alexskopje -

EncroChat: Top lawyer warned CPS of risk that phone hacking warrants could be unlawful

Lord David Anderson QC warned prosecutors that there were formidable arguments against the lawfulness of a police operation to infiltrate the encrypted phone network, EncroChat

A senior lawyer told the Crown Prosecution Service (CPS) that there was a “substantial risk” that police warrants to obtain messages from the encrypted mobile phone network, EncroChat, would be found “unlawful”.

Lord David Anderson QC advised prosecutors in May 2020 that the CPS could face “formidable arguments” over the lawfulness of warrants obtained by the UK’s National Crime Agency (NCA) to harvest messages from EncroChat phones.

The advice was not disclosed to lawyers representing defendants charged with crimes on the basis of evidence from EncroChat messages during a major preparatory case last year, it has emerged.

Anderson revised his advice just under three weeks later, following a briefing from the NCA, to give a more favourable view of the lawfulness of the operation.

British police have made some 1,550 arrests after obtaining millions of hacked messages from EncroChat encrypted phones.

According to the National Crime Agency, which led the investigation in the UK – codenamed Operation Venetic – EncroChat phones were used almost entirely by organised criminal groups.

Around 250 prosecutions are pending, involving multiple defendants who are accused of money laundering, supplying drugs, violent crime, or firearms offences.

The infiltration of the network – which was used by 50,000 people globally, including 9,000 in the UK – has allowed police forces across Europe to access historical as well as “real-time” messages.

CPS asked Lord Anderson to give legal advice

The Crown Prosecution Service asked Lord Anderson, the former independent reviewer of terrorism legislation, on 17 April 2020 to advise on the lawfulness of warrants used by the NCA to authorise the hacking operation against EncroChat.

CPS lawyers approached Anderson after raising questions about the legal justification for the hacking operation with the crime agency.

The NCA applied for thematic targeted equipment interference (TEI) warrants, which under the Investigatory Powers Act 2016, have to meet “strict statutory constraints on their scope”.

Roger Harris, CC BY 3.0

“Most courts would look on Project Venetic as a desirable tool in the fight against serious and organised crime, and would be only reluctantly driven to the conclusion that there is no power to give effect to it in UK law”

David Anderson QC

“The arguments for unlawfulness are formidable,” said Anderson in a written opinion dated 2 May 2020. “There is a substantial risk that a court invited to find the warrants unlawful would do so.”

Police investigators relied on the legal justification that the targeting of the EncroChat handsets was permitted under the Investigatory Powers Act for “the purposes of a single investigation or operation”.

Anderson said that the “extraordinary breadth and generality of the NCA’s ambition for Operation Venetic” could be gauged in a request from the NCA to the CPS.

The NCA’s intention was to use the data to '"facilitate" current UK law enforcement activity, future criminal investigations, disruptions, seizures and prosecutions against known and as yet unknown users, as well as to assist in overriding objectives.

“By defining the relevant ‘investigation or operation’ in terms of the penetration of a platform or network used by a vast and miscellaneous group of unrelated criminals,” Anderson wrote, “the NCA is neglecting the requirement of a target and stretching the normal law enforcement (and statutory) meaning of the terms investigation and operation”.

Drift net rather than harpoons

The NCA faced at least three substantial objections to the “characterisation of Project Venetic as a single investigation or operation”, Anderson wrote in a 21 page opinion.

It is hard to see how a thematic TEI warrant could be appropriate without specifying the identity or the device identities of EncroChat users. “It is striking that not a single user is identified in the warrant,” he said.

The NCA was “seeking to set aside the statutory requirement of an identified and circumscribed criminal enterprise in favour of a wholly general attempt to uncover serious criminality of all kinds”.

“It deploys a drift net rather than a clutch of harpoons,” he added.

Despite this, courts were likely to be sympathetic to using the hacked material in criminal prosecutions.

“To put it bluntly, most courts (particularly those with experience in the criminal field) would look on Project Venetic as a desirable tool in the fight against serious and organised crime, and would be only reluctantly driven to the conclusion that there is no power to give effect to it in UK law,” he said.

Former serving judges as senior and highly respected as Sir Kenneth Parker and Sir Brian Leveson concluded that the NCA’s warrants were lawful.

“It is sensible to assume that the lawfulness of what is in any view a controversial stretching of the thematic/bulk boundary has been, on this or some previous occasion, the subject of independent legal advice at a senior level,” he said. 

Anderson revised opinion after NCA advice

Anderson revised his opinion in an addendum on 28 May 2020, after being supplied with a further briefing and a positioning paper from the National Crime Agency.

Anderson said that, crucially, he had been told a review of the data recovered from more than 5,600 devices had led the NCA to conclude that it was “almost certain that all owners/users of these devices are involved in serious organised crime”.

Intelligence officers and investigators conducted keyword searches and a triage process after the warrants had been issued, “which specifically looked for, but found no material whatsoever, linked to legal privilege, academia and journalism or privacy enthusiasts”.

“[T]here are a vanishingly small number of non-criminal discussions,” the NCA is quoted as saying. 

The NCA accepted that “encrypted platforms such as WhatsApp and Telegram could not have been subject to a thematic warrant because they ‘will likely have a mix of innocent and nefarious content to a greater or lesser extent’”.

By 10 May 2020, EncroChat messages had led to the arrests of 61 serious organised crime suspects and substantial seizures of firearms, drugs and cash.

Anderson said that though the legal issues he identified “remain far from straightforward”, it seemed to him “more likely than not that a court or tribunal which had to decide the matter would uphold the lawfulness of the warrants”.

He said it would be helpful to law enforcement in avoiding a future legal challenge if the equipment interference code were clarified to address the “problematic requirement of a single investigation or operation” and were to include examples such as the EncroChat operation.

Questions about disclosure

Defence lawyers have questioned why Anderson’s opinion was not disclosed to defence lawyers during a preparatory hearing into EncroChat last year.

The hearing, which decided on the legal admissibility of messages taken from EncroChat in UK law, sought to answer whether data obtained under EncroChat phones under a TEI warrant was legally admissible in UK courts.

The Court of Appeal decided, on 5 February 2020, that communications collected by French police from the encrypted phone network EncroChat using software “implants” were admissible evidence in British courts.

The court of appeal decision will have significant consequences for the use of “digital phone tap” evidence, according to computer experts.

Hundreds of prosecutions are waiting on the results of a series of preparatory trials which will decide legal issues that will be binding on future cases.

The preparatory hearings have been delayed, after prosecution lawyers began conducting an extensive review of material that should be disclosed to defence lawyers in April, following questions raised by defence lawyers.

Investigators from France working in a joint investigation team (JIT) with the Netherlands infiltrated the supposedly secure EncroChat encrypted phone network in April last year, but have refused to disclose how they did it, citing French national security. 

EncroChat’s administrators shut the network down when they became aware it had been compromised in June 2020 following a series of initial arrests.  

The French Gendarmerie supplied the NCA with messages from thousands of EncroChat phone users in the UK, which were channelled to the UK through Europol.

The NCA applied for the first TEI warrant on 3 March 2020, which was authorised by Lynne Owens, the NCA’s director general and approved two days later by judicial commissioner Kenneth Parker, on behalf of surveillance regulator the Investigatory Powers Commissioner’s Office.

The NCA applied for an updated TEI on 24 March 2020 to authorise the additional collection of data about Wi-Fi hotspots that the EncroChat phones came into contact with, which was authorised by the investigatory powers commissioner, Brian Leveson.

Additional research by Sebastian Klovig Skelton.

Read more on Privacy and data protection

Data Center
Data Management