Back in the 1980s, private detective ads advertised their services along with “divorce, surveillance, marriage” and “television.” It was no secret that this vague term included (illegal) wiretapping. This was usually done by attaching a tape recorder or radio transmitter to the point where the victim’s telephone cable terminated in a so-called “cafao”. Those gray boxes that we see on the sidewalks of every neighborhood collect telephone lines from several streets to connect them to the building that houses the telephone exchange of the entire area. They are usually referred to as external or main distributors – the word “kafao” comes from the Greek pronunciation of the letters KV of the corresponding German term Kabelverzweiger. Being unsecured and easily hacked, it was the perfect place for detectives and, I suspect, government agencies to install phone tracking devices.

The way phone calls are tracked began to change in the mid-1990s due to two opposing forces brought about by technological advances. On the one hand, the digitalization of the network (and later mobile phones) has made it difficult to install monitoring devices in call centers and outdoor distributors. This is a similar problem we faced when the transition to a digital TV signal forced us to add decoders to all old TVs in 2015. On the other hand, digital call centers have made it much easier to monitor calls from a central location. Monitoring was a call center feature similar to conferencing that allows three people to speak at the same time, except that in monitoring, one person only listens, or typically records. In this context, governments have legislated the obligation of telephone service providers to offer a centralized facility for monitoring calls to government services. In democracies, monitoring is based on certain rules (for example, a decision of the Judicial Council) and control procedures (for example, by the Communications Privacy Authority – ADAE).

Like any backdoor, this central eavesdropping feature is far from harmless. We saw it in Greece in 2004, when unknown at the time, almost certainly US intelligence agents, as it turned out, illegally activated a mobile phone operator’s wiretapping system to monitor the communications of dozens of government officials and politicians.

Things changed again when technology visionary and Apple co-founder Steve Jobs introduced the first iPhone in 2007. Unlike most mobile phones of the time, the iPhone could easily run applications made by other companies, just as they did on personal computers. This has created a new problem for law enforcement since communication through these applications (eg Gmail, Messenger, Snapchat, Viber, WhatsApp) is encrypted and therefore cannot be included in legitimate interception systems by telecom operators. So, to be able to e.g. the police, in order to read messages from members of a criminal organization, would have to apply separately, by court order, to each application company that transports and processes these messages. Since modern mobile phones can run millions of different applications, this process is extremely complex and time consuming.

In fact, some applications for mobile phones are designed in such a way that even the company that operates them does not have access to the communication of its users. This creates an additional headache for government agencies that want to keep track of communications. While there are legal provisions that, based on conditions, oblige companies to provide services with the information they request, there is not (yet) a legal framework that obliges a company to build its applications in such a way that the state can spy on users. them. This was seen in 2016 in the US when the FBI failed to get Apple to give it access to the terrorist’s device data.

The solution to the problem of “hard of hearing” government services has come to private companies that create and sell high-tech and, of course, very expensive mobile phone tracking systems. These companies discover vulnerabilities in certain types of phones (the equivalent of a window in a skyscraper that doesn’t close well) and use them to take full control of the device, which means someone can, for example. hear what is being said, see the screen, know what is being written, and always know where the device is. One such system is Predator, which appears to target Greek users’ mobile phones through fake websites.

The use of the Predator system in Greece highlights three major problems.

Firstly, the need to create a regulatory framework for such systems. Companies that have such systems, and government agencies that operate them, should be required by law to offer and operate a monitoring and reporting infrastructure equivalent to that of existing wiretapping systems. This infrastructure only allows hearings to take place when legal license details are entered and records all hearings so that competent authorities such as ADAE can verify them.

Secondly, the use of lawful declassification of messages by public authorities. According to the ADAE activity report in 2020, ADAE received 3,190 orders to declassify messages from the Judicial Councils against 13,751 provisions related to national security concerns. Although the HRA refrains from commenting on these two figures, the difference seems disproportionate, and provisions for national security surveillance appear significantly higher than in other democracies. So perhaps the checks and balances that exist in Greece should be strengthened for declassification provisions made for national security reasons.

thirdhow systems like Predator are treated in the European Union. I have already spoken about the need for their regulation. Should they be completely banned instead? This will significantly increase the protection of all communications of citizens, but will complicate the work of government agencies that rely on them. Instead of these systems being developed in the Wild West, mobile device manufacturers should be forced to add legal tracking capabilities to their devices? But our life in such a well-established Panopticon sounds dreadful, at the same time, this possibility of observation will certainly become an excellent target for cyber attacks and a tool for totalitarian regimes. Unfortunately, there is no simple and obvious answer to the last problem.

* Mr. Diomidis Spinellis is a professor at the Faculty of Administrative Sciences and Technology at the Athens University of Economics and Business and at the Faculty of Software Engineering at the Delft University of Technology.