August 19, 2023 | By Lorenzo Franceschi-Bicchierai | TechCrunch|
The phone hacking tech company asks law enforcement users to keep the use of its technology as secret as possible
For years, cops and other government authorities all over the world have been using phone hacking technology provided by Cellebrite to unlock phones and obtain the data within. And the company has been keen on keeping the use of its technology “hush hush.”
As part of the deal with government agencies, Cellebrite asks users to keep its tech — and the fact that they used it — secret, TechCrunch has learned. This request concerns legal experts who argue that powerful technology like the one Cellebrite builds and sells, and how it gets used by law enforcement agencies, ought to be public and scrutinized.
In a leaked training video for law enforcement customers that was obtained by TechCrunch, a senior Cellebrite employee tells customers that “ultimately, you’ve extracted the data, it’s the data that solves the crime, how you got in, let’s try to keep that as hush hush as possible.”
“We don’t really want any techniques to leak in court through disclosure practices, or you know, ultimately in testimony, when you are sitting in the stand, producing all this evidence and discussing how you got into the phone,” the employee, who we are not naming, says in the video.
For legal experts, this kind of request is troubling because authorities need to be transparent in order for a judge to authorize searches, or to authorize the use of certain data and evidence in court. Secrecy, the experts argue, hurts the rights of defendants, and ultimately the rights of the public.
“The results these super-secretive products spit out are used in court to try to prove whether someone is guilty of a crime,” Riana Pfefferkorn, a research scholar at the Stanford University’s Internet Observatory, told TechCrunch. “The accused (whether through their lawyers or through an expert) must have the ability to fully understand how Cellebrite devices work, examine them and determine whether they functioned properly or contained flaws that might have affected the results.”
“And anyone testifying about those products under oath must not hide important information that could help exonerate a criminal defendant solely to protect the business interests of some company,” said Pfefferkorn.
Hanni Fakhoury, a criminal defense attorney who has studied surveillance technology for years, told TechCrunch that “the reason why that stuff needs to be disclosed, is the defense needs to be able to figure out ‘was there a legal problem in how this evidence was obtained? Do I have the ability to challenge that?’”
The Cellebrite employee claims in the video that disclosing the use of its technology could help criminals and make the lives of law enforcement agencies harder.
“It’s super important to keep all these capabilities as protected as possible, because ultimately leakage can be harmful to the entire law enforcement community globally,” the Cellebrite employee says in the video. “We want to ensure that widespread knowledge of these capabilities does not spread. And if the bad guys find out how we’re getting into a device, or that we’re able to decrypt a particular encrypted messaging app, while they might move on to something much, much more difficult or impossible to overcome, we definitely don’t want that.”
Cellebrite spokesperson Victor Cooper said in an email to TechCrunch that the company “is committed to support ethical law enforcement. Our tools are designed for lawful use, with the utmost respect for the chain of custody and judicial process.”
“We do not advise our customers to act in contravention with any law, legal requirements or other forensics standards,” the spokesperson said. “While we continue protecting and expect users of our tools to respect our trade secrets and other proprietary and confidential information, we also permanently continue developing our training and other published materials for the purpose of identifying statements which could be improperly interpreted by listeners, and in this respect, we thank you for bringing this to our attention.”
When asked whether Cellebrite would change the content of its training, the spokesperson did not respond.
The Electronic Frontier Foundation’s senior staff attorney Saira Hussain and senior staff technologist Cooper Quintin told TechCrunch in an email that “Cellebrite is helping create a world where authoritarian countries, criminal groups, and cyber-mercenaries also are able to exploit these vulnerable devices and commit crimes, silence opposition, and invade people’s privacy.”
Cellebrite is not the first company that asks its customers to keep its technology secret.
For years, government contractor Harris Corporation made law enforcement agencies who wanted to use its cellphone surveillance tool, known as stingrays, sign a non-disclosure agreement that in some cases suggested dropping cases rather than disclosing what tools the authorities used. These requests go as far back as the mid 2010s, but are still in force today.
Here’s the full transcript of the training video…
Continue reading the full article HERE.
