Stokoe Partnership has authored the UK chapter of Chambers & Partners White-Collar Crime Guide 2024.
The Chambers & Partners White-Collar Crime Guide 2024 was published 24 October, and can be found here.
Following a Q&A format, the Law & Practice section of the Guide offers practitioners insight into the unique characteristics of global jurisdictions. In this section, Partners Bambos Tsiattalou, Richard Cannon and Amjid Jabbar outline key areas of white-collar crime, ranging from the Economic Crime and Corporate Transparency Act to the role of enforcement authorities such as the SFO, FCA and HRMC.
Their analysis can be found here.
In their Trends & Developments article (below), Partners Bambos Tsiattalou and Maria Theodoulou, together with Barrister Jessica Sobey and Solicitor Lukas Kudic-Gloster, explore the recent arrest of Telegram founder Pavel Durov and discuss what this probe reveals about the treatment of encrypted messaging platforms in criminal proceedings.
The Telegram Probe and the Crackdown on Encrypted Messaging
Encryption is a vital aspect of how we all communicate. It underpins many of the social media platforms and messaging apps millions of people rely on every day, from WhatsApp and iMessage to Signal. For professionals such as journalists and lawyers, the privacy of end-to-end encrypted platforms is also a crucial aspect of maintaining professional privilege and ensuring the confidence of clients and sources alike.
However, the role of encrypted communications is falling under increasing scrutiny as intelligence services, law enforcement and regulators tighten the net around the provision of these services and increase the monitoring of activity on supposedly secure platforms – with significant ramifications for the protection of personal data and privacy.
The founder of one such platform, Telegram, was recently arrested by French authorities and charged over failure to curb criminal activity on the platform, including organised crime and trafficking, as well as failure to report extremist and terrorist content. While Pavel Durov, Telegram’s founder and CEO, was eventually released from police custody (after bail was set at USD5.56 million), the criminal probe and investigation into Durov and the platform’s enabling of illicit activity continues – setting vital precedent for the global crackdown on encrypted messaging platforms.
This is by no means the only communications platform to have come under scrutiny in recent years, particularly following the infiltration of encrypted service providers EncroChat. This highly publicised bust led to a litany of legal challenges over the admissibility and reliability of digital evidence, with the approach of law enforcement and regulators to disclosure coming under significant criticism from the defence.
With encrypted communication undoubtedly high on the agenda of regulators and authorities, the role of these service providers and platforms – and their co-operation with law enforcement – is becoming a vital aspect of many white-collar crime cases. These ongoing debates reflect the changing nature of criminal proceedings, the treatment of digital evidence and the impact on legal professional privilege – with the need for urgent reform of legislation to ensure that the law keeps pace with the proliferation and development of end-to-end encryption.
Telegram: Encryption or Facilitation?
With over 950 million users, Telegram is a cloud-based, social media and instant messaging service that has long been criticised for its staunch commitment to end-to-end encryption and user privacy. It has faced particular attention over its popularity among organised crime groups, money launderers and terror groups – with Telegram previously refusing to hand over user data to global law enforcement, even during active criminal investigations.
Despite its assertion that the company has always sought to comply with law enforcement and regulators “as long as they didn’t go against our values of freedom and privacy”, with its founder and CEO being placed under formal investigation by French authorities. The platform finds itself under increasing pressure to co-operate with regulators – or face further enforcement action.
As part of the French probe into Telegram, Durov was charged by prosecutors over alleged complicity in offences facilitated via the platform – including drug trafficking, fraud, the organised distribution of child abuse material and criminal association with a view to committing offences.
Durov is also accused of breaching laws concerning the provision of cryptographic services without “prior declaration” – as operators of encrypted communications services must seek formal approval under French law.
Yet, following his arrest and the ongoing probe into Telegram, the platform has announced a sharp U-turn in its policy towards co-operation with law enforcement, taking new measures to crack down on illicit activity. This includes an update to Telegram’s terms of service, which states that it will now divulge user IP addresses and phone numbers to the relevant authorities should they receive “valid legal requests”.
The European Commission is separately carrying out “formal proceedings” to investigate the accuracy of the claims that Telegram remains below the threshold for very large-scale online platforms (VLSOPs) under the Digital Services Act – which have increased duties of care to monitor for illegal content and flag suspected criminal activity.
Telegram is not alone in coming under fire. Earlier this year, social media giant Meta faced similar criticism over its use of end-to-end encryption, with NCA Director Graeme Biggar referring to the increasing prominence of encrypted messaging services as “blunt and increasingly widespread”. The agency stated that it believes that it will lose a vital source of suspicious activity reports if Meta continues the roll-out of these services.
Legislation such as the UK’s recently implemented Online Safety Act has also greatly widened the access of intelligence services and law enforcement to encrypted messaging platforms – with new powers allowing for the monitoring of criminal communications and illicit content.
While apps such as Telegram have a clear appeal to criminals, due to their tight encryption, it is important to note that these services are not solely the domain of international organised crime gangs and money launderers. They are a key part of our day-to-day lives. For many individuals, such as journalists or lawyers, the role of encryption is vital to their communications – and the breaching of this could have damaging consequences.
For criminal defence lawyers, this is of the utmost importance in relation to legal professional privilege. For those who rely on the privacy of encrypted services to communicate safely and reliably with their clients, the increasingly common surveillance of supposedly secure networks has left many fearing that their communications will be monitored by law enforcement – compromising the fundamental right to privilege that is a cornerstone of the UK legal system.
