The Israel-based firm Cellebrite, which specializes in software that breaches cellphones, enjoys a reputation as a silver bullet in 21st-century policing whose products are used only to beat terrorists and find abducted kids. Like any good, vaguely sinister corporate spy outfitter, the company has never publicly confirmed which governments are among its customers, and deflects questions about whether it would sell its infamously powerful software to a repressive, rights-violating regime.
Political activist Mohammed al-Singace (commonly referred to as Abdali) was arrested at his home on the morning of May 15, 2013, in the tiny island petro-monarchy of Bahrain. For years, Singace — brother of the well-known dissident Dr. Abduljalil al-Singace, currently serving a life sentence for his role in Bahrain’s February 2011 protests — had worked to bring attention to the Bahraini government’s mishandling of poverty and inflation and to advocate for the poor. The Bahraini government is among the worst human rights offenders in the world, routinely disappearing and torturing dissidents and citizen organizers for purely ideological reasons. According to Amnesty International, over the past year, hundreds have been convicted in unfair trials, and “many defendants in terrorism cases were convicted largely on the basis of ‘confessions’ that they said interrogators had forced them to make under torture; some received death sentences.” In particular, “torture and other ill-treatment of detainees, mainly suspects in security or terrorism-related cases, remained rife … within the Criminal Investigations Directorate (CID).”
Shortly after his arrest, Singace was transferred to “Building 10″ of Bahrain’s infamous Jau Prison, a facility known for its particularly brutal treatment of prisoners. According to the Bahrain Center for Human Rights, Singace says his beatings began while he was still in bed:
[Singace] stated that he was tortured from the moment of his arrest from his bed as policemen beat him with an unknown machine causing him to bleed and fall unconscious. While being unconscious, they beat and kicked him mostly on the back, hands and head. The signs are still visible on Alsingace as he entered the court with hands that looked abnormal, in addition to a wound on his head, and neck pain which he still suffers from.
According to the Bahrain Institute for Rights and Democracy, Singace’s beard was also shaved against his will.
Political activist Abdali al-Singace.
Photo: Facebook
Aimed at “law enforcement, military, intelligence and e-discovery personnel,” the company’s marketing materials promise “unprecedented access” to “the widest variety of mobile devices and operating systems” through the use of its trademarked Universal Forensic Extraction Device, which siphons virtually every scrap of data from a phone and makes it searchable and browsable on a third-party computer. Conveniently, the extraction process completely deactivates or bypasses any password you might have put in place to prevent just this kind of intrusion.
When Cellebrite was founded in 1999, this access would have been limited to call logs and contacts. But in the smartphone era, when Cellebrite started marketing forensics gear to military and police customers (Motto: “ACCESS. UNIFY. DEFEND.”), billions of people around the world began carrying a full computer’s worth of information on their person: personal emails, bank records, photos, videos, and IMs. In other words, exactly the trove of personal errata, lists of association, and circumstantial evidence that any police force would covet — particularly that of a repressive regime with an acute allergy to due process. It’s little surprise that our increasingly martial American police have leapt at the chance to use Cellebrite equipment; a CNN investigation reported that “for years, it has been the go-to resource for FBI agents breaking into suspects’ phones, according to security researchers familiar with the FBI’s operations.” This new ability to spirit away someone’s cellphone and copy its contents has already attracted the attention of the ACLU, which worries that Cellebrite tech could help police skirt the Fourth Amendment.
The company is a truly 21st-century corporation: Founded in Israel, Cellebrite is now owned by a Japanese software conglomerate, operating sales offices in New Jersey for customers in Michigan. But the cracking gear isn’t just popular among U.S. police: A 2014 CNN Marketplace Middle East segment on the company counted 140 different police clients worldwide. As is typical, this report cited “the advancement of ISIS … deep into Iraq and Syria” as the explanation for Cellebrite’s sales to Gulf and North African states, a rationale Cellebrite repeats in all of its marketing materials. Left unmentioned was the possibility that Cellebrite might sell its wares to countries that would buy this power only to abuse it. An impressed, wide-eyed corporate profile by the BBC included one interesting moment, when tech correspondent Rory Cellan-Jones asked Cellebrite VP Yuval Ben-Moshe if there were any ethical limits to its sales:
Cellan-Jones: And who will you sell this equipment to? Is it any law enforcement in any country?
