France’s Supreme Court has referred a criminal case that relies on evidence from the hacked EncroChat encrypted phone network back to the court of appeal after finding that prosecutors failed to disclose sufficient information about the hacking operation.
The Cour de Cassation in Paris found that French investigators and prosecutors had failed to supply a certificate to authenticate intercepted phone data and messages obtained from EncroChat phones as required by French law. There was also an absence of technical data about the hacking operation, the court found.
French police and prosecutors refused to disclose how a joint Dutch and French operation to hack EncroChat, which led to thousands of arrests of suspected organised criminals around the world, was undertaken – citing defence secrecy.
Defence lawyer Robin Binsard, co-founder of law firm Binsard Martine, which took the case to the Supreme Court, said last night that the case would be re-heard by the court of appeal to determine whether adequate legal guarantees were in place.
“The Supreme Court stated that, in the absence of a certificate of truthfulness, the evidence covered by defence secrecy could not be legal. The case will be sent to another court to see if the certificate exists. In the meantime, there is no guarantee of validity of evidence from EncroChat,” he wrote on Twitter.
“The Supreme Court stated that in the absence of a certificate of truthfulness, the evidence covered by defence secrecy could not be legal. The case will be sent to another court to see if the certificate exists. In the meantime, there is no guarantee of validity of evidence from EncroChat”
Robin Binsard, Binsard Martine
The hearing follows an operation by French cyber experts to harvest 120 million messages from EncroChat phone users in multiple countries, in a novel interception operation that provided a rich source of intelligence and evidence on the activities of criminal groups in 2020.
In the UK, the National Crime Agency (NCA), working with regional organised crime units, the Metropolitan Police and other law enforcement agencies, made more than 2,600 EncroChat-related arrests using the French data by December last year.
More than 1,380 people were charged with offences and 260 were convicted under Operation Venetic, the NCA’s response to EncroChat. Police also seized 165 firearms, 3,400 rounds of ammunition, 5,600kg of Class A drugs and £75m in cash.
Yesterday’s French Supreme Court decision set aside an earlier ruling by the court of appeal in Nancy that found the police operation against EncroChat was legal under French law.
The case will now be heard again by a second chamber of the appeal court in Metz in north-east France, which will decide whether the procedural guarantees required to invoke defence secrecy have been followed.
Supreme Court argument
Binsard Martine argued in submissions to the Supreme Court that the secrecy around the EncroChat hacking operation infringed the rights of defendants to a fair trial by depriving them of information about how the evidence against them was obtained.
The Supreme Court rejected claims that French computer crime specialists went beyond the legal authority granted to them by judges in the Lille court by blocking internet companies from redirecting domain name services to EncroChat and ordering the redirection of EncroChat messages.
It also rejected claims that the data interception and capture operation was unlawful as it interfered with the right of individuals to a private life without a specific and precise legal framework to do so.
But the Supreme Court agreed that the French police should explain how they obtained intercept evidence from EncroChat phones and should provide a certificate to authenticate the intercepted data and messages in order to comply with French law.
The hacking operation
French court documents reveal that investigators asked France’s security service, DGSI, to carry out a surveillance operation on EncroChat after the French Gendarmerie seized phone handsets in police drug raids from 2017 onwards.
By the end of 2018, Gendarmes based at the C3N digital crime unit in Pontoise had sent a report on the suspected criminal use of EncroChat phones to the Interregional Specialised Prosecution Service (JIRS) in Lille, according to court papers.
French police identified servers used by EncroChat, registered to Eric Miguel of Virtue Imports in Vancouver Canada, at a French datacentre run by OVH in Roubaix, and received court permission to copy and analyse the data.
Investigations revealed a network of virtual machines, which were used to manage encryption keys, analyse event logs, monitor the use of SIM cards and to assign them to the right device, configure new phones and manage voice calls, customer services and a file exchange server.
Police were able to analyse tables of data relating to payments, users and resellers, including the pseudonyms of traders linked to delivery addresses, IMEI numbers on the mobile phones and monthly data consumption of SIM cards.
A joint investigation team of French and Dutch police, assisted by Europol, was able to extract messages and photographs from EncroChat phones infected by an “implant” through an update server from April to June 2020, when administrators warned users that the network had been compromised.
Lawyers plan to continue legal case
In a statement after the decision, Binsard and Guillaume Martine, founders of law firm Binsard Martine, said defence lawyers in other countries should appeal against the use of EncroChat evidence in court hearings.
Robin Binsard and Guillame Martine, Binsard Martine
“We invite our colleagues across Europe to pursue their appeals and to argue that the evidence from EncroChat is illegal, since it is not accompanied by the required attestation of sincerity, as admitted today by the Court of Cassation,” the lawyers said.
They said they would continue their legal fight to obtain an annulment of the data collected from EncroChat “in breach of the most fundamental principles of criminal law”.
“It will be for the court to determine whether the procedural guarantees provided for in respect of national defence secrecy have been complied with and that attestation exists,” they said.
In a similar case, the Italian Supreme Court ruled that encrypted messages obtained by an international police operation to hack a second phone network used by organised crime groups cannot be used in a pre-trial hearing unless prosecutors explain how the evidence was obtained.
Italy’s Corte di Cassazione found that a defendant should not only have the ability to ask questions about the contents of messages police obtained from the Sky ECC phone network, but also to question how the investigative process was carried out.