Rido - stock.adobe.com
Ex-boxer fights US government over legality of Sky ECC cryptophone intercepts
Lawyers for former heavyweight boxer Goran Gogic argue that US prosecutors’ reliance on messages obtained by a European police hacking operation into the SKY ECC encrypted phone network breaches the US constitution
Lawyers representing a former boxer charged with serious drug trafficking offences are challenging the legality of the US government’s use of intercepted messages obtained by a European police hacking operation against the world’s largest cryptophone network.
The former heavyweight boxer from Montenegro, Goran Gogic, faces charges over his alleged involvement in the import of large quantities of cocaine. His lawyers accuse prosecutors of bypassing US legal protections by relying on overseas partners to conduct surveillance.
The case will test the validity of evidence obtained by French law enforcement from the hacking and mass interception of 170,000 users of Sky ECC phones in a joint operation with Belgian and Dutch police in the US courts.
Joseph Corozzo, a lawyer for Gogic, said the case is the first time legal arguments used to exclude evidence obtained through the torture of individuals outside of the US have been applied in an attempt to exclude overseas intercept material.
Corozzo said his client, as a non-US citizen, did not benefit from Fourth Amendment protections against government surveillance under the US Constitution.
“If he were a US citizen, we feel strongly that the court would suppress [the intercept material] very quickly. Since he is a non-US citizen, it’s a greater burden to us to establish all the factors involved,” he added.
US prosecutors argue that the intercepted text messages used as evidence against Gogic in the case are “broadly similar” to the communications data that the government regularly receives from telecoms and social media companies in the US.
Even if Gogic did have rights under the Fourth Amendment, the conduct of French law enforcement agencies in seizing the data “does not shock the conscience” and the US did not act with “an intention to evade the constitution”. they claim.
Operation Argus
Sky Global, a company with headquarters in Vancouver, Canada, began developing encrypted phones in 2008, which were later sold through a network of distributors and resellers.
Belgian police began investigations into the use of Sky ECC phones by organised criminals in 2016, after seizing the encrypted phones in a drug trafficking operation in the port of Antwerp. Dutch police began parallel investigations following their own seizures of Sky ECC phones.
By late 2018, Sky ECC was gaining international attention, and more than 20 police officers from the US, Canada, Australia and Belgium met at an international conference in Sydney to discuss ways of breaking the Sky ECC encryption.
French investigators began intercepting encrypted messages from Sky ECC in June 2019. A breakthrough by Dutch technicians who discovered how to decrypt the platform led to the live interception and decryption of all Sky ECC messages from February 2021.
French, Belgian and Dutch police launched an “action day” against Sky ECC users on 9 March 2021, making large numbers of arrests, searches and seizures in the three countries. The operation, dubbed Operation Argus, led to the interception of one billion messages.
Drug imports
Gogic was arrested in Miami in October 2022 and faces charges under the US Maritime Drug Law Enforcement Act.
His arrest came after police seized a shipment of 18 tonnes of cocaine in Philadelphia, in an operation described as one of the largest cocaine seizures in US history.
The case stems from federal investigation into a “vast network” of international narcotics traffickers who smuggled cocaine from South America to the US and Europe in commercial container ships.
Tacit agreement between US and Dutch
Gorgic’s lawyers argue in a “motion to suppress” that US investigators engaged in “forum shopping” to circumvent US law and constitutional protections.
They claim the US put its own investigation into Sky ECC on hold to obtain intercept material from France that would otherwise be inadmissible in the US.
An internal French police report shows that during a meeting in Europol in May 2019, Belgian and Dutch investigators learned that the US intended to arrest Sky’s executives, based in Canada.
However, the US agreed with the Dutch to suspend US investigations until after European police forces completed their investigation into Sky ECC.
“A tacit agreement between the American and Dutch authorities allowed the European investigations to continue, with the Americans suspending further operations pending the outcome of ongoing investigations,” the report states.
Belgium, France and Holland closed their investigation into Sky ECC in March 2021, making multiple arrests and seizures of drugs and firearms.
Three days later, US prosecutors indicted Sky Global’s Canadian CEO, Jean-Francois Eap, and a former phone distributor, Thomas Herdman, for racketeering and knowingly facilitating the import and distribution of drugs and the sale of encrypted communications devices. Their cases have not been heard in court.
