Encrypted Evidence and Constitutional Boundaries: Over the past several years, German criminal courts have been confronted with an influx of evidence originating from encrypted communications services—so-called “Kryptomessenger” platforms—such as EncroChat, SkyECC, and, more recently, Anom. These platforms, marketed as secure communication tools, often served the criminal underworld as havens for logistical coordination, trafficking, and financial transactions.
Once considered virtually impenetrable, they were ultimately infiltrated by international law enforcement operations. This development has sparked a cascade of legal proceedings in Germany, bringing to the surface one of the most delicate tensions in modern criminal procedure: the admissibility of foreign-sourced, technologically complex digital evidence in a system constrained by strict constitutional norms.
EncroChat as a Precedent: Technical Intrusion and Judicial Response
EncroChat became the catalyst. Following a covert operation led by French and Dutch authorities, a large portion of the network traffic from EncroChat devices was captured, decrypted, and forwarded to German law enforcement. The technical details remain opaque, and German authorities were not involved in the initial operation. Nonetheless, German prosecutors began building cases based on this imported data.
At the heart of the legal debate lies the issue of evidentiary admissibility. Under German constitutional law, any interference with the fundamental rights enshrined in Articles 10 (privacy of correspondence) and 13 (inviolability of the home) of the Basic Law must meet the standards of legality, proportionality, and judicial authorization. Critics pointed to a lack of transparency and judicial review in how the original data was collected, arguing that its use in German trials amounted to a backdoor circumvention of constitutional guarantees.
Courts across Germany responded in varied fashion. While some trial courts and appellate chambers expressed skepticism, the prevailing trend has been to admit EncroChat data as evidence, provided it was transmitted via official channels such as mutual legal assistance treaties (MLATs). The courts emphasized that since the intrusion occurred on foreign territory and under the laws of the executing states, German legal standards on surveillance did not apply directly. This “territorial dissociation” allowed prosecutors to sidestep the strict procedural requirements of the German Code of Criminal Procedure (StPO) and instead rely on the international cooperation framework.
The Conceptual Fragility of Judicial Reasoning
This line of reasoning has not gone unchallenged. Legal scholars and defense attorneys argue that such an approach risks hollowing out constitutional protections. If foreign authorities, acting under legal standards incompatible with German norms, can produce evidence admissible in domestic courts, then constitutional rights may become conditional upon jurisdictional happenstance.
Moreover, this logic may lead to a paradox: that the more effectively Germany outsources intrusive operations to foreign partners, the less its own constitutional framework can be invoked to protect its residents. This dynamic has sparked calls for a reassessment of the doctrine of Beweisverwertungsverbote—the exclusion of unlawfully obtained evidence—which remains a jurisprudentially unsettled terrain in German criminal law.
SkyECC and Anom: Echoes and Variations
Subsequent waves of prosecutions based on data from SkyECC and Anom followed similar patterns. SkyECC, also dismantled through coordinated law enforcement efforts, mirrored many of the legal questions raised by EncroChat. Yet with each new messenger comes an additional layer of complexity. The Anom operation—secretly run by the FBI—led to a more entangled scenario. While data from Anom devices found their way to German prosecutors, the path of transmission, the legal foundation for data sharing, and the scope of judicial oversight remain deeply opaque.
Here again, courts have largely chosen to defer to the lawfulness of the foreign operation, emphasizing that German authorities acted in good faith and within the bounds of international legal cooperation. This reflects a growing pragmatism—if not resignation—within the judiciary: a recognition that in the digital realm, the chain of custody may no longer be traceable with the clarity once demanded by analogue norms.
Evidence Exclusion: A Hollow Remedy?
The German legal system lacks a general exclusionary rule comparable to the American “fruit of the poisonous tree” doctrine. Instead, the admissibility of unlawfully obtained evidence is assessed on a case-by-case basis, often with reference to balancing tests involving the gravity of the offense, the nature of the procedural violation, and the hypothetical deterrent effect of exclusion.
In the context of Kryptomessenger data, courts have shown a marked tendency to admit evidence even where procedural irregularities exist. They emphasize the “overwhelming probative value” of decrypted communications and the public interest in prosecuting serious crime. At the same time, this position undermines the consistency of fundamental rights enforcement. If constitutional standards yield when evidence is powerful or offenses severe, then their protective function becomes circumstantial.
The Role of Trust in Cross-Border Digital Policing
Underlying these developments is a deeper question of mutual trust. German courts have, implicitly or explicitly, endorsed the notion that European partners (and in some cases even the United States) operate under legal standards sufficiently compatible with Germany’s own to warrant evidentiary recognition. This assumption of “functional equivalence” lies at the core of the European legal order—but it becomes fragile when applied to novel technical contexts involving invasive surveillance, bulk data harvesting, and opaque cooperation agreements.
Furthermore, defense rights and procedural equality are placed under strain when the defense has no practical means to examine how the evidence was originally obtained. Encryption, secrecy classifications, and foreign jurisdictional shields render meaningful challenges virtually impossible. In effect, the legal process risks becoming asymmetrical: the prosecution wields powerful digital tools sourced from opaque foreign operations, while the defense is left to contest shadows.
Conclusion: A System Under Normative Tension
The German judiciary’s engagement with Kryptomessenger evidence marks a transitional moment in criminal law and constitutional theory. Courts are navigating uncharted terrain, balancing respect for international cooperation with the imperatives of domestic rights. For now, the trend favors admissibility, justified by pragmatic necessity and framed by doctrinal elasticity. Yet this trajectory is not without risk. As digital policing becomes more transnational and more opaque, the legal system must guard against the erosion of transparency, accountability, and constitutional proportionality.
Whether the German legal order can preserve its integrity under the pressure of global surveillance alliances remains an open question—one whose answer may define the future of evidence law in the digital century.
Our law firm specialises in criminal defence, white-collar crime and IT law / technology law. Note our activity in digital evidence in IT security and software law.
- Liability of Companies in Phishing and CEO Fraud Incidents - 13. May 2025
- Domain Law in Germany - 10. May 2025
- Art Law in Germany - 10. May 2025