Cellebrite's Russia Ban Failed to Stop Tool Misuse
Original: Cellebrite said it cut off Russia, but Russia used is tools anyway
Why This Matters
Exposes the difficulty of controlling deployed surveillance tech and accountability gaps in government-facing tech companies' enforcement mechanisms.
Israeli forensics firm Cellebrite claimed it cut ties with Russia in March 2021, but researchers found Russian authorities used its phone-hacking tool against opposition politician Andrey Pivovarov in June 2021, raising questions about tech company control over deployed tools.
The Citizen Lab, a digital rights group at the University of Toronto, discovered that Russian government investigators used Cellebrite phone-hacking technology to breach the iPhone of Andrey Pivovarov, a prominent human rights dissident and opposition politician, in June 2021. This occurred three months after Cellebrite announced it would immediately cease selling its technology to Russian government customers. Cellebrite, an Israeli company with headquarters in Virginia that serves governments worldwide including the United States, claimed on its official website that as of March 2021, it could "stop the device from functioning or receiving software updates" for cut-off customers. However, this mechanism apparently did not function in Pivovarov's case. Eitay Mack, an Israeli human rights lawyer campaigning against surveillance technology makers, stated the situation demonstrates a fundamental flaw in Cellebrite's approach. He noted that ceasing sales and revoking software licenses does not prevent former customers from continuing to abuse previously deployed technology. Mack further highlighted that Cellebrite refuses to disclose whether it requires customers to dismantle hacking tools sold to them, a critical oversight in its cut-ties policy.