The Security Service continued to enjoy widespread surveillance powers, including backdoors into the networks of all internet service providers, sources told the Times of Malta.

The backdoor technology, referred to as a ‘black box’, allowed the Security Service (MSS) to remotely monitor in real-team internet traffic, including on smartphones and other devices, without any judicial oversight, the sources noted.

By law, the MSS is tasked with protecting the national security and, in particular, against threats by organised crime, espionage, terrorism and sabotage, the activities of agents of foreign powers and against actions intended to overthrow or undermine parliamentary democracy by political, industrial or violent means.

The MSS must also safeguard the economic well-being of Malta and ensure public safety, particularly the prevention or detection of serious crime.

Sources familiar with the surveillance capabilities said the MSS had such ‘black box’ devices installed at all ISPs, allowing them to monitor the metadata of a targeted user. A warrant issued by the Home Affairs Minister would be required to conduct such monitoring.

Communications companies are legally barred from discussing the MSS’s surveillance capabilities

Analysis of metadata can help give insight into an individual’s movements, interests and relationships, although the actual contents of the target’s messages and other similar data will not be captured via the remote monitoring system.

The ‘black boxes’ allowed the MSS to remotely monitor a target’s data without needing to go through the ISP, the sources said.

Communications companies are legally barred from discussing the MSS’s surveillance capabilities.

A report by the Group of States against Corruption (Greco), published on Wednesday morning, flagged the “broad discretion” given to the Home Affairs Minister and the Prime Minister when approving MSS surveillance, the sources said.

Such discretion was not supervised by a judicial authority, they pointed out.

Oversight

In its Malta evaluation report, Greco says the investigation and prosecution of corruption cases would often require the use of special investigative techniques due to its eminently secretive nature.

The only supervision in place, the report notes, involves a “mere commissioner” who is appointed by and reports to the Prime Minister, as well as a security committee composed of the Prime Minister, two other members of the government and the Opposition leader.

Surveillance measures can be applied for a renewable term of six months with no absolute upper limit and the warrant can be modified at any time by the minister.

Greco urges Malta to provide for a proper system of checks and balances and also a balance between the need for an effective fight against corruption and other forms of serious crime and the upholding of fundamental rights.

It recommends that criminal investigative bodies should be empowered by law to seek and use wiretaps and other similar measures in the investigation of corruption offences and the judiciary would be able to authorise their use. The resulting evidence should be admissible in court while respecting the case law of the European Court of Human Rights.

Greco also recommends that it is made clear to all the authorities involved in the investigation of corruption that the evidence obtained through surveillance is, under certain conditions, admissible in court.

Leaked e-mails from May 2013 indicated that a representative of Alberta Malta had enquired about marketing the Italian firm Hacking Team’s remote intrusion software to the government.

Reporters without Borders had described Hacking Team as an “enemy of the internet”.

According to the e-mail exchanges, leaked from Hacking Team in 2015, the software was designed to attack, infect and monitor target PCs and smartphones, including features such as microphone eavesdropping, camera snapshots and screenshots.

Following a meeting with government officials, the Alberta representative had told Hacking Team the MSS was already in possession of such software but it was probably outdated.

Further e-mails from 2015 had shown the MSS expressed an interest in the hacking software, although the government denies any such “equipment” was bought from Hacking Team.