ICE Tops Its Old Record, Spends Another $820,000 On Cellphone-Cracking Tools

from the putting-Grayshift-execs'-kids-through-college dept

As consecutive heads of the FBI have whined about the general public's increasing ability to keep their devices and personal data secure with encryption, a number of companies have offered tools that make this a moot point. Grayshift -- the manufacturer of phone-cracking tool GrayKey -- has been selling hundreds of thousands of dollars-worth of devices to other federal agencies not so insistent the only solution is backdoored encryption.

ICE is one of these agencies. It led all federal agencies in phone-cracking expenditures in 2018. It spent $384,000 on these tools last year. It wasn't just ICE. Other agencies like the DEA and [checks notes] the Food and Drug Administration have also purchased these devices. But ICE led the pack, most likely because ICE -- along with DHS counterpart CBP -- are engaging in more suspicionless, warrantless device searches than ever.

When you don't have a warrant or consent, a third-party tool that can undermine device encryption is the next best thing. ICE must have a lot of phones to search -- or plans on amping up its search count -- because it's more than doubled its spending on GrayKey devices alone. Thomas Brewster of Forbes has more details.

The U.S. Immigration and Customs Enforcement (ICE) splurged $820,000 on tech made by Grayshift. The Atlanta-based company makes the GrayKey, previously described as the world's best iPhone hacking tech for police and intelligence agents, allowing them to break passcodes and retrieve information from inside Apple devices.

The contract, signed just last week, takes the immigration department's spend with the company to over $1.2 million, following a $384,000 Grayshift deal last year. That's the most spent on the superpowered iPhone hacking service by any government department, local or federal, looking across public records. The deal also marks Grayshift's biggest publicly known contract to date, according to a federal procurement database and state-level records. Its previous biggest, of $484,000, was with the U.S. Secret Service.

Maybe ICE just didn't want the Secret Service to top the list of encryption-breaking expenditures for this fiscal year. Or, more likely, it's seizing devices at a record pace and can't keep up with the rising tide of locked phones it's created.

The problem with this isn't that the government has access to devices like this. It's that ICE (and CBP) are operating in a super-gray area, legally-speaking. While courts have tended to allow warrantless searches under the border exception, the agencies themselves have only made this worse by refusing to enact meaningful guidelines that would curb abuses and careless handling of peoples' devices and data. They've created a "wild west" atmosphere every place someone could cross a border, which includes a number of inland international airports.

Tools that make it easier for the government to access peoples' papers and communications without a warrant isn't good news for anyone. It's a safe bet that if the judicial and political climate doesn't change, 2020 will bring another record ICE expenditure next year.

Filed Under: cellphone cracking, encryption, ice, phone cracking
Companies: grayshift


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 20 May 2019 @ 4:01pm

    Gray area

    Huh, a 3rd party creating methods to circumvent software protections. Why does this sound familiar?

    reply to this | link to this | view in chronology ]

  • icon
    Anonymous Anonymous Coward (profile), 20 May 2019 @ 4:47pm

    Illegal searches are still illegal...

    ...but will the courts recognize that illegality?

    I sure hope that when they show up in court with whatever 'evidence' they find, they are asked for the warrants that were issued for their searches, regardless of where those searches took place, or where the technology was confiscated. Any warrantless searches, and all the 'fruit of the poisonous tree' evidence should be tossed, not to mention those conducting those warrantless searches charged for violating the rights of the owners of that technology.

    Constitution free zones my ass.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 May 2019 @ 5:18pm

    Sounds like they are getting off cheap. I would have thought millions.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 May 2019 @ 6:45pm

    plans on amping up its search count

    Actual search count or published search count? If ICE is anything like the FBI, accurately counting locked phones is a harder problem than breaking into them.

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 20 May 2019 @ 7:44pm

    Only 1.2 million. I wonder what we get for that? Must be something good. I feel so safe now.

    reply to this | link to this | view in chronology ]

  • icon
    laminar flow (profile), 20 May 2019 @ 9:05pm

    The only protection we'll soon have from the police/surveillance state will be hackers able to disrupt their systems. Neither the political nor the (supposedly apolitical) judicial system are up to the task.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Hero, 21 May 2019 @ 6:14am

    After ICE heard that requesting suspects to unlock their devices was in violation of the 5th and 4th Amendments, I think we should all applaud ICE for respecting the court's decision by spending $820,000 on protecting our rights!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2019 @ 7:04am

    The problem with this isn't that the government has access to devices like this.

    Yes, it is. Selling exploits or devices based on them to ANYBODY should be illegal. Failing that, the owners and staff of these companies should be blacklisted and treated as total pariahs in the tech and security communities.

    If you know of a way to manipulate a phone into giving you the user's data without the user's consent, then the ONLY ethical thing to do is either to disclose it to the manufacturer so the manufacturer can fix it, or disclose it to the public so the public can stop using the phone until the manufacturer fixes it.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 May 2019 @ 3:03pm

      Re:

      Except that:

      1. The DMCA already makes that very thing illegal.

      2. The fact that it happens anyway is the only reason people are able to use the hardware they bought after the manufacturer stops supporting it, the online service it depends on goes offline, the manufacturer decides to break or block functionality, etc.

      3. Blacklists won't solve your issue. If anything it's ignoring the fact that this practice exists and will only force it further underground where identities are harder to pin down, and actual injustices are harder to track.

      4. As 2 alluded to, Hacking a device is not, or rather shouldn't be, a crime in and of itself. Like anything else, it's what you do with said hacked device that makes it a good or a bad thing. Hacking a device to enable interoperability with a competitor's format is one thing, whereas hacking a device to act as a proxy while you hack into a government server is another. Just because you don't want someone cheating in Mario Kart doesn't mean that all hacks are bad.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2019 @ 7:27am

    Melt ICE.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.