orpheus26 - stock.adobe.com
Public prosecutors in Berlin have been told they can use messages intercepted by French police during a sophisticated hacking operation into the EncroChat encrypted phone network in German courts.
The Superior Court in Berlin this week overturned a ruling by the Berlin Regional Court that found millions of text messages gathered by French and Dutch police in a hacking operation against EncroChat users could not be used legally in evidence.
The Berlin public prosecutor announced the verdict on Twitter: “Our complaint was successful.” The court confirmed the usability of “EncroChat in accordance with the higher court case law in Germany”.
French and Dutch investigators obtained millions of supposedly secure messages from EncroChat phone users between April and June 2020 after being granted a court order to place a data interception device on an EncroChat server which was uploaded to tens of thousands of handsets.
This week’s ruling comes two months after a judgment restricting the use of EncroChat messages by a Berlin court.
The case concerns a 31-year-old accused of drug dealing, but has wider implications for the admissibility of EncroChat evidence in legal proceedings.
The public prosecutor confirmed it had re-issued an arrest warrant against the individual, who has been living with his family for the past two months following release from custody. Prosecutors said the individual was a flight risk.
Since July, according to German press reports, more than 550 prosecutions against 135 suspects have been initiated on the basis of EncroChat data in Berlin.
Courts in the UK, France and Holland face similar legal challenges over the admissibility of EncroChat evidence. At least 20 defendants are understood to have made complaints to the UK’s Investigatory Powers Tribunal, which is expected to make rulings next year. Other legal challenges are being considered in crown courts.
The question of admissibility of EncroChat evidence in Germany is due to be addressed by the German Supreme Court, which is considering a number of EncroChat-related cases. A verdict is not expected until spring 2022.
Speaking after this week’s verdict, Christian Lödden, a criminal defence lawyer familiar with the case, said the Berlin Superior Court’s verdict was weak and poorly reasoned, given Germany’s strict privacy laws.
Last year, he said the state approved 21 phone taps using malware across the whole of Germany, tiny in comparison to the 3,350 EncroChat phones in Germany that were hacked by the French Gendarmerie’s computer crime unit, C3N.
“The hurdles to get warrants for tapping phones, for going into phones and reading messages, are really high in Germany. You need concrete suspicions, named people and strong criminal violations. You cannot do it for every offence,” he said.
Lödden said every regional court in Germany had at least one EncroChat case and that judges in the country were dealing with the cases in different ways.
“At the end of the day, the Supreme Court will find a final decision for this legal question. Is it admissible? Is it not?”
The case will now be sent back to the Berlin Regional Court where it will be it will be heard by a new set of judges.
EncroChat prosecutions are moving slowly in Germany, said Lödden.
First court to halt EncroChat trial
The Berlin Regional Court became the first court in Germany to halt a trial based on evidence from the EncroChat encrypted phone network, which was harvested through a novel hacking operation led by French police last year in collaboration with the Dutch.
The court found on 1 July 2021 that even if the interception operation against EncroChat handsets is legal under French law, use of the data from EncroChat data gathered on German territory was in breach of German law.
The hacking operation by French Gendarmerie placed more than 30,000 phone users in 122 countries under surveillance, whether there was evidence of individual criminality or not, the court then found.
“The Regional Court considers the surveillance of 30,000 EncroChat users to be incompatible with the principle of proportionality in the strict sense. This means that the measures were unlawful,” the court ruled in a 22-page judgment.
That decision has now been overturned by the Superior Court in Berlin.
It found that although investigative measures carried out by the French did not appear to meet the requirements of German law, that did not prohibit German courts from using the knowledge and information gained by the French.
German law allows surveillance to be carried out against an individual to recover specific information only where there is clear suspicion of crime by the individual under surveillance.
Germany’s role in the EncroChat hacking operation
21 December 2018: French investigators copy data from an EncroChat server at the OVH datacentre in Roubaix, France. The server data reveals that over 66,000 SIM cards are registered on EncroChat. Investigators are able to decrypt 3,500 files included encrypted notes made by phone users.
30 January 2020: A court in Lille approves the use of a data interception device on the EncroChat server and on EncroChat handsets.
9 March 2020: German prosecutors attend a meeting of Eurojust in the Hague with representatives of other countries to discuss how to exploit EncroChat data with the French and Dutch Joint Investigation Team working on the hacking operation.
