Thomas Schofield King’s Counsel is a specialist criminal and regulatory practitioner, with a nationwide practice and a proven track record of success.
Tom’s strength lies in his complete commitment to every case in which he is involved. He moves between the criminal and civil jurisdictions effortlessly; has a meticulous approach to preparation; is always prepared to go the
extra mile; and places great emphasis on winning the trust of his clients and treating them with respect. Tom has been instructed in a wide range of criminal cases, including:
- Fraud and money laundering
- Complex drugs conspiracies
- Homicides
- Organised crime
- Modern slavery
- Terrorism
- Serious sexual offences
Appeals
Tom has over 20 years experience of conducting appeals against unfair convictions, manifestly excessive sentences, and unfair and disproportionate confiscation orders. Tom has extensive experience in the Court of Appeal Criminal Division, the High Court (Judicial Review and Case Stated appeals), and the European Court of Human Rights. A small selection of the cases Tom has dealt with, are these.
Tom has over 20 years’ experience of conducting appeals against unfair convictions, manifestly excessive sentences, and unfair and disproportionate confiscation orders. Often, Tom is instructed in cases where he did not represent the appellant at first instance and there are criticisms about the way in which the trial or sentence was dealt with. Tom has had considerable success in such appeals. Tom has extensive experience in the Court of Appeal Criminal Division, the High Court (Judicial Review and Case Stated appeals), and the European Court of Human Rights. A small selection of the cases Tom has dealt with, are these: KS v National Crime Agency [2024] EWCA Civ 1095 – an appeal to the Court of Appeal Civil Division, against the Investigatory Powers Tribunal’s finding that the National Crime Agency were entitled to apply for a Thematic Equipment Interference warrant in order to access material intercepted from an entire telecommunications network – EncroChat – with a usership of 60,000. HM Attorney General v Bowskill and Sansome [2022] EWCA Crim 1358: The Attorney General referred the sentences for both Bowskill (B) and Tom’s client, Sansome (S), to the Court of Appeal, arguing that the sentences they received after trial, were unduly lenient. The victim (V) was grabbed in street by her boyfriend B and placed in van driven by S. Whilst travelling at 70mph, V ‘left’ the back of the van & suffered catastrophic brain injuries. The jury acquitted B of ‘throwing’ V from the van (GBH with intent) and the trial judge passed sentences that did not include the fact of the injuries. The Attorney General argued on appeal that the judge should have considered not only the harm caused or intended by the kidnapping, but also any harm ‘foreseen’ ie. that V would jump from van to escape from B. Tom successfully persuaded the Court of Appeal not to increase S’s sentence. B’s sentence was doubled. See the BBC article. In 2021, Tom provided pre-appeal advice to 16 of the sub-postmaster and mistresses whose convictions were subsequently were overturned owing to the Post Office Horizon scandal. R v Neophytou and Neophytou [2021] EWCA Crim 169 – an appeal against the making of a multi-million pound hidden assets confiscation order, on the basis that: the learned judge at first instance miscalculated the benefit figure by extrapolating the turnover of two illicit businesses from just 6 days of footfall data from one of those businesses; failed to give due regard to the delay in the proceedings; wrongly increased the confiscation order to reflect the change in value of money, when the money had not been wholly retained; and imposed an unfair default term. Tom is conducting an appeal against the Court of Appeal’s judgment, to the European Court of Human Rights. The grounds of appeal to the ECHR are: that it is a breach of Article 5 of the Convention to impose a default term for a longer period than the maximum sentence for the substantive offence; and delay. R v Paul Dunleavy [2021] EWCA Crim 39 – appeal against convictions for terrorism offences. The judge at first instance had withdrawn from the jury the only defence (reasonable excuse under section 58(3) of the Terrorism Act 2000) to offences of collecting documents likely to be useful to a terrorist, in a case where the Appellant was 16 years old and suffering from Aspergers Syndrome (High Functioning Autism) – a symptom of which can be highly focused, obsessive interests in guns. Moreover, the trial judge rejected the submission that in an offence of preparing to commit a terrorist act, the jury had to be unanimous as to whether the Defendant intended to commit an act of terrorism himself or intended to assist another to do so. This was the first case in which psychiatric evidence was deemed admissible on the issue of whether it was ‘reasonable’ in law for a person suffering from Autism to indulge their curiosity to collect material likely to be useful to a terrorist (in this case, gun making manuals). Re. Sadhana Soni (a solicitor) [2019] EWCA Crim 1304 – successfully acted for a solicitor in an appeal against a substantial wasted costs order. The solicitor, who was not involved in criminal proceedings, made a request for information about a criminal case in the Crown Court so that it could be used in civil proceedings against the defendant. The court declined the request and then issued a wasted costs order in respect of the time it had taken the parties to respond to the request. The Lord Chief Justice agreed with Tom’s argument that the solicitor and her clients had not been parties to the criminal proceedings (a condition precedent for a wasted costs order) and so quashed the wasted costs order. Bapinder Sandhu v The Chief Constable of West Midlands Police [2019] EWHC 3316 (Admin) - represented the Applicant in an appeal by way of case stated. The applicant was found with over £50,000 in cash. The police made an application to forfeit the cash on the basis that on a balance of probabilities, it derived from some form of predicate crime and was going to be laundered in the future. The issue in the appeal was whether the police were required to identify the class of predicate crime; R v Lewis Poyser and others [2017] EWCA Crim 800 – defended 4 appellants in a post-R v Jogee appeal. The Appellants were convicted on the basis of parasitic accessorial liability by continuing to be involved in a kidnapping whilst foreseeing the possibility that the principal offender might wound the victim with intent, in order to reinforce the ransom demands in a way which was demonstrable to the victim’s family. R v HM [2017] (reporting restrictions apply) – successfully overturned a conviction for an appellant alleged to be involved a multi-million pound money laundering arrangement. Millions of pounds were deposited with the Defendant and others, and then transferred to a Hawala banker who in turn transferred the money to Iran. The Defendant claimed that the money had a legitimate origin and had been raised by ex-patriate Kurds in the UK, to send back to Kurds in Iran who were facing significant persecution at the hands of the so-called Islamic State (Daesh). Tom argued that the learned trial judge had undermined his own directions to the jury at the conclusion of the case, such that the Court could not be sure that the jury had safely convicted; R v Alan Evans [2015] – application for permission to appeal against a conviction for murder. The Applicant was convicted of murdering his wife by throwing her down a flight of stairs and then smothering her to death. He claimed at trial that the death had been caused as a result of a tragic accident. Post-conviction, material was discovered which (it was argued) could give rise to the possibility that a third-party intruder was responsible for the death. R v KK [2015] EWCA Crim 13 – appeal against conviction for money laundering. At trial, there was evidence of hundreds of thousands of pounds of expenditure yet the appellant had no visible means of support. The trial judge ruled that this was sufficient to raise a case against the appellant. At the appeal it was argued that the trial judge had misinterpreted the authority of R v Anwoir which permits juries to find the existence of ‘criminal property’ without any direct evidence of the same. The Court was persuaded that the trial judge should have given further directions; R v Ajaz Budi [2015] EWCA Crim 35 – successful appeal against conviction and sentence, on the basis of a biased summing up. R v Wheaton and Tumara [2014] EWCA Crim 1667 – proper application of the sentencing guidelines for drugs offences where there has been a reclassification of the drugs between the commission of the offence and sentence; R v Swinbourne [2013] EWCA Crim 2329 (2014) 178 J.P. 34 – the admissibility of confessions in ‘did he do the act’ hearings (hearings in which defendants are unfit to plead or stand trial); R v Ziarat Mahmood [2013] EWCA Crim 1291 – a post R v Waya appeal. Tom successfully obtained the return of £50,000 to a defendant who had been made the subject of an unfair and disproportionate confiscation order based on giving inaccurate income information he had given in a mortgage application.
Homicides
Tom has considerable experience of defending in all types of homicide cases: murder; unlawful act manslaughter; gross negligence manslaughter; motor manslaughters and causing death by dangerous driving; corporate manslaughter; and more recently, a genocide.
