"Over the past four years, I have handled numerous international cases involving SkyECC, Ennetcom, EncroChat, and other PGP- or crypto-phone networks. These networks were designed to guarantee privacy through end-to-end encryption and were allegedly used by criminals for secure communication, but they quickly attracted the attention of law enforcement. What initially appeared to be an airtight weapon for prosecutors - massive hacks of encrypted messages that seemed to dismantle entire criminal networks - is becoming a legal minefield."
"That is exactly what happened in the major police operations of 2019-2021. French and Dutch authorities developed advanced techniques in which they positioned themselves as a trusted party between the user and the server. Through invisible push notifications they injected malware to steal keys. This resulted in the seizure of millions of messages, which were then shared via European Investigation Orders (EIOs) with countries such as Italy, Spain, and Germany."
"Now the tide appears to be turning: in various countries, defendants and their lawyers are demanding transparency about how the data was obtained. Judges across Europe can no longer ignore these requests; when access to the evidence is refused, the ultimate consequence is that the evidence can be excluded. Let us start in France, the epicentre of these hacks. The Cour de Cassation, France's highest court, delivered two judgments this year that pull the rug out from under the entire system."
International investigations targeted SkyECC, Ennetcom, EncroChat and other PGP- or crypto-phone networks used for encrypted communications. PGP and crypto-phones rely on asymmetric cryptography: public keys encrypt messages and private keys on recipients' devices decrypt them, making remote interception nearly impossible unless keys are compromised. In 2019–2021 French and Dutch authorities used invisible push notifications and malware to position themselves between users and servers and seize private keys, producing millions of decrypted messages shared via European Investigation Orders with multiple countries. Defendants now demand transparency about data acquisition, and courts are increasingly prepared to exclude evidence obtained without disclosure.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]