Phone hacking company tells police customers to keep software ‘hush hush’

A company that sells phone hacking software to law enforcement has been instructing police to keep their use of the software secret.

Cellebrite, an Israeli company which sells mobile forensics tools, is reportedly able to access securely locked devices and encrypted messaging apps. According to a software training video obtained by TechCrunch, Cellebrite employees have been telling its law enforcement customers not to divulge that they are using the hacking software.

“Your part is to ensure that these techniques are protected as best as you can, and to either consider them as ‘law enforcement sensitive’ or classify them to a higher level of protection in your individual country or agency,” said the salesperson in the video, who explained that public knowledge of the software would prevent Cellebrite from being able to stay a step ahead of “the bad guys.” 

The Cellebrite salesperson added that law enforcement be “hush hush” about how they “get in” to private devices so it will not come up in legal proceedings.

“And ultimately, we don’t really want any techniques to leak in court through disclosure practices, or you know, ultimately in testimony, when you are sitting in the stand, producing all this evidence and discussing how you got into the phone. Ultimately, you’ve extracted the data, it’s the data that solves the crime. How you got in, let’s try to keep that as hush hush as possible.”

Another concern raised in the training video is that “the phone manufacturers might find out what we’re doing to achieve this magic” and implement stronger security measures.

The trainer also warned police against going into detail about the software in their standard operating procedures or any documents that may be seen by outside auditors or citizens via Freedom of Information requests.

The leaked video comes amid growing public concern about police access to private data. 

Last year, for example, the Massachusetts Department of Health (DPH) was accused of working with Google to tap into over one million Android smartphones for contact tracing under the pretext of COVID-19. A tracking app was secretly auto-installed on taxpayers’ phones, though it was not visible alongside other apps. The MassNotify app could only be found by the user opening Settings and using the View All Apps feature. If a user found the app and deleted it, the DPH would simply have it re-installed. 

Frontline News reported this month that the Department of Homeland Security (DHS) uses AI-powered facial recognition technology to scan billions of faces without their owners’ permission when identifying criminals.

According to Forbes, the DHS Homeland Security Investigations (HSI) unit matches images of alleged perpetrators against Clearview AI, a database which has scraped over 30 billion photos of private citizens from the web without permission. HSI has spent approximately $2 million to license Clearview AI, which it has reportedly used to “investigate child exploitation.”