The contents of messages from encrypted chat service EncroChat may be admissible as evidence in English criminal trials, the High Court in London, England has ruled.
A legal challenge to a warrant used by the National Crime Agency for gaining access to hacked data obtained by the French and Dutch authorities has failed, leaving it up to individual judges whether they allow the contents of hacked messages to be used in court or not.
The ruling, issued late last month, has profound implications for a number of criminal trials brought over evidence obtained from EncroChat messages. Prosecutors claim that EncroChat was used solely as a means for organised crime gangs to message each other securely and have used the contents of the messages to charge people with crimes involving drugs and gun-running among other things.
Questions were raised by an indicted criminal suspect, named only as “C”, about whether the NCA acted lawfully when it obtained a European Investigation Order (EIO) to obtain the messages.
Lord Justice Singh and Mr Justice Dove ruled that the agency had complied with the letter of the law, saying: “Any submissions as to the use or admissibility of the material can be made, and should be made, in the Crown Court considering any subsequent proceedings.”
EncroChat, according to the National Crime Agency (NCA), was used exclusively by criminals. A three year operation by the French and Dutch police and courts, codenamed Operation Emma, resulted in the French imaging an EncroChat server in Roubaix and finding a way to man-in-the-middle traffic passing across the EncroChat network by deploying malware to it, as reported this summer.
That malware consisted of an update to EncroChat handsets pushed by the compromised server, causing affected devices to upload an image of the device’s entire contents back to the French police.
Had the judicial review succeeded the whole of the EncroChat evidence could have been ruled inadmissible in criminal trials across England and Wales, ruining prosecutors’ hopes of relying on it and potentially tightening the law on speculative dragnet surveillance by police agencies to boot.
The NCA investigation was codenamed Operation Venetic and consisted of little more than applying for the EIO and then passing EncroChat messages around British police forces and the Crown Prosecution Service.
The judges continued, in their published judgment: “It is pointed out that there is nothing in either the [EU] Directive [establishing the EIO] or the Regulations requiring the evidence subject to the EIO to be in the possession of the executing State at the time when the EIO is issued and, therefore, the claimant's complaint, based on the fact that the material relevant to investigations was not in the possession of the French authorities at the time that the EIO was issued, is untenable.”
In other words, the EIO warrant can be applied on a dragnet basis for obtaining copies of evidence gathered by foreign investigators based in the EU – without proving reasonable suspicion against any individual UK suspect first. Making that point clear, the judges continued:
The Directive was devised to facilitate the sharing of material relating to criminal activity to enhance the efficiency of the enforcement of law and order on a cross-boundary basis between participating States. The EIO system was intended to expedite and simplify these processes, whereas the claimant's construction introduces technicality and complexity, serving no good purpose measured against the objective specified as the purpose of the Directive.
Interestingly, the NCA appears not to have cared that foreign police were hacking Britons, with the judgment noting that the French and Dutch forces told the NCA that they were going to hoover up messages from Britons regardless of whether or not they were given permission.
The High Court said, summarising this: “It was explained that the date of commencement of the activity [hacking] was controlled exclusively by the JIT [Franco-Dutch Joint Investigation Team] and that the activity would be undertaken worldwide, including handsets in the UK, regardless of whether the UK gave permission for the activity or not.”
Faced with foreign state actors targeting UK citizens in the UK and determined to do so regardless of authorisation, it appears the NCA said nothing because it hoped to benefit from that hacking. In doing so it resurrects an age-old public suspicion that used to be directed at GCHQ and the American NSA: both agencies were banned from spying on their own turf but, until the Snowden revelations, there was nothing to stop them agreeing to spy on each other’s citizens (turning a blind eye to foreign state espionage on home turf) and then sharing the results – evading laws intended to keep them in check by outsourcing the banned conduct to a foreign agency outside the jurisdiction.
In the UK, hacking by state agencies is controlled by a warrant system overseen by the Investigatory Powers Commissioner. The IPC himself, ex-judge Sir Brian Leveson, signed off on the final Op Venetic EIO, as the High Court judgment records, having been convinced that the "targeted equipment interference" was a proportionate means of targeting organised criminals.
While there is plenty to unsettle civil liberties activists in the EncroChat saga to date, there have also been guilty pleas by serious criminals faced with EncroChat-derived evidence of their crimes – something that tends to show the NCA was bang on the money when it sidelined legal process in favour of getting wrong’uns banged up for many years. ®
The court ordered that no report of the judicial review can identify anyone suspected of crimes linked to Encrochat. Therefore we cannot link to or explicitly mention any of the dozens of police and National Crime Agency press releases (and news stories) of arrests and charges brought as a result of the EncroChat hack, though the court itself noted that arrests alone are now “over 1,000” in number.
Prosecutors are extremely nervous of public scrutiny of the EncroChat case in Britain and it is somewhat surprising that the judicial review judgment was published at all in light of efforts to deter reporting of it. A CPS specialist prosecutor ignored requests from The Register to supply a copy of the agency’s skeleton argument, which is the script its barrister used in front of the judges during the judicial review hearing. This is despite clear rules stating it is to be supplied to the press once used in open court. (See CPD 5B.4 together with 5B.12 and 5B.13: PDF.)
The High Court itself also dragged its heels, taking a week of constant nagging to supply a copy of a reporting restriction order attached to the public judgment. Such orders are routinely supplied on request within hours instead of weeks. This level of public sector reluctance to submit to the open justice principle is noteworthy given the topic of the judicial review.