A second prominent member of the Catalan separatist movement said he had been warned that his cell phone was being targeted with spyware.
The development should support calls for an investigation into the possible use of hacking technology by the Spanish authorities.
Ernest Maragall, Member of the Regional Parliament and former member of the European Parliament who was also Catalan foreign minister, told the Guardian and El País that he had been alerted by researchers working with WhatsApp that his phone had been taken for target last year.
A joint newspaper investigation revealed on Monday that Roger Torrent, speaker of the Catalan Parliament, was also targeted in 2019, according to researchers at the University of Toronto’s Citizen Lab who collaborated with WhatsApp.
“It’s terrible,” said Maragall. ” It is not a surprise. This is only part of the techniques, of the reality in which we live every day. We are in a situation where legal actions, politicians, security forces, prosecutors, everyone … is against our movement, our peaceful and democratic movement as citizens here in Catalonia. “
Torrent and Maragall – as well as two other pro-independence activists – were alerted that they were targeted in April-May 2019, when spyware used by government customers around the world exploited an earlier vulnerability in WhatsApp software. Spyware, manufactured by NSO Group of Israel, allows the operator of the hacking tool to access an individual’s phone, including email, calls and text messages.
NSO Group said it had no knowledge or control over how its customers use spyware.
Current and former leaders of the Catalan independence government have called for an investigation into what a Citizen Lab researcher has called a “possible case of national political espionage” in Europe.
Torrent called the reports “extraordinarily serious,” adding, “We cannot normalize the spying on political dissent.” He said that if the Spanish government knew the facts of the case “then he would have been an accomplice to a crime”.
If not, he said, “it would be a very disturbing symptom of political neglect and ignorance of illegal practices”.
Gabriel Rufián, spokesman for the National Parliament of the Catalan Republican Left Party, called on the Spanish Minister of the Interior, Fernando Grande-Marlaska, to “provide explanations on espionage and the invasion of privacy against Catalan political leaders by government organizations ”.
The revelations also resonated in the European Parliament, where one of the highest allies of Pedro Sánchez, the Spanish Prime Minister, called for an investigation into the targeting of Torrent’s phone.
Juan Fernando López Aguilar, a Spanish socialist MEP who chairs the European Parliament’s Civil Liberties Committee said: “Any indication that there may have been an intrusion into the privacy of European citizens’ data – whether it be high-ranking officials, representatives or individuals for this matter – should be investigated thoroughly. In Spain, he said, these investigations are the responsibility of the prosecution.
He added that there was “no reason to indicate the responsibility of a national agency or government [in connection] to this information that we just read. “
The Spanish government has declared this to be a legal rather than a political issue and has suggested that Torrent raise its concerns with the judicial authorities.
“The government has no evidence that the President of the Catalan Parliament was the victim of a hacking or theft involving his mobile phone,” government spokeswoman María Jesús said on Tuesday afternoon. Montero.
“When questions of this nature arise, the procedure is well known: you inform the competent judicial authorities of the hacking or wiretapping, or of the theft of a device, and they can then investigate to find out if it has happened and in which circumstances. Any listening on a mobile phone always requires prior judicial authorization. It is not something for the government. “
In a statement, the Spanish Ministry of the Interior declared: “Neither the Ministry of the Interior, nor the national police, nor the Guardia Civil have ever had any relationship with the company that developed this program and, as such, have never contracted its services. “
He added that the actions of the state security forces were always carried out “with the greatest respect for the law”.
The Spanish National Intelligence Center (CNI) said in a statement that it had acted “in full compliance with the legal system and in full compliance with applicable laws” and that its work was supervised by the Spanish Supreme Court.
He did not respond to specific questions regarding the alleged use of the “Pegasus” spyware sold by NSO Group.
WhatsApp said a total of 1,400 users were targeted in the 2019 attack, which is now on trial by the messaging app against NSO Group. California society has claimed that 100 members of civil society – including journalists in India, human rights activists in Morocco, diplomats and senior government officials – have been affected.
NSO Group denied having played a role in the operation of its hacking software and said it did not know who was targeting its government customers.
The company said it operates under “advanced governance policies” and cannot confirm or deny which authorities are using its technology due to confidentiality constraints.
The company criticized Citizen Lab, which has conducted extensive research into the use of spyware from NSO Group, and said the researchers had failed to “competently address the challenges facing application organizations of law ”who must intercept encrypted communications. NSO Group said it sells spyware only to governments to track down terrorists and criminals.
López Aguilar, who worked on the European Parliament’s response to the 2013 revelations that the US National Security Agency had hacked the telephone tapes of millions of people, said that all EU member states were required to follow European data privacy law, including general data protection regulations.
“Any Member State which may have infringed this European law should be responsible for it, but these reports must first be fully checked. The protection of rights and privacy is essential for the coherence of Europe. “