The big picture: An Israeli firm may have been selling law enforcement agencies an on-premises tool that can read data from almost any encrypted phone for almost two years, and now the service is available for everyone that can pay for it. The news comes in just as the DOJ is making a new push for tech companies to leave backdoors in their products, reigniting the privacy versus safety debate.
If you haven’t been living under a rock, you’re probably used to the monthly news about spyware and hijacking tools that can take over your iPhone with little to no user intervention — in some cases all it takes is visiting a website.
There are also companies like Cellebrite that provide authorities and other interested parties with tools to hack iPhones or Android phones. According to a report by OneZero, it turns out law enforcement can now do that from the comfort of an office through a new program called UFED Premium.
The Israeli firm announced the service in June, and touted the convenience of being able to license its software tools to “unlock and extract data from all iOS and high-end Android devices” in-house. New York City law enforcement reportedly paid $200,000 for a three-year contract that means they’ll no longer have to send devices to Cellebrite’s labs in Virginia and New Jersey.
A series of documents obtained by OneZero show the Manhattan District Attorney’s office has been using Cellebrite’s new service since 2018. They also reference $1 million in “undisclosed add-ons” that may have been part of the deal. The DA’s office also has to keep the UFED software in a secured room with no means of recording video or audio.
While both the DA’s office and Cellebrite refused to comment on the contract’s existence, OneZero found a number of court records that seem to confirm that prosecutors have had the ability to unlock phones like the iPhone 6S on-premise since early 2018. And while we know little about the Israeli’s firm list of customers, The Daily Beast recently reported that Immigration and Customs Enforcement had signed a $30 million contract for UFED.
In any case, the problem with the existence of such tools is that they only add up to an ever-growing surveillance state, and raise important questions about the possibility of them landing into the hands of malicious actors. Cellebrite said in a statement that everything it does is intended to “accelerate criminal investigations and address the challenges of crime and security in a digital world.”
The news also comes at a time when the Department of Justice is asking companies like Facebook to rethink their plans to implement end-to-end encryption across all messaging services. Specifically, officials want backdoor access to encrypted messages, which has everyone plunging into new debates about balancing privacy and safety. Civil liberties groups have sent an open letter to Facebook asking it to proceed with its encryption plans, arguing that backdoors could be exploited by stalkers, oppressive governments, and identity thieves.
The latest anti-encryption campaign also hinges on everyone’s emotions by citing the evil that could be prevented if only the government had more access to private communications — terrorism, organized crime, and child abuse, to name a few. However, encryption is already a complex security measure that is difficult to get right as made evident from the recently discovered flaw in encrypted PDF files. Asking for backdoors is like asking for a deliberate flaw that has a much higher chance of misuse.