13 March 2020: German prosecutors open a criminal file on EncroChat.
20 March 2020: The Lille court approves an order to redirect data streams at the EncroChat server to enable the capture of EncroChat data.
3 April 2020: German prosecutors begin downloading EncroChat data supplied by France, through Europol, without making a formal request to France for the data. The operation is coordinated from Frankfurt public prosecutor’s office.
7 April 2020: The French investigation is expanded from an investigation into the illegal supply of encryption technology in France to include illegal trade in drugs and weapons offences.
1 May 2020: The Lille court extends permission to continue technical measures against EncroChat’s infrastructure for one month.
1 June 2020: The Lille court extends permission to continue technical measures against EncroChat’s infrastructure for a further four months.
2 June 2020: The German public prosecutor’s office issues a European Investigation Order formally requesting permission to use the EncroChat data in prosecutions.
13 June 2020: The Lille court approves Germany’s European Investigation Order, giving consent to the use of the data by Germany for judicial investigations and prosecutions. The data had previously been provided to Germany without Germany making a request for access to it.
28 June 2021: EncroChat administrators succeed in closing down the EncroChat network after having discovered the hacking operation.
17 January 2021: Tiergarten district court issues an arrest warrant against the defendant.
29 April 2021: Based on an analysis of EncroChat messages, the defendant is charged in an indictment with 16 counts of illegally trading in narcotics.
1 July 2021: The Berlin Regional Court finds that EncroChat messages cannot be used in German criminal proceedings. It revokes the arrest warrant and declines to open criminal proceedings.
5 July 2021: The Berlin public prosecutor’s office issues a complaint seeking to overturn the Berlin Regional Court’s decision and requesting the reopening of criminal proceedings against the defendant.
But evidence gathered by the French could be used as an “accidental discovery” to bring prosecutions against German EncroChat users, the court found.
“The fact that there was no qualified suspicion…at the time of the [surveillance measures]...does not prevent the use of the knowledge once gained,” it said.
German courts were not entitled to question actions initiated by other EU member states that are legal under their own law, provided the evidence is not based on a German request for mutual assistance, the court said.
To do so would undermine the “mutual trust” between member states.
The fact that the investigative measures carried out by the French did not seem to meet the requirements of German law for monitoring telecommunications and internet traffic did not prevent the knowledge gained being used in Germany, the court said.
Use of EncroChat provides grounds for suspicion
In its July decision, the Berlin Regional Court found that the mere use of an encrypted phone, even one with a high level of encryption, was not an indication of criminality.
The German Federal Government is actively encouraging the use of cryptography, through the Federal Government digital agenda, and has been reluctant to oblige telecoms and internet companies to implement “backdoors” to allow government to access private data, the judge said.
The mere possession of an EncroChat phone did not provide grounds for surveillance, in much the same way that possession of crowbars or bolt-cutters does not provide sufficient grounds for a search warrant.
But in the latest ruling, the Berlin Superior Court found that the way EncroChat devices were sold and their high cost, coupled with other findings from French investigators, did provide grounds for suspicion.
In 2017 and 2018, French police seized EncroChat phones during seven independent investigations, including five investigations into drug offences, the theft of luxury vehicles and other crimes.
The EncroChat website advertised the phones as offering “guaranteed anonymity, a personalised Android platform, a double operating system, the very latest technology, automatic deletion of messages” and hardware encryption.
The company lacked an official headquarters and had no identified staff. It did not sell phones on its website but EncroChat phones were available on eBay at a cost of €1,600 for a six-month contract.
A “guide” sent to an Australian EncroChat phone dealer obtained during the hacking operation advised resellers to stay undercover from the police, to accept payments for the phones using cryptocurrencies where possible and to avoid attracting attention.
French investigators took a forensic image of one of the EncroChat servers in December 2018 and were able to decrypt encrypted notes made by users of the phone, which were stored on the server.
The information recovered suggested that some users were involved in illegal activities. One user’s note, for example, likely showed his involvement in drug trafficking and his ability to launder money in Paris through Morocco.
Mother country behind human rights
“When considering the admissibility of the use of evidence, in addition to the considerable risk to the public’s health, the threat posed by the organised crime structures promoted and financed through illegal drug trade must also be taken into account,” said the Berlin Superior Court.
The verdict also found that the failure to use intercept material from France would violate the sense of justice of German citizens.
“The failure to use legally obtained information about such serious crimes by the authorities of the Republic of France – a founding member of the European Union and one of the mother countries behind human rights – would “significantly violate the general sense of justice of the law-abiding population”, it said.
