Panel 1

• Stavros Malichudis, journalist targeted by spyware
• Thanasis Koukakis, journalist targeted by spyware
• Eliza Triantafillou, investigative journalist

Panel 2

• Athanasios Staveris, Secretary General of Telecoms and Post, Greek Ministry of Digital Governance
• Panos Alexandris, Secretary General of Justice & Human Rights, Greek Ministry of Justice
• Christos Rammos, President, The Hellenic Authority for Communication Security and Privacy (ADAE)

Thanasis Koukakis explains his two bugging cases in Greek. First, the Financial Times reported how the newspaper’s journalist Kerin Hope was wiretapped. In 2019, the government had changed the penal code so that prosecution of a crime does not immediately follow when financial crimes are discovered, Koukakis and others had been reporting on, and subsequently uncovering further misconduct. In July 2020, after he became suspicious, he was finally informed that the Greek secret service was intercepting him, and in August he received a transcript of his intercepted conversations. He made the request to the competent independent authority; the day after, the wiretapping was immediately stopped. Subsequently, the government introduced a bill that this agency may no longer inform those affected, such as Koukakis, upon their request; the bill passed.

On 12 July 2021, he received a manipulated link to a business website, as a result of which his mobile phone was infected with the Predator Trojan, as confirmed by Citizen Lab. The government initially denied that they were using Predator at all. Koukakis worked for the French news agency AFP, among others, which is why the government in Paris asked Athens for details after the espionage was discovered. Athens, however, denied the wiretapping measures. It is thanks to the EP PEGA committee that the matter made waves in the first place, and Koukakis is not an isolated case, as MEP Nikos Androulakis was also intercepted accordingly. Koukakis has filed a complaint with the European Court of Human Rights.

When asked, Koukakis explained that an article published today stated that the wiretapped data of MEP Androulakis had been deleted. His intercepted data, too, no longer exist due to an alleged technical problem. After the scandal became reported, the head of the secret service, Grigoris Dimitriadis, who is also the nephew of the prime minister, had already resigned.
Koukakis had made a retweet of Reporters United, so Dimitriadis is now suing to have it deleted, threatening to pay a fine of €150,000. It comes out that the government has made shady deals with people. These people are involved in the production with wiretapping systems, such as Intellexa, which probably distributed Predator in Greece. Inside Stories and Reporters United show how this was done. Investigations had revealed that the Greek Prime Minister’s family has releations to the company Intellexa. The head of Intellexa has been in the focus of Greek authorities in the past and has now also set up a branch in Cyprus. He cites the port authority as an example, which uses 7 ships for its own purposes. However, he says, these were not bought publicly, but a donation was demanded from the shipowners. The use of Predator could have been similarly constructed.

Greece ranks low in terms of freedom of the press, as can be seen from the way the government reacts to reports and criticism. This affects the rule of law. Every day 42 orders are issued for wiretaps on the grounds of alleged national security. In 2021 alone, a single judge was responsible for 16,000 decisions on surveillance orders issued by the police in the area of organised crime and the secret services for „national security“. This shows how corrupt this system is. The Committee must therefore improve the conditions for the rule of law in Greece. Journalists control the government and thereby protect the state. Only if this is possible, Greece is not an authoritarian state. The Pegasus Committee played a very important role in bringing espionage to public attention.

Today, the legal framework to curb spyware is at about the same level as telephone modems were at the time, while mercenary spyware manufacturers are using 5G. To make serious progress, the Commission and the Council need to get out of the bend. For example, one would always have to be informed who the end user of a spyware is. Intellexa, for example, should have informed the responsible transparency body to whom it was selling. Then one would also know who is responsible for the use. Then you don’t have to search around and find bank records and evidence disappear, as is currently happening in Greece.

Citizen Lab has done undoubtedly important work. In Spain, when it was revealed that the Prime Minister’s phone had been found, there was an immediate demand for the head of the secret service to resign. In Greece, however, this took 7 months. The government is still acting as if Predator did not exist. The logic is that Predator is illegal and that is why it was not used. Koukakis was intercepted twice, first in the summer of 2020, and then noticed that. Later, Predator was used. He is sure that it was the government and nobody else. A private person cannot do this at all.

Stavros Malichudis, who is part of Solomon and Reporters United and whose focus is on migration, speaks Greek. A newspaper reported in November 2021 that he was wiretapped, later it was proven that Predator was also used. The issue was probably content-related, i.e. they wanted to know what he would write about in the future. He had worked for a larger agency at the time, so the government had to react to the revelations. At first, it was denied that journalists were being tapped at all; if this happened, the government would find it inadmissible. At that time, however, Mr Koukakis had already been wiretapped! So this is a contradiction. He would like to describe what one can do if one is bugged. He said that he had first worked with his lawyer on this and that he would continue to pursue this in the courts. He stresses that he also worked with international journalists, with dozens of colleagues, on issues of public interest in Greece. It is hard to believe that a government in whose country you went to school and work is bugging him.

When asked, Malichudis said that a company like the manufacturer of spyware could have reasons for covering its tracks, but he had no proof. However, the employees were asked to work from home. They in Greece are also waiting for a committee of inquiry to take up its work and investigate what the transparency authority failed to do, which could include questioning people from Israel. It is not yet clear who will be invited. The statements made by government officials have not brought any news at all. He points out that it is illegal to use spyware in Greece. The justification for the wiretapping on the grounds of national security is not even given; it is about journalists and a party leader.

