Investigatory Powers Tribunal finds NCA EncroChat hacking warrants were lawful

Duty of candour

The case, brought by 11 claimants, hinged on whether French investigators obtained the EncroChat messages while they were stored in phone handsets or whether they intercepted the messages while they were being transmitted.

Under UK law, electronic communications intercepted during transmission are inadmissible in criminal proceedings and require targeted interception (TI) warrants, rather than the targeted equipment interference (TEI) – hacking – warrants obtained by the crime agency.

During hearings in September and December 2022, defence lawyers argued that the NCA failed in its duty of candour to the judicial commissioner responsible for authorising its hacking warrant.

But the tribunal found that the NCA only had to have reasonable grounds to believe that the information it presented to the judicial commissioner was accurate at the time it applied for the warrant.

“We are not satisfied that the decision of the judicial commissioner might have been different had the NCA provided the information that the claimants said they should have done,” the judgment said.

NCA did not have closed mind

The tribunal rejected arguments by defence lawyers that the NCA had “closed its mind” to the possibility that anything other than a TEI warrant – the only warrant that would allow EncroChat evidence to be used in court – would be needed to authorise its receipt of EncroChat messages.

The tribunal also rejected claims by defence lawyers that the NCA had deliberately decided not to allow EncroChat phones in its possession to be infected by the French implant to avoid discovering whether the implant was compatible with the warrants it had applied for.

“We are not satisfied that there was a deliberate decision to avoid inquiry of this sort,” it said.

Credible and reliable evidence

The judges found that the “core” evidence given by NCA intelligence officer Emma Sweeting over a key meeting with her French counterpart, Jeremy Decou, to confirm how the implant worked was “credible and reliable”.

The court heard that Sweeting had typed an email on her computer setting out her understanding that the implant obtained messages from storage in the handset and showed it to Decou – who spoke poor English – who verbally agreed it was correct.

The NCA used the email as the basis for its warrant application without seeking confirmation in writing from the French, the tribunal heard.

The judges, however, rejected claims by the defence lawyers that the circumstances of Decou’s confirmation of the interception technique should have been disclosed by the NCA in its warrant application.

“The central complaint is, in our judgment, without substance. M Decou is an officer of the Gendarmerie. He had, on our finding, confirmed the methodology as described in the application for the TEI warrant,” the court found.

The tribunal found that if the NCA had provided the judicial commissioner with further details of how it had reached its conclusions about the operation of the implant, it would have made no difference to the commissioner’s decision to grant the warrant.

That would still be the case if it subsequently emerged that the implant obtained EncroChat messages in a way that had not been authorised by the warrant.

“From the point of view of the commissioner, he was authorising conduct, which was the collection and sharing of stored data from the devices,” the judges wrote. “If anything else were to happen…he was not being asked to authorise it, nor was he doing so.”

The tribunal also rejected arguments by defence lawyers that the NCA should have applied for a TI warrant, rather than the TEI warrant, to lawfully obtain EncroChat material.

Defence lawyers argued that a TI warrant would have allowed the NCA to obtain communications intercepted in the course of transmission, and would also have permitted the interception of messages stored on EncroChat handsets.

Bulk equipment interference

During the tribunal hearings, defence lawyers questioned claims by the NCA that EncroChat phones were used solely for criminal purposes and that the intercepted material was used in a “single operation” – a key requirement of the warrant.

Defence lawyers also argued that the NCA intended to collect details of Wi-Fi networks used by EncroChat phones, which would have collected data belonging to innocent members of the public. They said that amounted to bulk equipment interference that would not have been approved under the NCA’s TEI warrant.

The tribunal found that the investigation into EncroChat could correctly be characterised as a single operation, despite it leading to hundreds of separate criminal investigations.

The judgment found EncroChat had been extensively used for criminal purposes, citing evidence that out of 7,404 UK-based EncroChat phones, 294 had not demonstrated a clear link to criminality.

Live interception – not decided

The tribunal did not decide whether the EncroChat interception carried out was in accordance with the TEI warrant obtained by the NCA.

It rejected arguments from the crime agency that any inquiry into expert evidence about the nature of the interception would undermine the protection that Parliament had intended to give to organisations executing warrants.

“It follows that we are satisfied that it will be necessary to determine whether the interception was of communications in the course of their transmission,” it said.

The tribunal said it would decide on other issues raised by defendants, including whether there had been any breaches of human rights law, once the Crown Court proceedings had resolved whether messages intercepted from EncroChat were admissible.

An NCA spokesman said following the verdict: “We will continue to work with the Crown Prosecution Service to do all we can to bring offenders to justice and protect the public from serious organised crime.”

The case can be appealed to the Court of Appeal.