Tom has considerable experience of defending in all types of homicide cases: murder; unlawful act manslaughter; gross negligence manslaughter; motor manslaughters and causing death by dangerous driving; corporate manslaughter; and more recently, a genocide. As a Treasury Counsel monitoree, Tom dealt with several gang-related homicide cases at the Old Bailey. A small selection of Tom’s previous homicide cases, is this: Kosovan genocide case in the International Criminal Court (The Hague) – Tom has recently been instructed to defend a former politician accused of genocide and crimes against humanity. Leicester explosion case – Tom defended one of the men accused of blowing up a shop in Leicester which caused the death of 5 people, in order to make a fraudulent insurance claim. TikTok murder case – Tom defendant in the high profile ‘TikTok’ murder trial in which 2 men were run off the road and killed to prevent the revelation of an extra marital affair. Olivia Pratt-Korbel murder case – Tom defended a man who assisted the murderer. Victims’ Right to Review Scheme – Tom acted for the family of a man killed at a holiday park, by drafting a request to the Crown Prosecution Service to review their earlier decision not to charge several men suspected of the killing. The VRR scheme allows victims’ families to CPS decisions not to charge suspects. Fraud and money laundering Tom has a particular expertise in cases of fraud (including missing trader intra community frauds, cyber-frauds, boiler room frauds, long-firm frauds and inward/outward diversion frauds). Tom’s previous fraud cases involve: Eastenders alcohol diversion fraud – Tom defended the lead defendant in a complex alcohol diversion fraud case in which approximately £22 million worth of tax was evaded. The defendant received an Absolute Discharge and no Confiscation order or Director Disqualification order was imposed. Virgin Media – Tom defended in this substantial control-word sharing fraud in which Virgin Media lost £50 million of revenue by their encrypted TV signals being broken to allow customers to watch cable TV for free, without paying the usual subscription. Binary options fraud – Binary options involve an investor gambling on whether the value of a certain asset will be above or below a certain price at a set time. Binary options were originally regulated by the Gambling Commission but owing to them being so susceptible to fraud, the Financial Conduct Authority (FCA) took over the regulatory role on 3 January 2018. On 2 April 2019, the FCA banned the sale of binary options, describing them as ‘ … gambling products dressed up as financial instruments’. Tom defended one of the conspirators who defrauded 120 investors and caused a loss of over a million pounds. Tom defended a man at Kingston Crown Court in a case involving attacks on the Carbon Credit registries of the United Nations, the Federal Republic of Germany and the Kingdom of Spain, that netted several million pounds. Tom secured a non-custodial sentence for a man involved in a multi-million pound sham money service bureaux used to launder the proceeds of drug dealing, using ‘cuckoo smurfing’ and ‘Hawala banking’. Tom defended in a £4 million fraud against the NHS (the largest NHS prosecution in history). Tom defended in an extremely complex fraudulent trading case involving an estate agent charging a hidden mark up on maintenance fees. £35 million drugs money laundering scheme, using textiles companies to launder money. Operation Salerno – Tom defends in this sophisticated money laundering enterprise that processed more than £59 million in a 10-month period. The case concerns an allegation that a group offered a money laundering service to other criminal groups. Criminal groups generating illicit cash (eg. drug trafficking), deposited the cash at sites in the Midlands controlled by the money laundering group. The cash was then used to purchase scrap metal from the black market. That scrap metal was then sold to legitimate commercial metal merchants who paid for the same by bank transfer to front or coopted companies controlled by the money laundering group. Once the bank transfers were received, they were transferred to foreign bank accounts in locations making it difficult to trace the funds. It is assumed that once the money was laundered in this way, it was transferred back to the criminal groups in the UK who had generated the cash, minus a commission to the money laundering group. The money laundering group also profited by charging the commercial metal merchants VAT which was never accounted for as output tax, depriving HMRC of the VAT. The backbone of the prosecution evidence is covertly recorded conversations captured by a covert probe in the group’s office. Tom also accepts instructions in civil frauds.
Organised Crime
Tom has defended in numerous organised crime cases over the last 20 years, involving allegations of drugs and firearms trafficking, and importations or exportations of the same.
Tom has defended in numerous organised crime cases over the last 20 years, involving allegations of drugs and firearms trafficking, and importations or exportations of the same. Firearms trafficking – the case involved a serving prisoner seeking to reduce his sentence by negotiating with the National Crime Agency to give up a cache of weapons. Tom defended a man involved in a £1.59 billion (15 tonnes) Cocaine importation case. 15 tonnes of Cocaine from the Mexican cartel 'Nueva Generacion' were imported to the UK via the Netherlands hidden inside frozen chicken. Tom secured a suspended sentence for his client. EncroChat EncroChat was a secure communications network permitting voice calls and text messages between participants. It marketed itself as a legitimate company with customers in 140 countries. It purported to offer ‘end-to-end encryption’. This means that only the participants in a conversation could see or hear communications traffic in the clear, and any intermediary services (even the EncroChat administrators) could not. Some traffic, it seems, would be stored on the servers (for example, messaging where the other party was not immediately able to receive the message because the device was turned off). But EncroChat claimed that they had no means of reading this temporarily stored traffic themselves. Participants obtained Encro-phones from agents; a subscription would be paid in order to receive a handset; and the user would be assigned a unique ‘handle’ or username. The handsets consisted of a heavily modified Android smart phone (very often based on a Spanish model called BQ Aquaris). The phone used a SIM card capable only of handling data (via WiFi or General Packet Radio Service) and which was issued by the Dutch telecommunications company KPN. EncroChat devices could not connect to the telephone network, and users could not communicate with anyone except other EncroChat users who had accepted such contact. The handsets communicated with one or more servers which mediated conversations between participants. On ‘power-up’, the handset contained two apparent operating systems: on normal power up, something which seemed to be a regular Android system appeared (through which it was not possible to make regular phone calls, send text messages or access the Internet); a second partition could be accessed with a 15-digit password, which enabled the user to access the secure operating system. In later versions of the handsets the “dummy” Android disappeared, and the handset started up with a request for the 15-digit password. Until early 2020 it had been assumed by EncroChat customers that their data was impenetrable by hackers or law enforcement. However, it is understood that under the auspices of ‘Operation Emma’, the C3N unit (The Centre for Combating Digital Crime) of the French Gendarmerie managed to develop a way of accessing an EncroChat server located in premises owned by an apparently innocent third-party server-hosting service, called OVH SAS based in Roubaix, Lille. C3N gained access to an EncroChat server in December 2018 and October 2019 and arranged for a “clone” or “mirror image” of the server to be made; they then interrogated this forensic image to understand how it operated – possibly with the assistance of Dutch law enforcement (with whom the French formed a Joint Investigation Team (JIT)). They claim that they then examined the ways in which the server was able to update the operation of the handset. C3N says it then developed a ‘Remote Access Control Tool’ (a form of ‘Trojan malware’ or ‘implant’ in the terminology of the US National Security Agency and the UK’s Government Communications Headquarters) which could instal software updates on Encro handsets which enabled C3N to access data stored on the handsets and messaging traffic. We are told that the infiltration was conducted in two stages: stage I – historic data collection (data already present on the handset); and stage II – forward facing collection (data generated while the implant was active). However, the timing of exfiltration events, particularly in relation to “forward facing collection”, has been the subject of controversy which has been difficult to resolve definitively because the French authorities have classified the implant and the technical information about how it functioned, as covered by French National Defence Secrecy laws. The NCA claims that they were given to understand that the stage II collection would take place when the data was stored in a device and unencrypted, as opposed to when the data was on the OVH server or in transmission when the data would be in its encrypted state. The implant looked for: IMEI numbers (the handset identity); handle names; text messages; media files (exchanged or stored); the identification numbers of triggered cells (telephone relays); the screen unlocking and note application passwords; notes; rosters; and contacts. It also scanned for WIFI access points (including routers) in the vicinity of the handset. Encro-phones had a voice call function called, EncroTalk – a Voice over Internet Protocol (VoIP) platform. C3N claims that it did not intercept such calls but did obtain logs of their occurrence. The NCA called its own interest in EncroChat, ‘Project Venetic’. The NCA was not a formal member of the Franco-Dutch JIT. On 3 March 2020, the NCA sought to render lawful the infiltration of UK-based EncroChat users’ communications and data, by applying for a Targeted Equipment Interference (TEI) warrant under section 99(1)(a) of the Investigatory Powers Act 2016. The hack began on 1 April 2020 and data was harvested and transmitted in the first instance to a data hub controlled by C3N. The data was then transferred to Europol which had the capability to store the vast amount of data obtained. Europol transferred the relevant data to the NCA via a platform called ‘SIENA’ (the Secure Information Exchange Network Application). The NCA was then able to disseminate the data to investigation teams within the NCA or to regional law enforcement units. A ‘security notice’ was circulated by EncroChat on 12 June 2020, that read: “Today we had our domains seized illegally by government entities. They repurposed our domain to launch an attack to compromise carbon units. With control of our domain they managed to launch a malware campaign against the carbon to weaken its security. Due to the level of sophistication of the attack and the malware code, we can no longer guarantee the security of your device. We took immediate action on our network by disabling connectivity to combat the attack. You are advised to power off and physically dispose of your device immediately. Period of compromise was about 30 minutes and the best we can ascertain was about 50% of the carbon devices in Europe (due to the Updater schedule).” The hack managed to infiltrate approximately 50% of the total worldwide EncroChat users’ handles – 32,477 of the 66,134 worldwide users. Tom was at the forefront of challenges to the propriety of the NCA’s conduct in the EncroChat saga. In very broad terms, the focus of the challenges to the admissibility of EncroChat evidence in England and Wales have been: a. That the hacking method involved interception of data in the course of its transmission, which renders it prohibited material and thus inadmissible under section 56(1) of the Investigatory Powers Act 2016; b. The NCA’s thematic equipment interference warrant (issued by IPCO to the NCA so that they could lawfully obtain the intercepted data from French law enforcement) was unlawful, either because: i. The data was in fact intercepted in the course of its transmission and therefore a TEI warrant was inappropriate; or ii. The NCA knew or believed that the data had been intercepted in the course of its transmission and misled IPCO; or they were wilfully blind as to the preponderance of evidence that the data had been obtained in the course of its transmission. There have also been discrete challenges in respect of the EncroChat handsets used abroad (typically Dubai) at the time of the hack. Tom defended over 40 clients in various Courts and jurisdictions in EncroChat cases. Tom acted for a lead Claimant in the landmark EncroChat case in the Investigatory Powers Tribunal and subsequent appeal.
