"All things leave a digital footprint," says the company director who extracts data from cell phones

Collection of programs and computers Able to perform forensics on cell phones and extract data from devices for investigation. This is the product previously sold Celebright, A company founded in Israel, a reference country in the field of cybersecurity, and gaining fame in Investigations into the case of the boy Henry Burrell, Which will be 5 on Monday (3).

This was not the first time that Cellebrite products were used in Brazil: Reports from the Federal Police indicate that the equipment manufactured cell phones skilled in Operation Lava Jato and that the company’s website highlights the collaboration in Enterprise processWhich investigated international drug trafficking.

An ally in criminal investigations, This type of software is also the subject of controversy and concerns about abuse of powers due to its power – even in Deleted data can be recovered in some situations (see below).

a St 1 Interviewed by Mark Gamble, Cellebrite’s chief marketing officer, who has advocated the use of the equipment by authorities.

“If we were victims of a crime, we would like the police to be able to use all the technology available to them to find out who did it and solve the case,” he said.

According to him, the company’s solutions can be used in various stages of investigation such as information gathering, analysis and management.

“As far as technology is concerned, everything leaves a digital footprint,” the executive said, referring to the ability to recover deleted information.

In addition to extracting data from devices, the program can refer to the most important sections using artificial intelligence for example.

The company became famous in 2016, when it was brought before the FBI The ability to unlock iPhone Terrorist Syed Farouk, who is involved in the operation that killed 14 people and injured 17 others, in San Bernardino, California.

The US police have not confirmed the information that the company’s technology has been used, but Cellebrite equipment has since been used – Basically because they unlock smartphones from an AppleWho enjoy a good reputation in the field of digital security.

Details of how the products work are trade secrets – The company uses hardware security flaws to gain access to them, Which annoys application and operating system developers.

know more: What software was used in the Henry Borel case?

One of the controversial points in the equipment of its kind is the use of loopholes.

NSO Group, another Israeli company that is developing solutions for data mining, has become known as the Pegasus-3 spyware. It is assumed that it is used for invasion Founder’s cell phone AmazonAnd the Jeff Bezos.

Although companies offer different solutions, NSO Group claims it also sells services targeting governments and law enforcement authorities.

The main difference is that the Cellebrite solution requires physical access to the device, while NSO has created a remote spying mechanism.

When asked about potential violations in the use of these tools, Gambill said all customers sign the Terms of Use And that all data must be obtained through a Court order or voluntary permission Device owner.

“Our organization has clients all over the world, and there are approximately 670 clients, most of them are public authorities,” the executive said.

In addition to showing products to the authorities, Cellebrite sells products to companies, but for different purposes. Examples cited by CEO include Mark Gamble Assist in investigating charges of intellectual property theft and harassment.

Despite the limitations stipulated in the contract, investigations by NGOs have already indicated that Cellebrite products were used in questionable scenarios.

In 2017, Vice said it had leaked information related to Cellebrite – The company confirmed the accident at that time.

According to the publication, the data indicated that the company had sold its technology to countries such as Russia, the United Arab Emirates and Turkey – places with a history of disrespecting human rights.

A 2019 Washington Post report showed this The company’s tools were used on the cell phones of two Reuters journalists in MyanmarAccording to the documents and testimony of the defense lawyer.

Local authorities accused reporters of violating state secrets laws after reporting violence against the country’s Rohingya Muslim minority.

The Committee to Protect Journalists (CPJ), a US-based nongovernmental organization, Similar cases of journalists’ cell phone searches have been reported in Nigeria and GhanaIn 2019 and 2020, respectively.

“We are working closely in Israel with the Ministry of Defense that identifies criminal countries,” said Mark Gamble of Cellebrite. “The same is true in the United States.”

to me St 1The company sent a list of 29 countries it said it did not do business with, including Russia, Turkey and Myanmar, which were mentioned in international reports.

Celebright said in Latin America Do not do business with Bolivia, Cuba and Venezuela.

“We have an ethics committee that is constantly analyzing this type of situation to be as transparent as possible and in an unlikely situation where there is a change of order in a country,” the executive said.

It was further reported that the company had disabled the devices in Hong Kong after China is tightening its grip on the pro-democracy movement.

The executive added, “We have components within our technology that allow us to turn it off due to the lack of a better technical term.”

Digital law attorney Jacqueline Abreu highlighted St 1 You are Risks of strong tools such as those of the company.

“In a country with strong institutions and well-functioning regulatory mechanisms, there is greater certainty that using this type of device will be legitimate,” he said.

He commented, “But this is a tool that can fall into the hands of someone who cannot be trusted. Even in a democratic country it can allow violations to be committed.”

According to her, the criteria by which court orders are granted and breaches of confidentiality are “often fragile”.

He said, “From your cell phone, you can access all kinds of installed applications, get information in the cloud, and stored on the company’s servers.”

Use the attorney as an example of situations where court orders are necessary for large tech companies to disclose information about emails. From extractors it will not be superfluous to follow this procedure, since the account will be registered to the device.

It also indicated that forensic equipment such as Cellebrite is widely used by police in the United States, but there are still no details about Brazil.

Abreu mentioned the use of Cellebrite equipment in the country It has gained prominence in high-impact cases, such as in Lava Jato, in Investigations into the death of Congresswoman Marielle Franco On the death of the boy Henry. However, this type of data extraction can Obtaining public support.

However, she is concerned about Underestimating the importance of data extraction – which, according to the lawyer, could lead to harassment or abuse by the authorities.

“It is imperative to think about employment policies [no Brasil]. For the police, for example, to start indexing cases where this type of extracted information is used and for it to be made public, “he said.

“In addition to the regulations that stipulate what can or cannot be done with data obtained from cell phones, so that the information is not saved or entered into a database,” he added.

Expecting privacy

Cellebrite’s CEO acknowledged a dilemma between people’s expectations of privacy and the company’s services.

The company uses security flaws to circumvent security measures such as screen locks and information encryption.

Many cell phone manufacturers, such as Apple, are shining the spotlight on Security and privacy aspects of your products. Part of Cellebrite’s job is to find ways to work around these actions.

Gambill said Apple is one of the companies trying to create encryption that can protect data privacy and that he understands that this is their job, but he argues that his company has a mission too.

“Apple is a company we work with a lot,” the executive said, without giving details of the interactions between the companies.

He said the company has an ethics committee responsible for discussing privacy issues, even with countries Cellebrite does business with.

“I think so [a presença do comitê] He said that one of the ways in which we try to find this balance is through dialogues with individuals, with groups that defend privacy and understand the needs of society.

Cellebrite’s vulnerabilities often plague companies that develop applications and operating systems.

Last December, Cellebrite said it found a way to access messaging data from Signal, Circumventing the security measures of their popular app.

WhatsApp and Telegram e Signal: Compare messaging apps

In late April, he founded and CEO of Signal, a rival messaging app for WhatsApp known for its security and privacy options. Released a script that reveals vulnerabilities in the Cellebrite device.

Signal CEO said that UFED (Universal Forensic Extraction Device, in translation of the acronym in English) has “several weaknesses” maybe Tampering with the scanner and inaccessible data – which may harm the integrity of the expertise.

Signal CEO said he was willing to disclose to Cellebrite all the security flaws he found, but the company You must be committed to disclosing the vulnerabilities you use to unlock cell phones “now and in the future.”.