The National Crime Agency lawfully obtained warrants to receive messages from the hacked EncroChat encrypted phone network widely used by organised criminals, a court has found.
The Investigatory Powers Tribunal (IPT) rejected claims from defence lawyers that the NCA with-held critical information when it applied to a senior judge for a warrant to obtain messages from the encrypted phone network.
But in a significant legal move the IPT referred questions about the legal admissibility of the EncroChat evidence back to the criminal courts to resolve, opening up the way for further legal challenges.
The decision comes as prosecution lawyers are attempting to obtain an Public Interest Immunity certificate to withhold information from defence lawyers about how the hack was carried out on national security grounds.
Defence lawyers argue that the information should be disclosed to enable defendants to have a fair trial.
Today’s judgment will be welcomed by the National Crime Agency, which reported in March 2022 that some 2,631 people had been arrested, 1,384 had been charged and 260 convicted. Police had also seized five and a half tons of class A drugs, 165 weapons and £75m in cash.
The NCA obtained the messages sent by 9,000 EncroChat phone users in the UK from French and Dutch Police who collaborated in an operation to hack EncroChat by infiltrating its servers at the OVH data centre in Roubaix, France.
French investigators developed a software implant that was uploaded as an update to EncroChat handsets and was able to exfiltrate millions of supposedly encrypted messages sent by users of the phones between 1 April and 11 June 2020.
The tribunal found that the refusal of courts to admit evidence obtained by interception during the course of transmission is a policy decision to preserve the use of the technique for intelligence purposes.
“It is not rooted in any concept that to admit evidence of that sort would be unfair” the tribunal said, adding that it would not be inconsistent with human rights law to use intercept evidence in courts.
Duty of candour
The case, brought by 11 claimants, hinged on whether French investigators obtained the EncroChat messages while they were stored in phone handsets or whether they intercepted the messages while they were being transmitted.
Under UK law electronic communications intercepted during transmission are inadmissible in criminal proceedings and require Targeted Interception warrants, rather than the Targeted Equipment Interference (TEI) – hacking – warrants obtained by the crime agency.
During hearings held in September and December 2022, defence lawyers argued that the NCA failed in its duty of candour to the judicial commissioner responsible for authorising its hacking warrant.
But the tribunal found that the NCA only had to have reasonable grounds to believe that the information it presented to the judicial commissioner was accurate at the time it applied for the warrant.
“We are not satisfied that the decision of the Judicial Commissioner might have been different had the NCA provided the information that the Claimants said they should have done,” the judgment said.
NCA did not have closed mind
The tribunal rejected arguments by defence lawyers that the NCA had “closed its mind” to the possibility that anything other than a TEI warrant – the only warrant that would allow EncroChat evidence to be used in court – would be needed to authorise its receipt of EncroChat messages.
The tribunal also rejected claims by defence lawyers that the NCA had deliberately decided not to allow EncroChat phones in its possession to be infected by the French implant to avoid discovering whether the implant was compatible with the warrants it had applied for.
“We are not satisfied that there was a deliberate decision to avoid inquiry of this sort,” it said.
Credible and reliable evidence
The judges found that the “core” evidence given by NCA intelligence officer, Emma Sweeting over a key meeting with her French counterpart, Jeremy Decou, to confirm how the implant worked was “credible and reliable”.
The court heard that Sweeting had typed an email on her computer setting out her understanding that the implant obtained messages from storage in the handset and showed it to Decou – who spoke poor English – who verbally agreed it was correct.
The NCA used the email as the basis for its warrant application without seeking confirmation in writing from the French, the tribunal heard.
The judges however rejected claims by the defence lawyers that the circumstances of Decou’s confirmation of the interception technique should have been disclosed by the NCA in its warrant application.
“The central complaint is, in our judgment, without substance. M Decou is an officer of the Gendarmerie. He had, on our finding, confirmed the methodology as described in the application for the TEI warrant,” the court found.
The tribunal found that if the NCA had provided the judicial commissioner with further details of how it had reached its conclusions about the operation of the implant, it would have made no difference to the commissioner’s decision to grant the warrant.
That would still be the case if it subsequently emerged that the implant obtained EncroChat messages in a way that had not been authorised by the warrant.
“From the point of view of the Commissioner, he was authorising conduct which was the collection and sharing of stored data from the devices,” the judges wrote. “If anything else were to happen…he was not being asked to authorise it, nor was he doing so.”
The tribunal also rejected arguments by defence lawyers that the NCA should have applied for a Targeted Interception (TI) Warrant, rather than the TEI warrant, in order to lawfully obtain EncroChat material.
Defence lawyers argued that a TI warrant would have allowed the NCA to obtain communications intercepted in the course of transmission, and would also permitted the interception of messages stored on EncroChat handsets.
Bulk Equipment Interference
During the tribunal hearings, defence lawyers questioned claims by the NCA that EncroChat phones were used solely for criminal purposes and that the intercepted material was used in a “single operation” – a key requirement of the warrant.
Defence lawyers also argued that the NCA intended to collect details of Wifi networks used by EncroChat phones, which would have collected data belonging to innocent members of the public. They said that amounted to bulk equipment interference that would not have been approved under the NCA’s TEI warrant.
The tribunal found that the investigation into EncroChat could correctly be characterized as a single operation, despite it leading to hundreds of separate criminal investigations.
The judgment found EncroChat had been extensively used for criminal purposes citing evidence that out of 7404-UK based EncroChat phones 294 had not demonstrated a clear link to criminality.
Live interception – not decided
The tribunal did not decide whether the EncroChat interception carried out was in accordance with the TEI warrant obtained by the NCA.
It rejected arguments from the crime agency that any enquiry into expert evidence about the nature of the interception would undermine the protection that Parliament had intended to give to organisations executing warrants.
“It follows that we are satisfied that it will be necessary to determine whether the interception was of communications in the course of their transmission,” it said.
The tribunal said it would decide on other issues raised by defendants, including whether there have been any breaches of human rights law, once the Crown Court proceedings had resolved whether messages intercepted from EncroChat were admissible.
The case can be appealed to the court of appeal.