top of page
  • Writer's pictureThe DigitalBank Vault

Why British prosecutors can make use of evidence gathered from the hacked EncroChat Servers.

British prosecutors can make use of evidence gathered by the French and Dutch police from encrypted messaging service EncroChat’s servers thanks to a legal interpretation of whether RAM counts as data storage, the Court of Appeal has ruled.

Police and other law enforcement agencies are banned from outsourcing unlawful methods of evidence collection to foreign countries’ agencies.

“We have concluded that the only substantial question which the judge was required to answer was whether the EncroChat material was stored by or in the telecommunications system when it was intercepted.

Like him, we consider that these communications were not being transmitted but stored at that time,” said the Lord Chief Justice, Lord Burnett of Maldon.

Multiple reporting restriction orders are in force on most EncroChat cases currently before the criminal courts – though those restrictions are not being applied to police forces and the National Crime Agency, both of which have been boasting since last year about EncroChat-linked arrests and convictions, and even the contents of EncroChat messages.

The main law in play during this appeal was the infamous Snoopers’ Charter, the Investigatory Powers Act 2016. Broadly speaking, intercepting communications over a “telecommunications system” is illegal unless there’s a proper warrant.

Different types of warrant apply depending on whether the intercepted message was being transmitted or was in storage somewhere on the system. If it’s at rest, police need to apply for a Targeted Equipment Interference (TEI) warrant; if it’s in transmission, they need a Targeted Interception (TI) warrant. The NCA obtained a TEI warrant, as previously reported, arguing that the data harvested from EncroChat was being stored at the time that European police forces accessed it.

The Court of Appeal explained that in a previous judgment about EncroChat evidence, a Crown court had held that messages in a device’s RAM were to be treated as being stored for legal purposes.

That ruling also described how EncroChat worked when a user wanted to send a message, or so it summarised:

Upon launch, the app's program and some of its data would be drawn from Realm [local storage] into RAM for use by the CPU in order to send and receive messages. The owner would compose a message on the device for an identified contact and this would be held in RAM for the purposes of the app, and when instructed to send the message the app ensured its encryption, following which it would be sent to the radio chip and antenna for it to be transmitted out of the device to the EncroChat server.

When an EncroChat phone received a message, a similar process occurred:

Having passed through the EncroChat server, via the receiver's message queue, the message would arrive on the receiving device when it was switched on and was running the EncroChat app. The message would be decrypted and then held in RAM, and married with other information on the receiving device which was relevant to the app, including for instance the receiving device owner's nickname for the sender. The message would then be held in RAM for the purposes, for instance of being displayed on the screen of the device, or being forwarded to other contacts.

Matthew Ryder QC argued that based on this, prosecutors’ claims that sent messages were being stored was wrong. As described, he said, holding EncroChat messages in RAM constituted part of “transmission” as defined in law. Both prosecution and defence agreed that messages couldn’t be “stored” and “transmitted” at the same time.

Matters were complicated by nobody from the police testifying exactly how their malware worked. When the French and Dutch police hacked EncroChat they remotely deployed a man-in-the-middle technique onto its network which took snapshots of each end-user device (a smartphone running a “clean” version of Android alongside EncroChat’s own OS) and beamed their contents back to police.



Offline “ Air Gapped” Super Encryption Mobile Machines.

Ultra Encrypted Text Messaging with No Cellular or Internet Connection. No Servers.

Encryption Keys generated offline by the user , never exchanged with third parties and erased permanently after each session.

More Secure than a Face To Face Meeting.

More details?

Consult with our

Cyber Defense Experts at :


Offline “ Air Gapped” Super Encryption Mobile Machines.


Offline “ Air Gapped” Super Encryption Mobile Machines.

Full technical details:

ENCRYGMA Mobile Encryption Machine Specs
Download PDF • 1.76MB

Cyber War Grade, Mathematically UnCrackable, Quantum Safe, Air Gapped (Offline) Encryption Machines More details ? Click here: .

“ If you need to communicate top classified information or you need to store secret data and be absolutely sure that no state-sponsored hackers, no foreign Governments , no intelligence agencies will be ever able to decipher the files, you need an Above Military Level Offline SuperEncryption System” 

Cyber War Ultra Encrypted Communications.

This is an encrypted text message, that has been encrypted with an OTP cipher (quantum safe encryption- mathematically unbreakable) , on a DBV “ Air Gapped “ Offline SuperEncryption Machine. The Encrypted message is then exported from the offline device by visual means( no connections , not even physical) by scanning the QR code with an online device for then sending it safely online.

The QR code at is arrival, is scanned by the second DBV offline encryption machine , directly from the receiving online device. Afterwards , it’s deciphered safely offline. This form of super encrypted offline communications is safer than a face to face meeting .

More details? Consult with our cyber defense advisors at or visit

14 views0 comments


bottom of page