Italy Used Paragon Spyware on Immigration Activists Not Journalist

In a significant revelation, Italy’s parliamentary committee for security, COPASIR, confirmed that the Italian government employed spyware developed by the Israeli company Paragon to hack activists involved in rescuing immigrants crossing the Mediterranean Sea. This spyware, known as Graphite, was used to surveil individuals working with Mediterranea Saving Humans, a nonprofit dedicated to saving migrants at sea.

The investigation focused on activists Luca Casarini and Giuseppe Caccia, concluding their surveillance was legally authorized as part of probes into alleged facilitation of illegal immigration. However, the inquiry notably found no evidence that Francesco Cancellato, a prominent journalist who received a WhatsApp notification about possible spyware targeting, was surveilled by Italian intelligence agencies.

COPASIR’s access to intelligence databases and audit logs revealed no records of surveillance on Cancellato’s phone number, nor any legal requests to spy on him from prosecutorial or security departments. This absence raises the possibility that foreign governments, also known customers of Paragon, might have been responsible for targeting Cancellato, though no evidence was provided to support this theory.

The report also examined other individuals linked to immigration activism and journalism, such as Mattia Ferrari and David Yambio, finding lawful surveillance in some cases but no use of Paragon spyware in others. Notably, the investigation did not clarify the case of Ciro Pellegrino, another journalist who received a government spyware notification.

COPASIR’s inquiry revealed operational details about Paragon’s spyware system: each deployment requires operator authentication, and all activity generates audit logs stored on the client’s servers, which cannot be deleted. The Italian intelligence agencies AISE and AISI used Graphite for investigations related to illegal immigration, terrorism, and organized crime, but have since terminated their contracts with Paragon.

Despite the report’s findings, journalist Francesco Cancellato has publicly challenged the conclusions, demanding clearer explanations. Human rights researchers at Citizen Lab continue to investigate the unexplained targeting of Cancellato, underscoring ongoing concerns about spyware abuse and accountability.

Implications for Surveillance and Privacy

The Italian case highlights the complex challenges governments face in balancing national security with civil liberties. The use of sophisticated spyware tools like Paragon’s Graphite raises critical questions about oversight, legal authorization, and the potential for misuse against activists and journalists. It also illustrates how spyware technology can cross borders, complicating attribution and accountability.

For cybersecurity professionals and policymakers, this case serves as a reminder of the importance of transparency, rigorous auditing, and international cooperation to prevent spyware abuses. As spyware vendors expand their global reach, vigilance is needed to ensure these powerful tools are not weaponized against human rights defenders or the press.