A press conference jointly arranged by law enforcement agencies from France, the Netherlands and EU has highlighted the scale of the investigation that occurred after EncroChat, an encrypted comms provider, was penetrated by police, then taken down in June 2020. This story may appear to be three years old, but statistics that summarize the police investigations that have occurred since will help to explain why it is worth revisiting.
- 6,558 arrests so far, resulting in prison sentences that total 7,134 years
- Seizure of cash worth EUR740mn (USD808mn) and freezing of bank accounts and other assets worth EUR154mn (USD168mn)
- Seizure of 103.5 tonnes of cocaine, 163.4 tonnes of cannabis, 3.3 tonnes of heroin and over 30 million pills
- Seizure of 923 weapons, 68 explosives and 21,750 bullets
- Seizure of 271 properties, 83 boats and 40 planes
It is in the nature of police to talk up their successes when fighting crime but it is easy to see why they want to draw attention to results like these. The public may not otherwise understand why so much time has been spent trawling through the communications of the estimated 60,000 users of EncroChat and the 115 million conversations they had whilst using the service. There is also a need to explain why it is better to keep an encrypted network up and running, so intelligence can be gathered, instead of shutting it down immediately, which would only lead criminals to switch to other methods of communicating with each other.
EncroChat worked by installing new software on Android and BlackBerry handsets so messages were encrypted, and to disable functionality that might be subverted for surveillance purposes, such as cameras and GPS. The service also included a special ‘panic’ feature that would immediately erase all data on the handset. Encryption of comms should be legal in itself, but it is no surprise that criminals were attracted to EncroChat, which charged EUR1,500 (USD1,600) for a six-month contract. EncroChat’s SIMs were supplied by Dutch telco KPN and comms traffic was managed by servers located in France. Police successfully infiltrated the network for three months so they could see what the unencrypted messages said, but in June 2020 an administrator of the network sent a message warning all users to immediately dispose of their devices (pictured, right) and the service went permanently offline.
The pace of pursuing these cases is illustrated by observing that the police were only reporting 1,000 associated arrests at the end of 2020. But what the police are not saying is whether they have subverted any comms networks that have emerged more recently. Last week’s press conference occurred a few hours after the killing of Nahel Merzouk by a French traffic cop, prompting rioting across the country. This was a coincidence that means they will have received less coverage than they hoped for. It is likely that attention was being drawn to this case because either another network is currently being spied upon, and there is a need to prepare the argument for why such networks are not interrupted immediately, or else the authorities are pursuing increased power to intercept and decrypt electronic communications.
The press release associated with the conference can be found here.