Ben-Moshe: We typically sell to any … I wouldn’t say any but … government-owned or government-operated law enforcement agencies around the world.
Cellan-Jones: What about repressive regimes that are intent on spying on their citizens in ways that many people would find offensive? Would you sell to them?
Ben-Moshe: I don’t know. … I don’t know the answer to that and I’m no position to comment on that in this point in time.
Cellan-Jones: So you won’t say whether Cellebrite will sell to, say, Saudi Arabia, for example, or Iran, or various regimes around the world which might be oppressive?
Ben-Moshe: We operate under law. Under international and the laws of every jurisdiction and country we work at and this is what guides us.
Not exactly a moral stance. Perhaps Ben-Moshe evaded the question because the company does exactly what Cellan-Jones was asking. Based on a recently uncovered document presented as evidence in Singace’s prosecution, we can conclude that Bahrain is among the governments that use Cellebrite technology, because it used the technology against Abdali al-Singace.
Singace’s phone was taken from him as he was arrested and placed in police custody, where it was cracked and its contents extracted using Cellebrite’s UFED technology. A report on the contents of Singace’s phone, prepared by Bahrain’s General Directorate of Anti-Corruption and Economic and Electronic Security and generated by Cellebrite’s software, was entered as evidence against him during his trial. It contains nearly 20 pages of Singace’s private WhatsApp conversations. Other court documents show that photos were taken from Singace’s phone as well, including several images that were specifically cited during his sentencing as evidence of criminal association. A page from the prosecution’s report can be seen below on the left — on the right is a sample Cellebrite report page from the United States National Institute of Standards and Technology:
Left: An extraction report showing personal WhatsApp chats pulled from Abdali al-Singace’s phone. Right: Sample Cellebrite report from the United States NIST.
Document: Kingdom of Bahrain, U.S. NIST
Left: Page from the extraction report of Abdali al-Singace’s phone. Right: Sample page from a Cellebrite report published by the United States NIST. Note the nearly identical headers on these two documents.
Document: Kingdom of Bahrain, U.S. NIST
Notably, just two weeks before Singace’s arrest, another Bahraini dissident, Naji Fateel, a human rights activist and blogger, was arrested suddenly at his home and subjected to equally brutal treatment. Fateel was prosecuted in the same case as Singace and 48 other defendants. And just like they would do with Singace’s phone, Bahraini authorities extracted and analyzed the contents of Fateel’s phone, according to court documents. Although it is clear from Singace’s case that authorities had access to Cellebrite’s technology and were willing to use it against political dissidents, there is no direct evidence that it was used to crack Fateel’s phone.
According to a source with direct knowledge of Fateel’s prosecution (who asked not to be named for fear of reprisal), the data vacuumed off of his Samsung phone wasn’t just used against him in court, but used as a basis for suspicion, evidence of criminality, and pretext for torture: “Naji’s and the others’ phone contact was mentioned to them as evidence against them during their interrogation in CID … the torture happened in CID.” This source also said that in the prosecution of a co-defendant of Fateel’s, the sole evidence presented against him was his presence in a private WhatsApp group chat used to discuss Bahraini news. Fateel is currently serving a 15-year sentence after a trial that, according to human rights watchdog Front Line Defenders, “fell short of fair due process guarantees.” No observer was permitted to witness the appeals trial, which upheld the conviction on the charge of forming “a group for the purpose of disabling the constitution.”
