Laundering the Source: A Former UDEF Chief Describes How Spanish Police Conceal the True Origin of Encrypted-Communication Evidence from ANOM & SkyECC

A Confession from Inside the Anti-Drug Unit

On 19 May 2026, an inspector of the Spanish National Police testified before an investigating judge of the Audiencia Nacional and described what he called a habitual and systematic practice within the country’s elite anti-drug units: deliberately falsifying, in the official police reports submitted to courts, the true origin of the intelligence that leads to large cocaine seizures. The officer — Óscar Sánchez Gil, former head of the Madrid financial-crime unit (UDEF), now in pre-trial detention and himself accused of belonging to a major trafficking organisation — told the judge that he had taken part in those practices himself. The account was reported by elDiario.es.

His testimony must be read with caution. Sánchez Gil is an accused person, and a defendant describing institutional wrongdoing is also, unavoidably, constructing a defence. But the structural problem he describes does not depend on his own guilt or innocence — and it is precisely the problem that defence lawyers, courts and investigative journalists have been documenting across the ANOM, SkyECC and EncroChat cases for years.

How Encrypted Networks Were Cracked — and How Their Origin Vanished

For a time, the encrypted-phone networks marketed to organised crime offered communications that sat beyond the reach of law enforcement. That changed when foreign intelligence and police services penetrated the servers of those platforms, producing what is very likely the largest single body of drug-trafficking intelligence ever assembled.

The legal difficulty is what came next. Using that material in court raises serious questions: about jurisdiction and territorial sovereignty, about individualised suspicion, about whether the defence can ever test how the data was produced. According to Sánchez Gil’s testimony, Spanish anti-drug units did not resolve those questions — they concealed them, by rewriting the case file so that the evidence appeared to originate somewhere else entirely.

“Auto-Created” Intelligence and the Mechanics of Parallel Construction

The method he described has a name in other jurisdictions: parallel construction — the substitution of a clean, presentable origin for an evidentiary source the investigators would rather not disclose.

On his account, intelligence that in reality came from an intercepted encrypted platform was instead attributed to a tip from a foreign agency — the US DEA, the British NCA or SOCA, the Colombian anti-narcotics directorate. He told the judge that much of this purported international cooperation was, in his word, “auto-created”: a Spanish liaison officer abroad would be handed a text and asked to have a foreign counterpart simply sign it. The report, he said, was drafted by the Spanish brigade itself; the foreign service had supplied nothing.

The purpose of the exercise is not efficiency. It is to keep an unlawful or undisclosed source — an intercepted server, a protected informant, a dubious wiretap — out of the file that the judge and the defence are ever permitted to see.

ANOM, SkyECC and the Algeciras Container

One concrete example given in the testimony concerns a cocaine seizure in Algeciras. The intelligence, according to Sánchez Gil, originated in ANOM — the encrypted network that was itself run as a law-enforcement honeypot. The commanders of the anti-drug unit, he said, hid that origin and instead recorded the seizure as the product of a foreign police tip-off.

He told the judge that material from SkyECC was handled the same way, including in the investigation that ultimately targeted him: rather than disclose the encrypted-platform source, investigators allegedly preferred to hide the origin of the data and simulated a report in its place.

What the Defence — and the Judge — Never See

Two further allegations go to the heart of fair-trial rights. First, that investigations built on intercepted encrypted phones were deliberately kept in absolute secrecy — withheld from the supervising judge and kept out of police-cooperation databases. Second, that relevant messages, including chats reportedly implicating other members of the security forces, were never analysed, never incorporated into the reports sent to the judge, and effectively buried.

If accurate, this is not a marginal procedural defect. It means the tribunal and the defence are working from a curated file — a record from which exculpatory material, and material inconvenient to the investigators, has been removed before anyone independent is able to examine it. Sánchez Gil also complained of a separate violation of his own rights: a remote-access “trojan” placed on a phone that, he says, the judicial authorisation did not cover, and a failure to provide him with the complete intercept reports or the full contents of his seized devices.

Why This Is a Rule-of-Law Problem, Not Only a Spanish Scandal

European courts have begun to take exactly these concerns seriously. The Basel Court of Appeal recently ruled Sky ECC evidence inadmissible in part because the defence received only filtered forensic output rather than the raw intercept data — making it impossible to verify the triage performed by foreign authorities or to search for exculpatory material. The right to a fair trial under Article 6 ECHR requires that an accused be in a position to examine how evidence was produced.

A police report whose stated origin is fabricated defeats that right at the very first step. A court cannot assess the lawfulness of an interception it has been told never happened. The defence cannot challenge a chain of custody it has only ever been shown a fictional version of. And the Grand Chamber of the European Court of Human Rights has warned, in Big Brother Watch v. United Kingdom, that secret surveillance without adequate and effective guarantees against abuse can undermine the very democratic order it claims to defend. The same logic now visible in the Europol shadow-data revelations runs through this testimony: investigative power is expanding faster than the judicial control meant to check it.

The Joint Defense Team’s Position

Whatever the outcome of the case against Sánchez Gil personally, his testimony describes a mechanism that should concern every court in Europe that has admitted ANOM, SkyECC or EncroChat material into evidence: a source that has been laundered can no longer be tested.

For us, as a collective of cross-border criminal defence lawyers, the conclusion is the same one we have drawn from the encrypted-platform litigation now before national courts and the Court of Justice of the European Union. Transparency about the true source of evidence is not an optional courtesy extended to the defence. It is the precondition for judicial scrutiny — and without judicial scrutiny, there is no fair trial. We will keep fighting for it.