Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Human Rights and Surveillance Technologies: A Case Study of Pegasus Spyware within the Dutch Legal Framework

Tsoy, Julia Viktorovna LU (2024) JAMM07 20241
Department of Law
Faculty of Law
Abstract
This research investigates the legislative framework surrounding spyware within the European Union (EU), specifically the Netherlands. It looks at ways to improve the legislative framework that oversees online surveillance. The research begins by introducing spyware, using Pegasus as a prime example. Pegasus, a spyware developed by the Israeli company NSO Group, has been at the centre of numerous controversies due to its extensive capabilities and alleged government misuse. The use of spyware goes far beyond conventional surveillance, as it gives full access and control to the targets' devices, allowing for both real-time surveillance and full retroactive access to all messages and communications.

The research looks at human rights... (More)
This research investigates the legislative framework surrounding spyware within the European Union (EU), specifically the Netherlands. It looks at ways to improve the legislative framework that oversees online surveillance. The research begins by introducing spyware, using Pegasus as a prime example. Pegasus, a spyware developed by the Israeli company NSO Group, has been at the centre of numerous controversies due to its extensive capabilities and alleged government misuse. The use of spyware goes far beyond conventional surveillance, as it gives full access and control to the targets' devices, allowing for both real-time surveillance and full retroactive access to all messages and communications.

The research looks at human rights protections and theories such as individual autonomy and dignity as described by Kant and followed by Locke's social contract theory. This is succeeded by Foucault's analysis of surveillance's disciplinary power. These perspectives form the theoretical foundation for this thesis, challenging the legitimacy of state surveillance practices. This is followed by an overview of spyware, including its technical features and applications in government use. It then looks at the current legislative framework within the EU before delving into the impacts of digital surveillance on human rights. This is followed by the Dutch legal perspectives on surveillance, actors that play a role and case studies highlighting surveillance practices followed by the Dutch compliance with European standards on surveillance. The thesis concludes with comprehensive strategies to regulate online surveillance and explores the regulation possibilities.

This thesis fills a critical gap in the literature on this topic within the EU. It can be a starting point for further research within the Netherlands and other EU countries. Additionally, insights from the Dutch experience can resonate with individuals and institutions across the EU. The misuse of Pegasus is frequently connected to human rights violations, highlighting a fragmented regulatory framework. Research on regulatory mechanisms is crucial to prevent further harmful consequences on human rights, democracy, and the rule of law caused by surveillance technologies.
This research has been conducted using the legal doctrinal method to analyse the legal landscape of online surveillance. This method systematically analyses legal texts, such as laws, regulations, and court decisions, to understand the legal principles and rules governing this particular issue. This method was used to analyse public-accessible information, such as governmental publications, parliamentary questions, investigative reports, soft law declarations, case law, academic literature, recommendations and police statistics, to determine the applicable laws. Moreover, access to governmental and non-governmental databases via their websites provided insight into ongoing and concluded legal investigations concerning Pegasus.

This thesis concludes that spyware technologies like Pegasus emerge faster than regulatory bodies, control mechanisms or legal frameworks governing them. This alarming trend means that the Dutch and European legal frameworks, to a large extent, are not ready for what is technologically possible. Therefore, states can conduct unlawful surveillance without fear of legal consequences. Not only are human rights violated, but the use of spyware also undermines democracy, democratic institutions and the rule of law, as the unregulated use of surveillance technologies can seriously silence civil society. Robust legal frameworks and effective oversight mechanisms are needed to reduce risks associated with surveillance technologies. These regulatory measures must be adaptable. Besides, collaboration must occur between governments, international bodies, and civil society. Rather than entirely banning spyware, EU Member States, including the Netherlands, should meet specific requirements, such as effective judicial authorisation, transparency, independent oversight and ensure its use is always a last resort. In the short term, states should refrain from using spyware until a legislative framework, oversight mechanisms, and remedy systems are in place. (Less)
Please use this url to cite or link to this publication:
author
Tsoy, Julia Viktorovna LU
supervisor
organization
course
JAMM07 20241
year
type
H2 - Master's Degree (Two Years)
subject
keywords
Spyware, Surveillance, Pegasus, Netherlands, human rights
language
English
id
9156552
date added to LUP
2024-06-25 11:27:15
date last changed
2024-06-25 11:27:15
@misc{9156552,
  abstract     = {{This research investigates the legislative framework surrounding spyware within the European Union (EU), specifically the Netherlands. It looks at ways to improve the legislative framework that oversees online surveillance. The research begins by introducing spyware, using Pegasus as a prime example. Pegasus, a spyware developed by the Israeli company NSO Group, has been at the centre of numerous controversies due to its extensive capabilities and alleged government misuse. The use of spyware goes far beyond conventional surveillance, as it gives full access and control to the targets' devices, allowing for both real-time surveillance and full retroactive access to all messages and communications.

The research looks at human rights protections and theories such as individual autonomy and dignity as described by Kant and followed by Locke's social contract theory. This is succeeded by Foucault's analysis of surveillance's disciplinary power. These perspectives form the theoretical foundation for this thesis, challenging the legitimacy of state surveillance practices. This is followed by an overview of spyware, including its technical features and applications in government use. It then looks at the current legislative framework within the EU before delving into the impacts of digital surveillance on human rights. This is followed by the Dutch legal perspectives on surveillance, actors that play a role and case studies highlighting surveillance practices followed by the Dutch compliance with European standards on surveillance. The thesis concludes with comprehensive strategies to regulate online surveillance and explores the regulation possibilities.

This thesis fills a critical gap in the literature on this topic within the EU. It can be a starting point for further research within the Netherlands and other EU countries. Additionally, insights from the Dutch experience can resonate with individuals and institutions across the EU. The misuse of Pegasus is frequently connected to human rights violations, highlighting a fragmented regulatory framework. Research on regulatory mechanisms is crucial to prevent further harmful consequences on human rights, democracy, and the rule of law caused by surveillance technologies.
This research has been conducted using the legal doctrinal method to analyse the legal landscape of online surveillance. This method systematically analyses legal texts, such as laws, regulations, and court decisions, to understand the legal principles and rules governing this particular issue. This method was used to analyse public-accessible information, such as governmental publications, parliamentary questions, investigative reports, soft law declarations, case law, academic literature, recommendations and police statistics, to determine the applicable laws. Moreover, access to governmental and non-governmental databases via their websites provided insight into ongoing and concluded legal investigations concerning Pegasus.

This thesis concludes that spyware technologies like Pegasus emerge faster than regulatory bodies, control mechanisms or legal frameworks governing them. This alarming trend means that the Dutch and European legal frameworks, to a large extent, are not ready for what is technologically possible. Therefore, states can conduct unlawful surveillance without fear of legal consequences. Not only are human rights violated, but the use of spyware also undermines democracy, democratic institutions and the rule of law, as the unregulated use of surveillance technologies can seriously silence civil society. Robust legal frameworks and effective oversight mechanisms are needed to reduce risks associated with surveillance technologies. These regulatory measures must be adaptable. Besides, collaboration must occur between governments, international bodies, and civil society. Rather than entirely banning spyware, EU Member States, including the Netherlands, should meet specific requirements, such as effective judicial authorisation, transparency, independent oversight and ensure its use is always a last resort. In the short term, states should refrain from using spyware until a legislative framework, oversight mechanisms, and remedy systems are in place.}},
  author       = {{Tsoy, Julia Viktorovna}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{Human Rights and Surveillance Technologies: A Case Study of Pegasus Spyware within the Dutch Legal Framework}},
  year         = {{2024}},
}