Published in News

Italy has become a major spyware hub

by on14 November 2024


Il Grande Fratello ti sta guardando.

According to spyware experts, Italy has become one of the three top global spyware hubs alongside India and Israel.

RCS Labs, a relatively unknown Italian firm, has been operating since 1992 and is known for its spyware, Hermit, which is used in countries such as Syria and Italy. Documents published by Wikileaks in 2015 revealed that RCS had engaged with military and intelligence agencies in several countries, including Pakistan, Chile, and Vietnam.

RCS is part of a more extensive network of spyware vendors in Italy, which includes six significant vendors and one supplier. Many smaller and harder-to-track enterprises also operate with little oversight. Unlike the sophisticated spyware from Israel’s NSO Group, Italian spyware is cheaper, making it more accessible.

 Law enforcement in Italy can rent spyware for €150 a day, leading to thousands of operations in recent years.

Italy’s Hermes Center for Transparency and Digital Human Rights Fabio Pietrosanti said: “Spyware is being used more in Italy than in the rest of Europe because it's more accessible.”

In 2017, Pietrosanti worked on legislation to regulate Italian authorities' use of spyware. Although the bill failed, some principles were included in a new reform bill set to take effect in February. Stefano Quintarelli, a former member of the Italian Parliament, spearheaded the reform effort. Quintarelli was shocked by Italian authorities' widespread use of spyware and decided to draft a bill to limit its use.

Quintarelli recalled noticing a legislative amendment allowing the usage of spyware for a wide range of crimes without safeguards.

“I looked at that and I said, ‘Wow, there must be something that I don't understand,’” he said. The new law requires an investigating judge to provide an “independent evaluation” of the need for spyware in each case.

A 2021 report from the Italian legislature detailed the misuse of RCS spyware, revealing that RCS had an office inside the Naples public prosecutor’s headquarters. This office accessed sensitive data, which was not encrypted and could be accessed remotely by RCS administrators.

“This story, in some ways Orwellian, confirms the extreme delicacy of the use of the computer interceptor,” the legislature’s report stated, warning of the risk of abuse and evidence tampering.

While the new law introduces some fixes, it does not fully address the issue of tracking spyware deployment.

Last modified on 14 November 2024
Rate this item
(1 Vote)