Italy Used Spyware on Immigration Activists, Lawmakers Say

Italian Government Confirmed Use of Spyware

A parliamentary committee in Italy has affirmed that the nation’s government employed spyware developed by the Israeli firm Paragon to monitor several individuals dedicated to assisting migrants at sea. However, the committee’s investigation determined that a well-known Italian journalist was not among those targeted, thereby leaving crucial aspects of the spyware attacks unresolved.

COPASIR Report Details

The Parliamentary Committee for the Security of the Republic, commonly referred to as COPASIR, released a report on Thursday detailing the findings of a months-long investigation into the utilization of Paragon’s Graphite spyware within Italy. Initial reporting on the report originated with the Israeli newspaper Haaretz.

WhatsApp Notifications Trigger Investigation

The investigation was prompted by notifications sent by WhatsApp in January to approximately 90 users, alerting them to potential targeting by Paragon’s spyware. Following these alerts, several individuals in Italy came forward, sparking a significant scandal concerning Italy’s history of hosting spyware companies and the government’s own practices regarding spyware use.

Focus on Activists and Journalists

COPASIR’s inquiry specifically centered on the targeting of Luca Casarini and Giuseppe Caccia, both associated with Mediterranea Saving Humans, an Italian nonprofit organization focused on rescuing migrants attempting to cross the Mediterranean Sea. The committee concluded that, in both instances, the surveillance was legally justified as part of investigations into the alleged facilitation of illegal immigration.

Journalist's Case Remains Unclear

Conversely, the COPASIR committee found no evidence to suggest that Francesco Cancellato, a journalist who also received a WhatsApp notification, had been targeted by Italian intelligence agencies.

Database and Log Audits

Committee representatives examined the intelligence agencies’ spyware database and audit logs for Cancellato’s phone number, yielding no relevant records. Furthermore, no evidence of legal requests to monitor Cancellato was found from either the country’s top prosecutor’s office or the Department of Information for Security (DIS), the Italian government department overseeing intelligence operations.

Potential Foreign Government Involvement

The report acknowledged that Paragon serves foreign government clients who could potentially target individuals within Italy, suggesting a possible explanation for the targeting of Cancellato’s phone. However, COPASIR did not present any supporting evidence for this hypothesis.

Cancellato's Investigative Work

Cancellato serves as the director of Fanpage.it, an Italian news website recognized for its investigative journalism, including an exposé on the youth wing of Italy’s far-right ruling party, currently led by Prime Minister Giorgia Meloni. This investigation revealed private racist remarks and fascist chants among party members.

Other Potential Targets

The report did not address the case of Ciro Pellegrino, a colleague of Cancellato, who received a notification from Apple in late April indicating he had been targeted by government spyware. It remains unclear whether Pellegrino was targeted with Paragon’s spyware, as the Apple notification did not specify.

Lack of Official Response

Neither the Italian government nor COPASIR responded to requests for comment regarding the cases of Cancellato and Pellegrino.

Journalist Questions Findings

Cancellato responded to the report in a published article on Friday, expressing skepticism about the committee’s conclusions regarding his case and requesting further clarification.

Unanswered Questions Remain

“Case closed? Not at all,” Cancellato stated.

Expert Analysis

John Scott-Railton, a senior researcher at The Citizen Lab, a human rights organization investigating spyware abuse, emphasized that determining who targeted Cancellato remains the central unanswered question arising from the report.

Implications for Paragon

“This report creates a problem for Paragon Solutions because the report leaves the most politically sensitive case unanswered: Who targeted this journalist? This outcome can’t make Paragon happy,” Scott-Railton explained to TechCrunch. “Because Francesco Cancellato’s case remains completely unexplained, all eyes are back on Paragon for an answer.”

Ongoing Investigations

Scott-Railton also indicated that Citizen Lab continues to investigate Cancellato’s case, analyzing his phone and data. Cancellato has confirmed this ongoing investigation to TechCrunch.

Paragon's Silence

Paragon did not respond to a request for comment.

Additional Cases Investigated

COPASIR also investigated the cases of Mattia Ferrari, a chaplain on the rescue ship of Mediterranea Saving Humans, and David Yambio, the president and co-founder of Refugees in Libya. The committee found no evidence of Ferrari being targeted, but confirmed that Yambio had been lawfully surveilled, though not using Paragon’s spyware.

Investigation Reveals New Information

COPASIR, during its inquiry into the alleged deployment of spyware by the Italian government, sought details regarding the utilization of Paragon within the nation. Requests for information were directed to various governmental departments, alongside inquiries to Citizen Lab and Meta, the parent company of WhatsApp.

The report indicates that the national anti-mafia prosecutor informed COPASIR that no Italian prosecutor’s office had procured or employed Paragon’s spyware. It's important to note that individual prosecutor’s offices in Italy maintain a degree of autonomy in acquiring spyware.

Responses from Law Enforcement

Similarly, the Carabinieri military police, the national Polizia di Stato, and the Guardia di Finanza, the financial crimes agency, provided the committee with identical responses.

Paragon’s Contracts and Agency Oversight

Paragon communicated to COPASIR that it held contracts with Italy’s intelligence agencies, specifically AISE and AISI. COPASIR representatives subsequently visited the DIS, as well as the offices of both agencies.

These visits included an examination of the spyware’s database and audit logs to assess how Paragon’s spyware was being utilized, and to identify the individuals targeted by the surveillance.

The committee’s conclusion was that no instances of misuse were found concerning the surveillance of individuals who had recently identified themselves as potential spyware targets.

Technical Aspects of the System

COPASIR’s report also shed light on the operational mechanics of Paragon’s spyware system. Verification confirmed that accessing the spyware requires operator login credentials – a username and password.

Furthermore, each deployment generates comprehensive logs, stored on servers under the customer’s control and inaccessible to Paragon. Crucially, COPASIR determined that customers are unable to delete data from these audit logs.

Agency Relationships and Contract Termination

The committee also uncovered details concerning the relationship between Paragon and its Italian intelligence clients, AISE and AISI, who have since terminated their contracts with the company.

Italy’s foreign intelligence agency, AISE, initiated the use of Graphite on January 23, 2024, following a contract signed the previous month. Their stated objectives included investigating “illegal immigration, fugitive apprehension, fuel smuggling, counterintelligence, combating terrorism and organized crime, and bolstering the agency’s internal security.”

The agency targeted a limited, though unspecified, number of phone users, gaining access to both live and archived communications from end-to-end encrypted applications.

AISI, Italy’s domestic intelligence agency, began utilizing Graphite earlier in 2023, with a contract originally slated to expire on November 7, 2025. Similar to AISE, AISI employed Graphite in a small number of cases to obtain real-time communications.

However, the number of instances involving the extraction of stored chat messages from targeted devices was described as “somewhat higher.”

The agencies affirmed that all spyware deployments were conducted with the necessary legal authorizations, as stated in the report.

Contractual Safeguards

COPASIR reviewed Paragon’s contracts with its Italian customers and confirmed the inclusion of clauses prohibiting the spyware’s use against journalists and human rights advocates.

Broader Implications and Acquisition

In March, following an investigation, Citizen Lab released a report identifying Australia, Canada, Cyprus, Denmark, Israel, and Singapore as potential customers of Paragon.

Last year, AE Industrial, an American private equity firm, reportedly acquired Paragon in a deal potentially valued at $900 million.