A Dutch court has ruled that a public prosecutor involved in the investigation into the EncroChat encrypted phone network should give evidence on the operation.
The decision is the first time an official has been required to explain the role of the Netherlands in the operation to hack EncroChat, which has led to arrests worldwide of hundreds of members of organised crime groups.
The Dutch Public Prosecution Service’s public position is that it was not involved in the development or deployment of a “software implant” used by the French Gendarmerie to harvest 120 million messages from the phones, which were largely used by organised criminal groups.
Dutch prosecutors argue that it is not up to the Dutch courts to assess the legality of the French police operation to intercept messages from EncroChat, which were subsequently shared with the Netherlands, the UK, Sweden and other countries.
But the claim has been questioned by defence lawyers in the Netherlands, who point to evidence from the UK and elsewhere that suggests the Dutch and French Gendarmerie worked closely together on the operation.
A court in Den Bosch ruled last week that a public prosecutor involved in the Dutch investigation into EncroChat, codenamed 26Lemont, should give evidence on the Dutch judiciary’s role in the operation with the French.
Impossible to conduct effective defence
Defence lawyers representing clients in a drug trial had argued that it was impossible for them to conduct an effective defence because the Public Prosecution Service had refused to provide them with documents they requested that shed light on the hacking operation.
They claimed that the French operation against the EncroChat phone network may be in breach of Article 8 of the European Convention on Human Rights, which puts boundaries on state interference in the privacy of citizens.
The lawyers also argued that the operation against EncroChat may be in breach of Article 6 of the convention, which provides for the right to a fair trial.
The East Brabant District Court did not accept there was evidence that the EncroChat operation breached European Convention rights, but it ordered the Public Prosecution Service to testify about the hacking operation for the first time.
“The court is of the opinion that in the light of a fair process, the defence must be given the opportunity to exercise more direct control [over the legal process],” it said.
The court also asked the Public Prosecution Service to explain in writing why legal authorisation for the hacking operation cannot be disclosed in court proceedings.
Dispute over the target of investigation
Defence lawyers are also questioning the legal basis of the interception operation.
The Public Prosecution Service argued that the interception operation was primarily targeted against the operators of the EncroChat network.
Defence lawyers argue that documents from UK court hearings confirm that the target of the hacking operation was, in reality, not the operators of EncroChat, but its users.
However, the court found that the UK documents were not in themselves incompatible with the prosecution arguments that the investigation focused on the operators of EncroChat.
The Dutch National Forensics Institute (NFI) was drawing up reports on the reliability of the content of intercepted messages from EncroChat, the court found.
It refused permission for defence lawyers to be provided with copies of data, files photographs and documents and messages obtained from EncroChat. But it said Dutch courts had already determined that lawyers can visit the NFI to inspect EncroChat datasets.
Dutch deny involvement in hacking
Defence lawyers in the Netherlands claim that the Dutch may have had a wider role in the EncroChat hacking operation than has so far been admitted, following disclosures in UK courts and elsewhere.
The Dutch public prosecutor wrote to prosecuting lawyers in the Netherlands in March accusing the UK of damaging confidence by disclosing information released to the UK through diplomatic channels.
It denied that it had any involvement in the development, deployment and legal authorisation of the French interception “implant”.
“It is true that the authorities have worked closely together,” the letter said. “This is to be expected in an international operation.”
However, this does not suggest that the Dutch Prosecution Service influenced the assessment by French judges that deployment of the interception tool was legal and proportionate, the letter argued. “With this letter, we expressly state that this was not the case,” it added.
Martin Egberts, the Netherlands’ national prosecutor for cyber crime, disclosed some details of the relationship between France and the Netherlands during an online seminar on 18 May 2021 hosted by the United Nations Office on Drugs and Crime.
He said the Dutch initiated an independent investigation into EncroChat after taking down an encrypted phone network, EnnetCom, used by criminal gangs in 2016.
“We decided to look at EncroChat as the next supplier of organised crime groups,” he said. “We saw that they mainly targeted criminal clients and that’s why we took a look into the company.
“We saw that the [EncroChat] servers were hosted in France, so we decided to ask France if they wanted to co-operate with us. And that is when we found out that France was already doing investigations into the same company. And we decided to work together. So from that moment on, we joined forces.”
The first formal co-ordination meeting between France and the Netherlands took place at Europol in April 2019. The two countries formed a joint investigation team 12 months later.
The use of EncroChat evidence faces legal challenges in several countries. A German court ruled that EncroChat evidence should not be used in criminal prosecutions in July, and a Swedish court found ambiguities in EncroChat evidence in May. Legal challenges are also under way in the UK and France.