End-to-end encryption is not only an important tool for those seeking to share sensitive information in the course of their employment; it also plays an essential role in protecting an individual’s personal data. Encryption can protect against intruders who seek to exploit vulnerabilities to compromise personal data for use in crime, and offers peace of mind to those looking to protect their information. Weakening these services risks increasing those vulnerabilities, so a difficult balance must be drawn to ensure that the public is protected without their privacy being compromised.
While it is important that intelligence services are able to monitor for suspected criminal activity across online platforms, this should not come at the expense of an individual’s privacy and human rights. Failure to strike an effective balance in doing so could only lead to further legal challenges for law enforcement agencies.
The Nature of Digital Evidence
Beyond the monitoring of encrypted platforms, comprising supposedly secure services, the nature of digital evidence also remains a key pillar of debates surrounding encrypted communications.
Earlier this year, a joint team of police agencies from across the globe infiltrated and successfully dismantled “Ghost”, an encrypted chat platform favoured by international criminal networks. The bust led to the arrest of 51 individuals, including members of organised criminal groups and international money launderers, and the seizure of weapons, narcotics and over EUR1 million in cash.
“No matter how advanced the technology, no matter how secure they think their communications are, we will find them and we will shut down their criminal activities”, Europol executive director Catherine De Bolle stated – a clear declaration of war on the providers of encrypted services who do not comply with investigations.
The dismantling of the Ghost network is just one of the high-profile busts of encrypted communication networks in recent years, as authorities look to crack the closed networks of cybercriminals, organised crime groups and international money launderers.
However, the crackdown on encrypted communications networks is not without its challenges – the chief among which is the role of digital evidence in criminal proceedings.
In 2020, French and Dutch authorities successfully infiltrated the encrypted messaging service known as EncroChat, leading to more than 6,558 arrests and the seizure or freezing of over EUR900 million in criminal funds worldwide. A sophisticated operation that led to the discovery of over 100 million encrypted messages, the bust effectively allowed authorities to monitor conversations between criminals in real time. With intercept evidence not being admissible under UK law (under Section 17 of the Regulation of Investigatory Powers Act 2000), this led to serious questions over how the data was obtained and whether it can be properly relied upon in UK proceedings.
Having gathered the digital evidence that formed a key part of numerous EncroChat prosecutions, the UK’s National Crime Agency (NCA) refused to disclose its providence – with French authorities citing reasons of national security. Efforts to instruct defence experts to reverse-engineer EncroChat devices in the hope of resolving the crucial question of how the data was obtained have been thwarted at every turn by the NCA. If the information-gathering process is not disclosed, it is impossible for the defence to test whether the data is reliable, accurate or legally acquired.
In its ruling relating to the warrants used to obtain the EncroChat data, the Investigatory Powers Tribunal said that the “history of disclosure in relation to this matter is not a happy one”. It is yet to be seen whether similar concerns will be raised in relation to the dismantling of Ghost.
The monitoring of criminal activity is of the utmost importance for intelligence services looking to tackle organised criminal activity; however, it is critical that the obtaining of this evidence falls within the confines of the law. Certainly, cases such as this bring to mind the Horizon IT scandal where the assumed reliability of computer evidence called into question the safety of dozens of criminal convictions. The Horizon scandal brought the issue of digital evidence to the forefront of public consciousness – showing how far this issue reaches across the UK legal system and how legislation is woefully unable to keep pace with the development of new technologies.
The infiltration of encrypted messaging platforms, and the nature of evidence collected as a result of this, is likely to remain a key debate among criminal defence lawyers in the UK and overseas. Much like the monitoring of end-to-end encrypted services such as Telegram, the collection of digital evidence through platforms such as EncroChat and Ghost has raised concerns over the reliability and admissibility of evidence – with an uncooperative approach to disclosure from the NCA and its European counterparts. Urgent reform is therefore needed to address these lacunae in the legal system and clarify fundamental questions surrounding the use of digital evidence.
What Next?
Following the probe into Pavel Durov and Telegram, and the infiltration of services such as EncroChat and Ghost, it is clear that the policing and monitoring of encrypted messaging platforms remains a top priority for global law enforcement and regulators. While new legislation looks to hold social media companies and service providers to account, increasing enforcement action is putting the pressure on companies and their directors to fall in line or face prosecution.
In the efforts to combat white-collar crime, cybercrime and a vast range of criminal activity, the role of encrypted software in surveillance, enforcement and prosecution is only likely to increase. It is vital therefore that the law keeps pace with the increasingly sophisticated means through which criminals communicate.
A difficult balance must be struck between legislators’ obligations to prevent the use of encrypted platforms to facilitate serious crime and the important safeguarding of content with the very real concerns around privacy.
Rather than responding with knee-jerk reactions, informed advice must be taken from experts in this field. With legislation struggling to keep pace with the increasingly complex nature of encryption and criminal activities, it is vital that the law underpinning the admissibility of digital evidence and encrypted software is clear, and in keeping with fundamental rules of evidence and human rights.
End-to-end encryption has become a cornerstone of modern messaging platforms and social media, representing a key part of how individuals ensure the safety and privacy of their communications. Rather than compromising the integrity of these services, and in doing so increasing potential vulnerabilities in the software, a careful balance must be drawn between the protection of the public’s personal data and the prevention of criminal activity.
