Implications of the Italian Spyware Scandal

Key Judgements

• Allegations that the Italian government used its technology to hack into the phones of criticis, using technology from the Israeli Spyware maker, Paragon Solutions
• Most of the individuals targeted have expressed criticism of the Melloni Italian administration
• The Paragon case has raised questions by opposition parties about citizens’ democratic rights and laws surrounding wiretapping in Italy
• The Meloni government continue to deny any involvement with the hacking operation but suspended its contract with Paragon Solutions

Context

Paragon Solutions, an Israeli spyware company, has a flagship product known as “Graphite”, which can be used to gain complete access to a target’s phone. Paragon claims to sell its technology exclusively to “a select group of global democracies, primarily the United States and its allies.”  The company is a competitor to NSO group, which manufactures a similar spyware product called “Pegasus”.

Timeline

During a meeting on the week of the 3^rd of February with Copasir, the parliamentary committee for the intelligence services, Giovanni Caravelli, Aise’s chief, admitted the agency had used the Paragon spyware but not to monitor journalists or activists.

The Italian government confirmed in a statement on the 5^th of February 2025 that 7 mobile phone users in the country had been hacked, calling the incident “particularly serious”, Prime Minister Giorgia Meloni’s office denied any involvement and asked Italy’s National Cybersecurity Agency (ACN) to investigate it.

On the 6^th of February, Fanpage director Francesco Cancellato, Mediterranea Saving Humans mission chief Luca Casarini, David Yambio, spokesperson for Refugees in Libya and Husam El Gomati, a  Sweden-based Libyan activist all received warnings from Meta that their devices had been “compromised by a high-level spyware operation using one of the most sophisticated surveillance tools available.” Meta’s WhatsApp chat service alleged that spyware was used to target 90 WhatsApp users in two dozen countries. The Italian government said they were told by WhatsApp that those targeted had phone numbers with prefixes from countries including Spain, Portugal, Greece, Sweden, Belgium, Latvia, Lithuania, Austria, Cyprus, the Czech Republic, Denmark, Germany, and the Netherlands. Targeted individuals were sent a “zero-click hack”, a malicious document that required no user interaction to compromise the device.

The Italian government issued a statement saying a total of 90 individuals across 14 EU countries have been targeted in violation of established engagement rules and 7 cases have been confirmed in Italy so far. Additionally, the European Commission spokesperson Markus Lammert said national authorities would be responsible for probing these allegations, not the EU executive. She did note that in general, “any attempt to illegally access the data of citizens, including journalists and political opponents, is unacceptable if proven.” On the same day, Paragon Solutions terminated its relationship with clients in Italy including an intelligence agency and law enforcement agency, “out of an abundance of caution” following initial allegations of potential misuse. The contract did not allow for journalists or members of civil society to be targeted.

On the 7^th of February, the Italian intelligence agency, Asie revealed it had suspended its contract with Paragon pending investigations. The former Prime Minister, Matteo Renzi, said those responsible must be held to account.

On the 12^th of February, the Ministry for Parliamentary Relations Luca Ciriani refuted the claims of the government spying on journalists and said the government would take legal action against any accusers. On the same day, Undersecretary to the Prime Minister, Alfreado Mantovano stated if there had been any misuse it fell under judicial authorities, and they were awaiting the outcome of investigations by the parliamentary intelligence oversight committee and the National Cybersecurity Agency (Agnenzia per la Cybersicurezza Nazionale).

On the 18^th of February Sandro Rutolo, a Democratic Party MEP, said “This is one of the most serious attacks on the rule of law in Europe” adding “We want to know which countries have illegally spied on their citizens, why, and how we can protect European citizens”. He sent a letter signed by opposition forces in Italy to the European Parliament President, requesting an inquiry committee.  He also raised the issue at a hearing in the European Parliament’s civil liberties committee, noted in attendance was European Commissioner of Technological Sovereignty, Security and Democracy, Henna Virkkunen. On the same day, the president of the Italian parliament signed a document involving a rule allowing the government to refrain from responding to questions related to the scandal, claiming that “all unclassified information has already been shared” and any other details were under secrecy rules.

On the 19^th of February, Italy’s national union for journalists (FNSI) a criminal complaint in response to this decision.  The secretary general, Alessandra Costante said  “We want clarity, we want journalists to be able to do their job without the risk of being intercepted. We’re dealing with facts that not only violate the criminal code but the constitution itself. It is also extremely serious that the government has decided not to report to parliament.” The Order of Journalists and the FNSI also announced legal action, calling on the Italian public prosecutor’s office in Rome to seek clarification about the wiretapping of an Italian journalist.

Analysis

Most of the individuals in Italy who were involved were linked by criticism towards the current administration and Prime Minister Meloni. Cancellato’s outlet had published two major investigations into Giorgia Meloni’s party over the past year including a high-profile investigation that exposed young fascists within Meloni’s party. Casarini engaged in sea rescue operations for migrants through a non-government organisation. He was critical of Italy’s alleged complicity in abuses suffered by migrants in Libya. The Meloni government has vowed to cut arrivals to Italy’s shores. El Gomati had been critical of the Italian and Libyan governments’ activities against immigrants in the Mediterranean Sea.

The Italian government denied any suspicion of Paragon and then suspended their contract the next day, this raises questions about their involvement in the hacking operation. Additionally, the refusal to answer questions in parliament makes them appear afraid of revealing information.

If the Italian government were involved in the Paragon case it raises questions about the rights of their citizens and the rule of law within Italy as it would represent a severe constitutional breach of democratic rights.

What happens next?

According to Italian law preventive wiretaps may be conducted by intelligence agencies or the police but only if the targeted individuals are a serious danger to the national and economic security of the nation. These measures can be used before a crime has been committed.  This authorisation rests with the prime minister, interior minister or justice minister. In the aftermath of the Paragon case, this legal framework will likely be changed due to pressure from opposition political parties. Members of the Five Star Movement (M5S) have already raised concerns about this case and the protection of privacy and the freedom of the press.