Pegasus scandal

Communication means used by “senior officials” come under the radar

How are the electronic communications of government members and senior officials protected? A question no one wants to answer, even if transparency is a cornerstone of national strategies on these issues. (Photo: Twitter account of Xavier Bettel)

How are the electronic communications of government members and senior officials protected? A question no one wants to answer, even if transparency is a cornerstone of national strategies on these issues. (Photo: Twitter account of Xavier Bettel)

The scandals involving the eavesdropping of politicians, journalists and public figures by the NSO Group's Pegasus software raise the question of how the communications of Luxembourg's ministers and senior officials are protected. A taboo subject that no one seems to want to answer.

Are the Prime Minister, ministers and at least some senior officials subject to special protocols in their electronic communications? Do they have special smartphones that encrypt their communications by default? Are they bound by rules about their use of social networks?

If the answer to this is yes, then it should be noted that at least three of them--and not the less prominent ones --Prime Minister Xavier BettelXavier Bettel (DP), Finance Minister Pierre GramegnaPierre Gramegna (DP) and Economy Minister Franz FayotFranz Fayot (LSAP)--indicate in their Twitter biographies that they add their initials when they are the author of a tweet. Are these tweets, without a signature, to be considered the work of a senior official or spokesperson?

Again if this is the case, do senior officials or spokespersons have access to their minister's account from their own smartphone or 'only' the passwords to the ministers' accounts?

Do ministers have, at the very least, an encrypted instant messenger?

Did the presence of ministers' numbers and personal information in the recent Facebook leak of 500 million accounts, including 188,500 in Luxembourg, have an impact on the strategy deployed in Luxembourg?

Does the national cybersecurity strategy, under the responsibility of the high commissioner for national protection, which is regularly updated, include a section on the protection of executive politicians?

Did the NSO Group's disputed revelations about the use of their Pegasus technology by governments with little regard for human rights for the purposes of industrialised espionage trigger a simple audit of the security of the executive's electronic communications?

Has a judicial enquiry, as is the case in a number of countries such as France and Israel, been imagined or initiated?

Is it considered in high places that these questions are null and void because the members of the government have no secrets to protect, even though the image of the 'first mover’--the first to act--so dear to Luxembourg, regularly continues to fuel the famous 'nation branding'?

When questioned, the Ministry of the Economy did not even bother to answer. The Ministry for Digitalisation refers to the Media and Communications Service (which depends on the Ministry of State), which refers to the Ministry for Digitalisation and the State Information Technology Centre.

At a time when the protection of state secrets is a real issue, attention is being diverted to two bizarre ‘incidents', but not for the same reasons: the first is the attitude of the Minister for Family Affairs, Corinne CahenCorinne Cahen (DP), who blocked journalists, MPs and political opponents on Twitter and was put on the spot, as if she did not have the right to dispose of her account as she sees fit, even though she has become a minister; the second is the extradition requested by the United States of Frank Schneider, the former agent of the Luxembourg secret service, who has become a businessman and is in the midst of a €5.3 billion scandal surrounding OneCoin, a cryptocurrency.

Politicians indifferent to security instructions

Luxembourg politicians are no different from their French peers: Nicolas Sarkozy used his BlackBerry, indifferent to the instructions of his Information Systems Security Agency as was François Hollande, glued to his iPhone, and Emmanuel Macron and his iPhones almost grafted to his hand, represents symbols of modern men. The German chancellor, Angela Merkel, went the other way, considering as early as 2014 that iPhones were not safe enough and opting for a BlackBerry Z10 in 2013, then a BlackBerry Q10 the following year.

As far as we know, the entire administration is equipped with iPhones and everything is discussed from there. Because Pegasus, for example, no longer needs to get its owner to press a link in an SMS or WhatsApp message to access all the contents of the phone, including triggering the microphone remotely. Even end-to-end encryption of email installed on the devices would no longer make sense, unless a password is provided for each use, which can also be easily circumvented.

According to intel received, the State Information Technology Center (CTIE) is thinking of acquiring "special" phones, like the 4,000 to 10,000 Teorem phones acquired by Thales in France... but never used because their bricks are too reminiscent of the Motorola or Nokia models that were famous in the 1990s, and because the technology installed on them slowed down programmes and applications in an instantaneous world.

The issue of the security of ministers' communications is not addressed in the national e-governance strategy for the years 2021 to 2025, but some sections take on a new dimension. "Transparency, a key principle of a modern state, goes beyond a record of the citizen's interactions with the various authorities, but becomes the leitmotif of a modern administration that publishes the rules according to which it operates in a clear and understandable way," it states.

Transparency and trust

"The prospects offered by the use of new technologies and the potential risks of fraud associated with them are raising fears in society more than ever. The public administration will therefore have to take concrete action more than ever in the context of transparency to counter anxieties and thus build citizens' trust in the online services offered to them by the public administration," says another passage in the strategy. The Centre for Media Pluralism and Freedom, in its analysis, explained that authorities should improve access to information as well as the government, resources and competence of the national audiovisual media authority (Alia).