Corgarashu - stock.adobe.com
The National Crime Agency “deliberately concealed” information when it applied for a warrant to access hundreds of thousands of intercepted messages and photographs from the EncroChat encrypted mobile network, a court has heard.
The claim was made this week during the first day of a hearing by the Investigatory Powers Tribunal (IPT), Britain’s most secret court, in a case that is likely to have significant ramifications for the use of intercept evidence in criminal prosecutions.
As part of Operation Venetic, the National Crime Agency (NCA), working with police forces, has previously arrested 1,550 people across the UK, and seized 115 firearms and £54m in cash, and large quantities of drugs based on information seized by the French gendarmerie from the EncroChat encrypted phone network.
The tribunal case follows a decision by the court of appeal in 2021 that found that messages and photographs from the EncroChat phone network could be used as evidence in court, as they were lawfully obtained through equipment interference rather than interception.
But lawyers representing defendants claim that the NCA did not give the independent judge - known as a judicial commissioner - who authorised the NCA’s surveillance warrant, a full explanation of the basis of its understanding of how the French hacking operation worked.
Matthew Ryder KC told the court that the NCA had decided that it wanted a Targeted Equipment Interference (TEI) warrant - the only warrant that would allow messages and images intercepted from EncroChat to be used as evidence in court.
An analysis of the Investigatory Powers Act showed that the correct warrant for the EncroChat operation, would have been a Targeted Intercept (TI) warrant, Ryder told the court, which would not allow messages harvested from EncroChat to be used as evidence.
“The NCA started with the result they wanted and tried to fit that into the Investigatory Powers Act. They wanted a TEI and nothing else,” Ryder told the court. “Their motive was understandable. They wanted to make the intercept available in court.”
The NCA sought approval from the Investigatory Powers Commissioner, Sir Brian Leveson, for a hacking technique without knowing how the technique was carried out. “The obvious risk is that the warrant may be issued in error,” said Ryder.
The NCA made “serious and fundamental errors” by basing its warrant application on a position that was “tenuous at best”.
“The determination by the National Crime Agency to see it as Targeted Equipment Interference not Targeted Intercept led to wilful blindness by officers or at the very least a wholly inadequate analysis of the information they need to put before judicial commissioners,” said Ryder.
Warrant based on conversation
The warrant application was based on an account of a conversation between an NCA intelligence officer, Emma Sweeting, and Jeremy Decou, the head of the French Cyber Crime Centre, C3N, after a meeting at Europol in February 2020, the court heard.
“That account should have been treated with much less weight,” Ryder told the court.
Ryder told the court that the NCA “deliberately concealed” information about the “tenuous basis” for the warrant application from the judicial commissioner who authorised the warrant.
“It is one thing for the National Crime Agency to proceed on tenuous information. It is another for it not to tell the judicial commissioner,” said Ryder.
“They deliberately did not take steps to resolve the tenuous nature of that information. That was a deliberate decision,” he said. “That was a serious error”.
The judicial commissioner could have been told about the NCA’s account of the intercept technique obtained by Sweeting, said Ryder.
“Information which could allow a judicial commissioner to make an informed decision is important information,” he said.
“The judicial commissioner could say, 'I can authorise interception. But I can’t give you a TEI warrant. I can give you a TI because that covers store and intercept'.”
Former NCA technical officer Luke Shrimpton, three other NCA officers, together with two or three Scottish Police, and a man from another unidentified agency, met with French and Dutch law enforcement officers at the Europol meeting on 19 to 21 February 2020.
Cross-examined by defence barrister Simon Csoka KC , Shrimpton agreed that during the meeting he had not been given a precise understanding of how the implant was going to work.
The court heard that Shrimpton had written “looks like it’s intercept” in his notes from the meeting. He also wrote a note asking whether the database dumps were also intercept.
There was no discussion at the meeting that EncroChat operation would extract data in two different stages – the technique ultimately used in the operation against EncroChat - the court heard.
Shrimpton agreed that the Dutch had a greater pedigree at decryption but could not say whether the implant had been designed by the French or the Dutch.
NCA did not analyse infected handsets
The court heard during Shrimpton’s cross-examination that the NCA had not taken steps to analyse how the French implant worked by allowing one of its EncroChat handsets to become infected by the French implant.
Csoka asked, “Putting what happened [at the Europol meeting] between the 19 and 21 February at its highest, it must have been apparent that there was capacity to get greater detail by allowing one of the devices to become infected?”
