‘A riddle, wrapped in a mystery, inside an enigma’

Fri, 05 Mar 2021

Introduction

1. At around the end of the First World War, Arthur Scherbius created the electromechanical cryptographic ‘Enigma’ machine. It was initially used commercially before it was adopted by the Germany military and repeatedly perfected by the Nazis during the Second World War. The letters of a plain text message would be typed into the machine’s keyboard by the sending operator, and the machine would generate a cypher text composed of substitute letters which would be transmitted by radio in
Morse code and then decrypted by the receiving operator using a different machine with the same wheel, ring, plug and wire settings.

2. The later versions of the Enigma machine were virtually unbreakable, but poorly enforced operating procedures, left the cypher vulnerable to decoding, and Polish and British mathematicians were able to read Nazi messages even after the machines were repeatedly upgraded. The product of the interception of Enigma messages was called ‘ultra’ because it was considered more precious than any other intelligence, and treated as more secret than the highest British security classification ‘most secret’ – it ultimately, according to Churchill, was decisive in the Allies winning the war.

3. The Nazis never knew that the Allies had cracked Enigma – indeed, it wasn’t made public until 1974 – and this meant that the Nazis continued to send signals revealing troop and ship locations, availability of ammunition and supplies, and other important information that provided vital intelligence to the Allies.

4. Similarly, in Spring 2020, the French Gendarmerie infiltrated ‘EncroChat’ and for 3 months, was able to monitor communications by alleged criminals; harvest data; and
enable law enforcement agencies across the world, to launch investigations and deploy surveillance and sting operations.

What is EncroChat?

5. There are numerous messaging platforms which provide end to end encryption eg. WhatsApp, Signal etc. EncroChat was such an ‘end-to-end security solution’ which claimed to have ‘our servers, located offshore in our data-center’.

6. EncroChat marketed itself as a legitimate company with customers in 140 countries. It was not advertised as a service for criminals.

7. EncroChat was a secure communications system permitting voice messages, chats and other forms of communication between participants. Participants paid a subscription to receive a handset. The handset communicated with one or more servers which mediated conversations between participants. The handsets consisted of a heavily modified Android smart phone (very often based on a Spanish model called BQ Aquaris). The phone also featured a special SIM capable only of handling data as opposed to voice traffic and which was issued by the Dutch telecommunications company KPN.

8. The heavily modified telephone initially contained two apparent operating systems. On power up, something which seemed to be a regular Android system appeared. A second partition could be accessed with a 15-digit password.

9. EncroChat subscribers were identified by “handles” or “nicknames”.

10. EncroChat claimed that it provided end-to-end encryption. This means that only the participants in a conversation could see traffic ‘in the clear’. EncroChat claimed that it had no means of reading communications traffic itself from its servers because it did not have the cryptographic keys necessary to unencrypt the communications.

The infiltration of EncroChat

11. Operation Venetic is the operational name given to the National Crime Agency’s attempts to infiltrate EncroChat. Operation Emma is the operational name given by the French and Dutch investigators to the actual breach of EncroChat.

12. From material disclosed to date, it is said that the French Gendarmerie infiltrated an EncroChat server located in Lille, France. They created a “clone” or “mirror image” of the server; and examined how it worked and how updates were sent to handsets. This is called a “testing machine”. They then installed updates on the handsets that were able to extract the data on the handsets remotely. This is called an “implant” or Trojan malware.

13. To date, the French Gendarmerie has refused to disclose the hacking malware so that it can be examined by independent experts. The French authorities claim that the creation and use of the implants is covered under French national security laws.

14. The implant was able to extract the following data from the handsets: IMEI numbers (hardware identity of handset); EncroChat users’ nicknames; text messages (SMS type) exchanged by users; media files (photos, voice messages, videos, text documents) exchanged or stored in secure phones; the identification numbers of triggered cells (these are the telephone relays); the screen unlocking and note application passwords; notes, rosters, and contacts; it also scanned for WIFI access points (including routers) in the vicinity of the handset.

15. The implant extracted data already present on the handset; and data which was generated on the handset, live.

The warrants and authorisations

16. Before commencing the hack, the French Gendarmerie applied for an authorisation to proceed. The translated authorisation reads: ‘AUTHORISE: the installation for a period of one month of a technical device whose purpose, without the consent of the persons concerned, is to access, in any place, computer data, to record, store and transmit them, as they are stored in a computer system, as they are displayed on a screen for the user of an automated data processing system, as they are entered by character input or as they are received and transmitted by peripherals’.

