This week, The Palestine Laboratory Podcast drops its final episode for all subscribers, focusing on how technology used by Israel in its occupation and siege of Gaza is exported worldwide to democratic and authoritarian governments alike.

Watch Antony Loewenstein's interview on Counter Points, and subscribe to Drop Site News's brand new channel wherever you get your podcasts to hear The Palestine Laboratory Podcast. Paid subscribers to Drop Site get early access to the last episode. Donate today and help us continue to boldly and independently speak truth to power.

Today, we have a story by journalist Georgia Gee highlighting one of those companies, Cellebrite. Since the war on Gaza, Cellebrite has reportedly been assisting the Israeli government with locating the phones and locations of Hamas operatives. They are using that success to leverage contracts with police departments and federal in the U.S.

— Ryan Grim

An Israeli surveillance-tech company that has played a central role in the war in Gaza is poised to entrench itself as a major surveillance contractor for the U.S. government. That firm, the Tel Aviv-based Cellebrite, reportedly allowed the FBI to use an unreleased version of its technology to help the agency break into the phone of Thomas Matthew Crooks, the man who attempted to assassinate Donald Trump, in 40 minutes—a feat that, ordinarily, could take years.

Cellebrite has amassed a wealth of experience in working with foreign clients. As recently as 2021, the firm was a favored digital-forensics provider for authoritarian regimes around the world. In Hong Kong, Chinese officials used its technology to hack into the phones of pro-democracy demonstrators, The Intercept reported. According to the Committee to Protect Journalists, police in Botswana have used it to crack the phones of detained journalists. And in Russia, authorities used its technology to hack opposition figures, Haaretz found.

In Israel, The Jewish News Syndicate reported that Cellebrite helped the government unlock the phones of Hamas operatives who took part in the attacks of October 7. This past summer, Cellebrite allegedly received funding from the Pentagon to develop a product to help identify and map Hamas operatives in Gaza, Calcalist, an Israeli news site, reported earlier this year. The Israeli government did not respond to a request for comment.

Cellebrite did not respond to repeated requests for comment on its work for authoritarian governments. In public statements, the firm claims it has halted such work and seeks to limit the spread of its technology. Yet surveillance experts continue to raise the alarm about Cellebrite’s privacy protections as the company’s footprint grows.

In June, Taylor Applegate, a former student at Stanford University Law School, published an article in the Stanford Law and Policy Review delving into the constitutional questions raised by the rapid spread of advanced mobile device forensic tools like Cellebrite's. “Industry leader Cellebrite has advertised that its tools can extract and analyze at least 181 Android apps and 148 iPhone apps,” Applegate writes, arguing that they gave local law enforcement agencies access to break into and extract “the sum of an individual's private life.” Cooper Quintin, a security researcher at the Electronic Frontier Foundation, said law enforcement agencies across the U.S. use Cellebrite technology. “Almost every police department in the U.S. has Cellebrite,” he said. “They are so ubiquitous.”

Days after assisting the FBI with the Trump shooter's phone, Cellebrite announced the creation of a U.S.-based subsidiary through the acquisition of Cyber Technology Services, an American cybersecurity firm licensed to work on federal projects with maximum security clearance. Using that license, Cellebrite aims to win federal contracts for classified investigative and intelligence work, hoping to double this business within the next three to five years, Carmil said on an earnings call in August. “Until the move was made we were seen as a foreign company,” Carmil said to Israeli news site The Marker in September, commenting on the creation of the subsidiary. “This will make it easier for us to open doors and gain value among clients in the American legal system, as well as in security, intelligence, and other civil-federal agencies.”

The U.S. is not the only major democratic country to boost its work with Cellebrite. Alongside major existing contracts, this year, seven U.K. government agencies signed deals with the company, records show. They include three police agencies, London’s city authority, and the U.K. foreign office, which have spent $370,000 on Cellebrite’s services.

Israel has long been an exporter of digital forensics technologies made by companies like the NSO group and Candiru. In November of 2021, the Biden administration placed the two companies on an “entity list” after finding they had supplied spyware to foreign governments used to “maliciously target” the phones of dissidents, human rights activists, and journalists. While on this list, they are barred from purchasing components from U.S.-based companies without first receiving a special license.

While some analysts have compared Cellebrite to the NSO Group, there is a distinction: NSO Group sells its wares to governments to spy clandestinely on journalists and other civilians while skirting legal protocol, while “Cellebrite works in the legitimate world of the police force, whose abilities are closely controlled,” Carmil told Israeli media in 2020.

Privacy experts disagree. “As long as their extraction tool has the ability to bypass mobile phone security, that is basically hacking,” said Dr. Ilia Siatitsa, program director at Privacy International. “It forces the system to behave in a manner that is not predicted by the manufacturer, user or owner of that system.” 

“Genuinely afraid” 

Founded in 1999 as a consumer-technology company, Cellebrite shifted to mobile forensics during the smartphone boom of the 2000s. Starting in 2004 under Carmil's leadership, the company began recruiting skilled hackers from Unit 8200, the Israeli intelligence agency known as a finishing school for spyware firms like NSO.