Fraud and money laundering
Tom has a particular expertise in cases of fraud (including missing trader intra community frauds, cyber frauds, boiler room frauds, long-firm frauds and inward/outward diversion frauds). Tom s previous fraud cases involve:
Tom has a particular expertise in cases of fraud (including missing trader intra community frauds, cyber-frauds, boiler room frauds, long-firm frauds and inward/outward diversion frauds). Tom’s previous fraud cases involve: Eastenders alcohol diversion fraud – Tom defended the lead defendant in a complex alcohol diversion fraud case in which approximately £22 million worth of tax was evaded. The defendant received an Absolute Discharge and no Confiscation order or Director Disqualification order was imposed. Virgin Media – Tom defended in this substantial control-word sharing fraud in which Virgin Media lost £50 million of revenue by their encrypted TV signals being broken to allow customers to watch cable TV for free, without paying the usual subscription. Binary options fraud – Binary options involve an investor gambling on whether the value of a certain asset will be above or below a certain price at a set time. Binary options were originally regulated by the Gambling Commission but owing to them being so susceptible to fraud, the Financial Conduct Authority (FCA) took over the regulatory role on 3 January 2018. On 2 April 2019, the FCA banned the sale of binary options, describing them as ‘ … gambling products dressed up as financial instruments’. Tom defended one of the conspirators who defrauded 120 investors and caused a loss of over a million pounds. Tom defended a man at Kingston Crown Court in a case involving attacks on the Carbon Credit registries of the United Nations, the Federal Republic of Germany and the Kingdom of Spain, that netted several million pounds. Tom secured a non-custodial sentence for a man involved in a multi-million pound sham money service bureaux used to launder the proceeds of drug dealing, using ‘cuckoo smurfing’ and ‘Hawala banking’. Tom defended in a £4 million fraud against the NHS (the largest NHS prosecution in history). Tom defended in an extremely complex fraudulent trading case involving an estate agent charging a hidden mark up on maintenance fees. £35 million drugs money laundering scheme, using textiles companies to launder money. Operation Salerno – Tom defends in this sophisticated money laundering enterprise that processed more than £59 million in a 10-month period. The case concerns an allegation that a group offered a money laundering service to other criminal groups. Criminal groups generating illicit cash (eg. drug trafficking), deposited the cash at sites in the Midlands controlled by the money laundering group. The cash was then used to purchase scrap metal from the black market. That scrap metal was then sold to legitimate commercial metal merchants who paid for the same by bank transfer to front or coopted companies controlled by the money laundering group. Once the bank transfers were received, they were transferred to foreign bank accounts in locations making it difficult to trace the funds. It is assumed that once the money was laundered in this way, it was transferred back to the criminal groups in the UK who had generated the cash, minus a commission to the money laundering group. The money laundering group also profited by charging the commercial metal merchants VAT which was never accounted for as output tax, depriving HMRC of the VAT. The backbone of the prosecution evidence is covertly recorded conversations captured by a covert probe in the group’s office. Tom also accepts instructions in civil frauds.
EncroChat
EncroChat was a secure communications network permitting voice calls and text messages between participants. It marketed itself as a legitimate company with customers in 140 countries.
EncroChat was a secure communications network permitting voice calls and text messages between participants. It marketed itself as a legitimate company with customers in 140 countries. It purported to offer ‘end-to-end encryption’. This means that only the participants in a conversation could see or hear communications traffic in the clear, and any intermediary services (even the EncroChat administrators) could not. Some traffic, it seems, would be stored on the servers (for example, messaging where the other party was not immediately able to receive the message because the device was turned off). But EncroChat claimed that they had no means of reading this temporarily stored traffic themselves. Participants obtained Encro-phones from agents; a subscription would be paid in order to receive a handset; and the user would be assigned a unique ‘handle’ or username. The handsets consisted of a heavily modified Android smart phone (very often based on a Spanish model called BQ Aquaris). The phone used a SIM card capable only of handling data (via WiFi or General Packet Radio Service) and which was issued by the Dutch telecommunications company KPN. EncroChat devices could not connect to the telephone network, and users could not communicate with anyone except other EncroChat users who had accepted such contact. The handsets communicated with one or more servers which mediated conversations between participants. On ‘power-up’, the handset contained two apparent operating systems: on normal power up, something which seemed to be a regular Android system appeared (through which it was not possible to make regular phone calls, send text messages or access the Internet); a second partition could be accessed with a 15-digit password, which enabled the user to access the secure operating system. In later versions of the handsets the “dummy” Android disappeared, and the handset started up with a request for the 15-digit password. Until early 2020 it had been assumed by EncroChat customers that their data was impenetrable by hackers or law enforcement. However, it is understood that under the auspices of ‘Operation Emma’, the C3N unit (The Centre for Combating Digital Crime) of the French Gendarmerie managed to develop a way of accessing an EncroChat server located in premises owned by an apparently innocent third-party server-hosting service, called OVH SAS based in Roubaix, Lille. C3N gained access to an EncroChat server in December 2018 and October 2019 and arranged for a “clone” or “mirror image” of the server to be made; they then interrogated this forensic image to understand how it operated – possibly with the assistance of Dutch law enforcement (with whom the French formed a Joint Investigation Team (JIT)). They claim that they then examined the ways in which the server was able to update the operation of the handset. C3N says it then developed a ‘Remote Access Control Tool’ (a form of ‘Trojan malware’ or ‘implant’ in the terminology of the US National Security Agency and the UK’s Government Communications Headquarters) which could instal software updates on Encro handsets which enabled C3N to access data stored on the handsets and messaging traffic. We are told that the infiltration was conducted in two stages: stage I – historic data collection (data already present on the handset); and stage II – forward facing collection (data generated while the implant was active). However, the timing of exfiltration events, particularly in relation to “forward facing collection”, has been the subject of controversy which has been difficult to resolve definitively because the French authorities have classified the implant and the technical information about how it functioned, as covered by French National Defence Secrecy laws. The NCA claims that they were given to understand that the stage II collection would take place when the data was stored in a device and unencrypted, as opposed to when the data was on the OVH server or in transmission when the data would be in its encrypted state. The implant looked for: IMEI numbers (the handset identity); handle names; text messages; media files (exchanged or stored); the identification numbers of triggered cells (telephone relays); the screen unlocking and note application passwords; notes; rosters; and contacts. It also scanned for WIFI access points (including routers) in the vicinity of the handset. Encro-phones had a voice call function called, EncroTalk – a Voice over Internet Protocol (VoIP) platform. C3N claims that it did not intercept such calls but did obtain logs of their occurrence. The NCA called its own interest in EncroChat, ‘Project Venetic’. The NCA was not a formal member of the Franco-Dutch JIT. On 3 March 2020, the NCA sought to render lawful the infiltration of UK-based EncroChat users’ communications and data, by applying for a Targeted Equipment Interference (TEI) warrant under section 99(1)(a) of the Investigatory Powers Act 2016. The hack began on 1 April 2020 and data was harvested and transmitted in the first instance to a data hub controlled by C3N. The data was then transferred to Europol which had the capability to store the vast amount of data obtained. Europol transferred the relevant data to the NCA via a platform called ‘SIENA’ (the Secure Information Exchange Network Application). The NCA was then able to disseminate the data to investigation teams within the NCA or to regional law enforcement units. A ‘security notice’ was circulated by EncroChat on 12 June 2020, that read: “Today we had our domains seized illegally by government entities. They repurposed our domain to launch an attack to compromise carbon units. With control of our domain they managed to launch a malware campaign against the carbon to weaken its security. Due to the level of sophistication of the attack and the malware code, we can no longer guarantee the security of your device. We took immediate action on our network by disabling connectivity to combat the attack. You are advised to power off and physically dispose of your device immediately. Period of compromise was about 30 minutes and the best we can ascertain was about 50% of the carbon devices in Europe (due to the Updater schedule).” The hack managed to infiltrate approximately 50% of the total worldwide EncroChat users’ handles – 32,477 of the 66,134 worldwide users. Tom was at the forefront of challenges to the propriety of the NCA’s conduct in the EncroChat saga. In very broad terms, the focus of the challenges to the admissibility of EncroChat evidence in England and Wales have been: a. That the hacking method involved interception of data in the course of its transmission, which renders it prohibited material and thus inadmissible under section 56(1) of the Investigatory Powers Act 2016; b. The NCA’s thematic equipment interference warrant (issued by IPCO to the NCA so that they could lawfully obtain the intercepted data from French law enforcement) was unlawful, either because: i. The data was in fact intercepted in the course of its transmission and therefore a TEI warrant was inappropriate; or ii. The NCA knew or believed that the data had been intercepted in the course of its transmission and misled IPCO; or they were wilfully blind as to the preponderance of evidence that the data had been obtained in the course of its transmission. There have also been discrete challenges in respect of the EncroChat handsets used abroad (typically Dubai) at the time of the hack. Tom defended over 40 clients in various Courts and jurisdictions in EncroChat cases. Tom acted for a lead Claimant in the landmark EncroChat case in the Investigatory Powers Tribunal and subsequent appeal.