Bahrain’s relationship with Cellebrite or its parent company is still unclear because neither side will say anything. It’s possible, too, that the Bahraini government purchased Cellebrite equipment through a third party reseller, rather than directly from the company. Seeking some clarity here, The Intercept contacted Cellebrite co-CEO Yossi Carmil, who referred me to Jeremy Nazarian, the company’s CMO. Nazarian told The Intercept that the use of Cellebrite technology to torture a Bahraini human rights activist “doesn’t ring a bell,” and “as a general policy we don’t discuss anything having to do with field operations.” Nazarian said he would “do some digging” on the matter, but the next day The Intercept received an email from Mike Reilly of Banner Public Affairs, a Washington, D.C.-based firm that represents Cellebrite, saying that the company declined to comment any further. Multiple requests for comment sent to both the Bahraini Embassy in Washington and Bahrain’s United Nations consulate in New York went unanswered. But we do know that Bahrain is on the record as using Cellebrite tech, per a 2014 newspaper article by an adviser to the kingdom’s Interior Ministry:
The administration uses the most recent technologies and machines in its work specially in the process of evidence examination. Work on developing these technologies and machines regularly with what is appropriate with the international technological advances — Encase, FTK, Cellebrite, [and] XRY.
Sharah Tal, Cellebrite’s director of research, told The Intercept in October that the company has “a strong ethics backbone, a clear-use case for our capabilities, and dramatically less potential for abuse should ‘evil customers’ attempt to deceive us.” According to Cellebrite’s own user manuals, its software can only be used if remotely activated, either with a USB dongle provided by the company or through an internet connection to the company — either of these routes would provide Cellebrite a means of blocking known repressive regimes from using its technology.
If the Bahraini General Directorate of Anti-Corruption and Economic and Electronic Security and the Criminal Investigations Directorate wanted to see Abdali al-Singace imprisoned and horrifically tortured, they could have done so without the use of Cellebrite or any other modern forensic technology, as has been fashionable for millennia. Keeping Cellebrite UFED kits out of the hands of tyrannical monarchies and repressive police forces won’t put an end to that which makes them tyrannical and repressive.
A Cellebrite UFED device connected to an Android smartphone like Abdali al-Singace’s, ready to extract its contents.
Photo: Yaniv Schiff
It’s worrying, at the very least, that a company whose services have such a great and obvious potential for misuse would have a policy of not talking about how their services are used. We’re left, then, to speculate about what sort of precautions Cellebrite takes or neglects to take. Amnesty International’s Sara Hashash told The Intercept that Cellebrite’s obligations under international law “are laid out in the U.N. Guiding Principles on Business and Human Rights (UNGPs),” which say that “companies have a responsibility to respect human rights wherever they operate in the world” and must “take proactive steps to ensure that they do not cause or contribute to human rights abuses within their global operations and respond to any human rights abuses when they do occur.” It’s entirely possible that Cellebrite, with sales operations around the globe, did not wittingly sell its products knowing they would be used to prosecute activists like Abdali al-Singace. “The pressing question here,” said Hashash, “is what they are going to do now to mitigate and prevent any further such incidents.”
There is a popular line of reasoning that all technologies are neutral, and the relative good or evil of their functions is decided by the user — the Guns don’t kill people, people do argument. This camp might point out that nuclear fission can be used to power an entire city or destroy it. But this approach misses — perhaps deliberately — that all technologies have makers, and they’re made for a purpose. The gun is designed to kill, the bomb is designed to immolate, and Cellebrite is designed to pry, making it inherently more weighty than, say, Microsoft Excel. Cellebrite’s raison d’etre is taking a completely private thing (your smartphone) and neutralizing that privacy for the consumption of strangers.
When a tool that potent is created, shouldn’t the creators try to make sure it doesn’t fall into the wrong hands — or, failing that, at least be honest about its potential to do harm? Smartphone cracking has its legitimate and good uses. There can be no doubt that Cellebrite is used by some upstanding police to do some upstanding police work. Just look at Cellebrite’s own website, where it rattles off success stories of good policing made better through technology: “UFED helped decrypt a suspect’s phone and reveal in excess of 90 deleted images of the suspect being engaged in sexual activity with a minor,” reads one from Putnam County, West Virginia. Another describes a foiled school shooting. But nowhere on the Cellebrite website is there a testimonial from the Bahraini Criminal Investigations Directorate describing how radically easy it is to intimidate prisoners with the contents of their private lives.
