2007 - 2020

Why Scotland Buying Israeli Phone-Hacking Kit is Dangerous

THE expulsion of democratically elected members of the Hong Kong Legislative Assembly exposes once again the intolerance of dissent under Beijing’s authoritarian state capitalism.  China is now a model for the 21st surveillance state with its citizenry increasingly subject to electronic monitoring of a sort even George Orwell’s Big Brother could not dream of.  Meanwhile, in totalitarian Belarus, the state is using exactly the same phone hacking and data technology as in China to monitor opponents of the regime.  Ditto Saudi Arabia, which used related phone tech to follow the journalist Jamal Khashoggi in the lead-up to his assassination and dismemberment by Saudi agents, in Istanbul in October 2018.
*
But what has this got to do with social democratic Scotland, you will ask?  The answer is that Police Scotland has acquired its own phone hacking equipment – in this case, specifically to bypass passcode locks on mobile handsets – from the very same company as supplies Beijing, Minsk and Riyadh with their repressive surveillance equipment.  That company is called Cellebrite, an Israeli digital intelligence supplier, headquartered in the Petah Tikva district of Tel Aviv.
*
According to company figures, in mid-2019 Cellebrite had 45% of the global mobile telephone forensics market.  Its managers claim that Cellebrite products are the first work tool in 75% of police investigations everywhere.  Even if this is an exaggeration, Cellebrite is the go-to digital technology for police forces everywhere. It is also bought in volume by private sector companies for internal security, snooping on employees and industrial espionage.
*
CELLEBRITE AND SCOTLAND
*
Cellebrite is one of the leading Israeli security tech companies.  It specialises in so-called “mobile forensics” – the software and gizmos to break into your mobile phone.  Cellebrite claims to have sold its products to over 150 foreign law enforcement agencies.  Forget all that guff you hear about the cops begging Apple to unlock a suspect’s phone and being told that would break privacy conventions. You simply buy some kit from Cellebrite, plug it in and hey presto all your phone secrets are downloaded. Better still, according to Cellebrite’s website, its technology will “extract, preserve and analyse public and private-domain, social-media data, instant messaging, file storage, web pages and other cloud-based contents”.  That’s right: it downloads everything on your cloud storage as well as your phone.
*
Now Police Scotland has installed 41 of what it refers to as “Cyber Kiosks” bought from Cellebrite, in stations around the country. The devices, reputedly costing £370,000, will be used to view data from locked iOS and Android handsets.  Again: that means it will go through into anything you have parked in cloud storage.  Then it will analyse for the key data they might be looking for.  Forget about the plods spending hours going through your stuff – the Israeli algorithms do it for them.
*
According to Police Scotland: “The technology allows specially trained officers to triage mobile devices to determine if they contain information which may be of value to a police investigation or incident… This will allow lines of enquiry to be progressed at a much earlier stage and devices that are not relevant to an investigation to be returned quicker.”
*
Police Scotland says the kiosks will not store any copies of a handsets’ memory. We’ll see.  The very fact that Police Scotland has chosen to do the hacking in a police station (that’s the “kiosk” blether) is instructive. The Cellebrite kit can be used on a tablet anywhere. Clearly Police Scotland wants to give the impression that any hacking will be done under strict supervision.  It would not do to have some pesky lawyer like Aamer Anwar disputing the legality of the info search.
*
Also, it is clear that both the Scottish Government and Police Scotland are sensitive to how the new tech might be perceived because they held up its introduction for frontline use for two years, in order to decide everything is legal.  Ultimately, they have decided that use of the Cellebrite technology – provided there is a search warrant and reasonable belief the suspect may have committed a crime – lies inside existing law.
*
PRESSURE ON CELLEBRITE
*
What makes this a fresh story is that public opinion in other parts of the world is forcing Cellebrite to curb sales of its equipment to authoritarian regimes.  This pressure results from the fact that the Cellebrite tech is so sophisticated and so easy to use that essentially it gives security and law enforcement agencies unlimited access to your computer files and data.  Any limits on how the technology is employed in specific instances are wholly in the minds of the user. Cellebrite tech is a privacy nightmare. Locking up 41 kits in carboard boxes in a police station is hardly reassuring.
*
For instance, during pilot tests of the system in Edinburgh and Stirling from 2016 to 2018, police searched the mobile phones of suspects, witnesses and victims without the required scrutiny and impact assessments.  People whose phones were searched were not made aware that their devices were being hacked or (in the cases of witnesses and victims) asked for permission. This makes me worry about the real attitude of Police Scotland.
*
Meanwhile, in the rest of the word, there is growing opposition to Cellebrite selling its tech to anybody with a chequebook.  Last month Cellebrite was forced to agree to stop selling services and products to China.  Partly this was due to US sanctions against Beijing and partly it was the result of a letter signed by 37 Israeli human rights activists, who revealed that Cellebrite equipment was used to hack the mobile phones of over 4,000 Hong Kong democracy protestors. An online petition calling on Cellebrite to halt sales to the Hong Kong Police gathered over 36,000 signatures.
*
I’m not saying Police Scotland should be banned from having the proper equipment to solve crimes in a digital age.  However, fire is a good servant and a bad master. And Cellebrite technology is the digital equivalent of fire. As the Hong Kong example shows, in the wrong hands this kit it is a tool for oppression and the crushing of dissent.
*
ISRAEL’S CYBER SECURITY INDUSTRY
*
Cellebrite is part of the huge ecology of Israeli cybersecurity and private spying companies – over 750 of them, employing more than 20,000 people. Israeli economists refer to Israel as “the start-up nation” but the truth is that the Israel’s own security needs (passive and offensive) have created a huge internal demand that has stimulated the creation of local cybersecurity companies. This plus the steady supply of trained engineers and entrepreneurs with close personal links to the Israeli security agencies has spawned a massive industrial sector that now dominates the global marketplace for software and hardware to hack phones and computers, de-encrypt their contents, mine data for intelligence or criminal information, and jam electronic communications.
*
Foreign direct investment is flowing into Israel to boost company start-ups and innovation in the cybersecurity sector.  Between 2014 and 2018, Israeli cybersecurity companies raised $4 billion in 501 fundraising rounds, and in 2017 exported goods and services valued at $6 billion, according to a report by the Israel National Cyber Directorate.
*
Last year, over 8,000 people from 80 different countries attended the annual Israeli cybersecurity industry convention at Tel Aviv University.  Speakers included Prime Minister Netanyahu; Mossad (external security) chief Yossi Cohen; Mike Rogers, former director of the NSA (US equivalent of GCHQ); and Christopher Krebs, current Director of the US Cybersecurity Agency. Anyone thinking there are any Chinese Walls between the Israeli cybersecurity industry, the Israeli government and security organs, or indeed the US security agencies should go and boil their heid.
*
This year’s conference had a certain Ciaran Martin as a prominent speaker.  When I read that my paranoia meter went off the dial. Mr Martin is head of the UK’s National Cyber Security Centre. Before that he was Director General for Cyber Security at GCHQ, i.e. our chief cyber spook.  However, prior to his role at GCHQ, Martin spent eight years in the Cabinet Office.  Among his jobs there was Constitution Director.  As such, Martin was the lead official negotiator for Prime Minister David Cameron and the Secretary of State for Scotland in the run-up to the Edinburgh Agreement in 2012. Also, during his time in the Cabinet Office, Martin was Director of Security and Intelligence.  Yes, a spook’s spook leading the preparations for the 2014 independence referendum and now in-with-the-bricks at Israel’s premier cybersecurity shindig.
*
As for Cellebrite, it has just signed an initial deal with Abu Dhabi worth $3 million.  This is the first commercial fruit of Abu Dhabi recognising Israel. Israeli media sources said the deal was brokered by former senior Mossad spook David Meidan.
**

