German ANOM investigations: The mysterious EU third state

The FBI had a crypto-messenger programmed that was fully intercepted. For legal reasons, the US authority received the intercepted communication via detours. Because of „hearsay court orders“, its use in German criminal proceedings is questionable.

Ever since the encrypted messenger service EncroChat was hacked by authorities from France and the Netherlands in March 2020, investigative proceedings have been piling up at law enforcement agencies across Europe. Millions of chat messages have been transmitted via Europol to the relevant authorities in EU member states for follow-up. Almost every day, therefore, there are new raids, arrests or convictions in Germany as well.

Although the hack was presumably carried out by a French secret service and involved mass surveillance without any reason, the German Federal Supreme Court – unlike some regional courts before it – recently allowed the use of EncroChat data as evidence in Germany in principle. This was because the information had been collected by France, i.e. an EU member state, and passed on within the framework of European mutual legal assistance. The countries participating in this set of rules were to be trusted in principle.

Penalty waiver for cooperation with FBI

Whether this permission to use evidence also applies to the short message service ANOM is more than doubtful. The messenger was set up by the US FBI after Vincent Ramos, the founder of the encrypted messenger Phantom Secure was arrested in 2018, and an unknown programmer agreed to cooperate with the FBI for a similar software. In return, he is said to have received immunity from prosecution for facilitating drug trafficking and other crimes.

The newly written software could be installed on ordinary Android mobile phones. It contained a master key, which the programmer handed over to the FBI. US investigators then began distributing the supposedly secure crypto service worldwide. This operation was called „Trojan Shield“.

By the time the platform was closed, 11,800 devices had been sold in over 90 countries, according to the FBI. A total of around 20 million messages are said to have been generated via them. Among the five countries where ANOM devices were predominantly used were Germany, the Netherlands, Spain, Australia and Serbia, according to a US court document. In the paper, the FBI also provides technical details on how the messenger works.

ANOM devices were predominantly used in Germany, the Netherlands, Spain, Australia and Serbia (US court document).

FBI not allowed to wiretap US citizens

A court in Australia was the first to issue an order to intercept communications via ANOM. The federal police there are said to have helped in the development of the service.

The FBI also wanted to use the intercepted conversations and text messages, but could not directly extract them for legal reasons. Because the agency is prohibited from intercepting its own nationals via ANOM, an unknown third country was therefore initially asked to receive the data.

On this server, possible US users were filtered out. Only then did the FBI have the data records sent on from the third country. The competent judicial authority of this country is said to have issued a separate court order for the regular transmission on three days of each week.

BKA access to „analysis platform“ at the FBI

In a Frankfurt trial for drug trafficking, an official of the German Federal Criminal Police Office (BKA) was therefore supposed to testify before the Regional Court on the receipt of the ANOM data. FAZ journalist David Klaubert reported in detail on the trial. According to the report, the German authority was only informed by the FBI two years after the beginning of Operation Trojan Shield that it contained extensive data records with reference to Germany.

Subsequently, the BKA was given direct access to a server described as an „analysis platform“ with mass data from ANOM surveillance; in some cases, the transmission took place via encrypted hard drives. The FBI also made this data available to Europol.

According to the BKA official questioned in court, he did not know through which third-country backdoor the FBI received the mass data. This has now been confirmed by the Federal Ministry of the Interior in its answer to a parlamentary question by the Left Party. According to this, the third country was „just as unknown to the BKA as the reason for its secrecy by the FBI“. However, it is said to be a country in the European Union.

Federal states informed from 2021

Already with EncroChat, it was not possible for the legal defence of the accused in German criminal proceedings to check the origin and completeness of the intercepted data. With the circumventions of the ANOM records by the FBI, this is now completely impossible.

The MP Clara Bünger, who had submitted the parliamentary question, criticises this as „responsibility hopping“. The concealment threatens a massive restriction of the rights of defendants in criminal proceedings in the responsible federal states. „If lawyers are no longer able to check the integrity of data that serves as evidence, the guarantees of the rule of law are in danger of being rendered meaningless,“ Bünger comments.

In January 2021, the Hessian State Office of Criminal Investigation was informed first, and in February all other states were informed about the ANOM data records available at the BKA. In order for these to be allowed to be used in German investigations and court proceedings, the Attorney General’s Office in Frankfurt finally submitted a request for legal assistance to the US Department of Justice on 31 March 2021; three months later, the government there gave the green light.

Whether and how federal authorities lobbied the US Department of Justice for permission to use the ANOM data in Germany is something the Interior Ministry wants to keep secret on the questionable grounds that a response could jeopardise currently ongoing investigations.

Court orders from „hearsay“

Several German courts consider the ANOM data to be usable in Germany. This was most recently confirmed by the Frankfurt Higher Regional Court in a ruling on EncroChat. Put simply, the judges ruled that the unknown EU member state commissioned by the FBI in Operation Trojan Shield had probably complied with European law. The European Convention on Human Rights had also not been violated by the tricky development of a fake crypto service. Finally, no German authorities had participated in the data acquisition by ANOM, the Frankfurt court says.

However, the Darmstadt Regional Court is not satisfied with this in a case against a drug dealer. It considers the ANOM data „provisionally“ usable, writes journalist Klaubert on Twitter, and the arrest warrants for the defendants are also upheld. However, the court criticises the existence of „hearsay court orders“.

The Darmstadt public prosecutor’s office is therefore called upon to find out from which unknown third country the ANOM data originated. This judicial order to investigate should also clarify in which form there was a judicial order to collect the data in the first place. The FBI is unlikely to like this transparency. Once the country has been named, data protection authorities and members of parliament there could investigate the questionable backdoor cooperation with US authorities.

Image: Drugs busted in Spain (US court document).

Autor: Matthias Monroy

Knowledge worker, activist, editor of the German civil rights journal Bürgerrechte & Polizei/CILIP.