Human rights advocates filed a new court petition against the Israeli phone hacking company Cellebrite, urging Israel’s ministry of defense to halt the firm’s exports to Hong Kong, where security forces have been using the technology in crackdowns against dissidents as China takes greater control.
In July, police court filings revealed that Cellebrite’s phone hacking technology has been used to break into 4,000 phones of Hong Kong citizens, including prominent pro-democracy politician and activist Joshua Wong. He subsequently launched an online petition to end Cellebrite’s sales to Hong Kong, which gained 35,000 signatures.
“Defense Ministry officials must immediately stop the export of the Cellebrite system which is used for infringement on privacy, deprivation of liberty and freedom of expression, and political incrimination of Hong Kong citizens under the new National Security Law,” Wong wrote in a Facebook post urging Israel to stop Cellebrite’s exports to Hong Kong.
Hong Kong’s new security law, which increases Beijing’s control of the city, defines pro-democracy protests as terrorism, severely limits free speech, and reduces much of the autonomy that the city once had from China. As of May, the United States no longer considered Hong Kong autonomous from the mainland.
Hong Kong activists say that Cellebrite’s tech is “used to inflict terrorism on the city's residents and to attack demonstrators and pro-democracy activists.” Israeli human rights advocates say exports to Hong Kong police should legally have stopped in 2019 when anti-democratic crackdowns grew dramatically.
Now the Israeli petition in court aims to put legal and political pressure on the technology firm, which is based in Tel Aviv.
“I’m asking the minister of defense to stop the Cellebrite exports to Hong Kong,” says Eitay Mack, the human rights lawyer who filed the petition in the district court in Tel Aviv. “I’m also saying that, as far as I know, they never got an export license. The ministry of defense needs to enforce the law from companies with licenses, but also they need to do oversight on companies working without a license.”
Cellebrite is at the center of the global encryption debate. Apple’s and Google’s devices enable strong encryption, which instantly afforded more security to users of iPhones and Android systems. Law enforcement officials who argue that encryption means criminals are “going dark” use products like Cellebrite’s to break into phones and access and organize all the data inside. Cellebrite says it can “unlock devices with ease” by finding vulnerabilities in targeted smartphones and exploiting them. Most often, that means police and security forces unlocking phones of criminal suspects—a category that now includes pro-democracy advocates in Hong Kong.
The company has government customers spanning the United States, Europe, and Asia. In 2019, it boasted that it could unlock any iPhone and most Android phones.
Cellebrite’s powerful technology is sold to police and security forces around the world, and there are big questions over what democratic oversight and regulation of the company actually exists. Cellebrite would typically have to get an export license from Israel’s economic or defense ministry. Officials at the economic ministry say they have not granted such a license, and the defense ministry has remained quiet on Cellebrite’s sales. The agency, which has a policy of not commenting on specific companies it regulates, has not responded to Mack’s inquiries, or to requests for comment for this article.
“The system of regulation is not working,” says Mack, who argues that the dramatic changes in Hong Kong now require the ministry of defense to regulate Cellebrite and stop all sales there.
In addition to publicly pressuring the Israeli government, the petitioners want Cellebrite’s employees to take notice.
“I hope Cellebrite will have a rebellion inside the company,” Mack says. “The workers inside the company didn’t join to help the Chinese dictatorship.”
Cellebrite’s business is global, and Hong Kong is not the only problem point. In Belarus, widespread pro-democracy protests have been met with aggressive crackdowns by dictator Alexander Lukashenko. Mack argues that Israel must stop Cellebrite from selling its technology to the Belarussian government.
The company first made global headlines following reports that its technology was used to hack into the iPhone of the San Bernardino terrorists following the deadly attack in 2015. The company denied involvement. Cellebrite did not respond to a request for comment.
Russia hacked an American satellite company one hour before the Ukraine invasion
The attack on Viasat showcases cyber’s emerging role in modern warfare.
Chinese hackers exploited years-old software flaws to break into telecom giants
A multi-year hacking campaign shows how dangerous old flaws can linger for years.
Transforming the automotive supply chain for the 21st century
Cloud-based tech solutions are helping manufacturers manage a new ecosystem of suppliers with greater agility and resilience.
How censoring China’s open-source coders might backfire
Many suspect the Chinese state has forced Gitee, the Chinese competitor to GitHub, to censor open-source code in a move developers worry could obstruct innovation.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.