The discovery of Cellebrite’s darker uses is reminiscent of how Hacking Team, the Italian company that marketed its wares as for legitimate, peaceful purposes (“We provide effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities”), was found to be supplying its tools to the likes of Morocco, Kazakhstan, and — yes — Bahrain, so that these regimes could spy on their citizenry. Media coverage of the scandal was swift and revelatory, but should anyone have been so surprised? Of course any government that can’t afford a state apparatus like the NSA will outsource its worst informational impulses to independent firms. The question is only, then: Will these companies do what it is necessary to keep tools so prone to misuse and horrible ends out of the wrong hands, or let that technology quietly proliferate?
There is a solution to all major software related issues. “FREE SOFTWARE” like gnu, even snowden used it. This kind of sw is already used in the International Space Station and on the hadron collider in the Swiss-French border.
Dissidents all over the world need to learn encryption techniques if they expect to do any organizing with a smart phone.
How is the selling of all these devices to spy on citizens legal? Would we also exempt companies selling xylon gas to Nazi concentration camps from full disclosure of their customer base?
Very good and sobering report. Wonder if they can get through the current iOS 10 handsets…
Business was always ready to help the Nazi’s as they rose to power and spread their evil. This is no different. Business is at the service of money and power. Just look at what Microsoft said when asked if they’d help the Trump admin create a Muslim registry – they are happily standing by to do so. The irony that this is an Isreal based company spreading this power to despots worldwide is not lost.
Here in the U.S. depending on a single company (Apple) to defend the electronic privacy of their users is a strategy that is doomed to fail (eventually) – guessing a secret back door law will be issued after the next admin takes power if the current admin hasn’t already – as it falls to whether the government respects their citizens privacy and if it doesn’t, a healthy viable democracy is not on that destination path. JMHO…
I’ve worked for Apple for years and I can confirm that they definitely do have a contract with Cellebrite. You can even see it yourself. Walk into an Apple Store and ask our retail employees on how information is transfered on the floor after a phone is purchased and watch them pull out a cellebrite machine.
There is more here.
Yeah , but did the the cops shove the phone up his rectal opening in an ENHANCED INTERROGATION room ?
Hey cops don’t do that ! That is , as Mona says ,, just not provable .
Besides , there’s an internal investigation going on, so no comment !!
Where the hell is Dick Cheney ?
Great, but chilling report.
“Cellebrite’s raison d’etre is taking a completely private thing (your smartphone) and neutralizing that privacy for the consumption of strangers.”
And folks STILL seem oblivious to the dangers of all the intrusive gadgets – smartphones and other “smart” technologies.
And I am wondering if you all had seen this:
http://www.telesurtv.net/english/news/Rio-Tinto-Mining-Giant-Plans-Mass-Surveillance-on-Workers-20161208-0013.html
According to The Guardian article. Sodexo also manages some Australian prisons. That should be way telling enough.
Weston claims the surveillance will be used to “capture individual insights on where employees are spending their time and money and improve the quality of their lives.”
manages prisons?
this planet is getting uglier every year. don’t be surprised if we scare the moon away.
‘Will these companies do what it is necessary to keep tools so prone to misuse and horrible ends out of the wrong hands, or let that technology quietly proliferate?”
Did Cellebrite just bite the hand that newsfeeds them? Because some prankster apparently hacked this column and changed the final sentence – (which I am sure originally read something like: “These companies do what is necessary to put their tools in the hands of those who use it as it was designed to attain horrible ends and they work to quietly proliferate that technology .) – to a question.
That last sentence was a bit of a … sore thumb.
*i read it … ‘these companies do what is necessary to use it as it was designed to undermine the security of any device, anytime, anywhere on the entire global internet.’
Same sort of immoral BS that sells US/Brit bombs and missiles to slaughter Yemenis.
In school , as a 5 yr old I was made to face a rectangular piece of cloth , hold my right hand over my 5 yr old heart and say :
I pledge allegiance to the ,,,,,,,
And they made me do it every class from 1st to 8th grades !
It’s called ” Conditioning the Masses ” !
Wasn’t there a related Article? I kind of like having them listed at the bottom
Will Cellebrite sell it to repressive, abusive regimes, Yes, if it serves their purpose. Because “wrong hands” is in the eye of the beholder, and that is generally not mediated by morals and ethics or even law, but by expediency as in self-serving, exceptionalism, entitled and end-goal etc.
