Skip links

EncroChat defendants’ lawyers make bid to halt trial

Lawyers for EncroChat encrypted phone users have begged the EU to halt court cases using evidence from the compromised mobile network, saying evidence disclosure breaches the political bloc’s laws.

The Fair Trials campaign group, representing lawyers for people accused of committing serious organised crimes through Encrochat communications, claimed in an open letter that the 2020 hack “involved the fundamental rights of thousands of individual citizens of [EU] Member States.”

In an open letter [PDF] the campaigners said they wanted the EU’s parliament “to set up an inquiry committee pursuant to Article 226 of the Treaty on the Functioning of the EU to look into breached [sic] of EU law in the context of the EncroChat investigation.”

EncroChat was an end-to-end encrypted phone system used by organised crime gangs, or so law enforcement agencies across Europe claimed. A joint police investigation in France and the Netherlands had state hackers target the main EncroChat servers at a data centre in France to compromise the centralised messaging system and deploy malware to all EncroChat handsets. Cleartext copies of users’ messages were then sent to police servers in real time – something that used to be tightly regulated under UK law until an EncroChat-related legal challenge failed.

Britain’s National Crime Agency (NCA) obtained access to the raw messages, having secured legal approval from the Investigatory Powers Commissioner, retired judge Sir Brian Leveson.

Despite failed court challenges over the legality of that evidence, convictions have flowed thick and fast since.

Defence lawyers in the UK tried and failed to claim the NCA had obtained the wrong kind of legal warrant allowing it to deploy the messages’ contents in court.

That challenge went to the Court of Appeal, which ruled that data in transit was no different from data at rest.

The EncroChat police malware, so the court was told, took a copy of transmitted messages’ text from RAM after the user pressed “send”.

The Lord Chief Justice, Lord Burnett, ruled that data in RAM had been “stored by or in the telecommunications system” when it was copied by the malware – meaning it fell within the NCA’s “equipment interference” warrant, which only allowed them to obtain copies of data that was not being transmitted at the time.

While it is arguable that anyone in the real world would count a fleeting RAM copy as data at rest – the ruling left the UK with a legal precedent that makes protections built into “targeted interception” warrants all but useless. Why would police forces submit themselves to those restrictions when they can use malware that fetches message contents from user devices’ RAM while being sent and received?

The chances of the EU intervening in ongoing court cases seems very low. Campaigners complained that prosecutors have given contradictory stories to courts in different countries about the lawfulness of the deployment of malware and subsequent interceptions. Guilty pleas, however, have resulted in hundreds of EncroChat cases. Perhaps there is an argument to be made that defendants had no alternative when faced with all routes of challenging the evidence against them being blocked off – but with charges including large amounts of drugs, guns, and illicit cash, it’s hard to see much public sympathy for them.

Around 10 per cent of EncroChat users were not criminals, according to previous French police statements. ®