For all the anti-theft protections built into modern smartphones, it took the FBI less than 48 hours to access the locked phone of Trump shooter Thomas Matthew Crooks – leaving many asking how this was possible and what it means for the privacy of our digital data.
Just two days after the shooting – which nearly killed Donald Trump when a bullet fired by 20-year-old Crooks pierced the former US president’s right ear while he was speaking at a rally in Pennsylvania – the FBI announced that its technical specialists had “successfully gained access to” the Crooks’s phone “and they continue to analyse his electronic devices.”
That July 15 update came just a day after FBI spokesperson told reporters they couldn’t break into Crooks’s phone – reported as being a newer model Samsung device – and that it had been sent to the FBI laboratory in Quantico, Virginia for further analysis.
Reports emerged that the FBI accessed Crooks’s phone within 40 minutes after engaging with Cellebrite, an Israeli security firm that markets itself as “accelerat[ing] justice” through the sale of phone hacking tools so capable that they are only intended for use by law enforcement agencies.
Cellebrite – which reportedly provided the FBI with as yet unreleased tools after the phone initially resisted compromise – has turned its assistance of the FBI into a massive business opportunity announcing just four days after the shooting that it would acquire US-based security firm Cyber Technology Services (CyTech) and turn it into a new US-based division called Cellebrite Federal Solutions (CFS).
CFS will piggyback on CyTech’s existing approvals under the US government’s FedRAMP program – which allow it to work on maximum security projects – to sell its phone hacking tools to be sold to all manner of US government agencies.
It’s not the first time the FBI has called on Cellebrite for assistance – reports suggested that the company was assisting the FBI’s 2016 efforts to crack the phone of the San Bernardino mass shooter after the agency had failed to force Apple to break into the phone.
An Australian security company ultimately helped the FBI gain access, but the incident surfaced the long-running tensions between law enforcement and technology companies fighting to protect data with ever stronger encryption and access controls.
“While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products,” Apple CEO Tim Cook wrote in an open letter at the time after revealing the FBI had pressured the company to implement a system that would facilitate access to it devices where necessary.
“We can find no precedent for an American company being forced to expose its customers to a greater risk of attack,” Cook wrote.
“We fear that this demand would undermine the very freedoms and liberty our government is meant to protect.”
Normalising phone hacking
The intervening years have seen device makers double down on security, with Apple regularly releasing new security features such as its new Stolen Device Protection, and Google similarly adding theft protection to Android devices in a recent update.
Amidst pleas such as ASIO head Mike Burgess’s recent call for a “sensible conversation” around device encryption, law enforcement authorities have ramped up their phone hacking capabilities, quietly partnering with private enterprises like Cellebrite – which euphemistically argues that it is “not a ‘phone hacking’ company” but a provider of solutions that “help customers legally collect and review, analyse and manage digital data in a lawful, ethical and auditable manner while protecting privacy”.
Some say the company is overstating its capabilities – a leaked list suggested the platform cannot crack many new devices – but it remains effective enough that privacy advocates like the Electronic Frontier Foundation rally against its normalisation and broad use.
With the formation of CFS sure to increase its profile within the US, Cellebrite – which previously issued a training video asking its customers to “keep [its use] as hush hush as possible” – is likely to become ubiquitous in federal, state, and local law enforcement agencies and could easily spread to other government agencies as well.
That has already happened in Australia, where reports confirm that the company’s “end-to-end digital intelligence solution” is already listed for Defence use – and one analysis identified 128 contracts between Australian government agencies and Cellebrite since 2011.
Users include the Australian Taxation Office, Department of Home Affairs, and Services Australia – which was grilled during a Parliamentary inquiry last year for its use of Cellebrite to investigate financial offences against the Commonwealth.
The tool is a “legitimate investigation and law enforcement tool” that has been used “for a number of years now”, Services Australia deputy CEO Christopher Birrer testified, adding that it is restricted to cases of “serious noncompliance” where criminal investigations are being undertaken, and “occurs following the execution of a search warrant” and engagement with the AFP.
“We use it consistent with Australian law,” he said.
As in the US, Cellebrite is steadily expanding its reach in Australia: with speakers at its latest Australian industry conference representing NSW Police, the Queensland Police Service, AFP, NSW ICAC, Victoria Police, and Australian Institute of Professional Intelligence Officers, phone cracking is likely to become more common rather than less.
“There have been calls on the government to ban the use of this particular piece of spyware,” Greens Senator Jordon Steele-John observed at the time, “and there has been a statement that… you could present as wanting to limit the use of these particular pieces of spyware.”