“I did not consider that option at the time,” Shrimpton said.
Read more about EncroChat
- Lawyers say ‘unprecedented’ secrecy deprived EncroChat defendants of fair trials
- Police crack world’s largest cryptophone network as criminals swap EncroChat for Sky ECC
- Secrecy over police EncroChat hacking is unconstitutional, defence lawyers tell top French court
The former NCA technician agreed that allowing an EncroChat phone to be infected might provide a definitive answer to how the implant harvested messages, and that answer might be different from the information the NCA relied on to obtain its warrants.
Shrimpton said there was no instruction from the NCA not to turn on EncroChat phones after 1 April 2020 – when the French hacking operation began - to prevent the NCA’s handsets from being infected.
He said that he did not allow the EncroChat devices he was working with to go online, so as not to alert the EncroChat administrators. No other NCA EncroChat handsets were infected, the court heard.
Csoka questioned Shrimpton about notes of the Europol meeting taken by NCA officer James Wilmott, which recorded that from the information provided at the Europol meeting, forward-looking data would only be collected from the server “as opposed to targeting every single device”.
Shrimpton agreed that he was in post-conference discussions every day during the Europol meeting with his colleagues.
But he did not recall any conversations with Wilmott about his conclusions. “If shown that I would question the technical validity of the statement,” he said.
NCA developed its own EncroChat implant
Shrimpton agreed that the NCA had developed its own implant to intercept data from EncroChat, before the French gendarmerie infiltrated the encrypted phone network.
He said during cross-examination that he had access to images of EncroChat servers towards the end of 2018 that had not been supplied to the NCA by the French police.
But the court heard that Shrimpton could not disclose who supplied the server images because the issue was “sensitive”.
An email discussed in court showed that Shrimpton wrote to NCA technical officer Greg Elliot in January 2020 reporting that it looked like the French were planning some “significant activity” on EncroChat.
Shrimpton wrote that he suspected the French implant would exploit a CVE (security vulnerability) and would be deployed to handsets through an update server.
He suspected that the French would intercept messages from the EncroChat server and decrypt them.
The email said that the NCA had developed its own implant, which Shrimpton was considering re-designing to make it “less persistent”.
The implant would grab the phone’s database and encryption key, and exfiltrate it before tidying up and removing itself from the device.
The note said that Shrimpton wanted to ensure that the NCA did not have an implant running on a device when the French targeted it.
Questioned by Csoka about the email, Shrimpton said that he believed the French would exploit a publicly known security vulnerability to access EncroChat.
Csoka said that one known vulnerability with EncroChat, which used the Signal protocol, was that the random number generator, used for encryption, could be replaced by an attacker.
Shrimpton said he was not thinking of this particular vulnerability, but agreed it was a known vulnerability.
Under questioning Shrimpton agreed he had not disclosed this email to an earlier legal hearing: “I had clearly missed it.”
Shrimpton confirmed that he was able to set up an emulation of the EncroChat system using EncroChat handsets bought by the NCA in 2018.
The NCA obtained a TLS encryption key, which was needed to “spoof” the EncroChat server, in 2018, and a second TLS key from the French in 2020, to carry out forensic analysis on EncroChat handsets.
The court heard that the NCA is arguing that information can be transmitted and stored at the same time because of the concept of “ephemeral storage”.
Ryder told the court that if this was the case the implications were enormous and would destroy the “principal and understood” line between what requires a TEI warrant and what requires a TI warrant.
“It does not just mean a handset, it means any physical device, its server, its load balancer, anything that a communication touches for a picosecond is a stored communication,” he said.
Reports by the surveillance watchdog, the Investigatory Powers Commissioner’s Office (IPCO), suggested that the NCA was one of the largest applicants for TI warrants.
But Ryder said he does not understand why that would be the case if every intercept can be authorised by a TEI warrant.
“We are concerned that the interpretation in these proceedings is not the interpretation the NCA uses in practice,” he said.
“If they are right about ephemeral storage then a live video call on a phone is a stored communication because for one picosecond it is stored on the device,” he said.
The case continues.
Read more on Hackers and cybercrime prevention
Conversation between two police officers formed basis of EncroChat warrant, court hears
Secrecy over police EncroChat hacking is unconstitutional, defence lawyers tell top French court
Two men convicted after using EncroChat cryptophones to plot killing
Police EncroChat cryptophone hacking implant did not work properly and frequently failed