Cellebrite, the Israeli firm renowned for its high-tech mobile forensic tools, is facing intense scrutiny over its inconsistent response to allegations of human rights abuses. While the company famously severed ties with Serbian authorities last year following reports of spyware misuse, it has dismissed recent, similar accusations involving governments in Jordan and Kenya.
The Serbia Precedent vs. Current Allegations
In 2023, Cellebrite publicly terminated its contract with the Serbian police. The decision followed a technical report by Amnesty International, which provided evidence that local intelligence agencies used Cellebrite tools to infiltrate the devices of a journalist and an activist. This move was widely viewed as a rare instance of corporate accountability in the surveillance tech industry.
However, the company’s stance has shifted. Researchers at The Citizen Lab recently published investigations alleging that authorities in Kenya and Jordan utilized Cellebrite technology to unlock the phones of political activists and protesters while they were in custody.
Evidence of Digital Fingerprints
The Citizen Lab’s conclusions rely on identifying specific software traces on the victims’ devices. These traces serve as a “high confidence” signal that Cellebrite’s proprietary tools were deployed. The application in question has been previously identified in malware repositories and carries digital certificates directly linked to Cellebrite, a connection further corroborated by independent cybersecurity researchers.
Cellebrite’s Evasive Response
When pressed on the discrepancy between the Serbian case and the current allegations, Cellebrite spokesperson Victor Cooper dismissed the comparison. “The two situations are incomparable,” Cooper stated, arguing that “high confidence is not direct evidence.”
Despite previous claims that “any substantiated use of our tools in violation of human rights or local law will result in immediate disablement,” the company has declined to launch formal investigations into the findings from Jordan and Kenya. Critics, including Citizen Lab researcher John Scott-Railton, are calling for greater transparency.
“We urge Cellebrite to release the specific criteria they used to approve sales to Kenyan authorities and disclose how many licenses have been revoked in the past,” Scott-Railton noted. “If Cellebrite is serious about their rigorous vetting, they should have no problem making it public.”
A History of Disengagement
Cellebrite, which provides services to over 7,000 law enforcement agencies globally, has a complicated history regarding its client list. In previous years, the company ended sales to Bangladesh, Myanmar, Russia, and Belarus. Additionally, it halted operations in Hong Kong and China, citing regulatory changes. As accusations continue to mount, the company’s refusal to address the latest reports raises questions about the consistency of its ethical oversight framework.