The court accepted that the French authorities had an obligation to inform the German authorities that they were conducting surveillance on the telecoms traffic of individuals on German territory.
But a failure by France to notify Germany does not prohibit the exploitation of surveillance material.
“The German authorities have made it clear through their further conduct that they do not object to the investigative measures,” the court said. “It can be assumed that the German authorities would have consented to the surveillance of the accused if they had been informed.”
German procedural rules do not contain a general prohibition on exploitation of unlawfully obtained evidence but allow the evidence to be weighed by the court, the court said.
The data obtained does not, as far as can be seen, affect any core information relating to an individual’s private life.
The court found that the German authorities were not involved in the operations led by the French investigative authorities.
“Rather the data obtained were initially spontaneously transmitted to the German police without prior consultation,” it said.
Germany had not – at the time it received the data in April – submitted a request for mutual legal assistance to obtain the information from France, according to the court verdict.
It was only two months after the hacking operation began, on 2 June, that German prosecutors submitted a European Investigation Order to the French, formally requesting the right to use the intercepted data from EncroChat.
It has emerged in evidence in other court cases in Germany, however, that German prosecutors attended a meeting at the European Union agency for criminal justice cooperation Eurojust at the Hague, to discuss the exploitation of hacked data from EncroChat as early in March 2020 – before the hacking operation commenced.
This has raised questions over whether Germany was simply a passive recipient of the data obtained by the French, as prosecutors suggest.
Decision was ‘political’
Lödden said that, with an election for a new chancellor taking place next month, the Superior Court decision was partly political.
The Berlin higher court’s verdict that EncroChat evidence could not be used led to criticism in the press, he said.
“There were a lot of voices that said it can’t be. Why is it that every country in Europe can charge the criminals and only we, in Germany, are not able to do it because we were hiding behind our laws,” he said. “So there was a lot of pressure from public opinion.”
Read more about EncroChat
- French lawyers claim that investigators are unlawfully withholding details of a cryptophone hacking operation in a case that could impact UK prosecutions.
- French lawyers are challenging the legality of a French police operation to harvest tens of thousands of messages from the EncroChat encrypted phone network in a move that could overturn criminal prosecutions in the UK.
- The Dutch Public Prosecution Service claims Britain has damaged confidence by disclosing details of an international investigation into the EncroChat encrypted phone network to the courts.
- Appeal court finds ‘digital phone tapping’ admissible in criminal trials: On 6 February 2021, judges decided that, despite UK law prohibiting law enforcement agencies from using evidence obtained from interception in criminal trials, communications collected by French and Dutch police from EncroChat using software “implants” were admissible evidence in British courts.
- Belgian police raid 200 premises in drug operation linked to breach of encrypted phone network: On 9 March 2021, Belgian police raided 200 premises after another encrypted phone network with parallels to EncroChat, Sky ECC, was compromised, in what prosecutors described as one of the biggest police operations conducted in the country.
- Arrest warrants issued for Canadians behind Sky ECC cryptophone network used by organised crime: Following the international police operation to penetrate the Sky ECC network and harvest “hundreds of millions” of messages, a federal grand jury in the US indicted Sky Global’s Canadian CEO, Jean-François Eap, along with former phone distributor Thomas Herman, for racketeering and knowingly facilitating the import and distribution of illegal drugs through the sale of encrypted communications devices.
- Lord David Anderson QC warned prosecutors that there were formidable arguments against the lawfulness of a police operation to infiltrate the encrypted phone network, EncroChat.
- Computer forensic experts involved in the review of police use of data hacked from the ultra-secure EncroChat phone network assess the impact of the Appeal Court ruling on future legal use of intercept evidence.
- UK courts face evidence ‘black hole’ over police EncroChat mass hacking: Forensic experts say that French investigators have refused to disclose how they downloaded millions of messages from the supposedly secure EncroChat cryptophone network used by organised criminals – leaving UK courts to grapple with a forensic ‘black hole’ of evidence.
Read more on Hackers and cybercrime prevention
Germany: European Court opinion kicks questions over EncroChat back to national courts
French supreme court dismisses legal challenge to EncroChat cryptophone evidence
German court unclear whether intercepted EncroChat cryptophone messages are legally admissible
Germany: European Court of Justice hears arguments on lawfulness of EncroChat cryptophone evidence