ISLAMABAD: Pakistan’s Federal Investigation Agency (FIA) has been using an “old version” of a cybertechnology software from the Israeli digital intelligence company Cellebrite to combat crime, espionage and terror financing, two serving officials and one retired officer of the department with direct knowledge of the issue have said.
Last week, Israeli newspaper Haaretz reported that the FIA and various police units in Pakistan had been using Cellebrite software since at least 2012. Cellebrite’s flagship product, whose stock is traded on the Nasdaq exchange, is called UFED, and enables law enforcement agencies to carry out digital forensic work by hacking into password-protected cell phones and copying all information, including pictures, documents, text messages, calling histories and contacts.
Arab News spoke to two serving FIA cybercrime officials, a retired FIA director and three former police chiefs who served in Islamabad, the southern Sindh and the militancy-hit Khyber Pakhtunkhwa (KP) provinces, respectively, who confirmed that Pakistan was using an “older version” of Cellebrite’s UFED software. All spoke on condition of anonymity as they were not authorized to speak to the media on the matter.
The FIA declined comment for this story. The foreign office did not respond to questions.
Pakistan does not recognize Israel as a country and has no diplomatic or trade relations with it.
“The FIA has been using an older version of Cellebrite software, which is quite helpful for us,” a serving FIA assistant director told Arab News, declining to be named. “We don’t know as to how and when the agency purchased it, but it is being used to collect evidence during investigations of different crimes … We have been provided with the forensic reports prepared on the basis of the calls, texts, documents and pictures data retrieved [using Cellebrite software] from the accused cell phones to present them in the courts to plead our case.”
The official said access to the cyber-hacking technology was limited within the FIA to “selective officials of the cybercrime and counter terrorism wings to avoid its misuse.”
A second FIA official, who also declined to be named, said Cellebrite software being used by the agency could “recover data even from broken and smashed mobile phones.” However, the version of the software available with the FIA could not hack iPhones.
“TOO COSTLY”
“The FIA has been using old versions of Cellebrite’s software to hack into cell phones of suspects in different crimes, including cybercrime, to retrieve data for evidence to present in the court of law,” a former director of the FIA’s cybercrime wing, who had access to the technology during his time in office, told Arab News on condition of anonymity, saying latest versions of Cellebrite’s products cost millions of dollars and were “too costly” for Pakistan to afford.
The old version did the job, he said, as it could help retrieve all kinds of data, including deleted data, from most gadgets, except iPhones and other Apple devices.
Data retrieved from cell phones of suspects were admissible in Pakistani courts as evidence “within certain parameters,” and thus useful, the retired officer said.
“The conviction rate in cybercrimes has increased exponentially in last couple of years due to the usage of this software,” he said. “The FIA’s cybercrime wing has also trained judges and prosecutors on data retrieval from cell phones, forensic reports and their efficacy in curbing the crime.”
Though Pakistan did not have trade relations with Israel, it bought Israeli products “through their agents in third countries operating in Turkiye and Europe,” he explained.
Pakistan’s defense minister Khawaja Asif, speaking in a recent interview with Independent Urdu, also said Pakistan bought technology directly from the international market, no matter what its origin.
“Whatever is available in the international market, the best possible product, is procured by our agencies,” he said when asked about Pakistan using Israeli hacking software. “We are not getting these things from one country or one source.”
One former police chief who has served in the FIA confirmed the use of Cellebrite’s products and said they were “especially helpful in crimes like espionage, terrorist financing, and cyber terrorism.”
Law enforcement agencies, especially the FIA, routinely seized mobile phones, laptops, iPads, and other gadgets from suspects to collect forensic data to present as evidence in court, the retired cop said.
“This is a practice that keeps our law enforcement agencies equipped to stay ahead of criminals,” he added.
“THREAT TO PRIVACY”
Civil liberties advocates around the world have said the spread of Cellebrite’s technology represents a threat to privacy and due process and have called for greater oversight.
In Pakistan too, since the Pakistan Electronic Crime Act (PECA) was passed in 2016 with the stated goal to deter illegal activities online, several journalists, human rights and social media activists have been charged under the law, with international human rights bodies like Amnesty saying the legislation was being used to invade people’s privacy and silence freedom of expression on the pretext of combating ‘fake news,’ cybercrime, and misinformation.
“This phone surveillance and data retrieval restrict press freedom, freedom of expression, and violate the right to privacy of citizens; therefore, it is considered completely illegal,” digital rights defender Usama Khilji, a director at Bolo Bhi, said.
“There should be protections in the law for citizens to prevent law enforcement agencies from retrieving their cell phone data without prior permission from the court.”
“In many cases, we see the courts declare an accused innocent in cybercrime and other cases, but the FIA and other law enforcement agencies had already taken possession of their personal data from their phones,” Khilji added.
“Therefore, it must be considered a violation of fundamental rights.”
