Concerns Raised about Evidence Gathered by Police Infiltration of Encrypted Crime Networks

When European police announced in March 2021 that they could decrypt the encrypted criminal communications created by criminals using the Sky ECC chat app, they said the information acquired…

…will assist in expanding investigations and solving serious and cross-border organised crime for the coming months, possibly years.

Slightly over a year later, Balkan Insight reports that prosecutions of organized criminals and corrupt officials in Bosnia and Montenegro could be jeopardized because evidence gathered from the slickly-marketed Sky ECC communications system may be inadmissible in court. Laure Baudrihaye-Gerard, a Legal Director at Fair Trials, a UK-registered criminal justice watchdog, told Balkan Insight:

Lack of access to information about how information was obtained, analysed and processed makes it impossible for accused people to challenge the use of the information obtained from the apps as evidence… It also means courts – who are meant to review the legality and reliability of information before admitting it as evidence – cannot exercise their role and offer judicial protection.

The concern is not purely academic. German courts have spent the last year struggling with whether to accept evidence gathered when police cracked another encrypted crime network, Encrochat. In June 2021 the Berlin Regional Court ruled that data obtained by the joint French-Dutch operation to infiltrate Encrochat was not legally admissible. The Berlin Superior Court reversed that decision a few months later. The argument eventually went up to Germany’s Federal Supreme Court, which ruled in March 2022 that Encrochat messages could be used as evidence so long as the case relates to a serious crime. Meanwhile, the French constitutional court is also set to examine whether prosecutors can use the Encrochat data.

Serbian lawyer Nina Nicovic told Balkan Insight that the usefulness of data gathered from encrypted crime networks also depends on the availability of forensic IT experts.

In my experience, there are only a few IT forensic experts that can work on such cases. They are crucial because they have a very difficult job of proving the origin and authenticity of data that may turn out to be crucial in a criminal case.

The legal arguments illustrate how technology is never sufficient to solve the most serious problems faced by society. A lot of fuss has been made about the extent to which criminals exploit encrypted communications and the need for law enforcement to be able to bypass any encryption. However, the politicians who routinely bash tech companies pay less attention to laws that could potentially prevent law enforcement from using the communications they have intercepted to prosecute criminals.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.