Confiscation; account and cash freezing and forfeiture orders; and unexplained wealth orders
A large proportion of Tom s practice is taken up with confiscation matters. He advises on potential challenges to restraint orders and confiscation orders, and regularly appears in the Court of Appeal concerning such matters.
A large proportion of Tom’s practice is taken up with confiscation matters. He advises on potential challenges to restraint orders and confiscation orders, and regularly appears in the Court of Appeal concerning such matters. Tom has been at the forefront of challenges to the draconian POCA confiscation regime. Long before the Supreme Court decided in the landmark authority of R v Waya [2013] 1 AC 294 that the mortgage advance in a case of mortgage fraud, could not be considered a part of the defendant’s benefit from his criminal conduct, Tom argued the exact same point in an application to the Court of Appeal, in R v Ziarat Mahmood [2013] EWCA Crim 1291. Initially, the Court of Appeal refused leave to appeal but later granted leave (after R v Waya reached the Supreme Court) and accepted that Tom’s argument was right all along. That decision resulted in the defendant being repaid £50,000 by the confiscation authorities. Tom was also involved in the trial which later resulted in the landmark confiscation authority of R (Respondent) v Fields and others [2014] UKSC 36 in which the Supreme Court settled the issue over apportionment and enforcement of confiscation orders in multi handed conspiracies. Tom was also involved in a post R v Guraj [2016] UKSC 65 appeal – in Guraj, the Supreme Court gave guidance on how to deal with a failure by the Crown Court to make a confiscation order within the 2 years’ ‘permitted period’. The provisions of the Serious Crime Act 2015 (SCA) which came into force in June 2015, made certain amendments to the rights of third parties to confiscation proceedings, and to the Court’s obligations to such parties. The amended section 10A(2), Proceeds of Crime Act 2002 (POCA), now provides for individuals who claim to have a third-party interest in the assets of respondents to confiscation applications, to make representations at the hearing and to be represented by counsel. Prior to this change in the law, third parties had no right to be heard in confiscation hearings and could only assert their interest in property owned by a respondent, at the enforcement stage – although, in R v Hilton (Respondent) (Northern Ireland) [2020] UKSC 29 the Supreme Court preserved the right of interested third parties to assert their interest at the enforcement stage, if not considered at the time of the making of a confiscation order. SCA 2015 also created a right of appeal to the Court of Appeal (Criminal Division) by third parties, in the event of the Court refusing or failing to permit a third party to make representations to the Court concerning his interests (see section 31(5)(b), POCA 2002). Tom regularly accepts instructions from clients with third party interests. Tom defended a man who was convicted of the crime of keeping a brothel and sentenced to 27 months’ imprisonment (the maximum is 7 years). He was then ordered to pay a £3.1 million confiscation order or serve a further 10 years’ imprisonment in default. Tom’s novel grounds of appeal were that it was a breach of Art.5§1b of the European Convention on Human Rights to impose a longer default term than the maximum sentence for the substantive offence; and that the proceedings had gone on so long that it was a breach of Art.6 (delay). The ECHR is get to give its judgment. Tom has extensive experience in the field of cash forfeiture, account freezing and forfeiture orders and unexplained wealth orders. A couple of Tom’s recent cases include: X v The Commissioners of police of the Metropolis (2021) – Tom led the defence team in the then biggest account forfeiture order application in English legal history - €50 million. The team successfully negotiated the return of over €3 million to the client. See https://www.independent.co.uk/business/companies-agree-to-forfeit-ps29m-allegedly-linked-to-money-laundering-b1943632.html Bapinder Sandhu v The Chief Constable of West Midlands Police [2019] EWHC 3316 (Admin) Tom has lectured widely on asset recovery and corporate compliance responsibilities in respect of money laundering: a. Money Laundering, Bribery & Asset Recovery seminar (New Delhi, India); b. GCS 9th Annual AML convention [Compliance & Financial Crime Conference/ Proceeds of Crime Legislation in the UK] (Grand Cayman, Cayman Islands).
Investigatory Powers Tribunal
Tom has particular expertise in proceedings before the Investigatory Powers Tribunal. The IPT is a unique Tribunal which has exclusive jurisdiction to hear certain complaints against the Security Services, the National Crime Agency, His Majesty s Revenue and Customs, and police forces in respect of covert surveillance, telephone interception, and device interference.
Tom has particular expertise in proceedings before the Investigatory Powers Tribunal. The IPT is a unique Tribunal which has exclusive jurisdiction to hear certain complaints against the Security Services, the National Crime Agency, His Majesty’s Revenue and Customs, and police forces in respect of covert surveillance, telephone interception, and device interference. He is currently instructed by one of the lead complainants in the conjoined ‘EncroChat’ case in which complaint is made about the warrants obtained by the National Crime Agency to source communications data intercepted by the French Gendarmerie. He also represented that lead complainant in the appeal of part 1 of the IPT’s judgment, to the Court of Appeal Civil Division. Tom has also been involved in IPT cases concerning: the obtaining of a search warrant with the alleged ulterior motive of taking the opportunity to place a covert listening device (a probe) in a home, without informing the Court granting the warrant of the ulterior motive; and directed and intrusive surveillance allegedly conducted without appropriate authorisations.
Terrorism
Tom has defended in several terrorism cases, typically involving neurodiverse clients.
Tom has defended in several terrorism cases, typically involving neurodiverse clients. Tom defended a neurodiverse youth accused of collecting documents useful to a terrorist and preparing to commit an act of terrorism by making a homemade gun. A defence-instructed psychologist concluded that Tom’s client suffered from Asperger’s (a symptom of which can be obsessional interests). Tom made a novel argument that the diagnosis was admissible because it provided expert evidence (outside the jury’s knowledge) of an alternative innocent reason for his client’s fascination with guns and that his client would not have used the gun to commit an act of terrorism. In first trial, the judge excluded the expert report. In the retrial, Tom persuaded a different Judge to admit the diagnosis. This is the first terrorism trial in which a diagnosis of autism was admitted for this purpose. Tom defended another neurodiverse client accused of disseminating terrorist material and being involved in a transphobic attack. Tom defended in the case involving the banned far-right terrorist group, National Action.
International
Tom is part of a network of lawyers offering cooperative services across borders.
Tom is part of a network of lawyers offering cooperative services across borders. The network includes lawyers from the UK, France, the Netherlands, Germany, Spain, Italy, Montenegro, Sweden, Norway, Morrocco, the UAE (principally Dubai), the Caribbean (particularly, the Cayman Islands and British Virgin Islands). If your case has a cross-border dimension, Tom can recommend lawyers in each of these countries.
Regulatory
In the last 20 years, regulation of the private sector has grown exponentially. Cases involving alleged breaches of regulatory codes or professional discipline demand the best advocates because the stakes are so high.
In the last 20 years, regulation of the private sector has grown exponentially. Cases involving alleged breaches of regulatory codes or professional discipline demand the best advocates because the stakes are so high. Tom’s experience of prosecuting and defending in some of the most complex and grave criminal cases, has endowed him with the essential skills which clients demand in cases involving regulatory breaches, professional discipline or quasi-crime: premier advocacy; tactical awareness; forensic interrogation of telecommunications, banking, or accounting material; and extensive knowledge of court rules and procedure. He offers the complete package to clients in cases concerning the following matters: - Prosecutions brought by DBT, DESNZ, Trading Standards, DWP, SFO, HSE, FCA etc; - Breaches of Regulatory Codes (Trading Standards, Food Standards, Trademarks, Health and Safety); - Director Disqualification; - Professional Discipline (Police, Medical professions, Pharmaceutical, Accountancy, etc); - Tax Tribunals; - Data Protection Digital Security; - Sports law (Tribunals); - Money Laundering/ Bribery Regulations; - Motoring law (unfair disqualifications; technical defences to road traffic offences); - Costs appeals; and - Inquests.
