For years, the totally legal EncroChat service allowed 50,000 users around the world – 9,000 of them in the UK – to communicate in the knowledge none of their texts would be uncovered by law enforcement
The hacking of the secret ‘EncroChat’ communication’s network during the summer was a major blow to the big-time criminals who used it to deal in guns and drugs away from prying eyes.
For years, the totally legal service allowed 50,000 users around the world – 9,000 of them in the UK – to communicate in the knowledge none of their texts would be uncovered by law enforcement.
That ended when investigators hacked into EncroChat’s server in Roubaix, northern France, in April, sending bogus updates to devices across the globe which effectively mined the incriminating data criminals wanted so much to conceal.
So far more than 1,000 suspects have been arrested in the UK alone and the investigation is nowhere near done. Some £54m in cash, 77 guns, and two tonnes of drugs were seized in the first wave of investigations.
In Greater Manchester alone £1.7m in cash was seized alongside 15 kilos of cocaine, two kilos of heroin, two kilos of cannabis, 70 kilos of amphetamines and 500,000 ecstasy tablets.
Big-time criminals, who may well have thought they were able to act with impunity, are looking at major jail sentences as their cases progress through the courts.
But legal challenges are coming which could derail a huge police operation if they succeed.
Last month senior judges ruled the way the UK applied for the information from 9,000 EncroChat mobiles was lawful following one legal challenge.
And one man awaiting trial at a court in the north west has failed to secure a judicial review of EncroChat evidence.
His lawyers argued a European Investigation Order (EIO,) signed off by the UK authorities to obtain the data, was a ‘fishing expedition’ and invalid.
But two senior High Court judges have dismissed the application.
Nonetheless, the M.E.N. is aware more legal challenges are coming.
The ruling published in the case of the man who failed to secure a judicial review provides some insight into how the UK got hold of the controversial data in the first place.
The Franco-Dutch investigation – Operation Venetic – started in December 2019 and briefed counterparts in the UK the following month.
As the UK was about to leave the European Union – on January 31 of 2019 – British detectives could not join the joint investigation team but could attend meetings at Europol, according to the ruling.
UK detectives learned of the plan to hack the EncroChat server from March 10 of 2020, ‘regardlesss of whether the UK gave permission for the activity or not’, the ruling reveals.
And UK prosecutors were invited to, and did sign off, the required EIO to obtain the yet-to-be-hacked data.
The official hack actually began on April 1 and, two days later, the first of batch of data from UK EncroChat handsets was sent to the National Crime Agency.
The ruling reveals lawyers acting for the defendant facing trial in the north west – referred to only as ‘C’ although his identity is known – unsuccessfully argued the completed EIO form was invalid as it didn’t refer to a specific crime which had been committed and that the UK authorities hadn’t even requested the hacking.
Dismissing the application, Lord Justice Singh and Mr Justice Dove said defendants could and should still ask trial judges to consider whether the hacked EncroChat evidence should be allowed.
But they agreed there was nothing in EU law requiring any state to already have the evidence being sought when the EIO was signed off by the UK authorities.
That argument was ‘untenable’, they said.
Their judgement, first revealed by the The Register technology news website, went on: “The (EU) Directive was devised to facilitate the sharing of material relating to criminal activity to enhance the efficiency of the enforcement of law and order on a cross-boundary basis between participating States.
“The EIO system was intended to expedite and simplify these processes, whereas the claimant’s construction introduces technicality and complexity, serving no good purpose measured against the objective specified as the purpose of the Directive.”
The devices which use EncroChat – like the Aquaris X, costing between £1,300 and £1,500 for six months of use – were marketed as providing totally secure communication which could not be tracked.