ICE Tops Its Old Record, Spends Another $820,000 On Cellphone-Cracking Tools

from the putting-Grayshift-execs'-kids-through-college dept

As consecutive heads of the FBI have whined about the general public’s increasing ability to keep their devices and personal data secure with encryption, a number of companies have offered tools that make this a moot point. Grayshift — the manufacturer of phone-cracking tool GrayKey — has been selling hundreds of thousands of dollars-worth of devices to other federal agencies not so insistent the only solution is backdoored encryption.

ICE is one of these agencies. It led all federal agencies in phone-cracking expenditures in 2018. It spent $384,000 on these tools last year. It wasn’t just ICE. Other agencies like the DEA and [checks notes] the Food and Drug Administration have also purchased these devices. But ICE led the pack, most likely because ICE — along with DHS counterpart CBP — are engaging in more suspicionless, warrantless device searches than ever.

When you don’t have a warrant or consent, a third-party tool that can undermine device encryption is the next best thing. ICE must have a lot of phones to search — or plans on amping up its search count — because it’s more than doubled its spending on GrayKey devices alone. Thomas Brewster of Forbes has more details.

The U.S. Immigration and Customs Enforcement (ICE) splurged $820,000 on tech made by Grayshift. The Atlanta-based company makes the GrayKey, previously described as the world’s best iPhone hacking tech for police and intelligence agents, allowing them to break passcodes and retrieve information from inside Apple devices.

The contract, signed just last week, takes the immigration department’s spend with the company to over $1.2 million, following a $384,000 Grayshift deal last year. That’s the most spent on the superpowered iPhone hacking service by any government department, local or federal, looking across public records. The deal also marks Grayshift’s biggest publicly known contract to date, according to a federal procurement database and state-level records. Its previous biggest, of $484,000, was with the U.S. Secret Service.

Maybe ICE just didn’t want the Secret Service to top the list of encryption-breaking expenditures for this fiscal year. Or, more likely, it’s seizing devices at a record pace and can’t keep up with the rising tide of locked phones it’s created.

The problem with this isn’t that the government has access to devices like this. It’s that ICE (and CBP) are operating in a super-gray area, legally-speaking. While courts have tended to allow warrantless searches under the border exception, the agencies themselves have only made this worse by refusing to enact meaningful guidelines that would curb abuses and careless handling of peoples’ devices and data. They’ve created a “wild west” atmosphere every place someone could cross a border, which includes a number of inland international airports.

Tools that make it easier for the government to access peoples’ papers and communications without a warrant isn’t good news for anyone. It’s a safe bet that if the judicial and political climate doesn’t change, 2020 will bring another record ICE expenditure next year.

Filed Under: , , ,
Companies: grayshift

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “ICE Tops Its Old Record, Spends Another $820,000 On Cellphone-Cracking Tools”

Subscribe: RSS Leave a comment
Anonymous Anonymous Coward (profile) says:

Illegal searches are still illegal...

…but will the courts recognize that illegality?

I sure hope that when they show up in court with whatever ‘evidence’ they find, they are asked for the warrants that were issued for their searches, regardless of where those searches took place, or where the technology was confiscated. Any warrantless searches, and all the ‘fruit of the poisonous tree’ evidence should be tossed, not to mention those conducting those warrantless searches charged for violating the rights of the owners of that technology.

Constitution free zones my ass.

Anonymous Coward says:

The problem with this isn’t that the government has access to devices like this.

Yes, it is. Selling exploits or devices based on them to ANYBODY should be illegal. Failing that, the owners and staff of these companies should be blacklisted and treated as total pariahs in the tech and security communities.

If you know of a way to manipulate a phone into giving you the user’s data without the user’s consent, then the ONLY ethical thing to do is either to disclose it to the manufacturer so the manufacturer can fix it, or disclose it to the public so the public can stop using the phone until the manufacturer fixes it.

Anonymous Coward says:

Re: Re:

Except that:

  1. The DMCA already makes that very thing illegal.
  2. The fact that it happens anyway is the only reason people are able to use the hardware they bought after the manufacturer stops supporting it, the online service it depends on goes offline, the manufacturer decides to break or block functionality, etc.
  3. Blacklists won’t solve your issue. If anything it’s ignoring the fact that this practice exists and will only force it further underground where identities are harder to pin down, and actual injustices are harder to track.
  4. As 2 alluded to, Hacking a device is not, or rather shouldn’t be, a crime in and of itself. Like anything else, it’s what you do with said hacked device that makes it a good or a bad thing. Hacking a device to enable interoperability with a competitor’s format is one thing, whereas hacking a device to act as a proxy while you hack into a government server is another. Just because you don’t want someone cheating in Mario Kart doesn’t mean that all hacks are bad.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...