Spain's highest criminal court has once again shelved its investigation into the use of Israeli-made Pegasus spyware to target the mobile phones of senior Spanish government ministers, including Prime Minister Pedro Sánchez. The decision, announced on Thursday, cites a chronic and ongoing lack of cooperation from Israeli authorities, which the court says violates international legal agreements and the principle of good faith between nations.
Investigation Stalled by International Obstruction
Judge José Luis Calama of the Audiencia Nacional in Madrid stated that the investigation into the Pegasus attacks is being dropped for the second time due to Israel's persistent failure to respond to formal requests for information. These requests, known as letters rogatory, were intended to help identify who was behind the cyber-espionage targeting Spanish politicians.
The judge emphasised that the Israeli authorities' silence has effectively impeded the inquiry into attributing responsibility for the attacks to any specific individual or entity. Calama noted that this behaviour disrupts the balance of international cooperation and contravenes two international legal agreements that Israel has signed.
High-Profile Targets and Political Fallout
The investigation was launched in May 2022 after the Spanish government disclosed that the phones of Prime Minister Pedro Sánchez and Defence Minister Margarita Robles had been infected with Pegasus spyware the previous year. It was later confirmed that the mobile devices of the interior minister and the agriculture minister had also been compromised.
According to its manufacturer, the NSO Group, Pegasus software is sold exclusively to state agencies. The revelations prompted significant political repercussions within Spain, leading to the dismissal of the country's spy chief, Paz Esteban, and admissions of "shortcomings" within Spain's National Intelligence Centre (CNI).
A Case of Repeated Frustrations
Judge Calama initially closed the investigation in July 2023 but reopened it several months later after French authorities provided information regarding the use of Pegasus to target French ministers, members of parliament, lawyers, and journalists. However, in this week's ruling, the judge concluded that the information from France did not contain any new evidence that could help identify the perpetrators behind the attacks on Spanish officials.
Expressing his frustration, Calama highlighted the repeated non-responsiveness from Israel, which included ignoring a request to take a statement from the chief executive of NSO Group. Without such cooperation, the judge stated that the investigation "remains dormant" until either Israel fulfills the requests or new sources of evidence emerge.
NSO Group's Stance and Broader Context
In a statement previously sent to the Guardian when the targeting was first revealed, NSO Group asserted its firm stance against the misuse of its technology to monitor politicians, activists, dissidents, and journalists. The company described such actions as a severe misuse and stated it is committed to investigating any suspicion of misuse, cooperating with governmental inquiries.
NSO emphasised that it is merely a software provider, does not operate the technology, and is not privy to the data collected. The company implements measures to ensure its systems are used solely for authorised purposes, it said.
This case is part of a wider pattern of Pegasus-related controversies. In July 2020, a joint investigation by the Guardian and El País revealed that senior pro-independence Catalan politicians had been warned their phones were targeted by Pegasus. Two years later, cybersecurity experts at Citizen Lab at the University of Toronto reported that at least 63 individuals connected to the Catalan independence movement had been targeted or infected with the spyware between 2017 and 2020. It later emerged that 18 of these cases involved legal surveillance conducted by the CNI with judicial approval.
The shelving of this high-profile case underscores the significant challenges nations face in investigating cross-border cyber-espionage, particularly when state-level cooperation is withheld, leaving victims without answers or accountability.
