TechTarget

alexskopje - stock.adobe.com

News

Cyber crime officer says French legal challenges to EncroChat are ‘hype’

Matthieu Audibert, officer of the French Gendarmerie’s cyber space command, gets into a spat with defence lawyers on Twitter over the lawfulness of evidence from the hacked phone network EncroChat

Bill Goodwin
By
Published: 31 Oct 2022 9:45

An officer at the French Gendarmerie’s cyber space command has claimed on social media that a decision by the French Supreme Court over the lawfulness of messages hacked by the police from an encrypted phone network has been “hyped” by defence lawyers.

In an unusual public intervention, Matthieu Audibert, a lawyer and officer of the Gendarmerie’s command in cyber space, ComCyberGend, took to Twitter to contest claims that a ruling by the Cour de Cassation could lead to the dismissal of EncroChat prosecutions.

Audibert, head of partnerships and co-operation at the French cyber crime unit, made the intervention after defence lawyers argued that a decision by the French Supreme Court had raised doubts about the validity of messages covertly harvested by police from EncroChat phones.

French cyber experts working in a joint investigation team with the Dutch were able to recover 120 million messages from more than 30,000 EncroChat phone users after infiltrating servers in Roubaix, France.

The novel interception operation in 2020 led to the arrests of suspected drug dealers and organised criminals in the UK, Sweden, Germany, France and other countries.

The French Supreme Court has sent a case to be reheard in October after finding that the Court of Appeal had not properly considered the failure of prosecutors and police to supply a certificate to authenticate EncroChat data used in evidence – a requirement of French law.

Following the decision, defence lawyers Robin Binsard and Guillaume Martine, who brought the case, urged lawyers in other countries to appeal against the use of EncroChat evidence in court hearings because there was now no guarantee that EncroChat evidence was legally valid.

“We invite our colleagues across Europe to pursue their appeals and to argue that the evidence from EncroChat is illegal, since it is not accompanied by the required attestation of sincerity, as admitted today by the Court of Cassation,” the lawyers said in a statement.

Intervention on Twitter

In an unusual intervention, Audibert, who is writing a doctoral thesis on the collection of digital evidence, turned to Twitter to argue that the defence lawyers had misinterpreted the significance of the decision.

“The defendants’ lawyers have lodged several appeals – this is completely normal, and this is also how the rule of law progresses,” Audibert, wrote in a Twitter thread. “However, the decision they got is not that significant.”

Audibert argued that the Supreme Court judgment on 11 October validated the technical operations used by the Gendarmerie to hack the EncroChat servers and that the court agreed that French law allowed investigators to re-route EncroChat text messages so that they could be harvested by the police.

But he disputed claims that a certificate of authentication is required under French law on the grounds that the messages were obtained through a “capture operation” using “trojan horse” software rather than by decrypting encrypted messages.

Under these conditions, French law does not require a certification of authentication, said Audibert. “Should you ask for a certificate for an operation that did not take place?” he wrote.

Audibert added that, legally, the Supreme Court had criticised the judges at the Court of Appeal in Nancy for not making a ruling on the absence of a certificate of authentication to verify the truthfulness of the EncroChat data used in evidence in the case.

But the court had made no finding on what the implications for the missing certificate would be.

“To sum up in one sentence, there is a document missing in the procedure that you just have to ask the person to deliver,” Audibert wrote.

The decision is a long way from the “evidence is illegal hype” promoted by defence lawyers, he said, and is “purely a procedural ruling dealing with a problem that can be resolved very easily”.

But defence lawyers argue that Audibert is wrong, and that in fact court judgments have confirmed that French law does require a certificate of authenticity for evidence acquired in “data capture” operations for evidence to be legally valid.

Binsard wrote: “We do not share your analysis. The certificate is a substantial procedural guarantee and its absence constitutes a violation [of the criminal code].”

French police and prosecutors refused to disclose how the joint Dutch and French operation to hack EncroChat was undertaken – citing national defence secrecy.

The disputed case is due to be reheard by the Court of Appeal in Metz, north-east France, which will decide whether the procedural guarantees required to withhold information about the hacking operation have been followed.

The French Supreme Court found in a second ruling on 25 October 2022 that the Court of Appeal in Nancy had failed to address arguments that prosecutors had provided no certificate of authenticity for the EncroChat data used to bring other prosecutions.

The appeal had been brought by 13 people who were arrested and charged in late 2020, following a judicial inquiry into offences related to organised crime, possession of weapons and drugs offences.

The Supreme Court found that the defendants had a right to challenge the lawfulness of EncroChat messages used in evidence against them, even though they had not admitted owning EncroChat phones.

That case is due to be reheard by the Court of Appeal in Paris, but no date has been set.

Read more about the French legal challenge to EncroChat

Read more on Information technology in France

CIO
Security
Networking
Data Center
Data Management
Close