Redaction Failure Shows Grayshift Is Swearing Cops To Secrecy About Its Phone-Cracking Tech

from the paying-for-the-privilege-of-being-told-to-shut-up dept

Law enforcement loves its new tech advances. It also hates to talk about them, operating under the assumption that the business of serving the public isn’t the public’s business. When pressed, officials will say something about staying one step ahead of criminals. But more often the opacity is nothing more than antagonism directed at people who expect transparency from those cashing publicly funded paychecks.

In some cases, this antagonism extends to the courtroom. The desire to keep secret methods secret upends the evidentiary process. When evidence can’t be laundered through parallel construction, prosecutors may drop cases if it means discussing cop tech in court. This includes devices like cell tower simulators, which have been publicly discussed for years.

Added to the mix are non-disclosure agreements foisted on agencies by government contractors. Some of these NDAs go so far as to demand agencies route public records requests through them. The FBI has occasionally pitched in, telling prosecutors to drop cases rather than discuss “sensitive” tech.

This opacity isn’t just for Stingray devices. It also applies to cellphone-cracking tech sold by a handful of companies. Public records obtained by Motherboard show Grayshift — the maker of GrayKey — is trying to keep information about its products out of the public’s hands. In a case of apparent redaction failure, the documents provide a few more details about GrayKey… as well as Grayshift’s demands that this information remain secret.

“Without limiting and foregoing, you acknowledge and agree that you will not disclose the existence of any GrayKey features and solutions designed to circumvent USB Restricted Mode released in iOS 11.4.1 and updated throughout future iOS versions made available to you on or about the date hereof,” one section reads.

The original document redlines the part about the Restricted Mode, suggesting this was supposed to be redacted before releasing the confidentiality agreement to the public. Unfortunately for the Illinois State Police, this slipped out.

So did some other stuff from other law enforcement agencies. Motherboard’s quest for Grayshift documents also turned up a request to create an exception in public transparency laws for this specific law enforcement tech.

“I am requesting a public records exemption to disclosure for the purchase of the GrayKey system for the Digital Forensics Lab,” a City of Orlando law enforcement official wrote to the chief of police in 2018, according to a copy of the letter obtained by Motherboard. “This will prohibit Purchasing from posting notice of the purchase and disclosing acquisition of this system. This will assist in protecting our forensic examination techniques, and capabilities.”

This isn’t the way to handle this. Agencies can attempt to withhold documents by citing exceptions, but it’s up to the state Attorney General (and the courts if a lawsuit ensues) to make the final call. Law enforcement officials shouldn’t be asking for new exceptions or blanket application of existing exceptions. They also shouldn’t be asking to undermine part of the public procurement process by seeking to withhold even more information from the public.

As for Grayshift, it says there’s nothing wrong with these confidentiality agreements. It says they only apply to “intellectual property,” not the mere existence or use of the devices. So, there’s no reason to redline information about tech advancements, since it’s not technically intellectual property, but rather just an undetailed discussion about one application of its tech. Grayshift also says the NDAs are not meant to be read as affirming the withholding of evidence (or the source of evidence) in prosecutions. But there’s no telling how its customers are interpreting the agreement and — given the history of other tech utilized by law enforcement — it’s safe to say someone’s going to believe this means cases should be dropped or evidence laundered if it involves tech they haven’t discussed publicly.

Filed Under: , , , , , , ,
Companies: grayshift

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Redaction Failure Shows Grayshift Is Swearing Cops To Secrecy About Its Phone-Cracking Tech”

Subscribe: RSS Leave a comment

Obvious Law Patch

New law to fix this crap: public employees and agencies cannot be held to nondisclosure agreements as it would usurp their power of their bosses, the voters. Try to declare crucial details of how you are performing your job "confidental" to your boss and you will be tossed out the door so fast your ass will be in orbit.

Tanner Andrewssays:

Public Records Exceptions in Florida

Agencies can attempt to withhold documents by citing exceptions, but it’s up to the state Attorney General (and the courts if a lawsuit ensues) to make the final call

In Florida, it can be tougher than that. Depending on whether the requester knew how to make his request, the agency is required to specify the statutory exception and why they believe it applies. This applies not only to entire records, but to redactions within records.

