Spy firms push iPhone-hacking tools to trace coronavirus, raising privacy concerns

By

cellebrite.flicker.jpg
Systems like that from Cellebrite are now being pushed to track COVID-19, but have serious privacy concerns.

Multiple companies that created software to hack into mobile phones now offer versions of their products to trace the spread of COVID-19, according to a published report Tuesday.

Very different from contact-tracing technologies that focus on finding the virus but at the same time protect privacy, these new systems would not need a patient’s consent to gain entry into the device.

For instance, Cellebrite, a firm known for producing iPhone-hacking tools, is aggressively pitching its technology to authorities tracking the spread of COVID-19, according to a Reuters report. When someone tests positive, the technology reportedly can collect the individual’s location and contacts to help “quarantine the right people,” according to a Cellebrite email pitch to a police force in India.

While this normally would happen with a user’s consent, Cellebrite claims there are legally justified cases in which police could use the company’s tools to hack into a device. “We do not need the phone passcode to collect the data,” the Cellebrite spokesperson said in an email.

At least eight companies like Cellebrite are pitching similar tools to law enforcement groups around the world. Executives at four of the companies said they are piloting or in the process of installing products to counter the coronavirus in more than a dozen countries in Latin America, Europe and Asia. 

So far, Israel is the only country known to be testing a mass surveillance system pitched by the companies. The country asked NSO Group, one of the industry’s biggest players, to help build its platform. 

Privacy rights concerns

The Reuters report comes as governments and privacy advocates warn of concerns over technological approaches to stopping the spread of COVID-19.

Unlike the Cellebrite technology, the contact-tracing technology developed by Google and Apple collects data over GPS and cellular systems without compromising privacy. Additionally, the system is meant to only be used after the owner of the device approves his or her data to be included in the tracing.

Several countries are not in total agreement with Apple and Google’s contact-tracing plans.

The French government called on Apple to loosen its Bluetooth restrictions on iPhones so as to better track people with COVID-19. Germany, on the other hand, reportedly changed its mind over whether to embrace Apple and Google’s decentralized approach to contact tracing. It now says it will endorse the Apple/Google standard of better protecting the rights of consumers.

The U.K. reportedly decided to go with a coronavirus contact-tracing application different from the system Apple and Google are creating jointly.

The Apple and Google solution requires users’ approval — given with a simple tap — for them to be included in contact-tracing databases. Apple and Google also will require public health agencies to store contact data in a decentralized manner.

The Apple/Google system reportedly will launch Tuesday. However, when public health departments worldwide will deploy the tech remains unknown.

Suzanne Spaulding, a former U.S. intelligence community lawyer and senior Homeland Security official, told Reuters a tracking approach like Cellebrite’s is “among the most privacy-invasive.” That’s because it “envisions all of the data about everyone’s movements, not just infected individuals and their known contacts, going to the government.”