According to the Supreme Court, the procedures of acquisition of chats on Sky-ECC are relevant to evaluate the usability of the results of investigation activities carried out on the conversations of users.
The parties must be guaranteed access to the documents attesting to such procedures, in order to be able to control the validity of the operations carried out and the actual correspondence of the text of the messages to the content of the intercepted conversations.
The case
The Liberty Court of Rome upheld the order implementing the measure of pre-trial detention in prison ordered by the judge for preliminary investigations for the crime of association aimed at illicit trafficking of narcotic drugs or psychotropic substances under art. 74 D.P.R. 309/1990.
Against this last order, the suspects appealed to the Supreme Court with two recourses.
With the second application, in particular, the defence contested the nature of the summary note of the Carabinieri relating to the acquisition of the Sky-ECC system’s chats, extracted following decryption of the same system and received by the Italian judicial authority through Europol.
It was noted that the defense – through this note – could only know the results of this activity, summarized by the Carabinieri, but not the documentation of Europol reporting the technical procedures of data acquisition too. Therefore, because of these assumptions, the defence complained that it had not been able to verify what the actual data acquisition methods of the Sky-ECC system had been, thus preventing any examination of the validity of the procedure used.
In fact, the relevant documents had not been made available to the defence because of the assumption that they were exchanges of information between police forces of different countries, which could not be used in court.
However, the collection of the platform’s data flows and the subsequent decryption were carried out without any prior control by the Italian judicial authority.
In this regard, the Liberty Court had held that there was a presumption of legality of the activity carried out, since the acts had been received from foreign judicial authorities.
Moreover, they had considered the chat merely as documents under art. 234, Code of Criminal Procedure, excluding that they could be considered correspondence or wiretap (of telematic flows).
The Sky – ECC system
The Sky – ECC messaging system had been at the heart of a massive joint police operation coordinated by Europol in early 2021 and planned in previous years, similar to what happened with Encrochat and other similar systems [1].
According to reports by the same agency and the Paris Prosecutor, the investigagtion activities on the chats had allowed to carry out numerous inspections and seizures in the Netherlands and in Belgium, as well as to identify over 2,000 users in France (observing a total of 70,000 users for several months), thus allowing to “take down large-scale drug trafficking and attacks on people” [2].
However, at the time, the platform issued a statement denying that the police in question had penetrated their network, stating that “SKY ECC is built on “zero-trust” security principles which assumes every request as a breach and verifies it by employing layers of security to protect its users’ messages. All SKY ECC communications are encrypted through private tunnels via private distributed networks. All messages are encrypted with today’s highest level of encryption.” [3]
In addition, the Sky-ECC statement suggested that the access made in the context of the investigation had been based on a system only apparently linked to their network, by means of devices previously stolen from the legitimate distribution chain and deprived of the security features attributed by the company.
In fact, the peculiarity of this messaging system lies in the possibility of buying an annual license (for about € 2200) for the use of devices provided by the company, which among other features have the disabling of microphones, GPS and video cameras, as well as the deletion of (encrypted) messages sent after only 30 seconds; moreover, if a receiving device is not reachable from the network, the message not received is deleted after 48 hours from sending [4].
The decision of the Supreme Court
The Court of Cassation deemed the plea relating to the acquisition of Sky-ECC chats well grounded.
The messages in question, as mentioned above, were acquired by Europol through direct access to the servers of Sky Global, the owner of the messaging system, as part of a coordinated investigation activity with the French, Belgian and Dutch police forces.
First of all, the Supreme Court has highlighted the confusion that emerges from the answer given by the Prosecutor to deny the defence access to the documents requested, overlapping the results of the investigation activities with the procedures adopted, apodictically claiming to have made available all the documentation to the defence.
The Court has considered as it is instead necessary to estimate in concrete terms – in the main criminal procedure as well as in the pre-trial detention procedure – whether the methods used for the acquisition of the chats from the servers are in contrast with mandatory provisions and fundamental principles of the legal system.
Therefore, it is necessary that the adversarial procedure is guaranteed both on the outcomes of the activity and (inevitably) on the methods of acquisition of the material, in order to be able to review its legitimacy under art. 191, Code of Criminal Procedure, and to be able to detect any unusability of evidence acquired in violation of the prohibitions established by law.
Equally, according to the Court, this assessment is also relevant in the pre-trial detention procedure, if the evidence at issue has affected the judge’s decision (as in the present case).
The Supreme Court, therefore, has ruled that it is essential for the exercise of the right of defence to know the methods and procedures adopted by the investigators, as it highlighted the fundamental aspects (of substantial nature) of the possibility of verification upon the investigation activities’ findings.
In particular, in order for the results of the analysis of a messaging service such as the one under examination to have probative value, it is necessary to verify the actual “correspondence of the text of such messaging to the literal content of the messages originally sent and received and of the users of the identified senders and recipients with the actual ones, which is why the issue at hand also unfolds its relevance with regard to the phase of collection and decryption of telematic flows“.
Through this ruling, the Supreme Court seems to have placed a first fundamental curb to the trend (often occurring in courtrooms) to underestimate the importance, in terms of probative value, of procedural hygiene in data acquisition and analysis operations, with the risk of focusing solely on the findings of such activities, depriving the accused of the right to an adversarial procedure in the formation of evidence and depriving the Judge of epistemologically essential elements for the assessment of the facts allegedly proven.
Avv. Antonio Laudisa
Dr. Marco Della Bruna
All rights reserved©
Photo by Raniero Botti ©2020
References
[1] C. Bonini, F. Bulfon, Criptomafia. Storia della guerra digitale dichiarata dalle polizie di Usa ed Europa alle reti di comunicazione protetta dei narcos e dei boss del crimine internazionale, La Repubblica, 16.12.2021.
[2] E. Follis, Europol smantella una rete telefonica criptata usata dai gruppi criminali, Euractiv, 11.03.2021.
[3] P. Arntz, Police credit “unlocked” SKY ECC encryption for organized crime bust, Malwarebites Labs, 11.03.2021.
[4] Sky ECC, what is it?, Funinformatique.
1 Comment