These morals and ethics and laws will be, as they have been, swept aside again and again for what is called “national security” ( I have heard ‘civilization’ used as well). What that really means is anyone’s guess, it’s a catch-all for “what I want” to do illegal or immoral or not. ‘Misuse’ and ‘horrible ends’ will be endlessly debated and redefined, re-packaged, re-branded with some euphemistic term that is sold as acceptable in these “extraordinary” times. c.f. torture
Then, of course there is always the black market and leverage!
The answer to the question ‘Would Cellebrite sell its products to repressive, rights violating regimes’ and why Ben-Moshe couldn’t state if there was a regime repugnant enough that the company would refuse to do business with it can easily be deduced from one bit of information stated early in the article – it being founded in, and still located in, the Apartheid regime. You don’t get much more rights violating, and repugnant, than a regime that has as a core value a crime against humanity.
Cellebrite sells software to the nation states it has, not necessarily the nation states it would like to have. By giving tyrannical regimes more powerful tools of repression, they encourage the spread of democracy, as citizens react against growing state brutality by demanding greater rights. Enabling torturers is necessary, so they can abuse their power and stir up the public dissatisfaction that leads to their eventual demise. Cellebrite is playing a small role to assist that process and hopefully, make the world a better place to live in.
I see The Intercept has a new comment policy, and that name calling is not allowed. Therefore, moderator, please cross out ‘tyrannical regimes’ in the previous paragraph and replace with ‘regimes still making progress on human rights’.
It’s a very subjective line, Duce. For instance, do you suppose referring to alleged rapists like Bill Cosby as a sexual predators will be moderated as attacks on his sexual orientation?
Guess not.
Making cell phones obsolete with some new invention would be by far the best way to go. One just cannot rely on humans. Public dissatisfaction can take centuries to manifest, so time is on the inventor’s side.
thank goodness for a no name calling policy… air out some of the stale stank hot air in here… phew!
quote”I see The Intercept has a new comment policy, and that name calling is not allowed. Therefore, moderator, please cross out ‘tyrannical regimes’ in the previous paragraph and replace with ‘regimes still making progress on human rights’. “unquote
Hmmm, I guess calling you a fucking scumsucking fascist wannabe is out of the question now, eh?. In that case, I’ll replace it with empathy free commenter regressing on becoming human .
The Intercept has a comment policy!?
Point of clarification, please: Is the Cellebrite software able to bypass passcode protected devices regardless of OS? If so, are you aware of manufacturer initiatives to address this deficiency?
“If so, are you aware of manufacturer initiatives to address this deficiency?”
Doesn’t matter if they can fix this problem or not. Your phone (along with everyone’s phone) can have it’s password bypassed using MobileIron, a company KNOWN to be a customer and investor of In-Q-Tel, the CIA’s procurement arm.
MobileIron can be pushed to your phone without your consent and then they can simply reset your password to “welcome”.
Anyone using a cell phone is at risk of personal surveillance. I’ve personally been under this close surveillance now for many years also being on the watchlist (I suspect) since early 2000’s.
https://www.mobileiron.com/en/resources/faq#unlock-phone
Just a matter of relativity and perspective
People have no recourse against govs gone bad – and that applies to the US, especially. Guantanamo, torture, lack of due process, renditioning Americans to disappear them, NDAA (Carl Levin), droning innocent persons, WMD, falsifying evidence, fraudulent wars, murder of Palestinians, stealing land, allowing drug runners to crash borders and cartels to occupy US property, election count fraud to stop Sanders by a crazed deluded war hawk who sets up weapons for donations, etc.
All govs are now perfectly capable of being owned by wealthy people and the US is no exception – except that first it was actually owned by the people but the wealthy had to go thru a lot of trouble buying it.
Fear not, serving the wealthy wallstreet thieves may not be all that bad, and you may grow accustomed to being robbed and miss it when you aren’t. Like they say, there is always opportunity – something about lemons to lemonade. When you see the sign that says, WELCOME TO HELL, sell ice!