By receiving intercepted material from France, rather than carrying out its own interception, the “US could maintain the façade of keeping its hands clean during the interception and then receive the same evidence anyway through requests for mutual legal assistance”, Gogic’s defence lawyers claim.
They point to evidence that Dutch police carried out a similar forum shopping exercise by obtaining intercept material from France that would not be admissible if carried out under Dutch law.
According to a Dutch court document, in 2019, a Dutch magistrate refused an order to seize full copies of the Sky ECC servers as “it could not be established that the users of Sky ECC were using the system exclusively for illegal purposes”.
The magistrate found that because there was no concrete suspicion against individual users, it would be “too far reaching” to grant unconditional permission to search the messages of all Sky ECC users.
Dutch police ultimately obtained intercepted messages of all incoming and outgoing communications from Sky ECC from French law enforcement.
Gogic’s lawyers claim that the Dutch authorities “successfully circumvented the Amsterdam investigative judge’s 2018 denial of their application to copy the Sky ECC servers by getting the same relief they had been denied from a different venue: France”.
Gaps in chain of evidence
Defence lawyers are also pressing US prosecutors to disclose all documentation of how the US obtained Sky ECC data from European law enforcement.
According to the motion, filed in the Eastern District of New York, “a major problem from an evidentiary standpoint is that digital data is at a significantly higher risk of (intentional) manipulation or (unintentional) alterations”.
An expert who examined spreadsheets of intercepted messages provided by the US has found evidence that the files were modified on multiple dates.
The motion claims there are thousands of missing media files and numerous other anomalies in the data supplied by US prosecutors.
Defence lawyers are pressing US prosecutors to disclose the underlying raw data and “hash values” that would allow experts to check that data provided in evidence had not been modified.
They point to a case in Panama where a judge acquitted 28 defendants after finding the leaked documents that formed the basis of the charges against them did not comply with digital evidence principles, and lacked the “hash values” necessary for verifying the authenticity and accuracy of digital data.
Dutch developed AI software to analyse Sky ECC
Dutch police developed AI software known as Chat-X to access and analyse intercepted messages. According to Dutch lawyer Yehudi Moszkowicz, the artificial intelligence (AI)-based software was used to search millions of intercepted messages for keywords associated with threats to life, and later to automatically identify chat messages referring to money laundering and other crimes.
Read more about Sky ECC
March 2021
- Belgian police raid 200 premises in drug operation linked to breach of encrypted phone network: More than 1,600 police and law enforcement officials conduct drug raids after the compromise of an encrypted mobile phone network that has parallels with EncroChat.
- Police crack world’s largest cryptophone network as criminals swap EncroChat for Sky ECC: Belgian and Dutch police have breached the encryption of users of Sky ECC, the world’s largest cryptophone network.
- Arrest warrants issued for Canadians behind Sky ECC cryptophone network used by organised crime: The US has issued arrest warrants for the CEO of Sky Global and a former distributor for racketeering, aiding and abetting the distribution of illegal drugs by supplying encrypted phones to criminals.
November 2021
- Cryptophone supplier Sky Global takes legal action over US government website seizures: Canadian tech company Sky Global has filed a legal motion claiming that the US government unlawfully seized the company’s internet sites following police investigations into the use of its cryptophones by organised crime.
- Sky ECC provided free cryptophones to a Canadian police force: Internal emails disclosed in a US court show how Sky Global supplied sample encrypted phones to a Canadian police force before its phone users became subject to an international police investigation.
September 2024
- Canadian arrested by France after cooperating with US on Sky ECC cryptophone investigation: Thomas Herdman, who faces charges in France over his involvement in distributing Sky ECC encrypted phones, arrested by French police despite agreeing to cooperate with US law enforcement.
Chat-X also provided access to metadata, including the location from which a message was sent, the International Mobile Equipment Identity (IMEI) number (a unique identifying number for each handset), the Access Point Name (APN) and the IMSI (a unique identifying number for each SIM card).
Defence lawyers claim that the US government has failed to disclose the metadata from the messages used as evidence in the case, which could be used, for example, to establish whether Gogic was present when the messages were sent. They have also asked the court to order the disclosure of the Chat-X software.
