Christian Horz - stock.adobe.com
WhatsApp and Signal messages at risk of surveillance following EncroChat ruling, court hears
Defence lawyers seek leave to appeal a decision by the Investigatory Powers Tribunal that the National Crime Agency lawfully obtained warrants to intercept messages sent over an encrypted phone network
Police could lawfully use bulk surveillance techniques to access messages from encrypted communications platforms such as WhatsApp and Signal following a ruling by the UK’s Investigatory Powers Tribunal (IPT), a court has heard.
Lawyers claimed that a decision by the IPT following an international police operation to harvest bulk encrypted messages from the EncroChat phone network has opened the door to mass surveillance of other encrypted messaging systems.
They told the Court of Appeal’s Civil Division last week that the tribunal’s 2023 ruling on EncroChat “drives a coach and horses” through the statutory provisions of the Investigatory Powers Act governing bulk surveillance.
“It would mean that any messaging platform, such as WhatsApp or Signal, could be the subject of a wholesale thematic equipment interference warrant,” the court was told.
Millions of messages harvested
Lawyers are seeking leave to appeal a ruling by the Investigatory Powers Tribunal in May 2023 that found the National Crime Agency (NCA) had lawfully obtained warrants to authorise French police to intercept messages from EncroChat phone users in the UK.
A French and Dutch Joint Investigation Team (JIT) harvested more than 115 million supposedly encrypted messages from an estimated 60,000 users of EncroChat phones after infecting the handsets with a software “implant”.
As part of the UK’s response to EncroChat, Operation Venetic, police have made more than 3,100 arrests, convicted 1,500 offenders, recovered over nine tonnes of Class A drugs, and seized 3,500 rounds of ammunition and £84m in cash.
During the hearing, defence lawyers representing 11 defendants told judges that the National Crime Agency had unlawfully used a targeted equipment interference (TEI) warrant to authorise French police to hack EncroChat phones belonging to people resident in the UK.
The court heard that the Investigatory Powers Act 2016 allows law enforcement to obtain a TEI warrant for a single investigation or operation, such as the covert monitoring of the activities of an identified organised crime group. However, the lawyers argued that a TEI warrant could not be used to monitor all users of a particular messaging service. It was not enough, they said, that the targets for surveillance were using a common technology “incidental to their suspected criminality”.
The primary purpose of Operation Venetic was to receive, triage and disseminate intercepted material gathered by the French from EncroChat phones and deliver it to police forces to conduct multiple investigations.
It was also clear from the NCA’s warrant application that Operation Venetic was not set up for a single operation or investigation, but to facilitate current UK law enforcement activity and future criminal investigations.
Defence lawyers quoted Lord David Anderson KC’s initial legal advice to the Crown Prosecution Service – which he later changed following representations from the NCA – that a TEI warrant would not be appropriate for EncroChat.
Anderson initially concluded that the NCA could not lawfully apply for a thematic TEI warrant to break into an encrypted platform on the grounds that it was used by a “vast and miscellaneous group of unrelated criminals”.
Anderson also warned that the NCA would be deploying “a drift net” rather than a “harpoon” that would set aside the statutory protections in “favour of a wholly general attempt to uncover serious criminality of all kinds”.
Distinction between bulk and thematic warrants blurred
The court heard that the IPT had unlawfully blurred the distinction between bulk warrants, which allow the bulk interception of communications, and thematic warrants, which permit a much narrower range of interception, in breach of privacy rights under the European Convention of Human Rights.
Lawyers said it was not a coincidence that the NCA had “re-badged” Project Venetic as Operation Venetic shortly before it applied for the TEI warrant.
If the NCA was able to use a TEI warrant for bulk interception merely because it had decided to call an investigation an “operation” rather than a “project”, that would mean there was no longer a statutory distinction between bulk surveillance and thematic equipment interference, the court heard.
“It will have drastic effects on law enforcement because it will send a clear message that, from now on, bulk [surveillance requirements] of the Investigatory Powers Act can be ignored,” lawyers said.
Threat assessment
The court heard that the Investigatory Powers Tribunal had relied on the NCA’s confidential 2019 Strategic Threat Assessment that EncroChat phones were exclusively used by criminals.
Defence lawyers argued that the Court of Appeal should assess whether the NCA had written the assessment to support its application for a TEI warrant.
The court heard that the NCA knew from 2018 onwards that French officials were investigating EncroChat servers at the OVH datacentre in Roubaix, France.
The NCA’s principal technical officer travelled to France to assist in reverse engineering the EncroChat servers in 2019 and provided the French with test handsets.
A February 2019 official minute from Europol indicated that the intention was to decrypt and obtain EncroChat communications from a server, the court heard.
