Police zeal for new tech cannot be allowed to go unchecked
Police Scotland has yet to satisfy legal doubts over powerful new technology it wants to roll out, writes Martyn Mclaughlin
If you are unfamiliar with the products and services provided by Cellebrite, a company with a name so pleasingly punchy it ought to be selling children’s breakfast cereal, I regret to inform you that the reality is not quite so colourful.
Log on to the firm’s website and you are met with a finely honed example of purposely vague corporatespeak. It is, visitors are informed, “pioneering solutions today for a safer tomorrow” thanks to what it bills as “the most advanced and trusted digital forensics solution on the planet”.
There is even a section devoted to the company’s values, the most prominent of which is its “commitment to a safer world”. A blurb elaborates: “We are most passionate about the positive, meaningful outcomes our work enables for the powerless, threatened and underserved.”
Which is all obviously terrific and laudable of course, unless it happens to be nonsense. What would, for example, Mohammed al-singace make of Cellebrite’s commitment to the disenfranchised?
A political activist in Bahrain, he campaigned to raise awareness of the Gulf state’s record on inflation and called on it to raise the basic standard of living for ordinary people. In return he was imprisoned and tortured, according to the Bahrain Centre for Human Rights.
During his trial, numerous Whatsapp conversations and photographs were presented as evidence, with the data culled from his phone thanks to Cellebrite’s “pioneering solutions”, according to a report by The Intercept.
The reason the Israeli-founded firm is in such high demand is the way it has stolen a march on police forces and intelligence services the
world over, who struggle to decrypt electronic devices.
Cellebrite’s so-called cyber kiosk device is a silver bullet capable of overriding user passwords and encryption security to rapidly harvest data from mobile phones, tablets, and laptops.
The data sweep does not just take in call records, emails, and texts. It hoovers up biometric data and any documents stored externally on cloud-based servers. What is more, it allows Cellebrite’s customers to recover data belonging not only to a device’s owners, but any third parties they were in contact with.
Bahrain is in good company, by all accounts. A major 2017 hack of Cellebrite-related data linked the firm to authorities in the likes of Russia, the United Arab Emirates, and Turkey. Earlier this year, meanwhile, Privacy International indicated that Cellebrite is marketing its expertise and technological prowess to a new, untapped customer base – authorities who interrogate people seeking asylum.
Now, we can add Scotland to that illustrious roll call, thanks to the zeal with which the country’s national police force is pursuing Cellebrite’s technology.
Last April, Police Scotland spent more than £444,000 on 41 cyber kiosk units from the company, with the aim of deploying them across the country within six months. In December, it paid the firm an additional £379,000 to licence the devices for four years.
To date, the force has examined a total of 375 mobile devices and 262 SIM cards using Cellebrite’s tech via two trials carried out in Edinburgh and Stirling. The force has not been forthcoming with the results, but we know there were no impact assessments carried out beforehand, and the trial results have been