Cellebrite eventually began working with the FBI and with U.S. immigration authorities. In 2007, it debuted the Universal Forensic Extraction Devices (UFED), essentially a small, portable computer capable of extracting all the content of a cell phone that soon became popular among law enforcement agencies worldwide.

In 2016, the Israeli media credited Cellebrite with helping the FBI crack the phone of the suspected perpetrator of the mass shooting in San Bernardino, California—a report that later proved to be false. Nevertheless, fueled by positive press coverage, in 2019 Cellebrite signed a $30-million contract with Immigration and Customs Enforcement for use of its UFEDs.

Meanwhile, Cellebrite’s products had begun proliferating across the world.

In Myanmar, authorities used Cellebrite’s technology to hack the phones of two Reuters journalists who had uncovered evidence of a Rohingya massacre, convicting them in 2018 on charges of breaching a law barring the publication of sensitive government information. While they were sentenced to prison for seven years, they were later released in 2019 under a presidential amnesty.

Cases like the Myanmar episode are not unique. In April 2020, officials in Botswana attempting to censor information about the spread of Covid-19 arrested a journalist named Oratile Dikologang, accusing him of posting on Facebook about the pandemic and local politics. After detaining him and allegedly physically assaulting him, police used UFED to extract thousands of his messages, images and audio files from his phone, according to an affidavit that they submitted to court.

Cellebrite’s technology enabled police to retrieve information on Dikologang’s sources. He alleged that some had been threatened. He has still not received his phone back and has denied the allegations against him. “I was genuinely afraid knowing that they could access my phone and all the sensitive information,” Dikologang told Drop Site News. 

In 2021, Cellebrite told The New York Times it had stopped selling its technology to Myanmar in 2018. It also said that it did not renew the relevant licenses following the Reuters case. But Khin Maung Zaw, the lawyer who represented the Reuters reporters, claimed that police in Myanmar had continued to use Cellebrite at least into 2020. “To my knowledge, they use Cellebrite to scan and recover data from cellphones,” he said.

A Past in "the Dictatorship Market"

In July 2021, two dozen civil-society groups signed a letter to Cellebrite’s stakeholders urging them to block an attempt by the company to go public via a special purpose acquisition company, a deal that was expected to put its post-merger valuation at some $2.4 billion.

In response, Cellebrite submitted documents to the U.S. Securities and Exchange Commission pledging to cease its business with repressive regimes like those in Bangladesh, Belarus, Russia, Venezuela, and elsewhere, and form an ethics advisory committee to evaluate misuse of its products. But a subsequent investigation by The Intercept in August 2021 found that officials in China were still purchasing Cellebrite technology through online resellers like eBay, even after the company deregistered its subsidiary in the country.

Cellebrite said in a statement at the time that it had instituted “a strong compliance framework” so that its sales decisions would take into consideration “a potential customer’s human rights record and anti-corruption policies.” The company also said that it had created controls to ensure its “technology is used appropriately in legally sanctioned investigations.” Nations where Cellebrite had ended its agreements, the company added, “no longer receive active product support or have their licenses renewed”—restrictions that would also apply to brokers that resold its products.

Tom Malinowski, a former U.S. representative and human-rights advocate, was involved in the fight not to allow Cellebrite to go public. “Companies like this should have to choose between the democracy market and the dictatorship market,” said Malinowski, describing Cellebrite’s past work for controversial governments. “If they choose the dictatorship market they should be sanctioned or boycotted out of the business.” 

In the end, the outcry against Cellebrite had little effect. In August 2021, the company announced it had gone public.

Two days before the announcement of NSO’s placement on the entity list, Alpine Group, a government affairs consulting firm, registered with the U.S. Senate to lobby on behalf of Cellebrite. Since then, the firm has spent nearly $1.7 million on lobbying and expenses surrounding issues on digital forensics and data privacy, according to filings. Last year, Cellebrite’s business with the federal government peaked at $15.3 million.

"Meaningful deployments"

In Cellebrite’s August earnings call, Carmil explained that the new subsidiary, dubbed Cellebrite Federal Solutions, would allow his company to more directly engage with federal agencies and “drive new meaningful deployments.”

To the Electronic Frontier Foundation’s Quintin, that’s concerning. “Now they have all this data from phones—what happens to that?”

Cellebrite has hired a new board for Cellebrite Federal Solutions. It is composed of experienced former U.S. government who have worked for the Army Special Operations Command, the Department of Homeland Security, and the FBI’s 9/11 Review Committee.

So far in 2024, the U.S. government has committed around $18 million to Cellebrite, up from $15 million that agencies had spent via contracts with the firm in fiscal year 2023. In addition to federal business, thousands of local and state and agencies across the U.S. also use the firm’s technology.

In his interview with The Marker, Carmil vividly described his hopes for the subsidiary. “The vision is that when a public or private investigative body thinks of a digital investigative platform, the name Cellebrite will immediately pop into their head.”

Leave a comment

Georgia Gee is an investigative journalist covering human rights issues, environmental abuse, and surveillance. Her work has appeared in print, podcast, and documentaries, including for The Intercept, Foreign Policy and the OCCRP.