The question of the legality of law enforcement approaches to encrypted devices has become very topical following the considerable fanfare that went alongside the National Crime Agency and various police forces arrests in connection with the Encrochat service on 12 June 2020 as part of Operation Venetic. This resulted in :

776 arrests 

£54m in cash seized

77 firearms recovered

Over 2 tonnes of drugs seized

The use of encryption on our devices, for both lawful and unlawful purposes has widespread, and indeed most IT professionals world recommend it to safeguard privacy and protect from hacking. Encrochat, for example, in the UK, it is said to have a database of approx. 10,000 users.

Over many years there has been a significant shift away from protecting individual rights of citizens to pursuing criminality no matter the methods. Unlike the sort of cases you might have seen on TV such as the American system, our courts have moved towards a system where the ends is said justify the means, even where the means cross the line of lawfulness.

In general for this type of operation see the Courts are anxious to uphold the methods deployed by the state as it is keen to avoid any suggestion that cases of this type, which involve the uncovering of seriously violent conspiracies, could collapse due to what might be seen by the public as being mere ‘technicalities’.

That having been said, that is not a reason to not scrutinise the evidence and how it has been obtained. There are strict rules about the admissibility of intercepted communications. The general rule has, for some time, been that information that has been obtained by interception in the UK cannot be relied upon by either the prosecution or defence.

It is defined by Section 4 of Investigatory Powers Act [IPA] 2016 as:

A person intercepts a communication in the course of its transmission by means of a telecommunication system if, and only if:

  1. the person does a relevant act in relation to the system; and
  2. the effect of the relevant act is to make any content of the communication available, at a relevant time, to a person who is not the sender or intended recipient of the communication.

 

The ‘relevant act’ essentially amounts to hacking a device.

Relevant act is described as:

  • modifying, or interfering with, the system or its operation
  • monitoring transmissions made by means of the system
  • monitoring transmissions made by wireless telegraphy to or from apparatus that is part of the system.

By virtue of Section 56(i) of IPA 2016, interception evidence cannot be relied on in criminal courts:

“No evidence may be adduced, question asked, assertion or disclosure made or other thing done in, for the purposes of or in connection with any legal proceedings or Inquiries Act proceedings which (in any manner) –

  1. Discloses, in circumstances from which its origin in interception-related conduct may be inferred –
    1. Any content of an intercepted communication, or
    2. Any secondary data obtained from a communication, or
  2. Tends to suggest that any interception-related conduct[5]has or may have occurred or may be going to occur.”

Importantly, AND, particularly relevant in the context of proceedings arising out of hacking from outside the jurisdiction, the ambit of Section 56(i) only extends to the prohibition of relying on intercepted evidence if the interception has been carried out in the UK. 

Often, as in the Encrochat case, the servers are based outside of the UK. With Encrochat, the servers were Dutch based. It therefore follows that there is no bar to admitting intercept evidence in UK criminal proceedings that was lawfully obtained in a foreign jurisdiction, even if the means by which that evidence was gathered would have been unlawful in the UK.

The UK courts have been willing to admit such evidence on a number of occasions in respect of the prosecution of drug offences. The interception of communications in the Netherlands is not automatically rendered inadmissible under UK law.

The current position appears to be that foreign intercepts or ‘wire taps’ provide a ‘back door’ method of introducing evidence which would otherwise be inadmissible. The increase in international cooperation in law enforcement makes this more and more commonplace.

The central question to be determined ahead of or during any legal challenge is whether the relevant authorities have properly applied for and been granted the appropriate judicial authority to hack the Encrochat platform. The warrants are likely to have been issued pursuant to Section 99 Investigatory Powers Act 2016. The relevant one in each case will have to be carefully examined.

