FLASH NEWS
Mass wiretapping begins in Albania? Experts raise alarm over devices installed by telephone companies
2025-04-07 21:38:51 / AKTUALITET
In Albania, telephone companies have deployed several devices that perform Deep Packet Inspection, DPI, a monitoring system that IT experts consider quite dangerous when not accompanied by a legal framework to protect citizens' data.
Experts Besmir Semanaj and Tomi Kallanxha, who initially raised this concern, spoke on the show "The Unexposed" on MCN TV about the possibility of using DPI for mass surveillance and explained how citizens, politicians, journalists, etc. can be targeted.
Expert statements:
Tomi Kallanxhi : I'll explain what Deep Packet Inspection is with a metaphor. Imagine a postman who sends a letter to Ylli and the postman has the opportunity to open it, read it, and then send it back to Ylli.
Besmir Semanaj : The first information, I made the first complaint on March 29. It came from colleagues who work at ISPs and state organizations. Tik Tok was not closed and it was decided to use a DPI. The reason was Tik Tok, but Tik Tok is the minimum that the device can do. First, who did the request come from? Second, who is the Albanian institution that sent the devices to the ISP. One device costs over 100 thousand euros, how was it obtained? State institutions have stated that 7 of them have been installed. If they are donors, what benefits will the donor have?
Installing devices without a strong legal framework. There are two typologies, autocratic states, India, China, Russia, Iran. Then we have democratic states, France, Britain, and so on, but there has been a public discussion and there has been a strengthening of the legal basis and rules on how citizens' data will be processed, so mass surveillance is not allowed, but it can be used for national security.
In Albania, it took over two and a half weeks for the institutions to react. They admitted that they were set up, but with the claim that they are not being tapped, but this is not done with an oath. There needs to be a legal basis. We do not have a legal basis that prohibits tapping. The most problematic is profiling.
This device distinguishes what applications I use, what pages I read, for example, if I read pages of the Muslim community, they profile me as a Muslim, and so on. They can see sexual preferences, and so on.
We take a politician or an ordinary citizen, he opens inappropriate pages...
Tomi Kallanxhi : Sky ECC had an ID code. Profiling here is done with a unique IMEI code. If you buy a phone in a store, it is stored. It is the same as putting a camera in a person's house and saying we will only use it when there is a theft. You mentioned Great Britain, but there is a problem with privacy there. If our Apple phones store data in the Cloud, it is end to end encryption, a high level of security. The British state has asked Apple to remove this because it has a problem with crime. It has asked them to remove the encryption codes.
Besmir Semanaj : The second is censorship, the government can block at any moment. Normal monitoring simply shows that a user is making traffic, but it cannot monitor what program they use, the name of the page and all these things. DPI also does censorship, which simple monitoring cannot do, as they could not achieve with Tik Tok. DPI degrades the service. Let's say we are on MCN live now, this causes degradation and the program is not implemented. It was used in Turkey, after the arrest of the opposition leader, to close social networks, to close VPNs that avoided shutting down and slowing down the internet throughout Istanbul. So, one of the bases of DPI is censorship. The state has an unlicensed weapon in its hands. As long as there is no legislation... We ask for permission to then buy the weapon. They have installed the weapon, loaded it. We also have the case of Iran after the elections, Saudi Arabia, where all personalities were monitored. Each of us has weaknesses, they may have a gambling addiction, a drinking addiction, a pornography addiction, information was collected and used for blackmail.
Tomi Kallanxhi: A friend of mine asked me about it, before the DPI the commissioner said, how much traffic do you do after 10 pm. Now I'll also know what he does at night.
Besmir Semanaj : These are the commercial qualities offered to businesses. We don't know what they can offer to countries. DPI can be used as a "man in the middle". Other devices are added to it and it reads our messages. As for unencrypted traffic, it has handwritten letters, it reads everything. It took two and a half weeks for them to accept the installation of the devices. They accepted it with a 45-second interview and misinformed. In the official statement they say that security is not compromised and you are protected from cybercrime, but after a year they will be removed. Why should they be removed for a year when they are good?
Happening now...
ideas
top
TRENDING 
services
- POLICE129
- STREET POLICE126
- AMBULANCE112
- FIREFIGHTER128