The Regional Court of Freiburg (Landgericht Freiburg) has significantly restricted the use of “chance finds” from the encrypted messaging service Sky-ECC in criminal proceedings, ruling that such evidence may not be used if it violates the privacy of the communications. This decision limits the ability of German prosecutors to introduce evidence discovered incidentally during the decryption of Sky-ECC servers, specifically when that evidence does not relate to the primary objective of the initial investigation.
The ruling centers on the admissibility of data obtained through international cooperation, primarily via the French authorities who managed the decryption of the Sky-ECC network. Under German law, the principle of “proportionality” and the protection of the “core area of private life” (Kernbereich privater Lebensgestaltung) dictate that not all intercepted data can be used in court, even if the data was legally obtained by a foreign power.
Sky-ECC was marketed as a secure, encrypted communication tool for criminals, and its compromise led to thousands of arrests across Europe. However, the Freiburg court’s decision underscores a tension between law enforcement’s desire for comprehensive evidence and the constitutional rights of defendants in Germany. The court found that the broad use of data not directly linked to the original warrant or a specific, severe crime could constitute an inadmissible breach of privacy.
Why the Freiburg Court Restricted Sky-ECC Evidence
The core of the legal dispute involves “Zufallsfunde,” or chance discoveries. In many Sky-ECC cases, investigators searching for evidence of large-scale drug trafficking or organized crime stumbled upon messages detailing unrelated, lesser offenses. The Regional Court of Freiburg ruled that the mere fact that data was decrypted does not grant the state a “blank check” to prosecute every single conversation found on the device.
According to the court’s reasoning, the use of such evidence must be weighed against the severity of the crime. If the “chance find” reveals a minor offense, the intrusion into the defendant’s privacy—which is considered a high-level constitutional right in Germany—outweighs the public interest in prosecution. This aligns with established precedents from the Federal Constitutional Court regarding the inviolability of the home and the privacy of correspondence.
The court emphasized that for evidence to be admissible, there must be a clear link to the original purpose of the surveillance or a new, justified legal basis for the specific “chance” discovery. Without this, the evidence is deemed a violation of the defendant’s fundamental rights, rendering it unusable in a trial.
How the Sky-ECC Decryption Process Worked
To understand the impact of the ruling, it is necessary to examine how the data was acquired. Sky-ECC operated as a closed ecosystem using modified handsets. In 2021, French police, with the help of international partners, managed to infiltrate the service’s infrastructure, allowing them to read messages in real-time and access archived chats.
This operation, coordinated by Europol, resulted in the seizure of massive datasets containing millions of messages. Because the data was collected in France and then shared with German authorities via mutual legal assistance treaties, a legal gray area emerged: whether the data should be subject to French law (where the seizure occurred) or German law (where the trial takes place).
The Freiburg court has sided with the application of German constitutional standards. This means that even if the data was legally seized under French law, its use in a German courtroom must still comply with the German Basic Law (Grundgesetz), particularly concerning the protection of personal privacy.
What This Means for Current Criminal Cases
This ruling creates a significant hurdle for prosecutors in ongoing “Sky-ECC” trials across Germany. Many cases rely on a “mosaic” of evidence, where a series of chance finds build a profile of a criminal network. If the Freiburg precedent is adopted by other regional courts or the Federal Court of Justice, a large volume of evidence currently used in narcotics and weapons trafficking cases could be struck from the record.

Defense attorneys are expected to use this ruling to file motions to exclude evidence in hundreds of pending cases. The primary arguments will likely focus on:
- Whether the evidence was a “chance find” unrelated to the original warrant.
- Whether the crime revealed by the chance find is severe enough to justify the privacy breach.
- Whether the data entered the “core area” of the defendant’s private life (e.g., conversations with family or medical details).
For the prosecution, this means they must now more carefully document the “path” to each piece of evidence, proving that the discovery was not an arbitrary fishing expedition but a necessary step in a targeted investigation.
The Broader Impact on Encrypted Communication Law
The Freiburg decision is part of a wider European legal struggle over “EncroChat” and “Sky-ECC” data. Similar challenges have occurred in the United Kingdom and the Netherlands, where courts have had to decide if bulk data intercepts are compatible with the European Convention on Human Rights.
In Germany, the legal system is particularly protective of the “Kernbereich” (core area) of privacy. This is a legal concept that suggests certain communications—such as those with a spouse, a lawyer, or a priest—are absolutely protected and cannot be used as evidence, regardless of the crime being investigated. The Freiburg court’s ruling extends this protection to the way chance finds are handled, ensuring that the state cannot use a broad digital dragnet to prosecute minor crimes.
This ruling effectively signals that the “technical ability” to decrypt and read messages does not equate to the “legal right” to use that information in every instance. As AI-driven analysis of these datasets becomes more common, the courts are increasingly concerned about the lack of filters between the raw data collection and the evidence presented in court.
The next critical checkpoint for this legal trajectory will be when these cases reach the Federal Court of Justice (Bundesgerichtshof), which will likely provide a definitive ruling on the admissibility of foreign-acquired encrypted data across all German jurisdictions. Legal observers are monitoring upcoming appeals to see if the Freiburg standard becomes the national benchmark.
Do you believe privacy rights should outweigh the need for evidence in organized crime cases? Share your thoughts in the comments below.