A court in Belgium has refused to allow defence lawyers in a high-profile drugs case extra time after a forensic expert found that digital evidence obtained by police in a hacking operation against the Sky ECC encrypted phone network and relied on by prosecutors was “unreliable”.
The Antwerp Regional Court heard evidence from a British forensic expert that raised new doubts over the digital evidence supplied by Belgian police to prosecute multiple criminal cases linked to a high-profile drugs kingpin, Nordin El Hajjioui, who is accused of importing narcotics through Antwerp.
Defence lawyers presented evidence from forensic expert Duncan Campbell that found errors and inconsistencies in data analysed by Belgian investigators that had not been explained or highlighted to the court. His report suggested the data was processed by people who may not have understood how to process it correctly.
‘Identical’ datasets were not identical
The court heard that there were significant differences between datasets submitted in 2022 and 2025 that prosecutors had claimed were “identical”. It found that 108,000 messages had been added to the most recent dataset.
Prosecution claims that the new messages had only recently been decrypted did not stand up to scrutiny, as the unencrypted versions of the new messages did not exist in the original data, and a large proportion of the new messages had yet to be decrypted.
The court was told that the processes used to provide Sky ECC data to the court were not transparent or verifiable, and that there was no indication that police data analysis conformed with internationally accepted forensic standards.
The data files were not certified by digital fingerprints, file hashes or digital signatures which are used to verify that no accidental or deliberate changes could have been made to digital evidence.
Belgium developed web tool to analyse data
The Belgian police used previously undisclosed web software, known as Edge, developed by Belgium’s directorate for the fight against serious and organised crime (DJSOC) as a platform to analyse data from Sky ECC, it emerged.
According to Reisinger, Campbell’s analysis showed that the Edge tool was not fit for purpose, had produced significant errors, and did not produce evidence to the standard required for criminal trials.
Evidence presented in spreadsheets had gone through filtering processes, which had led to messages being duplicated or changed, or being linked to different Sky ECC identities or different times and content.
Defence refused raw intercept data
Defence lawyers said that to complete their investigation into the reliability of the data, they would need access to the raw intercepted data from Sky ECC and information about the chain of custody of the data, which has not been disclosed to the court by police.
“There are problems and we need to establish the reliability of the data. We asked for the raw data and an explanation from the police of the chain of evidence, but in the end, the court decided not to do it,” said Reisinger.
Prosecutors claimed that Campbell, who acted as an expert witness in trials against drug gangs that used the EncroChat encrypted phone network and produced joint reports with a forensic expert from the UK’s National Crime Agency, was not independent.
The court said it would take Campbell’s findings into consideration, but would not postpone the trial to allow further expert analysis of the reliability of the data.
French interception operation
The prosecution against El Hajjioui, known as Dikke Nordin, relies on messages intercepted by French, Dutch and Belgian police from a hacking operation into the Vancouver-based encrypted phone network, Sky ECC, in 2020.
The operation provided police with “real-time” access to messages exchanged between members of organised criminal groups, after they attached a “man-in-the-middle” server to the Sky ECC infrastructure at the OVH Datacentre in Roubaix, France (pictured above), to intercept messages and encryption keys.
Some 1,600 Belgian law enforcement officers took part in raids in March 2021 on premises linked to drugs, money laundering and bribery, after police infiltrated Sky ECC’s servers in France and decrypted “hundreds of millions” of supposedly encrypted messages.
Spain and Italy question Sky ECC reliability
The reliability of Sky ECC evidence was called into question last week by courts in Italy and Spain. The provincial court in València acquitted 14 people after finding that prosecutors could not rely on digital evidence to prove their case, unless the defence was provided with access to the raw intercepted Sky ECC data.
An Italian court separately ordered prosecutors to make raw intercept data available to defendants to allow them to conduct independent checks into the reliability of the evidence.
The case against Nordin El Hajjioui is due to resume tomorrow.