ra2 studio - stock.adobe.com
Court hearings into the EncroChat encrypted phone network compromised by French police have been delayed after lawyers requested prosecutors to disclose further evidence on law enforcement’s capabilities to decrypt communications.
The National Crime Agency (NCA) has made more than 1,550 arrests under Operation Venetic after the French Gendarmerie harvested millions of supposedly secure messages from the EncroChat cryptophone network, which police say was used by criminal groups.
Defence lawyers have argued that the disclosure of evidence has been made more difficult because disclosure officers do not understand the technical detail in documents relating to police hacking of the EncroChat encrypted phone network.
The courts are preparing to hear up to a dozen preparatory hearings that will decide on the lawfulness, admissibility and reliability of material retrieved from the EncroChat network – the decisions in which will be binding on future prosecutions.
The NCA has not disclosed details of how many people have been charged under Operation Ventetic, the UK’s response to the takedown of EncroChat, but it is understood that around 450 defendants are contesting their prosecutions across the UK.
Issues impact on multiple cases
Jonathan Kinnear QC is overseeing the national strategy for all 250 prosecution cases in the UK – including dealing with legal challenges to the admissibility of EncroChat evidence – for the Crown Prosecution’s Organised Crime Division.
Speaking at a preparatory hearing, he said prosecution lawyers were working to process requests for discovery from defence lawyers.
He told a court that defence lawyers had submitted documents from public websites, some of which were marked “top secret” or “top secret strap one” in evidence.
“We have been working on a response to defence disclosure requests and re-reviewing the disclosure position over the course of last week and this weekend,” he said.
“Given the complexity of the issues, including the technical nature of them and the sheer volume of the material involved, we have not yet completed that review. These are important issues that have an impact not just on this case, but on a significant number of other cases.”
New questions after second cryptophone hack
Defence lawyers raised new questions about the capabilities of law enforcement to decrypt live communications after Belgian and Dutch police announced they had infiltrated a second secure cryptophone network, Sky ECC.
Belgian and Dutch police disclosed during a press conference on 10 March 2021 that they had intercepted more than one billion encrypted messages from the Sky Cryptophone network, and had decrypted half of them.
Defence lawyers have raised questions over whether the joint operation between the UK, France and Holland had the ability to decrypt messages from EncroChat. If true, they argue, that would undermine facts presented in earlier court hearings.
“If it turns out there have been investigations with the NCA or other British agencies, and that involves decryption of messages whilst in transmission, this is clearly disclosable and goes to the heart of the case,” one defence lawyer told a judge the day after the announcement.
Experts are divided over how the French Gendarmerie obtained the decrypted messages, notes and photographs from the EncroChat network.
Snowden documents reveal US and UK encryption attacks
Classified documents leaked by former CIA whistleblower Edward Snowden show that the US and the UK have invested heavily in highly sensitive programmes to break the encryption of online communications.
The NSA and GCHQ developed capabilities to break the encryption web mail, encrypted chat, encrypted voice over IP (VoIP), virtual private networks (VPNs) and the encryption used by 4G mobile phone services.
Snowden documents reveal that the NSA’s mission was to weaken encryption technologies by influencing encryption standards, forming partnerships with telecommunications companies and inserting vulnerabilities into commercial encryption systems.
Both EncroChat and Sky ECC phones use a form of encryption known as elliptical curve cryptography (ECC), which is suited to mobile applications as it offers small faster and more secure cryptographic keys than other forms of encryption.
Secure encryption relies on the ability of software to generate secret prime numbers randomly, often using pseudo-random number generators, to calculate encryption keys which are difficult for intelligence agencies to predict.
Internal NSA memos reported by The New York Times suggest that the NSA had compromised at least one random number generator, called the Dual EC ERBG, which was adopted by the US National Institute of Standards and Technology and the International Standard Organisation.
Security company RSA, which used Dual EC ERBG by default in some of its security products, subsequently advised its customers to switch to alternative pseudo-random number generators.
Court found messages were intercepted before encryption
A judgment by the Court of Appeal on 5 February 2021, however, found that French police had been able to use a software implant to access messages from phone handsets before they had been encrypted. They were automatically forwarded to a server set up by the French digital crime unit, C3N.
Defence lawyers said in a preliminary hearing that they suspected that disclosure officers do not understand a lot of the technical details in documents related to Operation Venetic.
“There is far more likely to be a reliable disclosure exercise if there is an expert assisting a disclosure officer or even an expert appointed as a disclosure officer who can understand the significance of the material,” one lawyer said.
The lawyer said the defence team had requested prosecution disclosure in November last year, but that it was making further reactive requests for disclosure following the takedown of Sky ECC in Belgium.
French investigators broke the supposedly secure EncroChat encrypted mobile phone network, used by 50,000 people worldwide, including 9,000 in the UK, in April 2020, after gaining access to the EncroChat servers discovered in a datacentre run by OVH in Roubaix.
Investigators installed software “implants” on tens of thousands of mobile phone handsets which, according to the court of appeal, retrieved supposedly secure messages, photographs and notes from the phones before they were encrypted.
The French have refused to disclose any details to the courts in the UK and European countries bringing prosecutions against EncroChat users about how the implants work, citing national defence reasons.
Further hearings have been put back to late April or early May.
Read more about the EncroChat case
- Cops take out encrypted comms to disrupt organised crime: In July 2020, after French and Dutch authorities had gained access to the encrypted EncroChat network, the NCA and its counterparts worked to disrupt the serious and organised criminal networks using the platform.
- Appeal court finds ‘digital phone tapping’ admissible in criminal trials: On 6 February 2021, judges decided that, despite UK law prohibiting law enforcement agencies from using evidence obtained from interception in criminal trials, communications collected by French and Dutch police from EncroChat using software “implants” were admissible evidence in British courts.
- Belgian police raid 200 premises in drug operation linked to breach of encrypted phone network: On 9 March 2021, Belgian police raided 200 premises after another encrypted phone network with parallels to EncroChat, Sky ECC, was compromised, in what prosecutors described as one of the biggest police operations conducted in the country.
- Arrest warrants issued for Canadians behind Sky ECC cryptophone network used by organised crime: Following the international police operation to penetrate the Sky ECC network and harvest “hundreds of millions” of messages, a federal grand jury in the US indicted Sky Global’s Canadian CEO, Jean-François Eap, along with former phone distributor Thomas Herman, for racketeering and knowingly facilitating the import and distribution of illegal drugs through the sale of encrypted communications devices.
- Judges refuse EncroChat defendants’ appeal to Supreme Court: In early March, judges refused defendants leave to challenge the admissibility in UK courts of message communications collected by French cyber police from the encrypted phone network EncroChat. Computer forensic experts working on EncroChat cases said that decision should trigger a wider review of the “far-reaching effects” the legal decision by the Court of Appeal would have on the role of communications interception in future cases.
- UK courts face evidence ‘black hole’ over police EncroChat mass hacking: Forensic experts say that French investigators have refused to disclose how they downloaded millions of messages from the supposedly secure EncroChat cryptophone network used by organised criminals – leaving UK courts to grapple with a forensic ‘black hole’ of evidence.