Monday 20 January 2020

Firm that hacked Isis phone for FBI was used by gardai in Graham Dwyer case

Cellebrite consulted by State here over access to phone data, writes Dearbhail McDonald, Group Business Editor

Apple chief executive Tim Cook was locked in a stand-off with the FBI over access to the iPhone operating system. Last week the FBI announced that it had managed to ‘work around’ the issue
Apple chief executive Tim Cook was locked in a stand-off with the FBI over access to the iPhone operating system. Last week the FBI announced that it had managed to ‘work around’ the issue

Dearbhail McDonald

Cellebrite, the company which hacked the Apple iPhone operating system for the FBI, has been consulted by gardai in such cases as the Graham Dwyer murder case - and now gardai want increased access to forensic technology developed by the Israeli company.

Shares in Japan's Sun Corporation, which acquired Cellebrite in 2007, soared by nearly a third in recent weeks amid reports that a third party had helped the FBI access data on the iPhone belonging to the gunman in the San Bernardino, California mass shooting last year.

Cellebrite, whose parent company said it was not in a position to comment on specific criminal cases, reportedly worked with the FBI to crack an iPhone connected to the San Bernardino shooter.

The FBI had been locked in a major standoff with Apple for a month over accessing data on the smartphone used by Syed Rizwan Farook in the attack. Farook and his wife, Tashfeen Malik, who was also involved in the attack, died in a shootout with police.

Apple CEO Tim Cook refused to comply with a court order to unlock the iPhone, saying it was an unreasonable demand on the company and one that threatened the privacy and data security of millions of iPhone users.

However, the court order was abandoned last Monday when the Feds informed a federal judge that a technique developed by an unidentified entity was successful in allowing investigators to gain access to the phone.

The FBI was already a client of Cellebrite when the San Bernardino shooting occurred.

So too was An Garda Siochana. Last year, it emerged during the Graham Dwyer trial that An Garda Siochana was a client of Cellebrite, an Israeli government contractor.

The Department of Justice manages tenders to acquire forensic and other technology services for the gardai.

The Irish Government acquired a small number of licences to use Cellebrite's forensic technology on behalf of the gardai, who use its physical analyser software to extract and analyse data from phones and other mobile devices.

Cellebrite's software proved critical in the trial of Dwyer, who is serving a mandatory life sentence for the murder of childcare worker Elaine O'Hara, 36, on August 22, 2012, at a remote spot in the Dublin mountains.

Gardai, who normally use the XRY software forensic tool to perform forensic extractions of data from mobile devices, satellite navigation units and tablets, used Cellebrite in the Dwyer investigation to extract data from a number of devices.

More than 2,600 text messages were sourced from Ms O'Hara's iPhone, from an 083 number used by Dwyer, as well as from two Nokia phones recovered from the Vartry Reservoir and an iPhone.

Now, senior officers are seeking increased access to Cellebrite's forensics expertise as mobile phones and other devices are increasingly relied on in the investigation and prosecution of crimes.

The technology is set to fall under the spotlight in Dwyer's forthcoming appeal.

During legal argument in the absence of the jury at his trial, Dwyer sought to dismiss Cellebrite's forensic technology as "junk science".

He challenged the reliability of methods used by computer experts to forensically extract, examine and interpret the text messages that formed the backbone of the prosecution.

The application failed.

However, had it succeeded, it could have led to many significant text messages - including those between Elaine O'Hara's iPhone and a prepaid 083 number used by Dwyer - being excluded from the jury.

The Department of Justice declined to comment on the scale, tenure or cost of the Cellebrite deal, stating that it was a matter for Office of the Garda Commissioner as the accounting officer for the force.

The Sunday Independent has learned that at least one payment was made to Cellebrite last year. However, the force did not respond to a series of questions about the tender.

The Government is facing a number of civil challenges, including a civil challenge by Dwyer, in relation to Ireland's data-retention regime.

Two years ago, the European Court of Justice found that the EU Data Retention directive was breached the EU charter of fundamental rights, especially in relation to privacy, and ruled it illegal. At his trial, Dwyer argued that the ECJ ruling meant that Irish legislation implementing the directive was illegal and that data collected on his phone had therefore been illegally acquired.

However, the State maintains that the Communications (Retention of Data) Act 2011 - which gave effect to the directive - was a continuation of data-retention laws first introduced in 2005.

Sunday Indo Business

Also in Business