The line of authorities that give some guidance, though every case should be treated on its own individual merits, begin with R v Aujla [1998 2 Cr App R 16]. In this case, the defendants were convicted of conspiracy to facilitate the illegal entry of persons into the UK. The intercepts were made up of intercepted and recorded phone conversations, interestingly applied for by the Dutch police AND granted by the judicial authority in the Netherlands. Calls were between the Dutch end of the conspiracy and the UK appellants. Submissions were advanced seeking to exclude the taped phone evidence but unsuccessfully. The Ct of Appeal concluded that the interceptions in Holland did NOT represent a breach of UK law because the intercept occurred in Holland. An argument to exclude the material on the basis of unfairness failed because it was deemed that the domestic laws and procedures in Holland were followed.

In another important case, R v P and Others [2000], where countries were anonymised, three defendants were charged with assisting in the UK in the commission of drug offences in 2 European Union countries identified simply as A and B. The Public Prosecutor in ‘A’ had lawfully obtained an order authorising the interception of X’s telephone calls. The authorities in A were able to record telephone calls made or received by X anywhere in the world. The defendants in this case had conversations with X that were recorded. Legal arguments were made to exclude the recordings. The arguments were advanced that Articles 8 [right to a private life] and Article 6 [right to a fair trial] had been contravened. In their judgment, their Lordships determined that the intercept could amount to an Article 8 interference, but, on the facts of the present case, the authority was lawfully obtained in order to combat the smuggling of drugs. They relied on the fact that this was not pursued for any other ancillary purpose and for no longer than necessary. Accordingly, no breach was found. Of concern to potential Encrochat defendants (see below), is that they found that there was no breach of Article 6 in that the “fair” use of intercept evidence at trial was NOT a breach even if unlawfully obtained. Part of the rationale was that one of the participants in the conversation, ie: the UK end, could give evidence at trial. Whether that applies to text messages is to be determined. 

Most recently, in the case of R-v-Russell Knaggs [2018 EWCA Crim 1863] another Dutch based case was considered by the Court of Appeal. In the course of the trial, it was agreed that the effect of Section 17 RIPA was to prohibit reliance on evidence obtained by interception warrant. The UK and the Netherlands were parties to the Convention on Mutual Assistance in Criminal Matters, which required that foreign state requests to intercept telecommunications had to include confirmation that a lawful interception order or warrant had been issued in connection with a criminal investigation. Accordingly, to procure Dutch interception via the Convention, the UK authorities would first have to issue an interception warrant under RIPA, the existence of which would trigger the s.17 prohibition. However, that did not prevent less formal arrangements. If foreign police carried out any intercept during or after such liaison the admissibility of the intercept in the UK would depend upon the facts. There had been no failure of disclosure in relation to the Dutch intercept material and the trial judges had been entitled to admit it. The court refused to admit the fresh evidence.  

The National Crime Agency and various police forces arrests in connection with the Encrochat service on 12 June 2020 as part of Operation Venetic. This resulted in resulted in:

776 arrests were made

£54m in cash seized

77 firearms recovered

Over 2 tonnes of drugs seized

The use of encryption on our devices, for both lawful and unlawful purposes has widespread, and indeed most IT professionals world recommend it to safeguard privacy and protect from hacking. Encrochat, for example, in the UK, it is said to have a database of approx. 10,000 users.

 

What do we know

The various cases are at a very early stage. The picture is an evolving one but it appears that the authorities have been monitoring the Encrochat service since 2016 when the first code was cracked.

At this stage, what is known is that the French authorities launched an investigation into Encrochat in 2017 due to its links with criminal activity. A ‘technical’ device was put in place enabling access to encrypted devices. Once this was achieved, mutual assistance and cooperation resulted in a sharing with international law enforcement agencies including the NCA in the UK. What is NOT known, is exactly how the servers were infiltrated. Encrochat claim their servers were seized illegally. What is clear is that the Courts in this country are generally willing to endorse state-sponsored hacking when it comes to law enforcement, and so long as there is at least the pretence of a of foreign power doing the hacking.

There have been a large number of arrests, and it is likely more will follow. There will be countless separate cases which flow, and legal teams will need to have a grasp of the legal and technological issues.