Cellebrite said it cut off Russia, but Russia used its tools anyway
4 hours ago
- #digital rights
- #surveillance technology
- #government hacking
- Russian authorities used Cellebrite technology to hack the phone of opposition figure Andrey Pivovarov in June 2021, despite Cellebrite announcing it would cut ties with Russia in March 2021.
- The incident highlights the challenge for tech companies in controlling or disabling their surveillance tools after sale, as former customers can continue abusing them even after licenses are revoked.
- Cellebrite claims it terminated all sales and services to Russia in March 2021, and any post-cutoff use is unauthorized, but it did not address whether it asks customers to dismantle sold tools or implement remote-disable features.
- Researchers advocate for Cellebrite to remotely disable tools upon credible abuse reports and add cryptographic watermarks to trace data extraction, to prevent misuse and enhance accountability.
- Pivovarov, former director of Open Russia, was sentenced to prison but later freed in a 2024 prisoner exchange; forensic evidence and court documents confirmed Cellebrite UFED was used to extract his WhatsApp and Telegram messages.