The introduction of the Regulatory of Investigatory Powers Act 2000 (RIPA) in the UK made it an offence for those who were suspected of illegal activity to fail to disclose the PIN number on their phone. RIPA was the first step towards addressing additional security measures adopted by the phone providers.
EncroChat was a European communication network and service provider. It offered its users the ability to send encrypted messages and make encrypted calls and write encrypted notes.
EncroChat routed all data through a central server located in France which provided end-to-end encryption of calls and messages.
In addition an EncroChat phone had a panic button which when pressed wiped the phone, and a user can also send a “kill message” to self-destruct the contents of the phone.
EncroChat made it relatively straightforward to acquire a there “Military Grade” encrypted phones (as they were marketed).
Using the EncroChat service criminals were able to operate with complete privacy, and the police found their attempts to investigate criminal activity frustrated at every turn.
However in 2019, a joint operation between UK, French and Dutch police broke into EncroChat’s service, allowing them to interrupt the panic wipe feature, access messages sent between users and record lock screen PINs.
By April 2020 European agencies, including the NCA in the UK, had access to millions of text and hundreds of thousands of images.
Under the codenames Operation Venetic (NCA) and Eternal (Metropolitan police) agencies began to analyse the huge amount of data that had been gathered and began to make hundreds of arrests.
Whilst the current target is serious organised crime, it is thought that the NCA is sharing its intel with various other government agencies, such as HMRC.
In June 2020 EncroChat, realising that it had been compromised, sent a message to its users advising that they dispose of their devices immediately. The service has since been permanently shut down.
However, the European agencies had had access to the service for months, and the damage had already been done.
A defence lawyer must first ask whether the accessing of the server itself was legal. At present we do not yet know the specifics of the hack.
Section 56(1) of the Investigatory Powers Act 2016 (IPA 2016) states that interception evidence can be relied on, if interception is carried out in the UK and at least one of the parties to the communication is in the UK.
The question will be whether the hack took place in the UK. Information about the nature of the hack is scarce. It would appear the hack itself took place on a French server by French authorities, and so on the face of it s.56(1) IPA 2016 would not apply.
However, there is also suggestion that the malware was detected on the phones themselves, and it was this malware that provided access to the messages rather than access to the server itself. If this is correct, then it could be argued that the relevant interception took place in the UK and so s.56(1) IPA 2016 should apply.
We must also carefully consider whether the prosecution are able link the individual with the phone given the high level privacy and the EncroChat service was marketed with ‘guaranteed anonymity’, and there was supposed to be no way of associating a device or SIM with a actual customer.
This will only be answered on a case by case basis, and may well turn on whether the phone was found in the possession of the individual or the police have photographs or other evidence of the device
The investigating agencies say that they had “a lawfully authorised capability” to undertake the hack. The hack was initiated by a non-UK government agency (it is thought the French)
It was not illegal to own and use an EncroChat phone, and there are many reasons that someone might wish to do so, from extra-marital affairs to celebrities wary of their android phones being hacked and photos uploaded to the
The real question will be whether the evidence obtained from the hack is the sole evidence relied on by the prosecution, or whether that phone evidence led the police to discover additional evidence.
For example, those who have been caught in possession of large quantities of drugs, money or firearms as a result of the police obtaining information from the hack are unlikely to be able to argue that these items seized should not be admissible in court due to the illegality of the hack.
However, there will be those arrested and charged who were not found in possession of such damning items. There will be some for whom the entire prosecution case rests of the evidence obtained from the hack.
These individuals will only be linked to crimes by the allegation that they have been using a phone that was used to plan the commission of crimes, and this will be where the question of the legality of the hack itself will be susceptible to challenge.
We will see many prosecutions based on EncroChat evidence for months and potentially years to come.