GENEVA
Spanish authorities must thoroughly investigate reports that spyware Pegasus and Candiru were used to target Catalan public figures and activists in Spain following the independence bid in 2017, UN experts said Thursday.
Between 2017-2020, the devices of at least 65 Catalan minority politicians and activists were reportedly targeted by a complex and sophisticated spying program, according to the experts.
The victims included Catalan minority leaders, members of the European Parliament, legislators, jurists, and members of civil society organizations, they said.
“We are also deeply concerned by what appears to be a very troubling interference into the human rights of Catalan leaders and other minority activists to freely hold and express their views, exchange information and ideas, assemble peacefully and participate in associations,” the experts said.
Following the referendum for Catalonia’s independence in 2017, Spanish authorities arrested leaders of the Catalonian independence movement on charges of sedition.
Most spying incidents against Catalan leaders and activists occurred in 2017, soon after the region’s bid for independence.
According to NSO Group that developed the software, the Pegasus spyware was sold to governments as a law enforcement tool.
The Spanish National Intelligence Center would be one of NSO Group’s customers, according to reports.
The experts said they are mainly concerned by the extent and sophistication of the reported spying program over a long period and against minority leaders and activists who did not engage in violent activities.
Leads to self-censorship
They said the widespread use of this type of spyware may lead to increased self-censorship, impacting the right to freedom of expression and assembly.
They recalled that international and European human rights standards protect minorities, and a targeted spying program against a minority group may seriously violate such standards.
The attacks had involved operators sending text messages containing malicious links designed to trick targets into clicking on them.
“The sophistication and personalization of the messages varied across attempts but reflect a detailed understanding of the target’s habits, interests, activities, and concerns,” the experts said.
They noted that victims had also been targeted using highly personalized official notifications from Spanish government entities, including tax and social security authorities.
“For example, a message sent to one victim included a portion of his actual official tax identification number, suggesting that the attackers had access to this information,” they said.
In a letter dated Oct. 24, 2022, the experts contacted the Spanish government.
On Dec. 22, 2022, the government replied, informing that investigations were ongoing and that it was impossible to pronounce on cases pending judicial investigation.
“Spanish authorities must conduct a full, fair, and effective investigation into these allegations, publish the findings, and stop any unlawful interference into the fundamental rights of the Catalan minority activists in Spain,” the experts said.
They called for a global moratorium on the sale and transfer of surveillance technology until robust regulations are in place.
The experts are Fernand de Varennes, special rapporteur on minority issues; Clement Nyaletsossi Voule, special rapporteur on freedom of peaceful assembly; and Irene Khan, special rapporteur on freedom of opinion and expression.