Silver platter doctrine
US law allows evidence supplied by other countries to be used in US courts under the “silver platter doctrine”.
But defence lawyers argue that the interception of Sky ECC amounted to a “global fishing expedition” and that there was no probable cause to suspect every one of the individuals placed under surveillance of criminality.
The fact that Sky ECC phones were sold for cash by dealers who met clients in person, they say, “does not establish reasonable suspicion, let alone probable cause, that criminal activity is afoot”.
Government did not evade constitution
Prosecutors argue that the Fourth Amendment does not apply to searches and seizures made against non-US nationals on foreign soil.
Even if it did, the conduct of French law enforcement agencies in seizing the data from Sky ECC “does not shock the conscience” and was upheld by French courts.
There is “no plausible” claim that the “government cooperated with the Europeans with the intent to evade constitutional requirements”, according to a prosecution motion.
The most the facts show is that the US extended a courtesy to European law enforcement by delaying overt investigation and enforcement actions that could harm the European investigation.
That is not a case where American officials use foreign officials to intercept phone calls made from the US to a foreign country to circumvent constitutional requirements that would apply if the same phone calls were intercepted in the US, they say.
A sworn statement from the law enforcement officer who received the data from France would be all that is needed to prove its authenticity.
Questions around “chain of custody” should only have a bearing on the weight of evidence, not its authenticity, according to the prosecutors. “There is no reason to believe that materially different data exists, nor that it would be favourable to the defendant if it did,” they added.
Corello said US prosecutors were following the same argument as prosecutors in Europe – that the court should honour the prosecutorial activities of France based on the French court’s finding that the conduct was permissible.
“They’re not addressing in any fashion the issues of reliability and chain of custody,” he added.
The Sky ECC hack
- 2016: Netherlands and Belgium begin independent investigations into Sky ECC encrypted phones.
- 2018: Twenty police officers from the US, Canada, Australia, Belgium and other countries participate in an international conference in Sydney, discussing ways to access Sky ECC. They follow up with a meeting in Antwerp.
- 19 November 2018: A report by investigators identifies the location of Sky ECC infrastructure in the OVH datacentre in Roubaix, France.
- 30 November 2018: A Dutch judge allows an application to seize copies of the Sky ECC servers for technical research into encryption and interception of messages on the phone network, but does not allow the collection of data on the services for use as evidence. The magistrate concludes that it is not “established that the encrypted communication of SkyECC is almost exclusively used by organised serious crime”.
- 13 February 2019: A French prosecutor at the Lille court initiates a formal investigation into Sky ECC.
- 27 May 2019: A meeting at Europol with the Belgian, Dutch and French authorities is told that US authorities had also opened an investigation into Sky ECC and “their ultimate goal was to arrest the company’s executive in Canada”. The Americans reach a “tacit” agreement with the Dutch to suspend US investigations while European investigations continue.
- 12 June 2019: A French prosecutor applies for a court order to intercept, record and transcribe communications passing through Sky ECC servers in France.
- 14 June 2019: French court authorises the interception of Sky ECC’s servers for one month. The order is repeatedly renewed until December 2020.
- 13 December 2019: Dutch, Belgian and French law enforcement authorities agree to form a Joint Investigation Team to gather evidence about alleged criminal activities of Sky Global and its users, and to share technical information and resources.
- December 2020: Dutch investigators work out how to obtain encryption keys from Sky ECC handsets. Work begins on decrypting a backlog of intercepted encrypted data.
- February 2021: French investigators begin live interception and decryption of Sky ECC phones. More than 70,000 phones are monitored.
- 9 March 2021: Sky ECC is shut down after a joint operation by French, Belgian and Dutch law enforcement authorities, known as Operation Argus. Arrests, house searches and seizures are made in Belgium and the Netherlands.
- 12 March 2021: US files an indictment against Jean-Francois Eap, CEO of Sky Global, and former phone distributor Thomas Herdman.
Read more on Smartphone technology
-
Dutch Supreme Court approves use of EncroChat evidence
-
Three years on, EncroChat cryptophone hack nets 6,500 arrests and seizures of €900m
-
Italian Supreme Court calls for prosecutors to disclose information on Sky ECC hacking operation
-
France extradites Spanish EncroChat cryptophone distributors for complicity with organised crime