Country-hearing: Spain (29 November)
Panel 1:
- Ignacio Cembrero, investigative journalist at El Confidential
- Andreu van den Eynde, Criminal lawyer
- Gregorio Martin, Emeritus Professor of Computer Science, University of Valencia
Panel 2:
- Esperanza Casteleiro Llamazares, Director of the Spanish National Intelligence Agency (CNI)
- Juan Jesús Torres Carbonell, Secretario General de Administración Digital
Ignacio Cembrero says there are two aspects, Catalangate and Morocco’s spying on the Spanish government. He feels more qualified for the Moroccan angle, he was also a victim because he works as an investigative journalist on Morocco.
There are three people known to have been intercepted, besides himself, and more importantly, Ms Aminatou Haidar, who uses a Spanish phone number. Investigations are ongoing, there have been articles in the Guardian newspaper and on Forbidden Stories.
This year, Spain’s government finally filed a complaint with the Audiencia Nacional, claiming that the phones of the ministers of defence, interior and prime minister were attacked. There is also only one power that could have been interested in such an attack: Morocco. When around 10,000 migrants tried to reach Melilla from Morocco in the summer of 2021, there was a crisis between governments in Rabat and Madrid. But the time when the government started to report about the hacking is not credible, as the Defence Minister explained that she had already been attacked the year before.
So the publication this year was done to weaken the reports on Catalangate.
The judges of the Audiencia Nacional have written twice to Israel to ask for the judiciary’s assistance, nothing more. This is different from France, where the government has clearly put its foot down and achieved, for example, that Israeli spy products cannot be used in France. The European Union would also have to implement this accordingly.
He received a civil suit from Morocco in Spain, where the verdict will soon be pronounced. There were two criminal charges and another civil suit before that. The EU is preparing a directive to prevent activists and journalists from being harassed by companies, for example.
When asked, Ignacio Cembrero says that the current and former governments do not care what Morocco does to him. They are also not empathetic in private. The upcoming trial against him will take place on 13 January. He had given his phone to the public prosecutor’s office, from where it was sent to the court and the police for analysis. It contains practically the entire private and professional life of a person. He had also been followed in other ways, his tyres had been punctured, his telephone had been intercepted. Nevertheless, he was not fundamentally against Morocco, had many friends there and spent his holidays there. At the moment, he said, relations between the two countries are excellent again, now that Spain is moving closer to Morocco’s position on the Western Sahara, there is a honeymoon. However, he added, there is currently a serious crisis with Algeria because of this.
Andreu van den Eynde is a criminal lawyer in Barcelona and a member of the European Bar Association. He is a lawyer at Esquerra Republicana de Catalunya for the politicians affected there. In July 2020, WhatsApp had informed the president of the parliament that his mobile phone was infected with Pegasus.
A total of eight Barcelona courts are hearing cases of victims from Pegasus and Candiru attacks. The 32nd Senate in Barcelona then sent letters rogatory to Israel to see if NSO logs were available. But there was still no reply. So Israel has not implemented the requirements of the Budapest Convention.
The infections took place with infected messages posing as social security, among other things. I have contacted the Spanish ombudsman about this without success, and NSO is not supporting me either.
Everyone says it was the CNI secret service, and they have not denied it. I would like to remind you that NSO only sells to governments, as they also say here in the committee. After Catalangate came to light, the head of the CNI had to resign. Officially, it was said that 18 people had been spied on. But there is no law that allows such spying, except after a judicial review that also takes human rights into account. Operations against lawyers are not allowed. Nevertheless, no one is helping him to find out who hacked my mobile phone and where my data is now. It is also a pity that the voices of the other 65 victims cannot be heard.
When asked about the court cases, Andreu van den Eynde says that sadly very little is being done by the judges, it is happening at a different speed than the investigations into the government hack. That is unfortunately a fact. The prosecution is not supporting the investigations.
Gregorio Martin explains that he is a pensioner, but has studied Catalangate because he is interested in the deontological concerns. The technical arguments don’t really hold water, so he looked into it. It is not a simple issue.
There is a tool called MVT, published by Amnesty International, which can be used to analyse devices. The question is whether it can also be used to check falsified data, or even falsify the data with it.
Amnesty International has published data from a total of four devices, this is supposed to be proof, but that is actually very little. One of the victims is professor Elisenda Paluzie. He compared this dataset to CitizenLab’s findings. MVT uses various sources, including from known attacks, also keywords etc. Catalangate classifies in these 65 cases that an attack vector has been used. In addition, two other vectors, including one that recognises SMS.
CitizenLab and Amnesty International acknowledge that they are currently unable to perform analysis for Android phones.
On 13 May 2019, WhatsApp had announced that they had identified a critical vulnerability and released a patch. However, a complaint then referred to a vulnerability from 2016, so this may not have been used at all in the later cases. CitizenLab, however, had issued a notification on the same day that attacks had been carried out with the said vulnerability. However, WhatsApp has never confirmed this. How did CizizenLab get hold of the list of 1400 affected phones?
So the alleged anomalies could also have occurred in the normal operation of WhatsApp. Catalangate contains a large number of technical errors that need to be investigated.
When asked, Gregorio Martin says he does not want to say that someone is lying, but that there are flaws and errors. The press assumed 50,000 infected phones and then put the puzzle together. In the 65 cases at issue here, he has looked at 4 people here.
The University of Toronto has one of the best computer science departments in the world, which he is not criticising. Nevertheless, Catalangate uses arguments that they as scientists do not use.
Scientifically, he says, you can’t tell if a mobile phone is infected with Pegasus. Apparently only Amnesty International and CitizenLab can do that, he says ironically. That’s why he thinks the revelations were too optimistic. As far as scientific truth is concerned, they have had a difficult time. He believes that the Spanish government did not intercept with Pegasus in cases he looked at.
Esperanza Casteleiro Llamazares describes that the laws of the secret service CNI are laid down in the constitution. This also applies to the investigation of violations of fundamental rights. They always comply with the law without exception. Law 11 describes the CNI’s tasks. According to Law 3, it is a secret service.
One of its most important tasks is to cooperate with other authorities in order to identify those who pose a security risk to the state and its national or economic interests. This also includes the protection of encrypted communications.
There are specific controls for the CNI, including parliamentary. There is a committee on state secrecy, classified information, to which the CNI reports. The committee is also aware of the tasks that the state assigns to the secret service. In this way, the legal requirements are fulfilled. The CNI becomes active when the committee calls on it or reports to the committee on its own initiative. The law also regulates how the committee members, who are subject to the strictest secrecy, are appointed.
As far as financial control is concerned, the same applies to the CNI as to all other authorities, there is a budget which is controlled by auditors and later discharged.
One can only act in matters that are regulated in the Intelligence Act Article 18 paragraph 2 and 3. This would have to be ordered by a judge. Then vested fundamental freedoms of the persons concerned may be overridden. The application for this must be extensively investigated by the judge. Such an order can be granted for a maximum of 3 months.
In response to questions from members of the committee, she simply said that all 28 questions concerned intelligence matters and could not be answered in public. The Chair therefore asked for at least a written answer.
Juan Jesús Torres Carbonell described the responsibilities of his institution. This includes the monitoring of digital processes of the authorities and everything that has to do with it, including preparation and exercise. It also works together with the Ministry of Finance and the Ministry of Civil Service, for example when common systems are introduced.
See here the stream of today‘s hearing.