> Signal itself has no knowledge of which files constitute evidence (it applies this completely indiscriminately), so I don't think you could argue that it is knowingly spoiling evidence.
The article, written by a legal scholar with a specialty in precisely these issues, directly contradicts this.
Signal coyly threatened to make their app hack Cellebrite machines with the intent of spoiling evidence. It doesn't matter that they aren't targeting specific evidence. Blanket spoiling all Cellebrite evidence would apparently be enough to get them in legal trouble.
Where is this special status for Cellebrite coming from? Just because they're one of the vendors whose software happens to be used by some governments, I'm suddenly forbidden from having an arbitrary sequence of bytes on my device in case someone else happens to connect and run some arbitrary software on it?
I'm having a hard time imagining this being a viable argument. Seems like the vendor should just fix their software if they expect it to work reliably. Anything else would be too large of a transgression on civil freedom.
There’s no special status for Cellebrite: it comes down to intent and, especially, that judges are not computers rigidly executing code. If you do something which is designed to damage equipment used by law enforcement, a judge is going to ask what your intention was, not just throw up their hands and say anyone could have had those random bytes. As a real-world analogy, consider for the sake of argument how having a trap on your home safe might look if you were a) in a very high-crime neighborhood or b) engaged in criminal activities and had written of your desire to harm cops – even if the action is exactly the same (and illegal in your jurisdiction), I’d expect the latter situation to go a lot worse because you’re knowingly targeting law enforcement engaged in (at least from the court’s perspective) legitimate activities.
Since Signal would be deploying that exploit to millions of devices to combat surveillance tech, I would expect that to at least result in a suit even if they were able to defend themselves successfully. It would be especially interesting to see how Cellebrite’s use by various repressive regimes entered into that: an American court might, for example, be sympathetic to a campaign trying to protect dissidents in China which happens to impact an American police agency using the same tool.
There is still legitimate utility to this behavior defending against non-United States Law Enforcement actors.
People are looking at Cellebrite wrong due to law enforcement using it. Cellebrite is a set of specialized thieving tools. Those tools can be wielded by anyone. The fact law enforcement has unwisely and blindly integrated it into their toolchain does not mean the device should be given special protection over anything else. All this does is further cement "law enforcememt" as a special privileged class in the United States, to whom Constitutional boundaries (5th Amendment, which at this point, I hold that testimony by electronic device metadata disclosure/compromise should realistically cover when breaking through encryption is involved, and 4th Amendment when Third Party Doctrine is taken into account).
> The fact law enforcement has unwisely and blindly integrated it into their toolchain does not mean the device should be given special protection over anything else.
I'm not arguing that it should have whatever “special protection” you have in mind. This is why I mentioned the concept of intent: just as having lock picks or a gun isn't automatically a crime, I think having an exploit for Cellebrite would depend on why you were developing and installing it.
If you were, say, helping dissidents in another country I would expect a judge to be far more supportive of that than if it came up in the context of a criminal investigation with a lawful search warrant. In the latter case, you are aware of but refusing to comply with the legal system and, irregardless of how any of us personally feel about it, that's just not going to end well in most cases.
> I'm not arguing that it should have whatever “special protection” you have in mind. This is why I mentioned the concept of intent: just as having lock picks or a gun isn't automatically a crime, I think having an exploit for Cellebrite would depend on why you were developing and installing it.
In that case, as long as one is not intending to interfere with a search warrant or other legal process, it should be fine for them to deliberately install a Cellebrite hack.
Constitutional boundaries and the 4th amendment applies. They do need a warrant, but with a warrant they are allowed to go through all your electronic records on your devices just as they are allowed to go through all your written records in your drawers and safes and envelopes.
Encryption has no special treatment that would cause 5th amendment to apply. 5th amendment may apply if they ask you to tell something (e.g. a password), but if they can break your encryption without your assistance, then there's no difference if they're decrypting a physical letter or an electronic file, if the evidence (that letter or that file) was lawfully obtained, they can do that.
The article, written by a legal scholar with a specialty in precisely these issues, directly contradicts this.
Signal coyly threatened to make their app hack Cellebrite machines with the intent of spoiling evidence. It doesn't matter that they aren't targeting specific evidence. Blanket spoiling all Cellebrite evidence would apparently be enough to get them in legal trouble.