17. The NCA was aware in advance of the French Gendarmerie’s plans to hack EncroChat and had been liaising with them since 2016 – the extent and the nature of the liaison has not been disclosed. However, the NCA website in July 2020 included this assertion: ‘Since 2016, the National Crime Agency has been working with international law enforcement agencies to target EncroChat and other encrypted criminal communication platforms by sharing technical expertise and intelligence. Two months ago this collaboration resulted in partners in France and the Netherlands infiltrating the platform. The data harvested was shared via Europol … Simultaneously, European law enforcement agencies have also been targeting organised crime groups … The NCA created the technology and specialist data exploitation capabilities required to process the EncroChat data, and help identify and locate offenders by analysing millions of messages and hundreds of thousands images.’

18. The NCA obtained warrants under section 99(1)(b) of the Investigatory Powers Act 2016 (Targeted Equipment Interference - TEI) to obtain the data from the Gendarmerie.

19. On 11th March 2020 the Crown Prosecution Service submitted a European Investigation Order (EIO) to the France authorities. The EIO requested all of the data obtained on EncroChat devices that were geo-located in the UK. On 12th June 2020 the French formally responded to the EIO.

20. The data collected by the French under Operation Emma was transferred to Europol; unscrambled at some point; then triaged by reference to where the handles were geolocated; then the relevant data was transferred via a large file transfer system called Sienna, to the appropriate law enforcement agencies in various countries – in the UK, it was the NCA. The NCA developed software that helped match the EncroChat data to ongoing investigations and intelligence. The NCA then disseminated the data to
investigation teams within the NCA and regional police units.

21. The collection of the data ceased on 2nd July 2020 when the French dismantled the server. On 3rd July 2020 the NCA cancelled the TEI warrant.

22. In order to obtain the warrants, the NCA made a number of assertions to those empowered to grant such warrants:

a. The French hacking method did not involve any interception of communications (nb. data obtained by interception, pursuant to an IPA
warrant, is not admissible in any legal proceedings in England and Wales by virtue of section 56 of the 2016 Act);

b. EncroChat was used exclusively by criminals; and

c. The hack would not involve the collection of legally privileged material or the communications of ‘innocent’ users.

23. Those assertions are the subject of criticism in a number of cases. On one view, it was argued, the use of a cloned server to divert encrypted messages and data, is a paradigm example of interception – even if the data was eventually retrieved from a device as stored data. Moreover, the notion that EncroChat was used exclusively by criminals might be undermined by the concession made by the French authorities that 10% of the users were not criminals – of the 7412 devices identified in the UK, there have been only 1000 arrests. And, the data obtained by the NCA did indeed include legally privileged material, as the disclosed material reveals.

The aftermath of the infiltration

24. A ‘security notice’ was circulated by EncroChat on 12th June 2020, that read: “Today we had our domains seized illegally by government entities. They repurposed our domain to launch an attack to compromise carbon units. With control of our domain they managed to launch a malware campaign against the carbon to weaken its security. Due to the level of sophistication of the attack and the malware code, we can no longer guarantee the security of your device. We took immediate action on our network by disabling connectivity to combat the attack. You are advised to power off and physically dispose of your device immediately. Period of compromise was about 30 minutes and the best we can ascertain was about 50% of the carbon devices in Europe (due to the Updater schedule).”

25. The NCA website claimed that EncroChat was: ‘ … a bespoke encrypted global communication service used exclusively by criminals … There were 60,000 users worldwide and around 10,000 users in the UK – the sole use was for coordinating and planning the distribution of illicit commodities, money laundering and plotting
to kill rival criminals.’

26. However, in a press release, the French authorities stated: ‘users claiming to be of good faith and wishing to have their personal data deleted from the legal proceedings can send their request to the investigation department’. The French authorities estimated that 10% of EncroChat users were innocent – how this figure has been reached is unknown.

27. There are in fact, many legitimate users of encrypted communications systems, including: celebrities; businessmen; lawyers; sports agents; and politicians. For example, President Obama was one of a number of American politicians who was issued with a ‘Sectera Edge’ mobile telephone device to ensure that his messages and emails were more secure than his favoured Blackberry. Moreover, the News International hacking scandal that exposed illegal hacking of telephones belonging to members of the Royal Family and a host of celebrities from 2005 onwards, caused many individuals to resort to heavily encrypted telephone devices for non-criminal
purposes.

