EncroChat was a widely used network across Europe and allowed users to communicate privately using an encrypted system.
It was taken down in June 2020 after authorities managed to infiltrate the system and access the messages that users were sending.
Since this operation, many arrests have been made but evidence and attribution within EncroChat cases can be complex.
Attribution in particular is difficult as the network disabled standard location services and the messages were largely anonymous.
How did the handsets work?
The EncroChat handsets used a KPN (Dutch network) SIM card that could roam onto the British networks (EE, Vodafone, etc). The EncroChat operating system required mobile data to work and the SIM cards only utilised Mobile Data Events (also known as GPRS) within the UK.
Therefore, the only billing data available to UK law enforcement was mobile data. Once a handset was identified, it was then possible to request the GPRS records from each of the 4 main UK network providers.
Due to there being no traditional user or subscriber details, the EncroChat users are often identified by co-locating the EncroChat device with a user’s personal device, or in some instances, through co locating the EncroChat device with the user’s vehicle through ANPR.
Problems with GPRS
However, GPRS data has its limitations.
GPRS data must be analysed differently from conventional call data as GPRS records do not provide a definitive time stamp, but instead record a data session in which time a device could have utilised the recorded cell site location at any point during that session. A recorded session time will differ from network to network. On occasions, the session time can be several minutes in duration, and if not compared correctly against the call data records for an accepted personal phone, could lead to huge misinterpretations of the data.
Further difficulties may arise due to the relatively wide area that some cell towers cover. These may significantly undermine the strength of police and prosecution arguments that a device known to be owned by the suspect and the EncroChat device were in the same vicinity.
The same problem applies to demonstrating that a particular EncroChat device was present at suspect’s home or location where they were known to have been.
The challenge is more significant still because the radio waves emitted by cell towers do not cover a precise circular radius. Instead, they can bounce off buildings or the landscape, meaning that expert witnesses often need to give evidence to show whether or not a particular location and cell tower could correspond.
Furthermore, there are strict provisions about the use of expert witnesses and what they can and cannot say. For example, in the case of R v Calland, the Court of Appeal agreed with the original Judge’s view that the police analyst’s report was opinion evidence and thus inadmissible by a non-expert. Therefore, when a co-location exercise is completed by a police analyst in attempts to attribute a EncroChat device to a user, this ‘evidence’ may be subject to legal argument.
What does this mean for your case?
Attribution is therefore a multi layered, complex part of EncroChat cases.
If you are currently being prosecuted on the basis of EncroChat evidence, it is important to remember that the evidence used in these cases does not always result in a conviction.
These cases heavily rely on specific pieces of evidence in order to attribute EncroChat usage to a specific individual by using the EncroChat handle.
This evidence will rarely be sufficient on its own for the prosecution to establish guilt beyond reasonable doubt.
Due to the complex nature of these cases, it is important that you have an EncroChat expert on your side who will understand the technical issues around EncroChat evidence and the rules and procedures around its use.
Get in touch to discuss your case with us.