A FORMER National Crime Agency (NCA) technical officer told the Old Bailey that it was "common" for the agency's evidence of message data sent on EncroChat phones to be "incomplete".

Luke Shrimpton, who is now a private consultant used by the NCA to give evidence on its behalf after working directly for it, gave evidence during the trial of James Harding, 34, and Jayes Kharouti, 39, from Epsom, Surrey, at the Central Criminal Court today (May 8 2025).

But, Mr Shrimpton insisted the incompleteness of some of the datasets had no bearing on the "reliability of the evidence."

Harding is accused of being a "multi-million pound cocaine kingpin" who tried to "organise a murder on EncroChat from his luxury Dubai base", while

Harding is alleged to have been in control of a cocaine importation operation that generated £5 million of profits in the space of just ten weeks in early 2020, with importations arranged through the encrypted devices the National Crime Agency (NCA) says was used exclusively by organised criminals.

Harding denies being the user of an EncroChat handle called "thetopsking" who sent messages concerning a multi-million pound cocaine network and the plot to murder of an unnamed drug runner, which did not take place.

He has pleaded not guilty to one count of evading a prohibition on the importation of cocaine and another of conspiracy to murder.

Kharouti, who is alleged to be Harding's right hand man, has admitted on November 8 2024 being the EncroChat users "besttops" and "topsybricks" one count of evading a prohibition on the importation of cocaine, but denies any involvement in the murder conspiracy.

The jury was told 9,136 messages sent via EncroChat between "besttops" and "thetopsking" between March and June 2020.

The case is based mainly on this message evidence, and between other alleged associates, which was supplied to the NCA by the French Gendarmerie after cyber experts at its digital crime unit managed to infiltrate the supposedly encrypted system on April 1 2020.

The French then accessed historic messages and ongoing "live" data being sent by around 60,000 EncroChat users worldwide and ongoing messages in transition, before allowing police across Europe access to the same for phones being used in their jurisdictions.

There were around 9,000 users in the UK.

Before Mr Shrimpton gave evidence a statement made by Jeremy Decou, an officer working in the digital crime unit of the French Gendarmerie, was read to the court.

Mr Decou said the French would never disclose how the managed to implant software into the EncroChat system for national security reasons.

He said: "Details of the data capture took cannot be disclosed as they are covered by French national security.

"On April 1 2020 we proceeded to the injection of the capture tool - we cannot describe the injection method precisely at risk of revealing classified elements."

He said the captured data was duplicated and transmitted to Europol for sharing to other countries.

Because "live interceptions" of communications in transmission are not admissible in British courts (whereas stored data such as sent emails or messages is) the NCA was in talks with Mr Decou in March 2020 ahead of the infiltration about the nature of the evidence that could be provided.

The court heard that the British authorities were still requesting answers about the data capture from Mr Decou in September 2020 regarding the previous investigate order six months earlier in March 2020.

This was after several people had already been charged under the NCA's EncroChat investigation Operation Venetic, and by other police forces, and after legal challenges over the admissibility of live evidence had already been made.

Mr Decou's statement said the NCA asked in September 2020 a series of questions about how messages had been captured and stored.

Question iv) was "from what location or locations" were "the text of the messages captured from?"

The questions then asked if it was it was a) "stored on the phone sending it, b) the phone receiving it, c) stored on the server or d) during transition." 

Mr Decou said the reply was that the French "cannot answer this question without reveal operational methods covered by national security."

He then detailed in his written evidence how the NCA went on to ask a string of 19 further highly technical questions about its integrity and continuity in late 2023 about the integrity of the EncroChat data it had received from the French.

Questions included whether the data was sent from EncroChat to a computer controlled by the Gendarmerie, how its integrity was ensured, if hashed data was subject to other checks to ensure its integrity, what program and criteria were used to sort the data, what steps were taken to ensure its accuracy, would sorting errors be identified by the programme, was a system called R-Sync used to copy the data.

The NCA also asked about which programmes were used to produce two separate spreadsheets of evidence that it had been sent a) about the device under investigation and b) about those in contact with it.

Mr Decou's written evidence was that the subsequent reply informed the NCA that "the data was "captured in accordance with the provisions of the French Code of Criminal Procedures" but he reiterated it was subject to national security.

However, he added that it was subject to "in-depth checks and tests to ensure the integrity of the data" and was sent "directly from EncroChat phones to a system "under the control of the Gendarmerie".

He added that the system of data collection used the device in question's IMEI number and the IMSI number of its sim, so it was not possible for data to be misallocated in relation to a handset and a sim.

Data was then sorted over three levels, he said, first by country of use, then by IMEI and IMSI pair and then by the date on which the data was captured.

"No sorting errors were found during the test or production stage," he said.

The French also confirmed that the data was copied using the "R Sync programme" under the control of the Gendarmerie and then held by Europol, and "no sorting errors were made using R Sync."

He said the first spreadsheets provided were from "the device understudy" and the second spreadsheets were from the "phones in contact with the device being investigated."

After Mr Decou's statement was read out, Mr Shrimpton gave his evidence from the stand.

The court heard that he in 2011 he got a degree in engineering at Bristol University then in 2016 he got an MA in philosophy at Edinburgh University. He also worked as a research assistant in relation to a data site in Edinburgh, before, in 2016, getting a position as an NCA Senior Technical Officer.

He began looking at recovered EncroChat phones for the NCA in 2018 and became involved in the "reverse engineering" of the phones to try to get a "precise technical understanding of how the system worked."

He set up two emulated EncroChat phones to see how they worked, the court was told.

Asked about the French implant, he said: "If the implant is unreliable it means it is not picking up a ll the data on the device. If it is reliable it is getting all the data on the device."

He went on to say that the material provided to the NCA by the French for Operation Venetic was often incomplete in terms of data.

He added: "It is common that the Venetic material is incomplete, but that does not mean the data is unreliable."

He also said that, as that had been two phases of data collection, that there were often duplicated messages within the data collected.

He said if the time stamps matched for the duplicated messages then they were consistent, but if "they are different in a way we cannot explain, then that is unreliable, and it shows some inconsistency somewhere.

"As long as the messages were consistent it did not indicate a reliability issue if they were duplicated. 

if some messages were missing from a phase two collection not mean unreliable."

he said in an ideal world there would be no discrepancies but there were instances of "incompleteness" in that they had a message sent from Alice to Bob recovered from Bob's handset that was not on Alice's handset.

"They French process system may have had a bug" causing this, he said.

There were also differences between "burn times" in some cases with a burn time of zero in phase one and a different one in phase two.

But, this was caused by the original collection betting it as "pending message" and then the second as a "sent message", he said.

Mr Shrimpton insisted that of any of the discrepancies found, he had seen nothing that indicated any unreliability of the evidence.

Asked by prosecutor Duncan Atkinson "in the work you have undertaken since 2018 have you had any inconsistencies in the date you looked at to indicate the data was unreliable, he replied "no." 

Under cross examination by the defence, Mr Shrimpton said he was an expert on digital data, but not its forensic investigation.

He also accepted that he did not know how the French collected the data and had not been able to discuss it with French technicians.

He also said that in October 2020, he had upgraded to a new mobile phone, without transferring any data from his previous phone, meaning that any messages conversations he had about EncroChat with the French had been lost.

The trial continues.