Redaction Failure Shows Grayshift Is Swearing Cops To Secrecy About Its Phone-Cracking Tech

from the paying-for-the-privilege-of-being-told-to-shut-up dept

Law enforcement loves its new tech advances. It also hates to talk about them, operating under the assumption that the business of serving the public isn't the public's business. When pressed, officials will say something about staying one step ahead of criminals. But more often the opacity is nothing more than antagonism directed at people who expect transparency from those cashing publicly funded paychecks.

In some cases, this antagonism extends to the courtroom. The desire to keep secret methods secret upends the evidentiary process. When evidence can't be laundered through parallel construction, prosecutors may drop cases if it means discussing cop tech in court. This includes devices like cell tower simulators, which have been publicly discussed for years.

Added to the mix are non-disclosure agreements foisted on agencies by government contractors. Some of these NDAs go so far as to demand agencies route public records requests through them. The FBI has occasionally pitched in, telling prosecutors to drop cases rather than discuss "sensitive" tech.

This opacity isn't just for Stingray devices. It also applies to cellphone-cracking tech sold by a handful of companies. Public records obtained by Motherboard show Grayshift -- the maker of GrayKey -- is trying to keep information about its products out of the public's hands. In a case of apparent redaction failure, the documents provide a few more details about GrayKey… as well as Grayshift's demands that this information remain secret.

"Without limiting and foregoing, you acknowledge and agree that you will not disclose the existence of any GrayKey features and solutions designed to circumvent USB Restricted Mode released in iOS 11.4.1 and updated throughout future iOS versions made available to you on or about the date hereof," one section reads.

The original document redlines the part about the Restricted Mode, suggesting this was supposed to be redacted before releasing the confidentiality agreement to the public. Unfortunately for the Illinois State Police, this slipped out.

So did some other stuff from other law enforcement agencies. Motherboard's quest for Grayshift documents also turned up a request to create an exception in public transparency laws for this specific law enforcement tech.

"I am requesting a public records exemption to disclosure for the purchase of the GrayKey system for the Digital Forensics Lab," a City of Orlando law enforcement official wrote to the chief of police in 2018, according to a copy of the letter obtained by Motherboard. "This will prohibit Purchasing from posting notice of the purchase and disclosing acquisition of this system. This will assist in protecting our forensic examination techniques, and capabilities."

This isn't the way to handle this. Agencies can attempt to withhold documents by citing exceptions, but it's up to the state Attorney General (and the courts if a lawsuit ensues) to make the final call. Law enforcement officials shouldn't be asking for new exceptions or blanket application of existing exceptions. They also shouldn't be asking to undermine part of the public procurement process by seeking to withhold even more information from the public.

As for Grayshift, it says there's nothing wrong with these confidentiality agreements. It says they only apply to "intellectual property," not the mere existence or use of the devices. So, there's no reason to redline information about tech advancements, since it's not technically intellectual property, but rather just an undetailed discussion about one application of its tech. Grayshift also says the NDAs are not meant to be read as affirming the withholding of evidence (or the source of evidence) in prosecutions. But there's no telling how its customers are interpreting the agreement and -- given the history of other tech utilized by law enforcement -- it's safe to say someone's going to believe this means cases should be dropped or evidence laundered if it involves tech they haven't discussed publicly.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: accountability, foia, graykey, nda, police tech, secrecy, surveillance, transparency
Companies: grayshift