Encrochat Hack That Brought Down Hundreds of Criminals Faces Legal Challenges

Law enforcement's hack of Encrochat, an encrypted phone network used heavily by organized crime, is now facing a wave of legal challenges across the United Kingdom as defendants raise issues with the mass hack.

Many of the legal challenges are awaiting the results of one case in particular, which will rule whether message content gathered by law enforcement's malware from user's Encrochat phones is admissible in court. That hearing, scheduled for the end of this month in Liverpool, will  potentially throw the prosecutions of alleged serious criminals into doubt.

"Crucially, underpinning all such investigations and prosecutions is the fact that the prosecuting authorities are seeking to rely on the EncroChat data as evidence," lawyers Iqbal Jinnah and Thomas Schofield from law firm No5 Chambers said in a written statement to Motherboard.

Partially at issue is whether a mass hack carried out by a foreign law enforcement entity on devices in the U.K. is an acceptable way to collect evidence under U.K. law.

In July, Motherboard reported how French authorities targeted Encrochat's infrastructure and used it to install malware on Encrochat phones. A document obtained by Motherboard said that the malware was able to harvest GPS locations, messages, passwords, and more from the handsets.

After deploying the malware and collecting tens of millions of messages, French authorities shared sections of that message content with other law enforcement agencies, including the Dutch police and the UK's National Crime Agency (NCA). Agencies arrested hundreds of criminal suspects, including those suspected of large scale drug trafficking and some linked to torture chambers.

Multiple U.K.-based criminals have already pleaded guilty and been sentenced. Connected cases remain ongoing, with local police forces still conducting new raids related to the Encrochat investigation. The Encrochat cases broadly fall into two categories: those in which suspects were found with illegal weapons or drugs or other items, and those whose prosecution falls entirely on the content of the Encrochat text messages themselves.

Some defendants are trying to fight the charges by arguing that the Encrochat messages should not be allowed in court.

"The biggest argument that is ongoing as matters stand is what is the legal status of this encrypted phone evidence, globally," Julian Richards, partner and head of complex crime at law firm Reeds Solicitors, and who said they are defending Encrochat suspects, told Motherboard in a phone call.

Some are arguing about the chain of custody of the data, or the legality of the Targeted Equipment Interference (TEI) warrant the NCA obtained to search through the Encrochat data. Another avenue is whether the Encrochat message data was technically obtained via interception; in U.K. law, intercepted material can only be used for intelligence purposes, and not admitted as evidence in court.

"If they intercepted it by diverting [Encrochat messages] to a dummy server or a clone server," Richards said he would consider that as an instance of interception. Richards added that French authorities have estimated that around 10 percent of Encrochat users were not criminals, raising more questions around the approach of hacking all of the company’s handsets.

Another approach is that defense teams argue they haven't been given enough information for their own technical experts to verify the data.

"It is hard to see how the Prosecution will defeat certain Defence challenges. For example, how could a defendant possibly get a fair trial if his lawyers and their experts cannot examine and test the key evidence against him?" Jinnah's and Schofield's statement read.

As for the Liverpool hearing scheduled for later this month, Jinnah and Schofield said that judges on other cases are waiting for the hearing's outcome which will see whether the Encrochat data can be presented as evidence.

The mounting legal defenses bear some similarity to those U.S. lawyers held against an FBI mass hacking operation. In February 2015, the FBI took control of a dark web child abuse site, and deployed a so-called network investigative technique (NIT) to the site's visitors, which would reveal their real IP address. Multiple defendants challenged the legality of the search warrant used to deploy the NIT, arguing that the judge who signed the warrant did not have the legal authority to do so, or pressured the FBI to provide code of the exploit used in the hack. Some judges threw out the evidence against defendants.

The National Crime Agency did not respond to a request for comment. The Crown Prosecution Service did not respond either.