The encrypted communication service EncroChat was taken offline by the police last week. Criminals used the service to communicate with each other encrypted - so secretly. They thought. But their messages with so-called Off-the-Record encryption (OTR) were read by the police.

How exactly was that possible? That is not yet clear. There was probably an error in the use of OTR, or the police managed to tap the messages before they were encrypted. OTR is a strong form of encryption, developed to compensate for certain weaknesses in the popular PGP encryption.

Pretty Good Privacy (PGP) is an abbreviation that you will read a lot in articles about criminal messaging networks. This form of encryption is now thirty years old and is used in many ways and by many people: from so-called PGP telephones to e-mail traffic via providers such as ProtonMail.

A number of things are important with encryption. First, the messages should only be readable by the intended recipient. Second, you need to make sure that the recipient is who he says he is. Otherwise, there is a chance that your message may be intercepted by someone else.

PGP works via a system of so-called keys. Keys are algorithms or strings that can be created via an app, for example.

You give someone your public key. This can be done via email, chat or even simply by publishing the key on a website. That public key is tied to a private key, which nobody has except you. With the public key the sender makes the message unreadable, with the private key you can reverse it.

Small and large lockers

How does that work at PGP? Suppose you have a large safe and a small safe. In the large safe place the key of the small safe. Place a letter in the small safe. To ensure that the other person knows that the letter is from you, put a signature on the letter.

You lock the large safe with the public key. The recipient can open it again with his own private key, which gives him access to the key of the small safe. That way he can read the letter.

That sounds safe. However, privacy experts were not reassured that PGP was able to properly hide all information. Because what if a private key falls into the wrong hands? Then someone can open all safes intended for the owner.

They also saw another problem: it is easy for outsiders who listen in to determine the identity of the people in a conversation, if they both use the same signature or the same key for a long time. This way you will not only find out what is in the safe, but also who has had access to it.

Perfect secrecy

Therefore, in 2004, experts proposed a new method: Off-the-Record Messaging, or OTR encryption, to achieve "perfect forward secrecy".

With OTR there is only one safe, which can be opened and closed with the help of your conversation partner. The key to this safe is made based on your individual keys. This private key is different every time.

The private key is discarded at the end of the conversation. Then no one can enter the safe, not even you and your conversation partner. Not even to read something again. So if someone else steals your key later, they won't be able to open all your old safes.

Beforehand, you and your conversation partner can 'check' through another channel that you are indeed who you say you are, for example using a special password. After that, a joint signature is placed on every message.

Handy: you are so sure that you are still talking to the same person. And for an outsider, it is not possible to check who sent which message, because the shared signature is placed with every message. So a message could come from anyone in the conversation.

There are several apps in use for using OTR encryption. It is also often added to certain instant messenger services, such as Pidgin and Tor Messenger.

EncroChat kept it even simpler. The company offered Android smartphones without a SIM card, equipped with an OTR-encrypted messenger service. That worked well - until the police found a way around it.

See also: Justice could watch live communication with criminals after hacking EncroChat