“We are seeing the coronavirus crisis being used as a way to further attack privacy and civil liberties, not just in the US … but around the world,” Garaffa told host John Kiriakou on Monday.
Last week, Reuters published a special report titled “Cyber-intel firms pitch governments on spy tools to trace coronavirus.”
The report outlines how at least eight surveillance and cyber-intelligence companies around the world are “attempting to sell repurposed spy and law enforcement tools” to supposedly help governments contain the spread of COVID-19. Two of the companies specifically named in the report are Israeli firms Cellebrite and NSO Group.
Garaffa noted “there are at least six other companies involved with various countries around the world,” telling Sputnik that Cellebrite sells a so-called GrayKey device which is used to extract information from cellphones by bypassing any password protection on them. The device is made by GrayShift, an American mobile device forensics company.
“Ultimately what Cellebrite’s GrayKey does is get a copy of everything on your device. Now, think about what’s on your phone. Not just the photos or emails … So, now Cellebrite is offering these tools to more governments under the guise of tracking the spread of COVID-19. They’re suggesting to governments that they purchase these GrayKey and other devices, and when someone is diagnosed with coronavirus or dies from it, the government actually takes their phone so they can see all of their locations,” Garaffa explained.
According to the Reuters report, a Cellebrite “email pitch” to the New Delhi, India, police force this month stated that its technology can be used to “quarantine the right people.” To accomplish this it would “siphon up” an infected person’s location information and contacts, Reuters explains.
Cellebrite told the Indian government that this process would usually only be done with the phone owner’s consent. However, if an infected person violates the law by not following public gathering guidelines, for instance, the police could use the Cellebrite’s tools to hack into a confiscated phone.
“We do not need the phone passcode to collect the data,” a Cellebrite spokesperson wrote to an officer in an April 22 email obtained by Reuters.
“And then there’s the NSO Group,” Garaffa noted.
“NSO Group sells software called Pegasus to governments. It’s rumored that they sell them to large corporations,” Garaffa explained, adding there isn’t “any hard confirmation of that yet.”