What is EncroChat?EncroChat dates to 2015 and is a Dutch company with at least one of its servers based in France. In early 2020, the EncroChat system was infiltrated by the National Gendarmerie and in March 2020 they started to investigate the messages jointly with the Dutch Police. This investigation continued until June 2020 when EncroChat issued a message to its users to say the system had been compromised. It is not known exactly how the French authorities did infiltrate the system and how users/messages were prioritised or how much data was obtained. It is also not known if all messages were gathered or whether the data was subject to any filtering system prior to the data being forwarded to the relevant law enforcement agency. Within the UK, this was the National Crime Agency and the data was collated under “Operation Venetic”. A recent theory is that French authorities managed to infiltrate the system through an update that was issued by EncroChat in April 2021. This allowed them to receive the messages directly from the phones unencrypted. Prosecution experts have agreed that this theory is possible.
How does an EncroChat handset work?EncroChat predominantly used BQ Aquaris (Android) handsets with the EncroChat operating system (OS) preloaded. The handsets had the microphone, camera and GPS settings disabled or removed for privacy reasons. The handset operated a dual boot system which was designed to hide the illicit operating system. Access to the EncroChat operating system was gained by powering the unit on and holding the volume button. If started normally, the phone would appear to be running as a normal handset.
What information is available to UK law enforcement?The EncroChat handsets used a KPN (Dutch network) SIM card that could roam onto the British networks; the EncroChat operating system required mobile data to work and the SIM cards only utilised Mobile Data Events (MDE, also called GPRS) within the UK. Therefore, the only billing available to UK law enforcement was mobile data. Once a handset was identified, it was possible to then request the associated Mobile Data Events (GPRS) records from each of the 4 main UK networks.
How do EncroChat users connect with each other?No conventional mobile telephone number was allocated to the EncroChat user and users communicated between each other using a “Handle/Username” and invited each other to connect in a similar way as traditional applications like “WhatsApp”.
How do police identify EncroChat users?Due to there being no traditional user or subscriber details, the EncroChat users are often identified by co-locating the handset with conventional phones being operated by the EncroChat user or through co-location of the EncroChat handset with the user’s vehicles through ANPR or vehicle tracking data. Sometimes, location data made available from the EncroChat itself.
What legal challenges can be made in EncroChat cases?Initially, there were questions on how the data had been obtained and the legality under the Investigatory Powers Act 2016. The main question around this was:
- Were the communications intercepted whilst they were being transmitted or whilst they were being stored in or by the system?