U.S. Government Is an Astonishingly Eager Buyer of Cellebrite

Investigators with the U.S. Fish and Wildlife Service frequently work to thwart a variety of environmental offenses, from illegal deforestation to hunting without a license. While these are real crimes, they’re not typically associated with invasive phone hacking tools. But Fish and Wildlife agents are among the increasingly broad set of government employees who can now break into encrypted phones and siphon off mounds of data with technology purchased from the surveillance company Cellebrite.

Across the federal government, agencies that don’t use Cellebrite technology are increasingly the exception, not the rule. Federal purchasing records and Cellebrite securities documents reviewed by The Intercept show that all but one of the 15 U.S. Cabinet departments, along with several other federal agencies, have acquired Cellebrite products in recent years. The list includes many that would seem far removed from intelligence collection or law enforcement, like the departments of Agriculture, Education, Veterans Affairs, and Housing and Urban Development; the Social Security Administration; the U.S. Agency for International Development; and the Centers for Disease Control and Prevention.

Cellebrite itself boasted about its penetration of the executive branch ahead of becoming a publicly traded company in August. In a filing to the Securities and Exchange Commission, the company said that it had over 2,800 government customers in North America. To secure that reach, The Intercept has found, the company has partnered with U.S. law enforcement associations and hired police officers, prosecutors, and Secret Service agents to train people in its technology. Cellebrite has also marketed its technology to law firms and multinational corporations for investigating employees. In the SEC filing, it claimed that its clients included six out of the world’s 10 largest pharmaceutical companies and six of the 10 largest oil refiners.

Civil liberties advocates said the spread of Cellebrite’s technology represents a threat to privacy and due process and called for greater oversight. “There are few guidelines on how departments can use our data once they get it,” said Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project. “We can’t allow every federal department to turn into its own spy agency.”

But Cellebrite’s extensive work with U.S. authorities may be providing it with something even more important to the company than money: political cover. Like NSO Group, whose formidable phone malware recently made headlines, Cellebrite is based in Israel. While NSO’s Pegasus malware is far more powerful than Cellebrite’s technology, providing near-effortless remote infection of devices, both companies have stirred controversy with their sales to authoritarian governments around the world. Cellebrite’s technology is cheaper and has been used in China to surveil people at the Tibetan border, in Bahrain to persecute a tortured political dissident, and in Myanmar to pry into the cellphones of two Reuters journalists. (Under pressure, the company has pledged to stop selling in China and Myanmar, though enforcement is…