28. This is not the first time that law enforcement agencies have attempted to infiltrate secure communications networks, or put pressure on providers to cooperate with the hacking of communications. In 2016, Tim Cook (CEO of Apple Inc) was served with a writ obtained by the FBI to make specialised software that would allow the FBI to
unlock an iPhone. Apple refused ‘to hack our own users and undermine decades of security advancements that protect our customers … from sophisticated hackers and cybercriminals’.

Extreme pressure was placed on Apple and its executives, before the FBI eventually abandoned its writ.

The Legal Challenges

29. The challenges being made to the EncroChat material, are many any various.

30. Continuity and reliability: It is asserted in some cases that the prosecution is unable to prove the chain of continuity of the EncroChat data from the moment of it being obtained to its production in court. If correct, the Court could dismiss charges on the basis that the prosecution has failed to raise a prima facie case. Section 69 of the Police and Criminal Evidence Act 1984 (a provision requiring proof that material produced by a computer is accurate) was repealed on 14th April 2000. However, the Forensic Service Regulator creates requirements for validation and accreditation where evidence is obtained using novel scientific methods.

31. By way of analogy, the CPS website explains the importance of continuity and reliability in respect of video recordings ‘In terms of proving the authenticity of the video recording, the Prosecution must be able to show that the video film produced in evidence is the original video recording or an authentic copy of the original and show that it has not been tampered with. In order to do so statements must be available which produce the video evidence as an exhibit and which cover its continuity
and security, unless it is agreed by the Defence that this is not an issue.'

32. However, in some cases, it is alleged that users of Encro-phones have sent images of themselves or their homes. It is anticipated that in these cases, it will be argued by the prosecution that there can be no doubt as to the attribution of the handles and continuity, given the content of the images. Moreover, in some cases, the police seized handsets which they were able to access and have been able to verify the infiltrated product with the content of the device.

33. Abuse of process/ exclusion: It has been argued that the EncroChat evidence should be excluded on the basis that the way in which it was obtained is such that it would be unfair to allow it to be admitted in a trial; or that continuing with the proceedings would offend the Court’s sense of justice and propriety, and that to
protect the integrity of the criminal justice system the indictment should be stayed.

These two arguments are the same, but a stay of proceedings for an abuse of process is an exceptional course. The burden of establishing that the pursuit of particular
proceedings would amount to an abuse of process is on the accused and the standard of proof is the balance of probabilities: R. v. Telford JJ., ex p. Badhan [1991] 2 Q.B.
78, 93 Cr.App.R. 171, DC; R. v. Crown Court at Norwich, ex p. Belsham, 94 Cr.App.R. 382, DC; and R. v. Great Yarmouth Magistrates, ex p. Thomas [1992]
Crim.L.R. 116, DC.

34. The arguments for exclusion or a stay have been:

a. The EncroChat data is inadmissible intercept material under section 56(1) of the Investigatory Powers Act 2016 and cannot be brought within the exceptions under Schedule 3 of the IPA, regardless of the fact that thewarrant was a TEI warrant.

b. The IPA warrant was obtained with misleading information: that the hacking method did not involve any interception of communications; that EncroChat was used exclusively by criminals; and that the hack would not involve the collection of legally privileged material or the communications of ‘innocent’ users. However, it must be noted that the only tribunal capable of declaring a TEI warrant to be defective, is the Investigatory Powers Tribunal.

c. The IPA warrant was disproportionate in the sense that it constituted a disproportionate interference with the right to privacy provided by Article 8. This argument centres around the fact that the entire EncroChat communications network was infiltrated. This argument depends largely on whether EncroChat was indeed a criminal-dedicated network.

d. The NCA delegated conduct that would amount to a crime in the UK, to a foreign state. It is argued that the NCA procured the Gendarmerie to obtain the EncroChat material in the way they did (as opposed to using domestic capabilities) with the dominant purpose of subverting UK legislation eg. section 1 to 3 of the Computer Misuse Act 1990 (which prohibits unauthorised access to computers; and even the Director General of the NCA and an IPA Commissioner cannot authorise UK law
enforcement operatives to commit such an offence), and section 56(1) of the Investigatory Powers Act 2016 (which prohibits the disclosure of intercept evidence in any legal proceedings).

e. The hacking method used by the Gendarmerie, involved an inside man (a CHIS). It is argued that the hack could not have been done without the assistance of a CHIS (either acting willingly for a reward or other inducement) or the directors of EncroChat who had been threatened or put under pressure to co-operate like the CEO of Apple in 2016.

f. The hacking method used by the Gendarmerie (the ‘implant’) and the software which converted it into a readable format, has not been disclosed and therefore the resulting ‘evidence’ cannot be authenticated; peer reviewed; and/ or validated.

