Cellebrite phone hacking technology has been used by police and other government agencies worldwide for years to unlock phones and steal data. The company has been careful to use its technology secretly.
Has learned that Cellebrite requires users to keep its tech and use of it secret as part of its deal with government agencies. Legal experts say powerful technology like Cellebrite’s and law enforcement agencies’ use of it should be public and scrutinized.
Obtained a leaked Cellebrite training video for law enforcement customers in which a senior employee says, “ultimately, you’ve extracted the data, it’s the data that solves the crime, how you got in, let’s try to keep that as hush hush as possible.”
“We don’t really want any techniques to leak in court through disclosure practices, or you know, ultimately in testimony, when you are sitting in the stand, producing all this evidence and discussing how you got into the phone,” the unnamed employee says in the video.
This request worries legal experts because authorities must be transparent for a judge to authorize searches or the use of certain data and evidence in court. Experts argue that secrecy harms defendants and the public.
“The results these super-secretive products spit out are used in court to try to prove someone is guilty,” Stanford University Internet Observatory research scholar Riana Pfefferkorn told . “The accused (whether through their lawyers or an expert) must fully understand how Cellebrite devices work, examine them, and determine if they worked properly or had flaws that could have affected the results.”
Pfefferkorn added, “And anyone testifying about those products under oath must not hide important information that could help exonerate a criminal defendant solely to protect the business interests of some company.”
Hanni Fakhoury, a criminal defense attorney who has studied surveillance technology for years, told that “the defense needs to figure out ‘was there a legal problem in how this evidence was obtained? Does that allow me to challenge it?
The Cellebrite employee claims in the video that disclosing its technology could help criminals and make law enforcement harder.
“It’s super important to keep all these capabilities as protected as possible, because ultimately leakage can be harmful to the entire law enforcement community globally,” the Cellebrite employee says in the video. “We want to prevent these capabilities from being widely known. We don’t want the bad guys to find out how we’re getting into a device or how we can decrypt a messaging app because they might move on to something much, much harder or impossible to overcome.
Cellebrite spokesperson Victor Cooper told the company “is committed to support ethical law enforcement.” Our tools respect the chain of custody and judicial process and are intended for legal use.”
“We do not advise our customers to act in violation of any law, legal requirements or other forensics standards,” the spokesperson said. “While we continue protecting and expect users of our tools to respect our trade secrets and other proprietary and confidential information, we also permanently continue developing our training and other published materials to identify statements that could be improperly interpreted by listeners, and we thank you for bringing this to our attention.”
When asked if Cellebrite would change its training, the spokesperson said no.
In an email , Electronic Frontier Foundation senior staff attorneys Saira Hussain and Cooper Quintin said, “Cellebrite is helping create a world where authoritarian countries, criminal groups, and cyber-mercenaries also can exploit these vulnerable devices and commit crimes, silence opposition, and invade people’s privacy.”
Cellebrite is not the first to request customer confidentiality for its technology.
For years, government contractor Harris Corporation required law enforcement agencies that wanted to use its cellphone surveillance tool, stingrays, to sign a non-disclosure agreement that sometimes suggested dropping cases rather than disclosing what tools they used. These requests are still in effect from the mid-2010s.
The full training video transcript:
I’m happy you can join us. And I’m happy to kick off this initial module covering the system overview and orientation for Cellebrite Premium. Thank you and enjoy.
Did you know that Cellebrite Advanced Services has 10 labs in nine different countries around the world? Well, in order to leverage all of that capacity, we are working together to deliver this training to you, so you will be hearing from colleagues from around the world. The following list are those that comprise this current module set, I hope you enjoy meeting them each.
Before we begin, it’s quite important to go over the confidentiality and operational security concerns that we must abide by by using Cellebrite Premium, not only ourselves in our own Cellebrite Advanced Services labs, but most particularly you in your own labs around the world.
Well, we must recognize that this capability is actually saving lives. And in situations when it’s too late, we’re helping to deliver closure for the victims’ families, and ultimately solve crimes and put people behind bars. So, it’s super important to keep all these capabilities as protected as possible, because ultimately leakage can be harmful to the entire law enforcement community globally.
In a bit more detail, these capabilities that are put into Cellebrite Premium, they are actually trade secrets of Cellebrite, and we want to continue to ensure the viability of them so that we can continue to invest heavily into research and development, so we can give these abilities to law enforcement globally. Your part is to ensure that these techniques are protected as best as you can, and to either consider them as “law enforcement sensitive” or classify them to a higher level of protection in your individual country or agency.
And the reason why is because we want to ensure that widespread knowledge of these capabilities does not spread. And, if the bad guys find out how we’re getting into a device, or that we’re able to decrypt a particular encrypted messaging app, while they might move on to something much, much more difficult or impossible to overcome.We definitely don’t want that.
We’re also aware that the phone manufacturers are continuously looking to strengthen the security of their products. And the challenge is already so difficult as it is, but we still continue to have really good breakthroughs. Please don’t make this any more difficult for us than it already is.
And ultimately, we don’t really want any techniques to leak in court through disclosure practices, or you know, ultimately in testimony, when you are sitting in the stand, producing all this evidence and discussing how you got into the phone. Ultimately, you’ve extracted the data, it’s the data that solves the crime. How you got in, let’s try to keep that as hush hush as possible.
And now moving on to operational security or “opsec.” It starts with the physical protection of the premium system and all of its components that you’ve received in the kit.
These little bits and pieces that make all this capability… magic. They’re highly sensitive assets, and we want to ensure that no tampering or any other curiosities are employed on these devices. And in some cases, there is the chance of tampering and disabling the component, and that’s something that you really don’t want to do, because it could knock out your agency from having the capability whilst you await a replacement.
Additionally, exposure of any of these premium capabilities could be quite harmful to the global law enforcement environment. So, be careful with information sharing, whether it’s in face to face conversations, over the phone, on online discussion groups, via email — other things like that — just try to keep it sensitive and don’t go into any details.
When it comes to written documentation, obviously, you don’t want to disclose too much in your court reports. But definitely put the bare minimum to ensure that a layperson can understand the basic concepts of what was done.
Certainly mention that you used Premium, you can mention the version, but do not go into detail of what you’ve done with the phone: either manipulating it or whatever shows up on the graphical user interface of premium itself.
And when it comes to technical operations and quality management within your organization, please be wary that any document that you put together as a standard operating procedure could be visible by an outside auditor for ISO 17025 or other people that could do a Freedom of Information Act request in your agency in whichever laws of your country.
So just be careful with all that. You need to protect this as best as possible. And the other additional factor that you may not be aware of is that failed exploitations on devices — if they’re able to connect to the network — they could phone home and inform the manufacturer that the device is under attack. And with enough knowledge and intelligence, it is possible that the phone manufacturers might find out what we’re doing to achieve this magic. So please do your best to follow all the instructions and make this the best possible procedures [sic] going forward.”