Does the Second protocol of the Budapest Convention or the UN Convention against cybercrime threaten fundamental rights in the name of the needs of the needs of law enforcement agencies? What is the EU doing to get to the bottom of the Pegasus spy case that directly affected it? As the Vice-Chairman of the Committee of Inquiry into the use of Pegasus and similar surveillance and spying software, Moritz Körner has valuable insights on this major scandal he shared with inCyber.
This member of the European Parliament for the FDP (the German Free Democratic Party) since 2019 also participated in the “Beyond Budapest: data and privacy in criminal investigations” FIC Agora Symposium which took place in Brussels, on the 22nd of March. Indeed, as a member of the Committee on Civil Liberties, Home Affairs and Justice, he closely studied the consequence of those international instruments on our fundamental rights.
Would you say the balance between the protection of fundamental rights and the needs of law enforcement agencies is achieved in the Budapest Convention and its Second protocol?
It’s important that we talk about better cooperation because criminals don’t stop at borders, especially in the digital world. I think the Second protocol is a good way forward, but that member States made a mistake when they decided not have mandatory prior verification of data requests of countries when they send it to telecom companies.
Indeed, I fear some States might use this protocol not only against criminals, but also against their opposition, against fundamental rights. That’s why I wanted to see the European Court of Justice checking if such requests were really in line with EU law and fundamental rights. But in the end, the European Parliament decided to adopt it. And I think now we must look forward with a new discussion on the evidence with the US and on the UN level.
Talking about the UN Convention against cybercrime, we saw countries as different as China, Russia or the United States making proposals that might jeopardise some fundamental rights. Where is this UN Convention heading?
It looks for me like more multilateral mutual assistance between different competent authorities. So, there will not be direct access like we have with e-evidence on our telecom companies or on our data. This is a good way, and we must make sure that we find enough support for our position of respecting fundamental rights within the context of the UN. And I’m hopeful that the Commission is negotiating in such a way for the Member States and together with the member States on the UN level.
But of course, we must see that with the war in Ukraine, with the tension rising between China and the US, we are in a difficult geopolitical situation. TikTok is a good illustration of how the digital sphere is also a geopolitical sphere. So, this will be very important to make things right there also at the UN level and I think Europe must play a very active role in pushing for the right safeguards and standards.
The EU prides itself on being a model of defence of privacy with GDPR. Do you think it has room for improvement regarding the protection of fundamental rights?
I think the GDPR is a good starting point. In some respects, it could be a little bit less bureaucratic, but the main thing is enforcement. We have pretty good rules in the EU, but we are very weak in Europe in enforcing them on Big Tech because we gave with the GDPR the enforcement to national data protection authorities. And we see that especially Ireland, where lots of these Big Tech companies are sitting, has a very weak way of enforcing it. And I think we must be very strong here.
But the European Court of Justice (ECJ) revoked the privacy shield because it did not respect privacy…
Yes, and it’s the second time the ECJ struck down data sharing agreement with the US. There will be a new agreement and I think it will be struck down again by the ECJ. This is about safe data transfers under the GDPR and our primary law. I think the EU should focus more on enforcing rules than making more rules. A new law is always done fast, but making sure that everyone is sticking to it, that is the hard part.
You’ve been working on the Pegasus Committee and you recently declared that not a single State was cooperating, and European Commission was looking the other way. Why is that so?
I’ve been investigating this case for one year and we asked lots of questions to Member States. We got almost no answers. We get only one complete answer from the European Council, not from each Member State. The European Commission is also not fully cooperating with us, and we still have this case where there is the suspicion that Justice Commissioner Reynders and Commission staff were spied on. This is a really a fullyfully-fledged Watergate scandal, a Member State spying on the European Commission. And the commission is doing like “oh, nothing to see here”.
How is that even possible?
I ask that myself too. The problem is the European Parliament hasn’t got strong investigative powers like investigative committees have in the national sphere. That is problematic because at the European level, we could look into these problems, not from with a national political angle, but in a more neutral way.
Why is the Commission not looking closer into their spying or into this scandal? Maybe because they know which member State did it and they don’t want to hurt their relationship with them. And then actually, I would like to see more cooperation from the Commission and Member States with the Pegasus Committee, because I think citizens expect us to investigate these very serious crimes.
Is the Pegasus software really that bad?
The Pegasus technology can really use your phone and you know; the phone is with you all the time. Look, it’s lying between us, and if Pegasus were on your phone, they could listen to all your communications, everything. This is serious if it’s not used in a legal way. So that is why I think citizens expect us to investigate. And I think what citizens also expect member States and the Commission to really cooperate.