Encrochat hack: Unparalleled victory or illegal interception?

By Daniel Lister
17 September 2020

“Today we had our domains seized illegally by government entities. They repurposed our domain to launch an attack to compromise carbon units…

we can no longer guarantee the security of your device…”

This is not a line from the next Liam Neeson thriller. Rather, this was the message received by every user of the Encrochat phone system earlier this year. The National Crime Agency (NCA) launched Operation Venetic which led to over 700 arrests, in excess of £54m in cash seizures together with vast quantities of firearms and drugs being seized. Chief Constable Steve Jupp, the National Police Chiefs’ Council lead for serious organised crime described the operation leading to those arrests as “an unparalleled victory against the kingpin criminals”.

Why was the hack of Encrochat so important for law enforcement and so damaging for organised criminals? It is common knowledge that mobile phones are an essential tool for criminals. Cheap, unregistered, pay-as-you-go ‘burner’ phones are used widely by criminals as ownership of the line is difficult to trace. However, burners are relatively straightforward for law enforcement agencies to crack and their contents could be used as potentially damning evidence in criminal proceedings.

Since the early 1990s more secure mobile devices have been available. For example, PGP (“Pretty Good Privacy”) could be enabled on devices such as Blackberries. Costing between £1000-£2000 the device would last for around 6 months before a further a payment was required for continuing use of the server. A number of companies emerged providing PGP enabled devices. This is the business model that was adopted by Encrochat which gradually became the platform of choice as other providers were disrupted by law enforcement agencies across the world. Encrochat provided an Android smartphone with a superior method of encryption to other devices. The contract would cost in the region of £1500 and was renewed every 6 months.

Encrochat claimed its encryption provided users with the capability to communicate as if they were ‘in an empty room’, provided they were communicating with other Encrochat users. The devices include features that ‘burn’ (delete)messages within a certain period of time (as short as one minute), a ‘panic wipe’ that will delete the entire content of the device when a password is entered and a ‘remote wipe’ allowing a user to wipe a device not in their possession if, for example, it is seized by the police.

The consequence of Encrochat’s advanced encryption and other security features was that users communicated unreservedly with no fear that their communications would ever be exposed. So, when Encrochat was compromised the NCA found a treasure trove of evidence.

When sending its spine-tingling message to users Encrochat confidently claimed ‘we had our domains seized illegally by government entities’. The question of the legality of the seizing of Encrochat’s domains is yet to be determined and will be a feature of three upcoming trials in Liverpool and Manchester where Preparatory Hearings have been fixed to consider this issue. Central to the arguments in those trials is likely to be the admissibility of Encrochat evidence.

Daniel Lister

Daniel Lister has experience in all areas of criminal law. He is a fearless advocate, who tirelessly prepares and applies sound judgement. Daniel is regularly led in complex matters and has gained experience in managing paper-heavy cases. He is comfortable with sensitive and challenging issues.

‘he exudes confidence and ability as an advocate that far surpasses his call’ and provides ‘clear and practical advice’

Legal 500

Section 56 of Investigatory Powers Act (IPA) 2016 (which replaced Section 17 RIPA 2000) prohibits the use of intercept evidence in criminal trials.

Section 56 IPA sets out,

1. ‘No evidence may be adduced, question asked, assertion or disclosure made or other thing done in, for the purposes of or in connection with any legal proceedings or Inquiries Act proceedings which (in any manner)-
1. Discloses, in circumstances from which its origin in interception-related conduct may be inferred-
1. Any content of an intercepted communication, or
2. Any secondary data obtained from a communication, or
2. Tends to suggest that any interception-related conduct has or may have occurred or may be going to occur.

It is expected that the Courts will have to rule on whether the cases before the courts include live intercept evidence that cannot be relied upon or referred to. More controversially there will be an argument that Encrochat data served by the prosecution is ‘secondary data obtained from a communication’ that is also inadmissible.

Of course, if the evidence is not ruled inadmissible under s.56 IPA there may be other arguments for the exclusion of the evidence under s.78 PACE or abuse of process arguments that may differ from case to case. Not to mention other potential defences available to people investigated as part of Operation Venetic.

Given the scale of Operation Venetic, and its apparent success, it will be a brave judge who rules the central evidence inadmissible. That argument must ultimately be bound for the Court of Appeal. Nevertheless, cases emerging from Operation Venetic will generate plenty of evidence open to challenge from defence lawyers.

Free and independent legal advice

You will never be penalised for asking for legal advice. It is your legal right and it is free of charge.

Remember: the law is complex and it never hurts to get expert advice, even if you are sure you have done nothing wrong.

Ask for Michael Herford and he, or one of his specialist team will provide you with a Legal LifeLine when you need it most.