Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management
Amid Surveillance Debate, Cellebrite Stops Serving Bangladesh
Move Follows UN Taking Action After NSO Group ControversyIsrael-based digital intelligence company Cellebrite is halting sales to Bangladesh, citing human rights concerns.
See Also: A Single Cyberattack = Loss in Consumer Trust & Brand Damage
"We have chosen not to do business in Bangladesh partially due to concerns regarding human rights and data security, and we may in the future decide not to operate in other countries or with other potential customers for similar reasons," a company spokesman tells Information Security Media Group.
The move comes after the United Nations on Friday called for a moratorium on the sale of "life-threatening" surveillance technology, singling out the NSO Group, another Israeli firm, for criticism.
The U.N. action followed publication of a July report by French nonprofit journalism group Forbidden Stories and human rights group Amnesty International claiming that a leaked list of 50,000 telephone numbers and emails appeared to have been used by NSO Group customers to identify individuals to target using the firm's Pegasus spyware. The list included politicians, business executives, journalists, activists and human rights advocates.
Cellebrite Pullout
Commenting on the Bangladesh decision, the Cellebrite spokesperson says: "We pursue only those customers who we believe will act lawfully and not in a manner incompatible with privacy rights or human rights. Cellebrite does not sell to countries sanctioned by the U.S., EU, U.K. or Israeli governments or that are on the Financial Action Task Force blacklist. For example, we have chosen not to do business in Belarus, China, Hong Kong, Macau, Russia and Venezuela, apart from Bangladesh."
The Israeli news agency Haaretz reports that Cellebrite’s "hardware was reportedly used by a paramilitary unit [in Bangladesh] accused of extrajudicial killings, torture and disappearances of civilians and journalists."
Cellebrite is set to go public later in the year after announcing on Aug. 9 a proposed business combination with TWC Tech Holdings. Cellebrite’s Bangladesh pullout could have been influenced by this pending move, Haaretz reports.
Cellebrite says its solutions are purchased by 6,700 public safety agencies and private sector enterprises in more than 140 countries.
UN Calls for Moratorium
On Friday, the U.N. called for a moratorium on the sale of ‘life-threatening’ surveillance technologies. The U.N. warned that "it is highly dangerous and irresponsible to allow the surveillance technology and trade sector to operate as a human rights-free zone. We are deeply concerned that highly sophisticated intrusive tools are being used to monitor, intimidate and silence human rights defenders, journalists and political opponents.”
Singling out NSO Group, based on the July Forbidden Stories "Pegasus Project" investigative report, the U.N. also reprimanded Israel, questioning whether the nation took any measures to review NSO export transactions. "It is the duty of states to verify that companies like the NSO Group do not sell or transfer technology to or contract with states and entities that are likely to use them to violate human rights," the U.N. stated.
Israel's Ministry of Defense visited NSO Group’s office in the last week of July, but the visit did not include any audit or examination of computer systems or documents, according to Calcalist.co.il (see: Israeli Government Visits NSO Group Amid Spyware Claims).
Cellebrite's Technologies
Although the technologies of NSO Group and Cellebrite are often compared, Cellebrite contends that its technologies are different from NSO's Pegasus surveillance software.
"Cellebrite’s technologies are not used to intercept communication or gather intelligence in real time," the company says. "Rather, our tools are forensic in nature and are used to access private data only in accordance with legal due process or with appropriate consent to aid investigations legally after an event has occurred."
Cellebrite says its Universal Forensic Extraction Device enables data extraction from locked and damaged mobile phones without the owner’s consent and in certain cases without physical access.
Controversy in India
In India, several privacy advocates and opposition parties have filed petitions with the Supreme Court demanding an independent probe of the use of NSO Group's Pegasus software by the government. The action followed the "Pegasus Project" report’s claims that Indian Prime Minister Narendra Modi’s most prominent political rival, the opposition figure Rahul Gandhi, was among dozens of Indian politicians targeted.
The government filed a two-page affidavit saying it cannot disclose what software or hardware it uses as it is a "matter of national security." The court has told the government that anything that would compromise national security may not be disclosed.
Data privacy professional Ritesh Bhatia, director of V4WEB Cybersecurity, says the Pegasus controversy "is a wake-up call for everyone. We would want to know what, when, where and whom are they surveilling. This surveillance technology is as good as putting a camera in my bedroom. A detailed surveillance guideline drafted by an independent panel comprising privacy advocates and experts, government officials, human rights activists, etc., is the need of the hour."