NCA officer questioned in Investigatory Powers Tribunal over failure to disclose EncroChat notes

Missing notes

The tribunal heard yesterday that Sweeting had discovered “rolling notes” of a key meeting at Europol between 19 and 21 February 2020 on her computer in October this year, some two years after disclosing a summary of the meeting in earlier EncroChat proceedings.

The court heard that the newly discovered notes showed that Europol had drawn 18 “conclusions” about the EncroChat operation, two of which were missing from the notes the NCA used as the basis of its warrant application.

The missing conclusions related to the samples of EncroChat data already available to French authorities, and the NCA’s access to Threat to Life (TTL) analysis tools.

Lawyers for the complainants argue that the evidence suggests the NCA had access to live intercepted messages from the EncroChat system, which were subsequently decrypted. If correct, that would invalidate the use of EncroChat in evidence in the UK.

The NCA maintains that it obtained unencrypted messages taken from memory storage in phone handsets, rather than through live interceptions. 

Sweeting was asked why she had written “would not be able to go live on intercept” and that “intercept evidence is not enough, would need e.g forensics as well” in the newly disclosed notes.

The intelligence officer said some of the notes referred to comments made by other countries at the Europol meeting and that she could not be sure they related to the UK.

Sweeting’s notes also recorded that messages collected in transmission by the French authorities would be “decrypted using a key”.

Defence lawyers said this indicated that Sweeting had information about how EncroChat data was obtained prior to the warrant application.

Another note stating that the NCA would need both TEI and TI warrants was left out of documents used by the agency in its warrant application.

Sweeting said she discussed her notes with colleagues after the meeting to make sure they were true and accurate.

She said she was unable to give more details about how her “rolling note” was turned into a summary note for the NCA.

Europol did not assess EncroChat’s use by criminals

The NCA has argued that the EncroChat phone system was almost entirely used by criminals.

The court heard that Sweeting had written that Europol would make an assessment around the user base being entirely criminal, in her original notes from the Europol meeting.

Under questioning, Sweeting said countries taking part in the EncroChat operation were comfortable that the service was used almost exclusively by criminals.

There was no need for Europol to conduct that final assessment, she said, as everyone was confident that criminals would be using EncroChat.

She agreed that the fact that Europol had not carried out an assessment of criminal use of EncroChat had not been included in the warrant application.

Under cross-examination Sweeting told the court that she had disclosed a summary of her notes, referred to as the “blue and black note” in 2020, but had not realised another version existed: “I had an honestly held the belief that this was the only version, but that was an error.”

She said it was not the case that she had known the earlier document was on her computer all along, and she apologised to the court for disclosing it so late.

“I can’t remember exactly where I found the document, whether it was a Z drive or an email attachment,” she said.

Sweeting said she spell-checked the “blue and black” notes after going through them with colleagues at the Europol meeting to ensure they were accurate, before sending them to the gold commander in charge of Operation Venetic, Matt Horne, on 23 February 2020.

She said the NCA does not automatically delete correspondence as a matter of policy.

Under cross-examination, Sweeting said she did not deliberately delete any documents, or consciously remove any information from the documents initially submitted to the judicial commissioner.

She also claimed that, at the point of the meeting between the NCA and Europol, French authorities had only obtained “imaged” data from EncroChat servers, and that they had not yet completed their development of a “technique” to extract further information from the network.

Wayne Johns, a senior investigating officer at the NCA, was also asked about whether anyone else in the NCA questioned Sweeting’s claims that a TEI was needed. Johns said he was unaware of this happening.

Johns, the named officer on the NCA’s TEI warrant, said he had no idea of the underlying technical details that would make a TEI warrant suitable.

During a follow up meeting with Europol on 9 March the NCA was informed that further meetings could be arranged to discuss procedural follow up and next stages of cooperation, "once technical phase of interception and decoding" is over. 

Johns said he was not aware of what was meant by interception and decoding, and does not recall anyone from NCA asking either.

‘Deliberately misleading’

Matthew Ryder KC claimed that Sweeting’s testimony conflicted with previous testimony and that he would submit to the court that Sweeting has been “deliberately misleading” or “wilfully blind”.

The court refused a request by defence lawyers to order the NCA to disclose its legal advice on the EncroChat warrant.

A lawyer for the NCA argued that it had not waived legal privilege by disclosing details of its legal advice in documents submitted to the court.

According to an email read out in court, because of the fast-moving nature of the EncroChat project, there was no specific legal advice given to the NCA on the use of “equipment interference” (hacking) to obtain EncroChat messages.

The case continues.