The EncroChat police hacking sets a dangerous precedent

Automatically labelling people who use an encrypted chat ‘criminals’ threatens our fundamental right to privacy.

Bundles of cash are displayed
Some 800 people were arrested during a cross-nation police operation in Europe after the encrypted chat app EncroChat was hacked in early July 2020 [File: Metropolitan Police Service via Reuters]

On July 2, the United Kingdom’s National Crime Agency (NCA) announced that after a cross-nation investigation, more than 800 people were arrested in several European countries for illicitly trading in drugs and guns. The operation was launched after the French police managed to intercept messages on EncroChat, an encrypted messaging platform operated on modified Android devices.

These arrests have been celebrated by police forces internationally, and have been breathlessly reported by media outlets, which have been quick to label those arrested “criminals” and “iconic untouchables”. The due process and presumption of innocence that we expect in developed democracies appear to have been dispensed with in a quest for headlines, fuelled by savvy police PR departments.

But while this operation provided for clickbait articles and boosted the public perception of “justice being done”, there are serious questions about both its effectiveness and ethics.

There are many legitimate concerns that lawyers have already raised. First, there is a lack of transparency about how the French authorities gained access to the messages, and whether the correct legal procedures were followed to ensure the integrity of the evidence.

Because of the sensationalist press briefings, any jury in a future trial will almost certainly be prejudiced by the media coverage, not only against those arrested recently but anyone in the future found to be using encrypted devices. 

The danger here is that, for a defendant facing a trial where the evidence is weak and methods questionable, they may still be convicted because a jury hears “encrypted chat” and thinks “criminal”. 

There is also the danger of “collateral intrusion”. There are lawyers who have used EncroChat to communicate with their clients. This means that the authorities have almost certainly seen legally privileged and confidential communications between suspects and their lawyers – perhaps even the very lawyers who will be representing them after these arrests. Information obtained in this way probably would not stand in court it could still prejudice any investigation.

There will be a number of evidential difficulties with many of these cases. There are questions as to whether there was an abuse of process when the information was obtained, and it can be difficult to determine without a doubt that messages from a given phone were indeed sent by a certain individual.

In this sense, it is conceivable that the authorities may get nothing more than headlines out of this in the majority of cases. Perhaps headlines – as well as asset seizures which benefit their own departments – are all they really want.

Even more worrying are the implications for all of our civil liberties. Privacy is a human right – perhaps one of the most fundamental rights, and the one that clearly distinguishes between developed democracies on the one hand and authoritarian dictatorships on the other.

The fact that privacy will sometimes be abused by criminals is not a justification for it to be refused to the vast majority who are law-abiding. There were reportedly 60,000 EncroChat users globally, but only 800 of them were arrested during the recent operations. Some users may be criminals, but many are businesspeople, politicians, lawyers or just individuals who simply wished to use secure encrypted communication for a variety of personal reasons.

That is why, we should find particularly concerning the statement made by Nikki Holland, director of investigations at NCA, warning that “If you have one of these devices, be very worried because we are probably coming for you”.

Most of the public will not be worried, since they may have only heard of EncroChat yesterday. But what is the difference, in legal or ethical terms, between one encrypted chat app and another?

Many of us regularly use Signal, Telegram and WhatsApp, which are also encrypted chats. In light of repeated phone hacking scandals, our attraction to privacy, especially if we are sharing personally or commercially sensitive information, is surely understandable. So how long until the use of encrypted messenger apps becomes a crime in its own right?

We appear to be on a slippery slope towards a place where anyone enjoying his or her privacy is guilty until proven innocent, and where authorities in Europe will treat with suspicion anyone who chooses to communicate on a platform other than the officially approved (and perhaps government-issued) ones.

We might expect such behaviour from China or Russia, but not the UK or France. To protect the public, Europe’s police forces should rely on thorough investigations and reliable evidence, not shadowy hacking techniques and sensationalist headlines which erode justice and endanger our freedoms.

Editor’s note: The legal language of the eighth paragraph has been updated for accuracy. 

The views expressed in this article are the author’s own and do not necessarily reflect Al Jazeera’s editorial stance.