The Hidden Trade: How Governments Access Surveillance Tools

Governments are buying tools that can unlock phones, tablets, and other devices — even when users have locked them down with passwords or encryption. Companies like Cellebrite make forensic extraction software that copies a device’s full memory, bypassing security features meant to protect private data. These tools are used in criminal investigations, but now they’re being deployed more widely, and not just by law enforcement. The real danger isn’t just in how they’re used — it’s that we don’t know who’s getting them, how much, or under what rules. With little public oversight, it’s hard to tell if these tools are being used fairly or abused.

A growing number of agencies — from Australia’s tax office to domestic law enforcement — have signed contracts with surveillance tech firms. Details are rarely shared, but financial records suggest these deals are substantial. The lack of transparency means we can’t verify whether these tools are being used responsibly or if they’re being deployed beyond legal boundaries. Worse, the same tools often end up in autocratic regimes where they’re used to silence critics, track activists, and monitor opposition voices. Countries like Bahrain and the UAE have been linked to such use, showing how surveillance tech can be weaponized to crush dissent.

Key Risks in the Surveillance Supply Chain

• Forensic tools can bypass encryption and passwords, allowing access to personal data without user consent — a serious breach of privacy.
• Government contracts are often hidden or poorly disclosed, making it hard to track how these tools are being used or who has access.
• Autocratic governments use these tools to target journalists, dissidents, and activists, turning private digital activity into a tool of repression.
• The Apple-FBI case showed how much money and pressure are involved — the FBI paid $1.3 million to try to unlock an iPhone, revealing how high the stakes are for access to encrypted devices.

This isn’t just about law enforcement. It’s about who controls the keys to our digital lives — and whether those keys are ever truly in our hands.