Appeals
Tom has over 20 years experience of conducting appeals against unfair convictions, manifestly excessive sentences, and unfair and disproportionate confiscation orders. Tom has extensive experience in the Court of Appeal Criminal Division, the High Court (Judicial Review and Case Stated appeals), and the European Court of Human Rights. A small selection of the cases Tom has dealt with, are these.
Tom has over 20 years’ experience of conducting appeals against unfair convictions, manifestly excessive sentences, and unfair and disproportionate confiscation orders. Often, Tom is instructed in cases where he did not represent the appellant at first instance and there are criticisms about the way in which the trial or sentence was dealt with. Tom has had considerable success in such appeals. Tom has extensive experience in the Court of Appeal Criminal Division, the High Court (Judicial Review and Case Stated appeals), and the European Court of Human Rights. A small selection of the cases Tom has dealt with, are these: KS v National Crime Agency [2024] EWCA Civ 1095 – an appeal to the Court of Appeal Civil Division, against the Investigatory Powers Tribunal’s finding that the National Crime Agency were entitled to apply for a Thematic Equipment Interference warrant in order to access material intercepted from an entire telecommunications network – EncroChat – with a usership of 60,000. HM Attorney General v Bowskill and Sansome [2022] EWCA Crim 1358: The Attorney General referred the sentences for both Bowskill (B) and Tom’s client, Sansome (S), to the Court of Appeal, arguing that the sentences they received after trial, were unduly lenient. The victim (V) was grabbed in street by her boyfriend B and placed in van driven by S. Whilst travelling at 70mph, V ‘left’ the back of the van & suffered catastrophic brain injuries. The jury acquitted B of ‘throwing’ V from the van (GBH with intent) and the trial judge passed sentences that did not include the fact of the injuries. The Attorney General argued on appeal that the judge should have considered not only the harm caused or intended by the kidnapping, but also any harm ‘foreseen’ ie. that V would jump from van to escape from B. Tom successfully persuaded the Court of Appeal not to increase S’s sentence. B’s sentence was doubled. See the BBC article. In 2021, Tom provided pre-appeal advice to 16 of the sub-postmaster and mistresses whose convictions were subsequently were overturned owing to the Post Office Horizon scandal. R v Neophytou and Neophytou [2021] EWCA Crim 169 – an appeal against the making of a multi-million pound hidden assets confiscation order, on the basis that: the learned judge at first instance miscalculated the benefit figure by extrapolating the turnover of two illicit businesses from just 6 days of footfall data from one of those businesses; failed to give due regard to the delay in the proceedings; wrongly increased the confiscation order to reflect the change in value of money, when the money had not been wholly retained; and imposed an unfair default term. Tom is conducting an appeal against the Court of Appeal’s judgment, to the European Court of Human Rights. The grounds of appeal to the ECHR are: that it is a breach of Article 5 of the Convention to impose a default term for a longer period than the maximum sentence for the substantive offence; and delay. R v Paul Dunleavy [2021] EWCA Crim 39 – appeal against convictions for terrorism offences. The judge at first instance had withdrawn from the jury the only defence (reasonable excuse under section 58(3) of the Terrorism Act 2000) to offences of collecting documents likely to be useful to a terrorist, in a case where the Appellant was 16 years old and suffering from Aspergers Syndrome (High Functioning Autism) – a symptom of which can be highly focused, obsessive interests in guns. Moreover, the trial judge rejected the submission that in an offence of preparing to commit a terrorist act, the jury had to be unanimous as to whether the Defendant intended to commit an act of terrorism himself or intended to assist another to do so. This was the first case in which psychiatric evidence was deemed admissible on the issue of whether it was ‘reasonable’ in law for a person suffering from Autism to indulge their curiosity to collect material likely to be useful to a terrorist (in this case, gun making manuals). Re. Sadhana Soni (a solicitor) [2019] EWCA Crim 1304 – successfully acted for a solicitor in an appeal against a substantial wasted costs order. The solicitor, who was not involved in criminal proceedings, made a request for information about a criminal case in the Crown Court so that it could be used in civil proceedings against the defendant. The court declined the request and then issued a wasted costs order in respect of the time it had taken the parties to respond to the request. The Lord Chief Justice agreed with Tom’s argument that the solicitor and her clients had not been parties to the criminal proceedings (a condition precedent for a wasted costs order) and so quashed the wasted costs order. Bapinder Sandhu v The Chief Constable of West Midlands Police [2019] EWHC 3316 (Admin) - represented the Applicant in an appeal by way of case stated. The applicant was found with over £50,000 in cash. The police made an application to forfeit the cash on the basis that on a balance of probabilities, it derived from some form of predicate crime and was going to be laundered in the future. The issue in the appeal was whether the police were required to identify the class of predicate crime; R v Lewis Poyser and others [2017] EWCA Crim 800 – defended 4 appellants in a post-R v Jogee appeal. The Appellants were convicted on the basis of parasitic accessorial liability by continuing to be involved in a kidnapping whilst foreseeing the possibility that the principal offender might wound the victim with intent, in order to reinforce the ransom demands in a way which was demonstrable to the victim’s family. R v HM [2017] (reporting restrictions apply) – successfully overturned a conviction for an appellant alleged to be involved a multi-million pound money laundering arrangement. Millions of pounds were deposited with the Defendant and others, and then transferred to a Hawala banker who in turn transferred the money to Iran. The Defendant claimed that the money had a legitimate origin and had been raised by ex-patriate Kurds in the UK, to send back to Kurds in Iran who were facing significant persecution at the hands of the so-called Islamic State (Daesh). Tom argued that the learned trial judge had undermined his own directions to the jury at the conclusion of the case, such that the Court could not be sure that the jury had safely convicted; R v Alan Evans [2015] – application for permission to appeal against a conviction for murder. The Applicant was convicted of murdering his wife by throwing her down a flight of stairs and then smothering her to death. He claimed at trial that the death had been caused as a result of a tragic accident. Post-conviction, material was discovered which (it was argued) could give rise to the possibility that a third-party intruder was responsible for the death. R v KK [2015] EWCA Crim 13 – appeal against conviction for money laundering. At trial, there was evidence of hundreds of thousands of pounds of expenditure yet the appellant had no visible means of support. The trial judge ruled that this was sufficient to raise a case against the appellant. At the appeal it was argued that the trial judge had misinterpreted the authority of R v Anwoir which permits juries to find the existence of ‘criminal property’ without any direct evidence of the same. The Court was persuaded that the trial judge should have given further directions; R v Ajaz Budi [2015] EWCA Crim 35 – successful appeal against conviction and sentence, on the basis of a biased summing up. R v Wheaton and Tumara [2014] EWCA Crim 1667 – proper application of the sentencing guidelines for drugs offences where there has been a reclassification of the drugs between the commission of the offence and sentence; R v Swinbourne [2013] EWCA Crim 2329 (2014) 178 J.P. 34 – the admissibility of confessions in ‘did he do the act’ hearings (hearings in which defendants are unfit to plead or stand trial); R v Ziarat Mahmood [2013] EWCA Crim 1291 – a post R v Waya appeal. Tom successfully obtained the return of £50,000 to a defendant who had been made the subject of an unfair and disproportionate confiscation order based on giving inaccurate income information he had given in a mortgage application.
Homicides
Tom has considerable experience of defending in all types of homicide cases: murder; unlawful act manslaughter; gross negligence manslaughter; motor manslaughters and causing death by dangerous driving; corporate manslaughter; and more recently, a genocide.
