Redaction Failure Shows Grayshift Is Swearing Cops To Secrecy About Its Phone-Cracking Tech
from the paying-for-the-privilege-of-being-told-to-shut-up dept
Law enforcement loves its new tech advances. It also hates to talk about them, operating under the assumption that the business of serving the public isn't the public's business. When pressed, officials will say something about staying one step ahead of criminals. But more often the opacity is nothing more than antagonism directed at people who expect transparency from those cashing publicly funded paychecks.
In some cases, this antagonism extends to the courtroom. The desire to keep secret methods secret upends the evidentiary process. When evidence can't be laundered through parallel construction, prosecutors may drop cases if it means discussing cop tech in court. This includes devices like cell tower simulators, which have been publicly discussed for years.
Added to the mix are non-disclosure agreements foisted on agencies by government contractors. Some of these NDAs go so far as to demand agencies route public records requests through them. The FBI has occasionally pitched in, telling prosecutors to drop cases rather than discuss "sensitive" tech.
This opacity isn't just for Stingray devices. It also applies to cellphone-cracking tech sold by a handful of companies. Public records obtained by Motherboard show Grayshift -- the maker of GrayKey -- is trying to keep information about its products out of the public's hands. In a case of apparent redaction failure, the documents provide a few more details about GrayKey… as well as Grayshift's demands that this information remain secret.
"Without limiting and foregoing, you acknowledge and agree that you will not disclose the existence of any GrayKey features and solutions designed to circumvent USB Restricted Mode released in iOS 11.4.1 and updated throughout future iOS versions made available to you on or about the date hereof," one section reads.
The original document redlines the part about the Restricted Mode, suggesting this was supposed to be redacted before releasing the confidentiality agreement to the public. Unfortunately for the Illinois State Police, this slipped out.
So did some other stuff from other law enforcement agencies. Motherboard's quest for Grayshift documents also turned up a request to create an exception in public transparency laws for this specific law enforcement tech.
"I am requesting a public records exemption to disclosure for the purchase of the GrayKey system for the Digital Forensics Lab," a City of Orlando law enforcement official wrote to the chief of police in 2018, according to a copy of the letter obtained by Motherboard. "This will prohibit Purchasing from posting notice of the purchase and disclosing acquisition of this system. This will assist in protecting our forensic examination techniques, and capabilities."
This isn't the way to handle this. Agencies can attempt to withhold documents by citing exceptions, but it's up to the state Attorney General (and the courts if a lawsuit ensues) to make the final call. Law enforcement officials shouldn't be asking for new exceptions or blanket application of existing exceptions. They also shouldn't be asking to undermine part of the public procurement process by seeking to withhold even more information from the public.
As for Grayshift, it says there's nothing wrong with these confidentiality agreements. It says they only apply to "intellectual property," not the mere existence or use of the devices. So, there's no reason to redline information about tech advancements, since it's not technically intellectual property, but rather just an undetailed discussion about one application of its tech. Grayshift also says the NDAs are not meant to be read as affirming the withholding of evidence (or the source of evidence) in prosecutions. But there's no telling how its customers are interpreting the agreement and -- given the history of other tech utilized by law enforcement -- it's safe to say someone's going to believe this means cases should be dropped or evidence laundered if it involves tech they haven't discussed publicly.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: accountability, foia, graykey, nda, police tech, secrecy, surveillance, transparency
Companies: grayshift
Reader Comments
Subscribe: RSS
View by: Time | Thread
Obvious Law Patch
New law to fix this crap: public employees and agencies cannot be held to nondisclosure agreements as it would usurp their power of their bosses, the voters. Try to declare crucial details of how you are performing your job "confidental" to your boss and you will be tossed out the door so fast your ass will be in orbit.
[ link to this | view in chronology ]
Your honor, this case should be dismissed.
They entered into an agreement that states they can't tell us what they used or how it works.
How are we supposed to test the veracity of this?
They might have found something, but they can't tell us how they arrived there or if they created the trail afterwards.
[ link to this | view in chronology ]
Public Records Exceptions in Florida
In Florida, it can be tougher than that. Depending on whether the requester knew how to make his request, the agency is required to specify the statutory exception and why they believe it applies. This applies not only to entire records, but to redactions within records.
Since this request is from Orlando, the Florida law applies. And, as observed in the original article, the person requesting a budget appropriation does not get to ask for a new exemption. This holds even if he wants the preferred bidder to get a no-bid contract.
Sometimes an agency can stonewall a request long enough for a coin-operated legislature to create a new exemption, which can then be applied retroactively. That would be the Dale Earnhardt situation.
[ link to this | view in chronology ]