Implants, Interception and the Admissibility of EncroChat Data
Mon 8th Feb 2021
On 05 February 2021, the Court of Appeal judgment in the case of A & Others  EWCA Crim 128 was published. The judgment effectively dismissed arguments to stop the use of data obtained from the EncroChat communications network in legal proceedings. Put simply, judges ruled that the data obtained by French and Dutch law enforcement by hacking EncroChat servers did not constitute “interception” and therefore did not contravene the statutory provisions as set out in the Investigatory Powers Act 2016.
What is EncroChat?
EncroChat was one of the world’s largest encrypted communications services with roughly 60,000 users across Europe with a sixth of those in the UK alone. Whilst the identity of those who operated EncroChat is unclear, the company’s servers were located in France.
EncroChat aimed to provide a secure communications network where messages could not be easily intercepted. In exchange for a biannual £1500 contract, users were given a specially modified handset called an EncroPhone. This came preloaded with private messaging applications which enabled users to send text and picture messages to other EncroChat users.
EncroChat’s popularity amongst celebrities, high net worth individuals, diplomats and even members of the royal family could be explained by additional security mechanisms which allowed phone data to be erased remotely and that incorrectly inserting a 15 digits passcode would result in the phone being cleared of any data. Devices were hosted on EncroChat’s own servers and handsets operated via Wi-Fi signal instead of traditional mobile telephone networks and messages would scramble as they travelled across the internet, making it harder for them to be intercepted. Unlike traditional mobile telephone handsets, EncroPhones could not be used to make voice calls and users could easily disable features such as the camera, microphone and GPS on handsets.
In light of the News International phone hacking scandal, it is clear to see why those referred to above made use of EncroChat which was famed for the secrecy and anonymity it afforded to its users. However, EncroPhones quickly became popular amongst those allegedly involved in criminal activity and organised criminal gangs for the very reasons cited above.
The demise of EncroChat
In June last year, EncroChat users received a text message informing them that their device (and data) was no longer secure. EncroPhone users were advised to dispose of their devices immediately and a statement issued by EncroChat stated that the control of their serves had been seized “illegally by government entities”. Shortly after issuing the statement, EncroChat seized operating.
A joint operation between French and Dutch authorities enabled them to gain access to EncroChat data. French authorities have referred to a technical “implant” which allowed them to gain access to the platform’s encrypted data. This information was subsequently shared with law enforcement agencies across Europe, including the UK’s National Crime Agency (“NCA”). The NCA, under Operation Venetic, were able to collate data between EncroChat users for months before the security breach was identified by the communications network.
Described by the NCA’s Director of Investigations as “the broadest and deepest ever UK operation into serious organised crime”, Operation Venetic has resulted in 746 arrests thus far and the seizure of approximately £54m in criminal proceeds.
A & Others  EWCA Crim 128
This case concerned an appeal brought about by four defendants all of whom are facing legal proceedings as a result of Operation Venetic.
Counsel for the defendants put forth arguments to indicate that the technical “implant” deployed by French authorities had collected messages as they were being transmitted, thus amounting to interception of communications and therefore falling foul of the Investigatory Powers Act 2016. Counsel for the defendants further argued that the “implant” was taking messages from EncroPhones’ memory, usually milliseconds before being sent to their Wi-Fi or mobile data transmitters and therefore the data was “in transmission“.
However, the Lord Chief Justice, Lord Burnett of Maldon, Lord Justice Edis, and Mrs Justice Whipple dismissed the appeal and decided that the data was, in fact, being stored temporarily on EncroPhone devices as it was processed, before being transmitted.
Their findings were supported by the fact that messages were encrypted during their actual transmission and scrambled so that they couldn’t have been read, as they were, by law enforcement authorities. In support of their view, the judges pointed out that the “implant” had enabled the collection of crucial data such as usernames from an EncroPhone’s storage memory which would not have been data that was sent as part of a transmission. To further illustrate the point, comparison was made to the process of sending a letter:
“The process involves the letter being written, put in an envelope, a stamp being attached and then the letter being placed in the post box. Only the last act involves the letter being transmitted by a system, but all the acts are essential to that transmission“.
Many of the cases based on “EncroChat” evidence are currently proceeding through the courts. Several cases concerning evidence obtained from “EncroChat” have appeared before the court and legal challenges as to the legality of how such evidence has been obtained by law enforcement authorities in England and Wales have been dismissed (see R (C) v Director of Public Prosecutions & Others  EWHC 2967 (Admin)). Had the judgment in A & Others  EWCA Crim 128 ruled that EncroChat messages couldn’t be used, ongoing proceedings in several cases would have come to an abrupt halt. Undoubtedly, the judgment will have major implications for cases against suspected organised criminals in the country.
8th February 2021
← Back to News & Resources