Greek intelligence bill ignores government use of spyware
The New York Times reported on Monday that Artemis Seaford, a former trust and safety manager at Meta, had been infected with the Predator spyware in the fall of 2021. Seaford, a dual U.S.-Greek national, was also under a yearlong wiretap by the Greek national intelligence service. Citizen Lab said Seaford’s phone had been hacked “for at least two months,” making her one of at least 38 individuals named as victims of Predator. This disclosure is the latest in a long and still unfolding surveillance scandal in Greece.
The Greek government has denied using Predator, and the article does not attribute the attack to any specific country or operator. In 2021, Citizen Lab said it “found likely Predator customers” in Armenia, Egypt, Greece, and a few other countries. Last year, The New York Times reported that the “spyware-detecting lab in Brussels at the European Parliament” found that MEP Nikos Androulakis had been targeted with Predator. “I never expected the Greek government to put me under surveillance,” Androulakis told The Times.
The Hellenic Data Protection Authority, an independent public authority, is investigating reports that Greek politicians and journalists have been targeted with spyware. Citizen Lab confirmed it “had a meeting with the Hellenic Data Protection Authority in November 2022 at their request.” Earlier this year, the head of the authority told the European Parliament’s PEGA Committee that it had “identified at least 300 text messages containing spyware-infected links…sent to around 100 individuals.”
In Monday’s article, Giannis Oikonomou, the government spokesman, is quoted as saying that “Greece was among the first countries in Europe that passed legislation banning the sale, use and possession of malware in December 2022.” What’s more interesting is what he’s not saying: that the legislation refers to the “private use of spyware,” but appears to legitimize the purchase or use by government agencies. And while the legislation bans “the sale of spyware,” it’s not clear how it would apply to Intellexa—the company behind Predator.
Oikonomou told The Times that “the alleged use of this software by nongovernmental parties is under ongoing judicial investigation.” Intellexa, for its part, sent a strongly worded legal notice to the PEGA Committee last month following its inquiries into use of the Predator spyware. Sophie in 't Veld, who sits on the Committee, tweeted that she is “very much looking forward to the exchange with Intellexa,” adding “plenty more new questions have arisen since” PEGA’s letters to the company last summer.