The court proceedings so far

35. On 6th October 2020, the Grand Chamber of the Court of Justice of the European Union gave a preliminary ruling in an appeal from the Investigatory Powers Tribunal
in a case called Privacy International v The Secretary of State for Foreign and Commonwealth Affairs, The Secretary of State for the Home Department, Government Communications Headquarters (GCHQ), The Security Service (MI5), and The Secret Intelligence Service (MI6) that the general and indiscriminate transmission of bulk data was unlawful. ‘ … national legislation enabling a State authority to require providers of electronic communications services to forward traffic data and location data to the security and intelligence agencies for the purpose of safeguarding national security falls within the scope of [EU law]’ [49] ‘ … national legislation requiring providers of electronic communications services to disclose traffic data and location data to the security and intelligence agencies by means of general and indiscriminate transmission exceeds the limits of what is strictly necessary and cannot be considered to be justified, within a democratic society’ [81]

36. Ostensibly, this ruling from the CJEU has no bearing on the EncroChat issue. EncroChat relates to material obtained pursuant to a TEI warrant with a view to using
that material as evidence, whereas the Privacy International case related to bulk warrants applied for by the Security Intelligence Agencies (SIAs) for gathering
intelligence. However, the Privacy International case emphasises the importance of  privacy as a Human Right and the CJEU’s appetite for interfering with the bulk
gathering of private information.

37. In The Queen (on the application of C) v the Director of Public Prosecutions, the National Crime Agency and 4 others [2020] EWHC 2967 (Admin), Singh LJ and
Dove J (sitting in the High Court) heard a challenge to the European Investigation Order issued by the Crown Prosecution Service to the French authorities. The judicial
review failed but left open other potential challenges: ‘His fundamental complaint is not about the validity of the EIO itself, but, rather, the use to which the product of the EIO may be put in subsequent criminal proceedings against him. That is exactly what has now happened by way of the indictment in the Crown Court. What that underlines, in our judgment, is that the claimant does, indeed, have an adequate alternative remedy for the only complaint of substance which he can make. That remedy is to be found in the power of the Crown Court to exclude evidence where it would adversely affect the fairness of the proceedings under section 78 of the Police and Criminal Evidence Act 1984 (or PACE).’ [44]

38. In November 2010, Dove J. (formerly of No5 chambers) heard a preparatory hearing in the Crown Court, in the same case as R v C and others, above. Dove J. handed
down a 129-page ruling dismissing the applications for a stay and to exclude EncroChat evidence. That decision was appealed to the Court of Appeal (Criminal
Division) and the appeal was heard by Burnett LCJ, Edis LJ and Whipple J – R v A, B, C, D [2021] EWCA Crim 128. They handed down their judgment on 5th February
2021, upholding Dove J’s ruling. The CACD’s judgment eschewed technicality and focused sharply on the key issue of whether or not the EncroChat data was obtained
whilst it was being transmitted or when it was stored – if the latter, there was a clear path to admissibility: ‘We do not need to determine whether the judge was right to uphold the Crown’s submission that Targeted Equipment Interference warrants, when they relate to communications, fall outside the exclusionary rule in section 56(1) of the 2016 Act. We see the force in the points which are made, but there is a directly relevant statutory provision which supports a contrary view, and in any event if the Crown succeeds on Ground 1 that provides an unassailable route to admissibility … In view of our conclusion in relation to Ground 1, to which we next turn, it is unnecessary to decide the issue concerning the scope of the section 56 exclusionary rule and further we consider that it would be far better for that potentially complex question to be decided in a case where it is truly necessary to the outcome.’ [53]

