What was EncroChat?

EncroChat phones were presented as guaranteeing perfect anonymity (no device or SIM card association on the user’s account, acquisition under conditions guaranteeing the absence of traceability) and perfect discretion both of the encrypted interface (dual operating system, the encrypted interface being hidden so as not to be detectable) and the terminal itself (removal of the camera, microphone, GPS and USB port). It also had functions intended to ensure the impunity of users (automatic deletion of messages on the terminals of their recipients, specific PIN code intended for the immediate deletion of all data on the device, deletion of all data in the event of consecutive entries of a wrong password), functions that apparently were specially developed to make it possible to quickly erase compromising messages, for example at the time of arrest by the police. In addition, the device could be erased from a distance by the reseller/helpdesk.

EncroChat sold the cryptotelephones at a cost of about EUR 1 000 each at international scale and offered subscriptions with worldwide coverage, for EUR 1 500 for six months with 24/7 support.

How the investigation unfolded

In recent years, European countries have been increasingly affected by organised crime groups (OCGs) that are pervasive and highly adaptive, posing one of the most pressing security challenges faced by law enforcement and judicial authorities. In this regard, the abuse of encrypted communication technologies is a key facilitator of their criminal activities.

Since 2017, the French Gendarmerie and judicial authorities had been investigating phones that used EncroChat, after discovering that the phones were regularly found in operations against OCGs and that the company was operating from servers in France. Eventually, it was possible to put a technical device in place to go beyond the encryption technique and have access to the users’ correspondence.

In early 2020, EncroChat was one of the largest providers of encrypted digital communication, with a very high share of users presumably engaged in criminal activity. User hotspots were particularly present in source and destination countries for the cocaine and cannabis trades, as well as in money laundering centres.

Given the widespread use of the encrypted telephone solution by EncroChat among international criminal networks around the world, French authorities decided to open a case at Eurojust towards the Netherlands in 2019.

Further developments in the investigations led to organising the processing of the data, which was captured on the basis of the provisions of French law and with judicial authorisation, through the frameworks for international judicial and law enforcement cooperation. Some of this information was also immediately relevant in ongoing criminal investigations, resulting in the immediate disruption of ongoing criminal activities including violent attacks, corruption, attempted murders and large-scale drug transports.

The interception of EncroChat messages came to an end on 13 June 2020, when the company realised that a public authority had penetrated the platform. EncroChat then sent a warning to all its users with the advice to immediately throw away the phones.

The role of Eurojust and Europol

In April 2020, Eurojust facilitated the creation of a JIT between France and the Netherlands and with the participation of Europol. The JIT members have since organised nine coordination meetings at Eurojust to bring all involved parties together in a secure environment, identify parallel or linked investigations, decide on the most suitable framework for cooperation and solve potential conflicts of jurisdiction.

Intensive judicial cooperation through Eurojust made it possible to extend the information sharing towards other countries concerned by the criminal activities, including through the extensive use of European Investigation Orders (EIOs).

Europol was actively involved in the investigations led by France and the Netherlands since 2018, relating to the provision and use of encrypted communication services by OCGs. As a result of this investigation and through its role as an information hub and its extensive analytical and technical support system, Europol was able to create and provide a unique and global insight on the scale and functioning of organised crime. This will help law enforcement to combat organised crime in the future more successfully. A large, dedicated team at Europol investigated in real time millions of messages and data received from the JIT partners during the investigation. The team cross-checked and analysed the data and provided and coordinated with the JIT partners the information exchange to concerned countries.

France

In France, where the operation took place under the code name ‘Emma 95’, the Gendarmerie had set up a task force in March 2020. With more than 60 officers, the Gendarmerie lead the investigations targeting the EncroChat encrypted telephone solution under the supervision of the magistrates of the JIRS of Lille. The task force had been monitoring the communications of thousands of criminals, leading to the opening of a wide range of incidental proceedings. France does not wish to communicate further on these ongoing investigations nor on the results obtained. The considerable resources deployed demonstrate the importance of these investigations and the importance attached to their success in France.

The Netherlands

In the Netherlands, where the operation went under the code name ‘Lemont’, hundreds of investigators, with the authorisation of the examining magistrate, followed the communications of thousands of criminals day and night since the operation began to unravel and act on the intercepted data stream. The criminal investigation was led by prosecutors from the Dutch National Public Prosecution Service and the information has been made available to about a hundred ongoing criminal investigations.

The investigation has so far led to the arrest of 60 suspects, the seizure of drugs (more than 10 000 kg cocaine, 70 kg heroin, 12 000 kg cannabis, 1 500 kg crystal meth and 160 000 litres of a substance used to produce synthetic drugs), the dismantling of 19 synthetic drugs labs, the seizure of dozens of (automatic) fire weapons, expensive watches and 25 cars, including vehicles with hidden compartments, and almost EUR 20 million in cash. The expectation is that information will be made available in more than 300 investigations. In several cases, more arrests are very likely to follow in the coming period.

Effects all over the European Union and beyond

A large number of suspects were also arrested in several countries that were not participating in the JIT but particularly affected by the illegal use of these phones by individuals active in organised crime, including in the United Kingdom, Sweden and Norway. Many of these investigations were connected with international drug trafficking and violent criminal activities.

Norway: A total of 12 investigations were started based on the data received from EncroChat, and the information was also relevant to ongoing investigations. In total, 31 people were initially arrested, and over 500 kg of drugs, guns and hand grenades, EUR 83 000 in cash, luxury goods and properties have been seized.

United Kingdom: As of 19 January 2021, there had been 1 239 arrests in the United Kingdom arising from EncroChat.

Sweden: In Sweden, about 90 investigations started as a result of the cooperation through Eurojust and Europol, many of them regarding murder and attempted murder or conspiracy to murder. So far, about 230 suspects have been detained and there have been convictions in 15 cases with punishment of up to 14 years’ imprisonment. Goods seized included about 50 firearms, explosives and several hand grenades, 1 300 kg of narcotics and EUR 53 000 in cash. Several court proceedings are expected to take place during 2021.