"
      2) It would restrict it's sale in the EU. I'm not claiming it would be eliminated but it would be curtailed.

      Killing development of these kinds of tools in the EU will just reduce EU know how without providing any privacy benefit.

      You obviously don't realize that the difference between the red team and the blue team is who they are working for.

  • by Gravis Zero ( 934156 ) on Tuesday February 15, 2022 @10:47AM (#62269333)

    Obviously, they just need to require that Pegasus Spyware have a popup that informs the user of the information it's going to report and ask if they agree to sending it. I think people will be much more receptive to spyware that cares about the privacy of it's targets. ;)

  • A much better solution would be to mandate minimum levels of trust in software, so as to make spyware much harder to write, and to improve network security, so as to make both the deployment and utilization of spyware that much harder. It won't eliminate spyware, but we can use economics to push the cost of that spyware above the cost of getting the same information via lawful methods.

  • Spyware like this is not going to go the way of the dodo, ever. And in the security world, if an attack happens, it will only happen again, as strong, if not stronger. Right now, we might know who has it, but realistically, there is spyware just as powerful, if not more likely owned by another group, well-heeled organization, or nation-state.

    We need to focus on bugs, not going after the spyware, because NSO might be the bad thing one day, but there might be some bad organization who creates something just

  • by ewibble ( 1655195 ) on Tuesday February 15, 2022 @01:02PM (#62269813)

    The ban on the development and the deployment of spyware with the capability of Pegasus in the EU would be the most effective option to protect our fundamental rights and freedoms

    If this is "the most effective option", the we are doomed. It will not stop anybody from breaking the law, any state, or bad actor that wishes to break this law without hesitation, it will be for the good of the nation.

    A more effective law would be punish manufactures for not fixing security bugs in a timely manner.

  • As is a government policy ever stopped anyone? Besides, there's absolutely zero chance that the countries that already own it would despose of it.

  • Much better off to define and regulate the actions than to try and ban software. A knife with a blade longer than 6" is illegal or restricted weapon in many places in the world. They are still sold everywhere and pretty much anyone can find one. It's only a problem when we start brandishing it as a weapon. We have as much hope as stopping software like this as we do stopping people from owning a steak knife. So regulate it.

What sin has not been committed in the name of efficiency?

Working...