Tom has considerable experience of defending in all types of homicide cases: murder; unlawful act manslaughter; gross negligence manslaughter; motor manslaughters and causing death by dangerous driving; corporate manslaughter; and more recently, a genocide. As a Treasury Counsel monitoree, Tom dealt with several gang-related homicide cases at the Old Bailey. A small selection of Tom’s previous homicide cases, is this: Kosovan genocide case in the International Criminal Court (The Hague) – Tom has recently been instructed to defend a former politician accused of genocide and crimes against humanity. Leicester explosion case – Tom defended one of the men accused of blowing up a shop in Leicester which caused the death of 5 people, in order to make a fraudulent insurance claim. TikTok murder case – Tom defendant in the high profile ‘TikTok’ murder trial in which 2 men were run off the road and killed to prevent the revelation of an extra marital affair. Olivia Pratt-Korbel murder case – Tom defended a man who assisted the murderer. Victims’ Right to Review Scheme – Tom acted for the family of a man killed at a holiday park, by drafting a request to the Crown Prosecution Service to review their earlier decision not to charge several men suspected of the killing. The VRR scheme allows victims’ families to CPS decisions not to charge suspects. Fraud and money laundering Tom has a particular expertise in cases of fraud (including missing trader intra community frauds, cyber-frauds, boiler room frauds, long-firm frauds and inward/outward diversion frauds). Tom’s previous fraud cases involve: Eastenders alcohol diversion fraud – Tom defended the lead defendant in a complex alcohol diversion fraud case in which approximately £22 million worth of tax was evaded. The defendant received an Absolute Discharge and no Confiscation order or Director Disqualification order was imposed. Virgin Media – Tom defended in this substantial control-word sharing fraud in which Virgin Media lost £50 million of revenue by their encrypted TV signals being broken to allow customers to watch cable TV for free, without paying the usual subscription. Binary options fraud – Binary options involve an investor gambling on whether the value of a certain asset will be above or below a certain price at a set time. Binary options were originally regulated by the Gambling Commission but owing to them being so susceptible to fraud, the Financial Conduct Authority (FCA) took over the regulatory role on 3 January 2018. On 2 April 2019, the FCA banned the sale of binary options, describing them as ‘ … gambling products dressed up as financial instruments’. Tom defended one of the conspirators who defrauded 120 investors and caused a loss of over a million pounds. Tom defended a man at Kingston Crown Court in a case involving attacks on the Carbon Credit registries of the United Nations, the Federal Republic of Germany and the Kingdom of Spain, that netted several million pounds. Tom secured a non-custodial sentence for a man involved in a multi-million pound sham money service bureaux used to launder the proceeds of drug dealing, using ‘cuckoo smurfing’ and ‘Hawala banking’. Tom defended in a £4 million fraud against the NHS (the largest NHS prosecution in history). Tom defended in an extremely complex fraudulent trading case involving an estate agent charging a hidden mark up on maintenance fees. £35 million drugs money laundering scheme, using textiles companies to launder money. Operation Salerno – Tom defends in this sophisticated money laundering enterprise that processed more than £59 million in a 10-month period. The case concerns an allegation that a group offered a money laundering service to other criminal groups. Criminal groups generating illicit cash (eg. drug trafficking), deposited the cash at sites in the Midlands controlled by the money laundering group. The cash was then used to purchase scrap metal from the black market. That scrap metal was then sold to legitimate commercial metal merchants who paid for the same by bank transfer to front or coopted companies controlled by the money laundering group. Once the bank transfers were received, they were transferred to foreign bank accounts in locations making it difficult to trace the funds. It is assumed that once the money was laundered in this way, it was transferred back to the criminal groups in the UK who had generated the cash, minus a commission to the money laundering group. The money laundering group also profited by charging the commercial metal merchants VAT which was never accounted for as output tax, depriving HMRC of the VAT. The backbone of the prosecution evidence is covertly recorded conversations captured by a covert probe in the group’s office. Tom also accepts instructions in civil frauds.
Organised Crime
Tom has defended in numerous organised crime cases over the last 20 years, involving allegations of drugs and firearms trafficking, and importations or exportations of the same.
Tom has defended in numerous organised crime cases over the last 20 years, involving allegations of drugs and firearms trafficking, and importations or exportations of the same. Firearms trafficking – the case involved a serving prisoner seeking to reduce his sentence by negotiating with the National Crime Agency to give up a cache of weapons. Tom defended a man involved in a £1.59 billion (15 tonnes) Cocaine importation case. 15 tonnes of Cocaine from the Mexican cartel 'Nueva Generacion' were imported to the UK via the Netherlands hidden inside frozen chicken. Tom secured a suspended sentence for his client. EncroChat EncroChat was a secure communications network permitting voice calls and text messages between participants. It marketed itself as a legitimate company with customers in 140 countries. It purported to offer ‘end-to-end encryption’. This means that only the participants in a conversation could see or hear communications traffic in the clear, and any intermediary services (even the EncroChat administrators) could not. Some traffic, it seems, would be stored on the servers (for example, messaging where the other party was not immediately able to receive the message because the device was turned off). But EncroChat claimed that they had no means of reading this temporarily stored traffic themselves. Participants obtained Encro-phones from agents; a subscription would be paid in order to receive a handset; and the user would be assigned a unique ‘handle’ or username. The handsets consisted of a heavily modified Android smart phone (very often based on a Spanish model called BQ Aquaris). The phone used a SIM card capable only of handling data (via WiFi or General Packet Radio Service) and which was issued by the Dutch telecommunications company KPN. EncroChat devices could not connect to the telephone network, and users could not communicate with anyone except other EncroChat users who had accepted such contact. The handsets communicated with one or more servers which mediated conversations between participants. On ‘power-up’, the handset contained two apparent operating systems: on normal power up, something which seemed to be a regular Android system appeared (through which it was not possible to make regular phone calls, send text messages or access the Internet); a second partition could be accessed with a 15-digit password, which enabled the user to access the secure operating system. In later versions of the handsets the “dummy” Android disappeared, and the handset started up with a request for the 15-digit password. Until early 2020 it had been assumed by EncroChat customers that their data was impenetrable by hackers or law enforcement. However, it is understood that under the auspices of ‘Operation Emma’, the C3N unit (The Centre for Combating Digital Crime) of the French Gendarmerie managed to develop a way of accessing an EncroChat server located in premises owned by an apparently innocent third-party server-hosting service, called OVH SAS based in Roubaix, Lille. C3N gained access to an EncroChat server in December 2018 and October 2019 and arranged for a “clone” or “mirror image” of the server to be made; they then interrogated this forensic image to understand how it operated – possibly with the assistance of Dutch law enforcement (with whom the French formed a Joint Investigation Team (JIT)). They claim that they then examined the ways in which the server was able to update the operation of the handset. C3N says it then developed a ‘Remote Access Control Tool’ (a form of ‘Trojan malware’ or ‘implant’ in the terminology of the US National Security Agency and the UK’s Government Communications Headquarters) which could instal software updates on Encro handsets which enabled C3N to access data stored on the handsets and messaging traffic. We are told that the infiltration was conducted in two stages: stage I – historic data collection (data already present on the handset); and stage II – forward facing collection (data generated while the implant was active). However, the timing of exfiltration events, particularly in relation to “forward facing collection”, has been the subject of controversy which has been difficult to resolve definitively because the French authorities have classified the implant and the technical information about how it functioned, as covered by French National Defence Secrecy laws. The NCA claims that they were given to understand that the stage II collection would take place when the data was stored in a device and unencrypted, as opposed to when the data was on the OVH server or in transmission when the data would be in its encrypted state. The implant looked for: IMEI numbers (the handset identity); handle names; text messages; media files (exchanged or stored); the identification numbers of triggered cells (telephone relays); the screen unlocking and note application passwords; notes; rosters; and contacts. It also scanned for WIFI access points (including routers) in the vicinity of the handset. Encro-phones had a voice call function called, EncroTalk – a Voice over Internet Protocol (VoIP) platform. C3N claims that it did not intercept such calls but did obtain logs of their occurrence. The NCA called its own interest in EncroChat, ‘Project Venetic’. The NCA was not a formal member of the Franco-Dutch JIT. On 3 March 2020, the NCA sought to render lawful the infiltration of UK-based EncroChat users’ communications and data, by applying for a Targeted Equipment Interference (TEI) warrant under section 99(1)(a) of the Investigatory Powers Act 2016. The hack began on 1 April 2020 and data was harvested and transmitted in the first instance to a data hub controlled by C3N. The data was then transferred to Europol which had the capability to store the vast amount of data obtained. Europol transferred the relevant data to the NCA via a platform called ‘SIENA’ (the Secure Information Exchange Network Application). The NCA was then able to disseminate the data to investigation teams within the NCA or to regional law enforcement units. A ‘security notice’ was circulated by EncroChat on 12 June 2020, that read: “Today we had our domains seized illegally by government entities. They repurposed our domain to launch an attack to compromise carbon units. With control of our domain they managed to launch a malware campaign against the carbon to weaken its security. Due to the level of sophistication of the attack and the malware code, we can no longer guarantee the security of your device. We took immediate action on our network by disabling connectivity to combat the attack. You are advised to power off and physically dispose of your device immediately. Period of compromise was about 30 minutes and the best we can ascertain was about 50% of the carbon devices in Europe (due to the Updater schedule).” The hack managed to infiltrate approximately 50% of the total worldwide EncroChat users’ handles – 32,477 of the 66,134 worldwide users. Tom was at the forefront of challenges to the propriety of the NCA’s conduct in the EncroChat saga. In very broad terms, the focus of the challenges to the admissibility of EncroChat evidence in England and Wales have been: a. That the hacking method involved interception of data in the course of its transmission, which renders it prohibited material and thus inadmissible under section 56(1) of the Investigatory Powers Act 2016; b. The NCA’s thematic equipment interference warrant (issued by IPCO to the NCA so that they could lawfully obtain the intercepted data from French law enforcement) was unlawful, either because: i. The data was in fact intercepted in the course of its transmission and therefore a TEI warrant was inappropriate; or ii. The NCA knew or believed that the data had been intercepted in the course of its transmission and misled IPCO; or they were wilfully blind as to the preponderance of evidence that the data had been obtained in the course of its transmission. There have also been discrete challenges in respect of the EncroChat handsets used abroad (typically Dubai) at the time of the hack. Tom defended over 40 clients in various Courts and jurisdictions in EncroChat cases. Tom acted for a lead Claimant in the landmark EncroChat case in the Investigatory Powers Tribunal and subsequent appeal.
