EncroChat and the murky world of drug traffickers and gangsters

by Martin Malone

There is a world of communications going on all around us that most of us know nothing about. With the plethora of online communications that are now available, most of us leave our “digital footprint” all over the place, whether it’s by a Facebook post, a holiday photo or a car app that tracks all our journeys (when permitted), we accept (whether we are aware or not) that we can be tracked with an extraordinary detail that simply didn’t exist a few years ago.

I remember when we didn’t have Google or anything like it so that our knowledge was limited to learning from books, including encyclopedias. In the interim Microsoft launched “Encarta” which was an encyclopedia on a CD-Rom and existed from 1993 to 2009. If you couldn’t find the answer to your question then you didn’t know and that was that. I also remember going to IT fairs, where at Carlett Park or similar locations, we could buy floppy disks with word processors to be run on glorified typewriters or Windows 3.1 in which Solitaire was state of the art.

There has been a great deal of chat about the protection of data when using apps such as WhatsApp which champions it’s end-to-end encryption. In the meantime, criminals have been taking encryption much further. But their bubble was burst, particularly in Merseyside, as reported in the Liverpool Echo.

They were using a private network called EncroChat. This secretive app, with handsets costing hundreds of pounds and up to £3000 a year to run, was supposed to provide users with completely anonymous ways to communicate. Messages were deleted after seven days and there was double password protection as well as a “kill pill” function, which would wipe the phone’s contents. But French police cracked it, including the 10,000 such phones which were believed to be used in the UK.

That’s all very well but is the evidence obtained from them admissible in court? After a trial that was subjected to reporting restrictions, we now know that, in a blow to many criminals, including drug dealers and money launderers, the answer is “yes”.

The decision was made in the Court of Appeal and is liable to be appealed to the Supreme Court. However, the Court of Appeal judgment was delivered by what one might call a powerhouse of that court, including Lord Chief Justice Burnett, Lord Justice Edis and Mrs Justice Whipple.

In a report in The Times (behind paywall), it was reported that Chaman Salhan, a solicitor who describes himself as “the Encro defender” said:

You can understand why the Court of Appeal was reluctant to throw the evidence out. But we need to be careful that we don’t jeopardise the principles of freedom and democracy that we hold dear. Here the courts have allowed a foreign power, which won’t tell you how it’s done it, to say that people are guilty.

With respect to Chaman, I disagree. I understand that the judgment allows in evidence material that would normally be excluded. The evidence obtained by the French and Dutch authorities was shared with the National Crime Agency in London. What was obtained suggested that the phones were used for the sole purpose of coordinating and planning their criminal activities. This wasn’t accidental accessing of data. Rather, these criminals were using a device that, as they thought, allowed them to evade the usual methods of contacting them.

Before this judgment, police in England could obtain intercept material, e.g. via phone tapping, but could not use it in court. However, this approach to gathering and using evidence in the modern world in which we live is surely anachronistic, if not antediluvian.

The reasoning adopted by the Court of Appeal is interesting. In order to address issues raised by the Investigatory Powers Act 2016 (which deals with hacking), they took the view that the data used was not intercepted while it was “being transmitted” because it was “stored” on the devices and accessed by “equipment interference”. Translating what this means, the French police sent an apparent software update to all Encrochat phones and that was how they got hold of the data, although the details have, perhaps understandably, not been disclosed. Specifically, the Court found that “communications were extracted directly from the handset of the user and not while they were travelling to, through or from any other part of the system” so that they were “stored” on the devices. That meant that the data was obtained by “equipment interference” rather than “interception”, thereby circumventing the potential problem presented by the 2016 Act. That is the vulnerability when, as expected, the issue is finally determined by the Supreme Court.

However, the Court of Appeal judges suggested that others looking to challenge EncroChat evidence “should not be surprised if the trial judges deal with them rather more briskly”!

According to the report in The Times, Lord Carlile QC has highlighted that the decision does not change the law “but instead clarifies how encrypted material obtained from storage in another jurisdiction can be used as evidence in England and Wales”. Some may say that the decision has been made on what is often referred to as “public policy grounds” in order to secure convictions that might not otherwise be obtained. I agree, but I do not think that this will lead to the judgment being overturned in the Supreme Court. The rationale of the judgment is sound.