Comments (7)

Join the Discussion

Your email address will not be published. Required fields are marked *

  1. Anndrais mac Chaluim says:

    I think that, like the Death of God, we just need to get used to the demise of ‘the private’.

    New technology is surely returning our private lives to the public sphere. And ineluctably so, given that technologies can’t be uninvented.

    The non-Canutean political task is to ensure that our lives become part of the commons rather than prey to the exclusive use of powerful individuals or corporations, including the state. To preclude the latter, everyone’s data, including yours and mine, needs to be freely and universally available in a cloud-regime of absolute transparency. Because then it becomes worthless as a commodity and becomes valuable only in its social use.

    No more secrets any more.

    1. Michael says:

      Mac Chaluim, that is a terrifying and very misguided idea at both the macro and micro level. Big data is the life blood of algorithmic analysis and the production of actionable information. You would massively increase the already horrific power imbalances in the world in favour of those with the resources and insensitives to analyse it and action significant insights. And you would make individuals highly personally vulnerable. This is obvious, or do you like the way China is going? Just one example of your idea in action !

      I know we are told that this is the age of stupid… but come!

      1. Anndrais mac Chaluim says:

        Did you miss the bit about the political task of ensuring that our lives become part of the commons, rather than prey to the exclusive use of powerful individuals or corporations, including the state, by making everyone’s data, including yours and mine, freely and universally available in a cloud-regime of absolute transparency? Because then it becomes worthless as a commodity and becomes valuable only in its social use?

    2. Alasdair Macdonald says:

      I agree to a fair extent with the view you are expressing here in the context of the concept of ‘the commons’. For example, I think that the tax returns of all of us should be available for inspection on request. Things like the Land Register for Scotland have been allowed – wilfully, in my opinion – to fall into desuetude, in order to hide who actually owns the land.

      1. Anndrais mac Chaluim says:

        I think it’s fundamentally unjust to pick and choose whose data should be included in the commons and whose should be enclosed and excepted as ‘private property’.

  2. Richard Easson says:

    Can I presume that being able to open all the boxes means you also have the ability to keep your own closed (if you have developed the technology?)
    So while everyone accepts the system is blown, it actually isn’t.
    And since no-one has mentioned it, is it not coincidental that Israel provides these services when any criticism of them will be met with instant claims of you know what.

    1. Anndrais mac Chaluim says:

      Yes. we can presume that. When it comes to technology, the innovators are always at least one step ahead of the regulators. There will always be a digital ‘somewhere’ to hide.

Help keep our journalism independent

We don’t take any advertising, we don’t hide behind a pay wall and we don’t keep harassing you for crowd-funding. We’re entirely dependent on our readers to support us.

Subscribe to regular bella in your inbox

Don’t miss a single article. Enter your email address on our subscribe page by clicking the button below. It is completely free and you can easily unsubscribe at any time.