Fraud and money laundering
Tom has a particular expertise in cases of fraud (including missing trader intra community frauds, cyber frauds, boiler room frauds, long-firm frauds and inward/outward diversion frauds). Tom s previous fraud cases involve:
Tom has a particular expertise in cases of fraud (including missing trader intra community frauds, cyber-frauds, boiler room frauds, long-firm frauds and inward/outward diversion frauds). Tom’s previous fraud cases involve: Eastenders alcohol diversion fraud – Tom defended the lead defendant in a complex alcohol diversion fraud case in which approximately £22 million worth of tax was evaded. The defendant received an Absolute Discharge and no Confiscation order or Director Disqualification order was imposed. Virgin Media – Tom defended in this substantial control-word sharing fraud in which Virgin Media lost £50 million of revenue by their encrypted TV signals being broken to allow customers to watch cable TV for free, without paying the usual subscription. Binary options fraud – Binary options involve an investor gambling on whether the value of a certain asset will be above or below a certain price at a set time. Binary options were originally regulated by the Gambling Commission but owing to them being so susceptible to fraud, the Financial Conduct Authority (FCA) took over the regulatory role on 3 January 2018. On 2 April 2019, the FCA banned the sale of binary options, describing them as ‘ … gambling products dressed up as financial instruments’. Tom defended one of the conspirators who defrauded 120 investors and caused a loss of over a million pounds. Tom defended a man at Kingston Crown Court in a case involving attacks on the Carbon Credit registries of the United Nations, the Federal Republic of Germany and the Kingdom of Spain, that netted several million pounds. Tom secured a non-custodial sentence for a man involved in a multi-million pound sham money service bureaux used to launder the proceeds of drug dealing, using ‘cuckoo smurfing’ and ‘Hawala banking’. Tom defended in a £4 million fraud against the NHS (the largest NHS prosecution in history). Tom defended in an extremely complex fraudulent trading case involving an estate agent charging a hidden mark up on maintenance fees. £35 million drugs money laundering scheme, using textiles companies to launder money. Operation Salerno – Tom defends in this sophisticated money laundering enterprise that processed more than £59 million in a 10-month period. The case concerns an allegation that a group offered a money laundering service to other criminal groups. Criminal groups generating illicit cash (eg. drug trafficking), deposited the cash at sites in the Midlands controlled by the money laundering group. The cash was then used to purchase scrap metal from the black market. That scrap metal was then sold to legitimate commercial metal merchants who paid for the same by bank transfer to front or coopted companies controlled by the money laundering group. Once the bank transfers were received, they were transferred to foreign bank accounts in locations making it difficult to trace the funds. It is assumed that once the money was laundered in this way, it was transferred back to the criminal groups in the UK who had generated the cash, minus a commission to the money laundering group. The money laundering group also profited by charging the commercial metal merchants VAT which was never accounted for as output tax, depriving HMRC of the VAT. The backbone of the prosecution evidence is covertly recorded conversations captured by a covert probe in the group’s office. Tom also accepts instructions in civil frauds.
EncroChat
EncroChat was a secure communications network permitting voice calls and text messages between participants. It marketed itself as a legitimate company with customers in 140 countries.
EncroChat was a secure communications network permitting voice calls and text messages between participants. It marketed itself as a legitimate company with customers in 140 countries. It purported to offer ‘end-to-end encryption’. This means that only the participants in a conversation could see or hear communications traffic in the clear, and any intermediary services (even the EncroChat administrators) could not. Some traffic, it seems, would be stored on the servers (for example, messaging where the other party was not immediately able to receive the message because the device was turned off). But EncroChat claimed that they had no means of reading this temporarily stored traffic themselves. Participants obtained Encro-phones from agents; a subscription would be paid in order to receive a handset; and the user would be assigned a unique ‘handle’ or username. The handsets consisted of a heavily modified Android smart phone (very often based on a Spanish model called BQ Aquaris). The phone used a SIM card capable only of handling data (via WiFi or General Packet Radio Service) and which was issued by the Dutch telecommunications company KPN. EncroChat devices could not connect to the telephone network, and users could not communicate with anyone except other EncroChat users who had accepted such contact. The handsets communicated with one or more servers which mediated conversations between participants. On ‘power-up’, the handset contained two apparent operating systems: on normal power up, something which seemed to be a regular Android system appeared (through which it was not possible to make regular phone calls, send text messages or access the Internet); a second partition could be accessed with a 15-digit password, which enabled the user to access the secure operating system. In later versions of the handsets the “dummy” Android disappeared, and the handset started up with a request for the 15-digit password. Until early 2020 it had been assumed by EncroChat customers that their data was impenetrable by hackers or law enforcement. However, it is understood that under the auspices of ‘Operation Emma’, the C3N unit (The Centre for Combating Digital Crime) of the French Gendarmerie managed to develop a way of accessing an EncroChat server located in premises owned by an apparently innocent third-party server-hosting service, called OVH SAS based in Roubaix, Lille. C3N gained access to an EncroChat server in December 2018 and October 2019 and arranged for a “clone” or “mirror image” of the server to be made; they then interrogated this forensic image to understand how it operated – possibly with the assistance of Dutch law enforcement (with whom the French formed a Joint Investigation Team (JIT)). They claim that they then examined the ways in which the server was able to update the operation of the handset. C3N says it then developed a ‘Remote Access Control Tool’ (a form of ‘Trojan malware’ or ‘implant’ in the terminology of the US National Security Agency and the UK’s Government Communications Headquarters) which could instal software updates on Encro handsets which enabled C3N to access data stored on the handsets and messaging traffic. We are told that the infiltration was conducted in two stages: stage I – historic data collection (data already present on the handset); and stage II – forward facing collection (data generated while the implant was active). However, the timing of exfiltration events, particularly in relation to “forward facing collection”, has been the subject of controversy which has been difficult to resolve definitively because the French authorities have classified the implant and the technical information about how it functioned, as covered by French National Defence Secrecy laws. The NCA claims that they were given to understand that the stage II collection would take place when the data was stored in a device and unencrypted, as opposed to when the data was on the OVH server or in transmission when the data would be in its encrypted state. The implant looked for: IMEI numbers (the handset identity); handle names; text messages; media files (exchanged or stored); the identification numbers of triggered cells (telephone relays); the screen unlocking and note application passwords; notes; rosters; and contacts. It also scanned for WIFI access points (including routers) in the vicinity of the handset. Encro-phones had a voice call function called, EncroTalk – a Voice over Internet Protocol (VoIP) platform. C3N claims that it did not intercept such calls but did obtain logs of their occurrence. The NCA called its own interest in EncroChat, ‘Project Venetic’. The NCA was not a formal member of the Franco-Dutch JIT. On 3 March 2020, the NCA sought to render lawful the infiltration of UK-based EncroChat users’ communications and data, by applying for a Targeted Equipment Interference (TEI) warrant under section 99(1)(a) of the Investigatory Powers Act 2016. The hack began on 1 April 2020 and data was harvested and transmitted in the first instance to a data hub controlled by C3N. The data was then transferred to Europol which had the capability to store the vast amount of data obtained. Europol transferred the relevant data to the NCA via a platform called ‘SIENA’ (the Secure Information Exchange Network Application). The NCA was then able to disseminate the data to investigation teams within the NCA or to regional law enforcement units. A ‘security notice’ was circulated by EncroChat on 12 June 2020, that read: “Today we had our domains seized illegally by government entities. They repurposed our domain to launch an attack to compromise carbon units. With control of our domain they managed to launch a malware campaign against the carbon to weaken its security. Due to the level of sophistication of the attack and the malware code, we can no longer guarantee the security of your device. We took immediate action on our network by disabling connectivity to combat the attack. You are advised to power off and physically dispose of your device immediately. Period of compromise was about 30 minutes and the best we can ascertain was about 50% of the carbon devices in Europe (due to the Updater schedule).” The hack managed to infiltrate approximately 50% of the total worldwide EncroChat users’ handles – 32,477 of the 66,134 worldwide users. Tom was at the forefront of challenges to the propriety of the NCA’s conduct in the EncroChat saga. In very broad terms, the focus of the challenges to the admissibility of EncroChat evidence in England and Wales have been: a. That the hacking method involved interception of data in the course of its transmission, which renders it prohibited material and thus inadmissible under section 56(1) of the Investigatory Powers Act 2016; b. The NCA’s thematic equipment interference warrant (issued by IPCO to the NCA so that they could lawfully obtain the intercepted data from French law enforcement) was unlawful, either because: i. The data was in fact intercepted in the course of its transmission and therefore a TEI warrant was inappropriate; or ii. The NCA knew or believed that the data had been intercepted in the course of its transmission and misled IPCO; or they were wilfully blind as to the preponderance of evidence that the data had been obtained in the course of its transmission. There have also been discrete challenges in respect of the EncroChat handsets used abroad (typically Dubai) at the time of the hack. Tom defended over 40 clients in various Courts and jurisdictions in EncroChat cases. Tom acted for a lead Claimant in the landmark EncroChat case in the Investigatory Powers Tribunal and subsequent appeal.
