Dutch lawyers raise human rights concerns over hacked cryptophone data

Dutch lawyers have written an open letter claiming that defendants charged on the grounds of evidence from police cryptophone hacking investigations face unfair trials because prosecutors have refused to disclose information about the hacking operations in court.

More than 100 Dutch defence lawyers have signed the letter calling for the Netherlands Ministry of Justice and the public prosecution service to be transparent over the involvement of Dutch cyber specialists in international operations to hack encrypted phone networks, such as EncroChat and Sky ECC, used by criminal gangs.

They say prosecutors’ unwillingness to disclose information about how police obtained data from the hacked encrypted phone networks has made it impossible for defence lawyers to test the legitimacy and reliability of hacked text messages presented as evidence in multiple criminal trials.

Justus Reisinger, the author of the letter, said lawyers in the Netherlands felt the need to unite because the issues at stake went beyond individual legal cases.

“The request is very simple – being able to test the legitimacy and reliability of the evidence put forward by the prosecutors,” he told Computer Weekly. “The prosecutors and judges simply rely on the evidence and don’t allow us to test it. The limit has been reached, which is why we are writing this letter to ask for attention to the problem to be given outside the courtroom.”

The Dutch High Tech Crime Unit has pioneered telephone and hacking techniques that have been used in cross-border investigations into encrypted phone services. They include Emmetcom, a Netherlands-based cryptophone service shut down in 2015, PGP Safe, and EncroChat and Sky ECC in 2020.

“This form of investigation is innovative and cross-border,” said the letter. “There is nothing wrong with that in itself and we endorse the social benefit of new, advanced investigative methods in the fight against crime. However, the use of such new investigative methods does require transparency.”

The lawyers argued that it is not possible for them to test the legality and reliability of text messages obtained from hacked telephone networks such as EncroChat.

They said prosecutors and judges in the Netherlands have a fixed idea that the evidence obtained from hacking operations in third countries is automatically admissible in the Netherlands because of the principle of trust between EU member states.

“International cooperation seems to be used not only to fight crime, but at the same time to deliberately limit the possibilities of conducting an effective defence,” said the letter.

Dutch courts have taken the view that phone messages that have been intercepted or hacked from phones in the Netherlands by other European countries can be assumed to have been obtained lawfully, but the lawyers argue there are reasons to question this assumption.

“The Netherlands, as a sovereign country, is obliged to conduct its own assessment against the laws and regulations that apply in the Netherlands, and for that matter, in the rest of Europe, in order to provide legal protection for the citizen,” said the letter.

“The same applies to reliability. It is assumed that there is reliable evidence, while on many occasions it has become apparent that there are defects in the digital technology used.”

Defence lawyers have not been allowed to test the reliability of evidence obtained through phone hacking and this increased the “unacceptable risk of an unjust conviction”, the lawyers said.

The lawyers also argued that the scale of interception operations against EncroChat and other encrypted phone systems amounted to bulk interception involving hundreds of thousands of people.

Prosecutors argue that the interception is targeted against citizens whose identity is unknown, but the lawyers said this approach breaches the European Convention on Human Rights and the EU Charter on Fundamental Rights.

“Just because encrypted communication is suitable for use by criminals does not mean that encrypted communication is exclusively intended for, let alone, used by criminals,” said the letter.

The evidence from encrypted communications is not being thoroughly tested in the Netherlands, the letter added.

The lawyers called for the Dutch parliament to ask questions about the role of the Dutch authorities in international investigations into encrypted phone networks, and for judges to critically investigate the evidence provided.

The Dutch public prosecution service, the Openbaar Ministerie, said it was aware of the lawyers’ concerns. It said the use of hacked encrypted information in criminal proceedings has been found to be lawful by judges, according to reports.

One member of the Openbaar Ministerie has criticised the letter as being inaccurate and misleading in a post on LinkedIn. He said examining magistrates were extensively involved in all cases that involved EncroChat data.