The company reportedly helping the FBI access the San Bernardino shooter's iPhone data isn't a household name in the US, but its data-extraction tools are all over the country. Cellebrite has been quietly helping US law enforcement bulk up its arsenal of surveillance gear for years. The FBI postponed a hearing yesterday about whether it could force Apple to write software to weaken the security on the San Bernardino shooter's iPhone. The reason: An unidentified "outside party" had offered a solution that didn't require Apple's help. According to Israeli newspaper Yedioth Ahronoth, that "outside party" is Cellebrite, a forensics firm that specialises in getting data off mobile devices. This is an unconfirmed report. "I am not able to comment on the identity of the outside party," an FBI spokesperson told Gizmodo.
Cellebrite already has a cosy relationship with US law enforcement. In The Intercept's catalogue of government surveillance gear, ACLU staff attorney Nathan Wessler called one Cellebrite device "a favourite of police departments everywhere". Cellebrite is making millions from FBI contracts, as Motherboard reports:
According to public records, Cellebrite's US subsidiary has taken over $2 million worth of purchase orders from the FBI since 2012. Interestingly, a purchase order with the agency for $15,278.02 for "software renewals for seven machines" was signed on March 21, 2016: the same day that the Apple hearing was delayed. However, the "principal place of performance" for that order is listed as Chicago, not San Bernardino.
In addition to the FBI, Cellebrite has US federal contracts with the Drug Enforcement Agency, the Patent and Trademark Office, US Immigrations and Custom Enforcement, the Transportation Security Administration and the State Department. Cellebrite's gear isn't only for high-profile terrorism cases or federal agencies — state and local law enforcement also rely on its equipment to get data off mobile devices. The company's Universal Forensics Extraction Device is regarded as such a gold-standard investigative tool that it's been name-dropped on The Fall and (ugh) CSI:Cyber.
As with all sophisticated surveillance technology, Cellebrite's gear has the potential to be abused.
In 2011, the ACLU questioned whether the Michigan State Police was using Cellebrite technology to access smartphone data without first getting a warrant. The ACLU requested records of the department's Cellebrite device usage through the Freedom of Information Act, but was told that retrieving these records would cost hundreds of thousands of dollars. The ACLU, to this date, has not received the records due to the prohibitive cost.
It looks good for everyone if Cellebrite can salvage the data from the San Bernardino shooter's iPhone — it will give law enforcement what they say they need, it will (temporarily, at least) let Apple off the hook, and (obviously) give Cellebrite a ton of positive publicity. It also helps the FBI avoid what was likely to be an embarrassing and precedent-setting loss in court.
Of course, if the FBI was attempting to set a precedent for forcing tech companies to assist in investigations, this solution is a Pyrrhic victory for the Bureau.
What is curious about the news that Cellebrite is probably the "outside party" isn't the company's technology — it's that the FBI, a frequent customer, supposedly didn't think to reach out to the company until this week.