Cellebrite pitching iPhone hacking tools as a way to stop COVID-19

Multiple smartphone surveillance and data extraction companies, including iPhone hacking firm Cellebrite, are pitching their products to governments as an alternative method of tracking the spread of COVID-19.

While tech giants and device makers like Apple and Google are focusing on privacy-respecting methods to trace the spread of coronavirus, companies that produce spying or surveillance software are looking at new ways to market their products during the crisis.

Cellebrite, a firm famous for producing iPhone-hacking tools, is actively pitching those tools to authorities tracking the spread of COVID-19, according to a Reuters report on Tuesday.

One email that Cellebrite sent to an Indian police force theorized that law enforcement could use the company's tools to gather location data and contacts from a phone to "quarantine the right people."

While this would normally happen with a user's consent, Cellebrite said that there are legally justified cases in which police could use their tools to break into an acquired device — such as if an iPhone is confiscated when someone violates public gathering orders. "We do not need the phone passcode to collect the data," the Cellebrite spokesperson said in the pitch email.

The Cellebrite pitches are just part of a new wave of private intelligence and surveillance companies attempting to repurpose and sell their tools to law enforcement to track the virus and enforce stay-at-home orders, according to Reuters.

At least eight such companies are pitching their tools to law enforcement entities across the globe. While none of them detailed which countries have purchased their products, four said that they piloting or delivering tools to curb coronavirus to at least a dozen countries in Europe, Asia and Latin America.

The Reuters report comes in the midst of a broader conversation at the intersection of privacy and public health.

In April, Apple and Google announced a new joint initiative to use Bluetooth signals as a way to track the spread of COVID-19 without compromising privacy or harvesting location data.

While some privacy advocates have concerns about the security limitations of Bluetooth, others have called the short-range contact tracing a "vast improvement" over the mass collection of GPS and cell site data.

But the Apple and Google solution is strictly opt-in, which raises questions about whether it could see the 60% adoption rate required for it to be effective. Apple and Google also require public health agencies to store contact data in a decentralized manner.

Several countries have been in standoffs with the tech giants over this requirement, or have outright refused to use the technology.

Mass and mandated collection of data is one alternative being floated. Israel, for example, is said to be testing a mass surveillance system developed by one of the cyber-intelligence companies, NSO Group, despite valid concerns about the ability of mass surveillance to offer precise enough data to curb the spread of coronavirus.

The Apple and Google system is said to be launching early on April 28, though it remains to be seen how or when public health agencies will deploy it. In the meantime, it appears that some countries may have access to ready-built but less-private ways to track the spread of COVID-19.