39. In respect of the fundamental issue of ‘intercepted’ versus ‘stored’, the Court said this: ‘ … the admissibility of the material depends upon whether it falls within section 4(4)(b), because it was intercepted at a time when it was stored in or by the system (whether before or after transmission)’ [54] ‘We do not accept that this issue requires a minute examination of the inner workings of every system in every case. Parliament has not chosen to define the “relevant time” when interception takes place by reference to whether the communication is in the RAM of the device at the point of the extraction, or whether it is in its permanent storage database, or by any other technical definition. Given the speed at which technology changes, both concepts may become obsolete or be superseded. The statutory scheme must work whatever the technical features of the system in question. The words used are ordinary English words: “transmission” and “stored”. The “system” is also defined in non-technical language. The task of the court, as the judge correctly said, is to understand the system and then to decide whether, as a matter of ordinary language, the communication was being transmitted or stored at the time of extraction. If the former, it is inadmissible. If the latter, it is admissible, provided the appropriate warrant was in place.
On the findings of the judge the appropriate warrant was in place and the extraction was carried out in accordance with it.’ [55] ‘The statutory question for any court in determining section 4(4)(b) applies is this: was the communication stored in or by the system at the time when it was intercepted?’ [62] ‘We do not accept that transmission of the communication started when the user pressed “Send” … Transmission takes place after the communication has been put into its final form by the
computer. In the present case that includes the encryption. That takes place after the user presses “Send”, but before the message is transmitted by the device. On receipt by the recipient’s device it is decrypted in the RAM and it may be that in some cases a nickname is added to that which has been transmitted which is stored in the Realm database on that device. We consider that the transmission is complete when the communication arrives on the receiving device so that the device can begin work decrypting it and making it legible.’ [64] ‘What remains on the device is not what has been transmitted, but a copy of it or what, in older forms of messaging, might be described as a “draft”. That is so however quickly after transmission the obtaining of the copy takes place, or even if the copy is extracted while the original encrypted communication is being transmitted. The fact that what was obtained was an unencrypted message, means that what was on the phone, and what was intercepted, was
not the same as what had been transmitted because what had been transmitted was encrypted. It cannot therefore have been “being transmitted” when it was intercepted: it can only have been “being stored”.’ [66] ‘That being so, the harvesting was interception but was rendered lawful by the Targeted Equipment Interference warrants issued under section 99 of the Act.’ [67] ‘We have concluded that the only substantial question which the judge was required to answer was whether the EncroChat material was stored by or in the telecommunications system when it was intercepted. Like him, we consider that these communications were not being transmitted but stored at that time.’ [79]

What next?

40. The CACD ruling in R v A, B, C, D [2021] EWCA Crim 128 is not the end of the EncroChat challenges and it was never intended to be. On 8th March 2021, Dove J.
will hear a further preparatory hearing concerned with challenges to the EncroChat evidence base on different points raised in the preparatory hearing in November 2020.
His ruling will then be listed for appeal by the losing party.

41. Then on 22nd March 2021, a High Court judge in Cardiff will hear day 1 of a series of preparatory hearings in a host of EncroChat cases. The preparatory hearings will then be adjourned to a date likely to be in Summer 2021. The arguments in these cases are likely to focus on whether the absence of the golden copy of the EncroChat product (ie. the product as it was originally obtained by the French and before it was unscrambled and sent to Europol; triaged into geolocation folders; and sent to the
NCA via the Sienna large file transfer system) means that there is insufficient evidence of good continuity.

42. Finally, there is an extant challenge (or series of challenges) to the Investigatory Powers Tribunal concerning EncroChat. The IPT has the power to declare the TEI
warrants obtained by the NCA, unlawful; it also has the power to order the destruction of the EncroChat data in individual cases.

Conclusion

43. The challenges to the EncroChat product (as evidence) are likely to continue for most of 2021, if not beyond. This is likely to re-ignite the old question of why it is that the UK, unlike France and the Netherlands, has historically permitted the interception of communications (like telephone tapping) but prohibits the use of it as evidence in
proceedings, as opposed to intelligence – in much the same way as ‘ultra’ from the Enigma interceptions, was treated. The policy justification for that approach has always been that it is necessary to protect sensitive capabilities and wider operational and practical concerns – a policy that no doubt leaves the French and Dutch
authorities scratching their heads.

Related articles

In cases involving child abuse or neglect or more serious injuries to children, criminal proceedings are frequently foreshadowed by family proceedings. It is also an issue which arises commonly in cases involving domestic violence. It may be that it assists the criminal proceedings to rely on documentation, evidence and judgments from family proceedings....

Date: Fri, 05 Mar 2021
A new authority from the Court of Appeal has offered guidance to Counsel on what their professional obligations are when a defendant’s case changes part way through....

Date: Fri, 05 Mar 2021
Philip Vollans and Olivia Whitworth provide an update for the consolidation of the sentencing procedure law into the Sentencing Act 2020...

Date: Mon, 01 Feb 2021