In addition, NCA technical officers had developed their own EncroChat implants before the French hacking operation.
“There were at least a year’s worth of clear indications to the NCA before the confidential assessment was published as to what the French, and for that matter the Dutch ... were planning,” the court heard.
NCA should have applied for TI warrant
The court was told that the NCA had wrongly applied for a targeted equipment interference (TEI) warrant when the only lawful warrant that could be used under the Investigatory Powers Act 2016 was a targeted interception (TI) warrant.
“In the choice between a TI and a TEI for intercepting stored communications, in this situation there is no choice … a TEI cannot be the appropriate warrant. It is a TI,” a defence lawyer told the court.
The IPT’s conclusion that “Parliament could not have intended a TI warrant to be required because that would give a ‘windfall benefit’ to defendants whose communications were intercepted” was wrong, the court was told.
A barrister told the court: “The court’s function is to give effect to the will of Parliament as expressed in the plain words of the statute, not to seek to find an interpretation that second guesses or disapplies plain words.”
Read more reports about the IPT EncroChat hearings
11 May 2023: Investigatory Powers Tribunal finds NCA EncroChat hacking warrants were lawful.
28 Dec 2022: NCA lawyers argue that a decision by an NCA intelligence officer to disclose notes of a key meeting after two-and-a-half years boosts her credibility as a witness.
22 Dec 2022: The National Crime Agency argues at the Investigatory Powers Tribunal that expert evidence it agreed to ‘take as read’ is limited, flawed and often based on an incorrect interpretation of the law.
16 Dec 2022: Defence lawyers claim NCA witness gave unreliable evidence on EncroChat hacking operation.
15 Dec 2022: EncroChat hacking warrant was unlawful and in breach of human rights law, the Investigatory Powers Tribunal hears.
23 Sept 2022: The National Crime Agency did not seek a written explanation of a French hacking technique before applying for a surveillance warrant to use French “intercept” in the UK, a court hears.
23 Sept 2022: Investigatory Powers Tribunal hears that the National Crime Agency made ‘serious and fundamental errors’.
Appeal raises ‘important and compelling issues’
The barrister argued that if the court thought the IPT may have made an error in law about the interpretation of the Investigatory Powers Act and how it should be applied by the National Crime Agency and the investigatory powers commissioner, who regulates surveillance, it should allow the appeal.
“The potential consequences of an erroneous legal approach to primary legislation of this kind, particularly in the context of surveillance law, are of themselves compelling and important, and to say otherwise risks doing an injustice,” he said.
The barrister told the court that the issues raised were “important and compelling” not just for the applicants, but for other related EncroChat cases and “interception cases generally”.
He said it would be a “remarkable” development if a type of interception falling within the definition of interception in the Investigatory Powers Act, and included in the IPA’s privacy protections, “had been removed from those protections entirely”.
David Perry KC for the NCA and the Crown Prosecution Service said none of the grounds for appeal had any arguable merit. He said the court should not grant leave to appeal unless it considers that the appeal would raise an important point of principle or practice.
The Investigatory Powers Tribunal has made no decision about the legal admissibility of EncroChat evidence in UK courts and has referred the question back to criminal courts to resolve. A number of legal challenges over the admissibility of EncroChat evidence are before crown courts.
The Court of Appeal reserved its decision.
EncroChat: Main grounds of appeal against the Investigatory Powers Tribunal (IPT)
- The National Crime Agency (NCA) was in breach of the Investigatory Powers Act because it did not obtain a targeted interception (TI) warrant. The targeted equipment interference (TEI) warrant obtained by the NCA was unlawful under Section 9 of the Investigatory Powers Act.
- The IPT did not set out its reasons for refusing an appeal over whether the TEI warrant obtained by the NCA had been issued for a lawful purpose.
- The NCA and the director of public prosecutions breached Section 10 of the Investigatory Powers Act by not obtaining a mutual assistance warrant, known as a European investigation order. The IPT erred by concluding it had no jurisdiction over the matter.
- The IPT was wrong to categorise multiple police investigations into criminal groups that were using EncroChat phones as a “single investigation”.
- The IPT unlawfully blurred the distinction between bulk and thematic warrants, in breach of Article 8 of the European Convention on Human Rights.
- The IPT made a “speculative assumption” that the NCA’s purpose in producing a confidential threat assessment in 2019 that found EncroChat was exclusively used for criminal purposes was not intended to support its application for a TEI warrant.
Read more on IT for government and public sector
-
Court finds EncroChat hacked messages admissible as former footballer is jailed
-
Top 10 investigations and national security stories of 2023
-
Defence lawyers seek appeal of tribunal ruling on police EncroChat cryptophone hack
-
How the UK crime agency repurposed Amazon cloud platform to analyse EncroChat cryptophone data