Since this request is from Orlando, the Florida law applies. And, as observed in the original article, the person requesting a budget appropriation does not get to ask for a new exemption. This holds even if he wants the preferred bidder to get a no-bid contract.

Sometimes an agency can stonewall a request long enough for a coin-operated legislature to create a new exemption, which can then be applied retroactively. That would be the Dale Earnhardt situation.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Report this ad??|??Hide Techdirt ads
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Older Stuff
12:25 Australian Privacy Commissioner Says 7-Eleven Broke Privacy Laws By Scanning Customers' Faces At Survey Kiosks (6)
10:50 Missouri Governor Doubles Down On 'View Source' Hacking Claim; PAC Now Fundraising Over This Bizarrely Stupid Claim (45)
10:45 Daily Deal: The All-in-One Microsoft, Cybersecurity, And Python Exam Prep Training Bundle (0)
09:43 Want To Understand Why U.S. Broadband Sucks? Look At Frontier Communications In Wisconsin, West Virginia (8)
05:36 Massachusetts College Decides Criticizing The Chinese Government Is Hate Speech, Suspends Conservative Student Group (71)
19:57 Le Tigre Sues Barry Mann To Stop Copyright Threats Over Song, Lights Barry Mann On Fire As Well (21)
16:07 Court Says City Of Baltimore's 'Heckler's Veto' Of An Anti-Catholic Rally Violates The First Amendment (15)
13:37 Two Years Later, Judge Finally Realizes That A CDN Provider Is Not Liable For Copyright Infringement On Websites (21)
12:19 Chicago Court Gets Its Prior Restraint On, Tells Police Union Head To STFU About City's Vaccine Mandate (158)
10:55 Verizon 'Visible' Wireless Accounts Hacked, Exploited To Buy New iPhones (8)
10:50 Daily Deal: The MacOS 11 Course (0)
07:55 Suing Social Media Sites Over Acts Of Terrorism Continues To Be A Losing Bet, As 11th Circuit Dumps Another Flawed Lawsuit (11)
02:51 Trump Announces His Own Social Network, 'Truth Social,' Which Says It Can Kick Off Users For Any Reason (And Already Is) (100)
19:51 Facebook AI Moderation Continues To Suck Because Moderation At Scale Is Impossible (26)
16:12 Content Moderation Case Studies: Snapchat Disables GIPHY Integration After Racist 'Sticker' Is Discovered (2018) (11)
13:54 Arlo Makes Live Customer Service A Luxury Option (8)
12:05 Delta Proudly Announces Its Participation In The DHS's Expanded Biometric Collection Program (5)
11:03 LinkedIn (Mostly) Exits China, Citing Escalating Demands For Censorship (14)
10:57 Daily Deal: The Python, Git, And YAML Bundle (0)
09:37 British Telecom Wants Netflix To Pay A Tax Simply Because Squid Game Is Popular (32)
06:41 Report: Client-Side Scanning Is An Insecure Nightmare Just Waiting To Be Exploited By Governments (35)
20:38 MLB In Talks To Offer Streaming For All Teams' Home Games In-Market Even Without A Cable Subscription (10)
15:55 Appeals Court Says Couple's Lawsuit Over Bogus Vehicle Forfeiture Can Continue (15)
13:30 Techdirt Podcast Episode 301: Scarcity, Abundance & NFTs (0)
12:03 Hollywood Is Betting On Filtering Mandates, But Working Copyright Algorithms Simply Don't Exist (66)
10:45 Introducing The Techdirt Insider Discord (4)
10:40 Daily Deal: The Dynamic 2021 DevOps Training Bundle (0)
09:29 Criminalizing Teens' Google Searches Is Just How The UK's Anti-Cybercrime Programs Roll (19)
06:29 Canon Sued For Disabling Printer Scanners When Devices Run Out Of Ink (41)
20:51 Copyright Law Discriminating Against The Blind Finally Struck Down By Court In South Africa (7)
More arrow