ICE Tops Its Old Record, Spends Another $820,000 On Cellphone-Cracking Tools
from the putting-Grayshift-execs'-kids-through-college dept
As consecutive heads of the FBI have whined about the general public's increasing ability to keep their devices and personal data secure with encryption, a number of companies have offered tools that make this a moot point. Grayshift -- the manufacturer of phone-cracking tool GrayKey -- has been selling hundreds of thousands of dollars-worth of devices to other federal agencies not so insistent the only solution is backdoored encryption.
ICE is one of these agencies. It led all federal agencies in phone-cracking expenditures in 2018. It spent $384,000 on these tools last year. It wasn't just ICE. Other agencies like the DEA and [checks notes] the Food and Drug Administration have also purchased these devices. But ICE led the pack, most likely because ICE -- along with DHS counterpart CBP -- are engaging in more suspicionless, warrantless device searches than ever.
When you don't have a warrant or consent, a third-party tool that can undermine device encryption is the next best thing. ICE must have a lot of phones to search -- or plans on amping up its search count -- because it's more than doubled its spending on GrayKey devices alone. Thomas Brewster of Forbes has more details.
The U.S. Immigration and Customs Enforcement (ICE) splurged $820,000 on tech made by Grayshift. The Atlanta-based company makes the GrayKey, previously described as the world's best iPhone hacking tech for police and intelligence agents, allowing them to break passcodes and retrieve information from inside Apple devices.
The contract, signed just last week, takes the immigration department's spend with the company to over $1.2 million, following a $384,000 Grayshift deal last year. That's the most spent on the superpowered iPhone hacking service by any government department, local or federal, looking across public records. The deal also marks Grayshift's biggest publicly known contract to date, according to a federal procurement database and state-level records. Its previous biggest, of $484,000, was with the U.S. Secret Service.
Maybe ICE just didn't want the Secret Service to top the list of encryption-breaking expenditures for this fiscal year. Or, more likely, it's seizing devices at a record pace and can't keep up with the rising tide of locked phones it's created.
The problem with this isn't that the government has access to devices like this. It's that ICE (and CBP) are operating in a super-gray area, legally-speaking. While courts have tended to allow warrantless searches under the border exception, the agencies themselves have only made this worse by refusing to enact meaningful guidelines that would curb abuses and careless handling of peoples' devices and data. They've created a "wild west" atmosphere every place someone could cross a border, which includes a number of inland international airports.
Tools that make it easier for the government to access peoples' papers and communications without a warrant isn't good news for anyone. It's a safe bet that if the judicial and political climate doesn't change, 2020 will bring another record ICE expenditure next year.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cellphone cracking, encryption, ice, phone cracking
Companies: grayshift
Reader Comments
Subscribe: RSS
View by: Time | Thread
Gray area
Huh, a 3rd party creating methods to circumvent software protections. Why does this sound familiar?
[ link to this | view in chronology ]
Illegal searches are still illegal...
...but will the courts recognize that illegality?
I sure hope that when they show up in court with whatever 'evidence' they find, they are asked for the warrants that were issued for their searches, regardless of where those searches took place, or where the technology was confiscated. Any warrantless searches, and all the 'fruit of the poisonous tree' evidence should be tossed, not to mention those conducting those warrantless searches charged for violating the rights of the owners of that technology.
Constitution free zones my ass.
[ link to this | view in chronology ]
Sounds like they are getting off cheap. I would have thought millions.
[ link to this | view in chronology ]
Actual search count or published search count? If ICE is anything like the FBI, accurately counting locked phones is a harder problem than breaking into them.
[ link to this | view in chronology ]
Only 1.2 million. I wonder what we get for that? Must be something good. I feel so safe now.
[ link to this | view in chronology ]
The only protection we'll soon have from the police/surveillance state will be hackers able to disrupt their systems. Neither the political nor the (supposedly apolitical) judicial system are up to the task.
[ link to this | view in chronology ]
After ICE heard that requesting suspects to unlock their devices was in violation of the 5th and 4th Amendments, I think we should all applaud ICE for respecting the court's decision by spending $820,000 on protecting our rights!
[ link to this | view in chronology ]
Yes, it is. Selling exploits or devices based on them to ANYBODY should be illegal. Failing that, the owners and staff of these companies should be blacklisted and treated as total pariahs in the tech and security communities.
If you know of a way to manipulate a phone into giving you the user's data without the user's consent, then the ONLY ethical thing to do is either to disclose it to the manufacturer so the manufacturer can fix it, or disclose it to the public so the public can stop using the phone until the manufacturer fixes it.
[ link to this | view in chronology ]
Re:
Except that:
The DMCA already makes that very thing illegal.
The fact that it happens anyway is the only reason people are able to use the hardware they bought after the manufacturer stops supporting it, the online service it depends on goes offline, the manufacturer decides to break or block functionality, etc.
Blacklists won't solve your issue. If anything it's ignoring the fact that this practice exists and will only force it further underground where identities are harder to pin down, and actual injustices are harder to track.
[ link to this | view in chronology ]
Melt ICE.
[ link to this | view in chronology ]