Espionage Against the European Parliament

EU Tech Dependence and Regulation

  • Several comments argue EU institutions and citizens are over‑dependent on US tech platforms, enabling mass surveillance via US channels.
  • Some see EU rules (GDPR, heavy bureaucracy, SOC2/ISO culture) as hurting EU startups and entrenching US incumbents.
  • Others counter that there are plenty of European companies, so regulation is not a total blocker; the real bottleneck is distribution and network effects, not building products.

Apple Threat Notifications and Pegasus Infection

  • Citizen Lab found Pegasus infections on the MEP’s iPhone; Apple had sent multiple “mercenary spyware” alerts months later.
  • Debate on whether the MEP ignored, missed, or never saw the notifications:
    • One view: they’re highly visible (iMessage, email, web banner), so it’s hard to “not recall.”
    • Another view: iOS notifications are easy to dismiss and there’s no UI to see history; many people rarely check their Apple‑ID email.
    • Others suggest Pegasus could suppress or delete such alerts once the device is fully compromised.
  • Some label Apple’s batched, delayed alerts “security theater,” since they don’t block the attack.

Norms of Espionage and Five Eyes

  • Broad agreement that “everyone spies on everyone,” including allies; some stress that private actors face higher risk when caught.
  • Dispute over whether the US genuinely refrains from spying on Five Eyes leadership and close allies:
    • One side cites post‑Snowden directives and cooperation agreements.
    • The other side doubts these are followed in practice and notes that “national security” can justify almost anything.

EU Member States Using Spyware

  • Examples raised of domestic political surveillance in Greece, Poland, Spain, and Italy using Pegasus or similar tools.
  • Some commenters emphasize this is often internal political abuse, not just foreign espionage.
  • There’s skepticism that cutting sales to abusive governments is more than PR damage control.

Device Policies and Personal Data

  • Concern that the same phone carried both confidential government work and personal medical conversations.
  • Question whether the European Parliament enforces separation of work and personal devices; consensus that policy and reality often diverge.
  • Some argue important officials who ignore such basics are unfit for sensitive roles.

Mitigations, Detection, and Architecture

  • Mention of open‑source forensic tools to scan phones for Pegasus indicators.
  • Lockdown Mode on iOS is believed likely to help but at high usability cost, effectively turning the smartphone into a “dumbphone.”
  • A few argue modern smartphone OS design (large kernels, legacy APIs, unsafe languages, pervasive services) makes such spyware inevitable; advise treating phones as inherently compromised.
  • Discussion of extreme mitigation: using very simple feature phones for official work, though this clashes with real‑world reliance on mobile apps and 2FA.