Seven international and European press freedom and journalists’ organisations have written a letter to the Government of Greece to express concern about the use of a powerful new spyware tool, Predator, to carry out surveillance on journalist Thanasis Koukakis. On April 11 it was first revealed that Koukakis, an investigative journalist for CNN Greece who writes for multiple international publications including Financial Times and CNBC, had his mobile phone infected between July and September 2021 by Predator, an advanced spyware tool developed by a North Macedonian company called Cytrox.

Open letter, sent electronically

21 April 2022

Dear Kyriakos Mitsotakis, Prime Minister of Greece,

Panagiotis Pikramenos, Deputy Prime Minister,

Takis Theodorikakos, Minister of Civilian Protection,

Konstantinos Tsiaras, Minister of Justice,

Dimitris Galamatis, Secretary General Communication and Information,

Panagiotis Kontoleon, Commander of the E.Y.P

cc.

Didier Reynders, European Commissioner for Justice

Sophie in ‘t Veld, MEP, Rapporteur of Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware

Jeroen Lenaers, Chair of Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware

The undersigned European and international press freedom and journalists’ organisations are writing to express our serious concern over the recent surveillance of Greek financial journalist Thanasis Koukakis using a powerful new spyware tool, Predator.

Our organisations are equally alarmed by state documents which reveal that one year prior to the spyware surveillance, the same journalist’s private communications were intercepted by the Greek National Intelligence Service (EYP), a body which is overseen by the office of the Prime Minister.

In light of these revelations, we urge Greek authorities to first provide further information about the source of the spyware attack and second to immediately explain the state surveillance of a journalist, and to indicate clearly whether these two incidents are linked.

On April 11 it was first revealed that Koukakis, an investigative journalist for CNN Greece who writes for multiple international publications including Financial Times and CNBC, had his mobile phone infected between July and September 2021 by Predator, an advanced spyware tool developed by a North Macedonian company called Cytrox.

In the wake of the initial revelations, on April 12 government spokesman Giannis Oikonomou suggested the Predator hack had been carried out by an “individual” or private actor and denied that the Greek government had any role in monitoring Koukakis using the spyware tool.

Days later, however, it was revealed that the EYP had itself been carrying out surveillance on Koukakis in June, July and August 2020 for what it said were “national security reasons”. Documents show that when the journalist asked the independent Authority for Ensuring the Confidentiality of Communications (ADAE) to confirm whether his phone had been tapped, the EYP stopped the surveillance the same day.

When Koukakis sought to confirm his suspicions about being wiretapped, he did not receive a response from ADAE for a year. During this time, in March 2021 the Greek government passed an amendment which blocked the ADAE, with retroactive effect, from informing citizens if they had been surveilled if it had been carried out under national security grounds, meaning the journalist was blocked from knowing whether or not his phone had been bugged.

These two cases of surveillance are troubling on many levels. Our organisations urge the Greek government to first provide greater clarity and answers about how, and by whom, Predator was abused to target Koukakis. Intellexa, which owns Cytrox, maintains that it sells its services to law enforcement agencies – not private individuals. Moreover, like other advanced spyware products, Predator is extremely expensive to acquire, making it unaffordable to many private actors. The Greek authorities should take all steps to determine if a private actor or individual was responsible, ensuring a full and independent investigation with a view to bringing the alleged perpetrators to justice.

However, our organisations note that the confirmed state surveillance of Koukakis just one year before the Predator attack undermines the claim that state intelligence agencies had no role in the recent surveillance. It is deeply concerning that an agency under the control of the office of the Prime Minister spied on a journalist investigating corruption in the business and financial world.

The grounds for the surveillance in 2020, which were approved by an EYP prosecutor, appear to be completely groundless and point to potentially unlawful monitoring by the agency. We therefore welcome the preliminary investigation launched by the head of the Athens Prosecutor’s Office, which must establish why the decision to surveil Koukakis was approved and whether it violated telecommunications privacy legislation.

At a wider level, the timing of the retroactive legislative change in 2021 regarding the EYP also poses questions about whether the government changed the law in order to block Koukakis’ surveillance from becoming public. We note with concern that this is not the first time that potential evidence has surfaced that the EYP has intercepted the private communications of journalists and their sources. These cases have had a chilling effect on public interest journalism in Greece and pose serious questions about the mandate of the EYP, its closeness to the PM’s office, and the rule of law in Greece.

Moving forward, we believe it is important that Greece take immediate steps to better regulate spyware technology so that it cannot be abused in the future. As we have seen over the past year, governments around the world, including those in the EU, have used this kind of spyware to snoop on journalists, posing serious threats to source confidentiality and journalists’ safety. We therefore urge the government to clearly confirm or deny whether its own law enforcement or intelligence agencies have acquired Predator or other privately developed spyware products, now or in the past, including the Pegasus spyware sold by Israeli company NSO Group.

Greater transparency about the trade of these technologies inside the EU is also vital for understanding the scale of the surveillance-for-hire industry inside the bloc and for providing accountability when abuses occur. In light of these allegations in relation to Intellexa, a Greek company, the national authorities must also ensure full compliance with the EU’s new Recast Dual Use Regulation, which seeks to prevent human rights harm resulting from digital surveillance by establishing controls on exports of surveillance technology by EU companies, including by providing transparency around export licenses and full human rights assessments to target countries for export.

As questions about the surveillance mount both in Greece and in Brussels, our organisations believe it is important to add greater clarity to this case. We look forward to your response.

Signed:

Committee to Protect Journalists (CPJ)

European Centre for Press and Media Freedom (ECPMF)

European Federation of Journalists (EFJ)

Free Press Unlimited (FPU)

International Press Institute (IPI)

Reporters Without Borders (RSF)

OBC Transeuropa (OBCT)