Confiscation; account and cash freezing and forfeiture orders; and unexplained wealth orders
A large proportion of Tom s practice is taken up with confiscation matters. He advises on potential challenges to restraint orders and confiscation orders, and regularly appears in the Court of Appeal concerning such matters.
A large proportion of Tom’s practice is taken up with confiscation matters. He advises on potential challenges to restraint orders and confiscation orders, and regularly appears in the Court of Appeal concerning such matters. Tom has been at the forefront of challenges to the draconian POCA confiscation regime. Long before the Supreme Court decided in the landmark authority of R v Waya [2013] 1 AC 294 that the mortgage advance in a case of mortgage fraud, could not be considered a part of the defendant’s benefit from his criminal conduct, Tom argued the exact same point in an application to the Court of Appeal, in R v Ziarat Mahmood [2013] EWCA Crim 1291. Initially, the Court of Appeal refused leave to appeal but later granted leave (after R v Waya reached the Supreme Court) and accepted that Tom’s argument was right all along. That decision resulted in the defendant being repaid £50,000 by the confiscation authorities. Tom was also involved in the trial which later resulted in the landmark confiscation authority of R (Respondent) v Fields and others [2014] UKSC 36 in which the Supreme Court settled the issue over apportionment and enforcement of confiscation orders in multi handed conspiracies. Tom was also involved in a post R v Guraj [2016] UKSC 65 appeal – in Guraj, the Supreme Court gave guidance on how to deal with a failure by the Crown Court to make a confiscation order within the 2 years’ ‘permitted period’. The provisions of the Serious Crime Act 2015 (SCA) which came into force in June 2015, made certain amendments to the rights of third parties to confiscation proceedings, and to the Court’s obligations to such parties. The amended section 10A(2), Proceeds of Crime Act 2002 (POCA), now provides for individuals who claim to have a third-party interest in the assets of respondents to confiscation applications, to make representations at the hearing and to be represented by counsel. Prior to this change in the law, third parties had no right to be heard in confiscation hearings and could only assert their interest in property owned by a respondent, at the enforcement stage – although, in R v Hilton (Respondent) (Northern Ireland) [2020] UKSC 29 the Supreme Court preserved the right of interested third parties to assert their interest at the enforcement stage, if not considered at the time of the making of a confiscation order. SCA 2015 also created a right of appeal to the Court of Appeal (Criminal Division) by third parties, in the event of the Court refusing or failing to permit a third party to make representations to the Court concerning his interests (see section 31(5)(b), POCA 2002). Tom regularly accepts instructions from clients with third party interests. Tom defended a man who was convicted of the crime of keeping a brothel and sentenced to 27 months’ imprisonment (the maximum is 7 years). He was then ordered to pay a £3.1 million confiscation order or serve a further 10 years’ imprisonment in default. Tom’s novel grounds of appeal were that it was a breach of Art.5§1b of the European Convention on Human Rights to impose a longer default term than the maximum sentence for the substantive offence; and that the proceedings had gone on so long that it was a breach of Art.6 (delay). The ECHR is get to give its judgment. Tom has extensive experience in the field of cash forfeiture, account freezing and forfeiture orders and unexplained wealth orders. A couple of Tom’s recent cases include: X v The Commissioners of police of the Metropolis (2021) – Tom led the defence team in the then biggest account forfeiture order application in English legal history - €50 million. The team successfully negotiated the return of over €3 million to the client. See https://www.independent.co.uk/business/companies-agree-to-forfeit-ps29m-allegedly-linked-to-money-laundering-b1943632.html Bapinder Sandhu v The Chief Constable of West Midlands Police [2019] EWHC 3316 (Admin) Tom has lectured widely on asset recovery and corporate compliance responsibilities in respect of money laundering: a. Money Laundering, Bribery & Asset Recovery seminar (New Delhi, India); b. GCS 9th Annual AML convention [Compliance & Financial Crime Conference/ Proceeds of Crime Legislation in the UK] (Grand Cayman, Cayman Islands).
Investigatory Powers Tribunal
Tom has particular expertise in proceedings before the Investigatory Powers Tribunal. The IPT is a unique Tribunal which has exclusive jurisdiction to hear certain complaints against the Security Services, the National Crime Agency, His Majesty s Revenue and Customs, and police forces in respect of covert surveillance, telephone interception, and device interference.
Tom has particular expertise in proceedings before the Investigatory Powers Tribunal. The IPT is a unique Tribunal which has exclusive jurisdiction to hear certain complaints against the Security Services, the National Crime Agency, His Majesty’s Revenue and Customs, and police forces in respect of covert surveillance, telephone interception, and device interference. He is currently instructed by one of the lead complainants in the conjoined ‘EncroChat’ case in which complaint is made about the warrants obtained by the National Crime Agency to source communications data intercepted by the French Gendarmerie. He also represented that lead complainant in the appeal of part 1 of the IPT’s judgment, to the Court of Appeal Civil Division. Tom has also been involved in IPT cases concerning: the obtaining of a search warrant with the alleged ulterior motive of taking the opportunity to place a covert listening device (a probe) in a home, without informing the Court granting the warrant of the ulterior motive; and directed and intrusive surveillance allegedly conducted without appropriate authorisations.
Terrorism
Tom has defended in several terrorism cases, typically involving neurodiverse clients.
Tom has defended in several terrorism cases, typically involving neurodiverse clients. Tom defended a neurodiverse youth accused of collecting documents useful to a terrorist and preparing to commit an act of terrorism by making a homemade gun. A defence-instructed psychologist concluded that Tom’s client suffered from Asperger’s (a symptom of which can be obsessional interests). Tom made a novel argument that the diagnosis was admissible because it provided expert evidence (outside the jury’s knowledge) of an alternative innocent reason for his client’s fascination with guns and that his client would not have used the gun to commit an act of terrorism. In first trial, the judge excluded the expert report. In the retrial, Tom persuaded a different Judge to admit the diagnosis. This is the first terrorism trial in which a diagnosis of autism was admitted for this purpose. Tom defended another neurodiverse client accused of disseminating terrorist material and being involved in a transphobic attack. Tom defended in the case involving the banned far-right terrorist group, National Action.
International
Tom is part of a network of lawyers offering cooperative services across borders.
Tom is part of a network of lawyers offering cooperative services across borders. The network includes lawyers from the UK, France, the Netherlands, Germany, Spain, Italy, Montenegro, Sweden, Norway, Morrocco, the UAE (principally Dubai), the Caribbean (particularly, the Cayman Islands and British Virgin Islands). If your case has a cross-border dimension, Tom can recommend lawyers in each of these countries.
Regulatory
In the last 20 years, regulation of the private sector has grown exponentially. Cases involving alleged breaches of regulatory codes or professional discipline demand the best advocates because the stakes are so high.
In the last 20 years, regulation of the private sector has grown exponentially. Cases involving alleged breaches of regulatory codes or professional discipline demand the best advocates because the stakes are so high. Tom’s experience of prosecuting and defending in some of the most complex and grave criminal cases, has endowed him with the essential skills which clients demand in cases involving regulatory breaches, professional discipline or quasi-crime: premier advocacy; tactical awareness; forensic interrogation of telecommunications, banking, or accounting material; and extensive knowledge of court rules and procedure. He offers the complete package to clients in cases concerning the following matters: - Prosecutions brought by DBT, DESNZ, Trading Standards, DWP, SFO, HSE, FCA etc; - Breaches of Regulatory Codes (Trading Standards, Food Standards, Trademarks, Health and Safety); - Director Disqualification; - Professional Discipline (Police, Medical professions, Pharmaceutical, Accountancy, etc); - Tax Tribunals; - Data Protection Digital Security; - Sports law (Tribunals); - Money Laundering/ Bribery Regulations; - Motoring law (unfair disqualifications; technical defences to road traffic offences); - Costs appeals; and - Inquests.
“The lawyer handled our case with absolute professionalism and care. Highly recommend.”
— Jane Smith
“I felt supported every step of the way. Excellent communication and results.”
— John Doe
Awards & Accreditations
