The case Brejza v. Poland: Intervention in the Polish Pegasus case currently before the European Court of Human Right (ECtHR)

This case’s stakes are high as the previous spyware case before the ECtHR was dismissed by the court. The Brezja case is a case bringing multiple Pegasus targets who were infected on instructions of Polish authorities. Mr Brezja was infected due to his belonging to the political opposition to the far right. Pegasus was used to collect huge amounts of data sets from his phone, including 10 years of texts. Once extracted, this data was rearanged and/or merged by authorities to create a new narrative, and then sent to the press. The goal was to destroy his reputation. Mme Brezja, his attorney, was also infected. This case is a robust illustration of how much powerful spyware in the hand of authorities can lead to egregious abuses of power focussed on tampering with facts to manipulate the public and elections. Last but not least, it is noteworthy that Pegasus was sent on Mr Brezja based on the excuse of the fight against corruption, not the protection of national security. Since then Polish authorities have found that how Pegasus was used violated Polish laws. Although this is a positive development, we see that the Polish government is pushing agaisnt the review of the ECtHR of the Polish cases. Pushing back on human rights accountability is not the way forward.

More info

The Hungarian cases

The HCLU represents seven individuals who were unlawfully targeted with Pegasus spyware, including journalists, a lawyer and an activist. It has launched legal proceedings both in Hungary and before the European Court of Human Rights, aiming to establish state responsibility for politically motivated surveillance. When the Hungarian data protection authority (NAIH) failed to find any wrongdoing and classified most of its findings, HCLU challenged these decisions in court. In a key case involving activist Adrien Beauduin, HCLU secured a first-instance court ruling obliging the national security agency to disclose whether it had processed his personal data—marking a rare breakthrough in the fight for transparency and accountability in Hungary’s secret surveillance practices. Through these actions, HCLU seeks to curb unchecked intelligence powers and reinforce legal safeguards for citizens’ rights.

More info

Three executives of the NSO Group charged for their responsability in the Pegasus espionage case

The Provincial Court has ruled in favour of Irídia and ordered the indictment of three NSO Group executives. They will be investigated for the alleged crime of discovery and disclosure of secrets. This follows the judge’s refusal to charge them, limiting the investigation to production and commercialisation companies.
This sets an important precedent in the fight against spyware espionage in Europe and represents a significant step forward in the investigation. Individuals involved will have to answer personally before the courts. This comes at a time when there is increasing evidence of the company’s responsibility in the infection process.

More info

Irídia vs. Pegasus

From Irídia we represent a lawyer affected by Pegasus, who is spied to access their clients and legal strategy. This is a particularly serious incident that violates fundamental rights such as the right to defense and privacy. His case is just one of the many detected in Spain, and of the hundreds in different countries of the European Union.

More info

Intervention in Privacy International’s case against the hacking powers of the British NSA, the GCHQ agency

Data Rights’ founder intervened in 2019 to bring information of issues of the French regime on the regulation of hacking by intelligence services. Unfortunately the court did not rule on the substance of the case due to the consideration that all British legal remedies had not been exhausted by Privacy International before they referred the case to the ECtHR. This case was analysing the different hacking capabilities of GCHQ and led the British services to improve their internal accountability. Although unrelated to this case, to give a sense of the activities of GCHQ at the time it is useful to point out that they had hacked into the telecommunications provider of the European Commission, the European Parliament and the European Council, to impress the NSA.To read more on this operation

More info

France’s surveillance loophole for wireless communications

In the context of the Exégètes litigation coalition (French Data Network, Quadrature du net, and FFDN - the federation of non-profit ISPs of France), Data Rights founder L. Roussey, with the support of Data Rights advisor H. Roy, developed in 2017 the coalition’s sections on hacking rules of France’s intelligence services. This work formed part of the case against the entirety of France intelligence rules. This brief of 2017 came one year afer the Exegetes referred the reform of intelligence powers to the French Constitutional Council and won the closure of a surveillance loophole on all wireless communications. Soon after this 2017 brief was sent to the Conseil d’État the case was referred to the EU’s top court, the CJEU. Before the CJEU Privacy International intervened in our case, and this led to the 2020 ruling Quadrature du net et alia.

Read more

Read the 2017 brief [FR] to France’s top administrative court, the Conseil d’État, about hacking powers of intelligence services in France. The document is long, you might want to search for keywords: Budapest; Cybercrime; Stuxnet; Wannacry.