State stick to your powers: Legal Problems of Digital Investigations Using the Example of Encrochat

von Prof. Dr. Dennis-Kenji Kipker, veröffentlicht am 04.04.2022

Across the country, German public prosecutors and investigating authorities are celebrating great successes after the evaluation of data from the communications provider Encrochat throughout Germany has already led to numerous convictions for narcotics crimes, among other things. What may sound good at first glance, however, has an unpleasant aftertaste, because it is still not clear in what way and with what powers the data was obtained, and whether it can even constitute suitable evidence in a criminal trial if the so-called "chain of custody" cannot be secured. Ultimately, this is about more than just Encrochat, because it raises the question of what legal standards should be applied to digital evidence in the future.

Encrochat is a provider of encrypted communication technology founded in 2015. The business model: the company provided its customers with technically modified smartphones, which were modified in such a way that all device components that are not absolutely necessary for communication were removed. The classic security risks in the form of GPS sensors, microphones and cameras thus no longer existed on Encrochat devices. In addition, communication software based on signal protocols was made available on the terminals, by means of which end-to-end encrypted text messages could be sent. If the worst came to the worst, it was possible to delete all content from the device using a "wipe" function.

As early as 2017, Encrochat came to the attention of French investigative authorities and a hack of the company's servers was authorized. The circumstances surrounding this are largely unknown - France is invoking a "military secret" here and documents are being kept under wraps. It is not even clear whether the compromise of Encrochat's servers was the sole responsibility of the French authorities or whether a North African intelligence service was not involved here. Either way, however, the Encrochat hack led to the fact that malware disguised as an update found its way onto end devices, enabling the confidential communications of tens of thousands of users to be read over a period of months.

The data obtained from the mass surveillance subsequently led to numerous criminal proceedings and served as the basis for the first court decisions. As a result, a dispute arose over the legal assessment of the hack and the subsequent data processing. Criticism was and still is levelled at possible authority shopping and prohibitions on the use of evidence. In its most recent decision, however, the German Federal Court of Justice assumes that the data can be used - this is wrong from several points of view, because the chain of evidence is long and can hardly be described as traceable in terms of data authenticity and data integrity.

It follows from the principle of the judicial duty to clarify that the facts must be clarified comprehensively on the one hand and ex officio on the other. For the Encrochat data files, however, there is a special feature: unlike ordinary means of evidence, digital data are exposed to a much higher risk of manipulation or alteration. After the Encrochat raw data has been skimmed, its integrity is constantly at risk during storage and especially during subsequent processing operations - especially if, as in the present case, there is no continuous logging of changes made. Data stored by the investigative authorities can be changed by third parties, i.e. by external intervention, as well as by the investigative authorities themselves. Data that has already been processed as such therefore has only very limited evidentiary value. If data from a later processing stage, as in the case of Encrochat, is introduced as evidence in proceedings, the courts, due to their duty to clarify and explain the facts, must as a rule also examine the (raw) data on which the further technical processing is based and, if necessary, have it examined by an expert. The exceptions to this are very narrowly defined in legal terms and cannot be applied to the present case constellation.

Quite the contrary: the Federal Constitutional Court of Germany does not allow the presumed correctness of the further processing of the raw data to be relied upon if there are indications that errors actually occurred during the processing. This is the case with the Encrochat data, in that contradictory and inconsistent data records were discovered here. Documented messages, for example, were received before they were sent, as evidenced by the time stamps.

As a result, the following is to be demanded for the current and future handling of the Encrochat data:

  • The courts of crime are required to satisfy themselves of the admissibility of data processing in Encrochat procedures. This includes all processing steps and also the raw data sets that are currently kept secret.
  • A right to a fair trial under the rule of law requires that the defense be granted comprehensive access. This also includes those records that were created for the purpose of the investigation but were not put on file. A blanket refusal to allow access on the grounds of "jeopardizing ongoing investigations" is not a permissible argument. Only in this way can information parity be established between the state and the citizen. The current investigations thus do not constitute such a fair and constitutional procedure for trial.
  • In terms of legal policy, it is necessary to demand that the standards for a procedure based on the rule of law be set higher than they have been to date for evidence collected by government agencies, especially for the use of digital investigative tools. Preventive protection of fundamental rights requires that investigating authorities enable the subsequent exercise of the rights of the defense already in the case of infiltration of technical systems or otherwise targeted data collection for the purpose of criminal prosecution. This necessarily means that the entire chain of custody must be transparently logged and accessible.
Diesen Beitrag per E-Mail weiterempfehlenDruckversion

Hinweise zur bestehenden Moderationspraxis
Kommentar schreiben

Kommentare als Feed abonnieren

Kommentar hinzufügen