Malichudis points out that his sources are also endangered by wiretapping, for example refugees. The problem is that secret services cannot be controlled, they simply invoke national security, then nothing more has to be explained. He reminds us that interception measures may only be carried out in exceptional, justified cases! In societies like Greece, there must be rights, but the government can’t seem to protect them. We complained to the Communications Security Authority, but they did not feel responsible. He was not even informed in writing.

According to Malichudis, the media are painting a distorted picture of journalists anyway, and they are being maligned professionally. He does not want to answer directly whether Greece is an authoritarian state, but he says it is heading in a dark direction. It is unclear whether other parties were wiretapped, but there are complaints, for example, from the Communist Party. In the case of MEP Androulakis, this took place before an election, and dozens of people who had contact with him were bugged. Colleagues and staff of the European Parliament could also have been co-bugged. That is a reason to be even more interested in the matter.

Eliza Triantafillou works as a journalist for Inside Story. She first dealt with Predator in January 2022. They then also revealed the structure of the company that came to Greece in 2020 and set up shop there. In those nine months, however, the Greek authorities failed to investigate the company marketing the Predator software. Only the independent Authority for Communication Security and Privacy refuted what the government had previously denied. They should be much more committed to investigating this company. It was only in June that a meeting was arranged with lawyers in the already empty office of the company. However, very important aspects were not checked, such as the company’s bank accounts. The judiciary also worked much too slowly than citizens would have wished. From the beginning, they as journalists had analysed the domains that were used to infect the journalists, they then suspected that there were also other targets, probably also politicians. This was probably due to the manufacturing company. The government could have known this. Currently, there are four known cases of Pegasus bugging, and we assume that there will be more. Nobody has investigated this yet, it is still unclear who exactly is the Greek customer. The company exporting the software has to ask for permission, as it can also be used for military purposes. From a publication today, it is known that Intellexa, the manufacturer, did not request such a licence.

Triantafillou describes how the restriction of press freedom can also lead to self-censorship. At Inside Story there are no restrictions, she works freely and does not have to censor herself. However, from January until July, when the case of MEP Androulakis became public, she had the feeling that they were completely alone. For seven months, hardly anyone reported, big media and TV were not interested. Only because of MEP Androulakis did they start reporting in July. On the other hand, there was a lot of support from international journalists‘ associations. Now the government is spreading the narrative that there were probably reasons for the wiretapping, a la „if the government is wiretapping, there must be a reason“.

In order to wiretap for national security reasons, a multi-stage routine must be followed, for example, a public prosecutor must sign off on it. The Independent Communications Security Agency can request reports on this. With the spy software, there is no such possibility of control, i.e. it cannot check abuse at all. This is not even technically possible.

Secretary General at the Ministry of Digital Administration Athanasios Staveris explains the cybersecurity policies in Greece, the national security strategy and the efforts to transpose EU cybersecurity legislation (e.g. the NIS2 Directive) into national law. Staveris stresses that the Greek state has not been involved in any form of illegal interception. No illegal software has been procured by the government, he reiterates in response to a question. Human rights are a priority for the government. He does not want to express his opinion on further questions in order not to prejudge the ongoing legal investigation. However, he said, the government would participate in any action taken by the EU Parliament, if requested.

Panos Alexandris, the Secretary General for Justice and Human Rights at the Ministry of Justice, plays down the revelations. „Why it is a scandal? Because it is so expressed in the media? Because some people believe so?“ he responds irritably to a question. Because it’s portrayed that way in the media? Because some people believe it?“ he responds irritably to a question. The MPs should wait for the work of the „independent institutions“, after which the judiciary will take criminal action. There is a data protection law with many guarantees for all people who are in Greece. There is a commitment to transparency and human rights, with full respect for the European Convention on Human Rights. The ongoing investigation is independent, and as Secretary General of the Ministry of Justice, he cannot and will not express an opinion on it. Asked about the secret services, he condescendingly replied that these were run by another ministry. The MEP should contact this ministry. But the dialogue with the EU Parliament had been „fruitful“, also for democracy, he concludes smugly.

Christos Rammos, President of the Greek Authority for Communications Security and Data Protection (ADAE), explains that judicial orders are always requested. There are no operations outside this regime, he can assure. His authority can only check the technical measure of interception, but not the results. The ADAE conducts „complicated“ checks in relation to its investigation of the wiretapping scandal, for example, it makes representations to the authorities, but also to providers. However, the originators could not be determined thereby. Rammos denied that files of the wiretapped Nikos Androulakis and Thanasis Koukakis had been destroyed by the secret service EYP. This was reported by the Greek media magazine Ta Nea, citing official information. These files should have been kept for two years, the magazine said. But Rammos had never confirmed the destruction as reported, he says, and he was not allowed to do so because the investigations were top secret. He could not say more, as the investigation was still ongoing, which would take a while, but not months. Afterwards, those affected will be informed. However, a law passed last year stipulates that in the area of national security [i.e. the secret services], no information about the measure will be given to those affected. Rammos recommends that in the field of national security, a college of judges should in future sign off on two surveillance orders of a single person. The term „national security“ should be specified in order to avoid arbitrary interpretations. Greek MEPs should take an initiative on this. At the EU level, the Privacy Directive could offer a remedy to set the same standards in all 27 EU member states.

The representatives of the Digital and Justice Ministries did not say a word about the interception of MEP Androulakis. Only Rammos occasionally expressed criticism of the surveillance, but explicitly declared his opinion to be private.

See here the stream of today‘s hearing.