ICE Just Spent a Record $1 Million on the World's Most Advanced iPhone Hacking Tech

By Thomas Brewster, Forbes

09 May 19

.S. immigration cops just spent a record amount on iPhone hacking equipment, amid an outcry about warrantless border searches of travelers' mobiles.

The U.S. Immigration and Customs Enforcement (ICE) splurged $820,000 on tech made by Grayshift. The Atlanta-based company makes the GrayKey, previously described as the world's best iPhone hacking tech for police and intelligence agents, allowing them to break passcodes and retrieve information from inside Apple devices.

The contract, signed just last week, takes the immigration department's spend with the company to over $1.2 million, following a $384,000 Grayshift deal last year. That's the most spent on the superpowered iPhone hacking service by any government department, local or federal, looking across public records. The deal also marks Grayshift's biggest publicly known contract to date, according to a federal procurement database and state-level records. Its previous biggest, of $484,000, was with the U.S. Secret Service.

The latest deal landed at a time of increased anxiety about how and why cellphones are being searched at the border. At the end of April, the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) announced they'd made progress in a court case against the U.S. government over warrantless searches of people's phones at the border. The ACLU said that from documents obtained during legal process, it was apparent that Customs and Border Protection and ICE "are asserting near-unfettered authority to search and seize travelers' devices at the border."

Both agencies have given themselves power to search devices to investigate almost any offense, right down to breaches of consumer protection laws, the ACLU warned. Either ICE or CBP agents will carry out examinations of phones at the border, though ICE often does more in-depth probes of devices, the ACLU and EFF previously told Forbes. ICE also has a broader remit than the CBP, going beyond immigration to cover crimes such as child exploitation offenses.

The departments also have permission to search the device of anyone associated with the target of an investigation, the human rights bodies said. That could include journalists with their many contacts and businessmen and women with vast networks of partners. Whilst some argue pieces of Constitutional law, such as rights against unfair searches, should apply at the border, the government doesn’t currently agree.

"Let's get one thing clear: The government cannot use the pretext of the ‘border’ to make an end run around the Constitution," the ACLU wrote.

Of the GrayKey acquisition by ICE, ACLU staff attorney Nathan Wessler told Forbes there was reason to worry. "When an agency that insists on its power to search people's cell phones without a warrant spends hundreds of thousands of dollars on technology to bypass the security features on phones, there is cause for concern," he said.

"The technological capability at the government's fingertips provides yet another reason why it is critical that courts stop ICE from searching travelers' phones at the border without a warrant."

Elsewhere, the Trump administration is doubling down on its anti-immigration and tough border policies. This week officials were granted legal authority to send asylum seekers over the Mexican border whilst American courts heard their cases.

Grayshift didn't respond to requests for comment.

An ICE spokesperson confirmed the GrayKey tech was for its Homeland Security Investigations division, which focuses on drug trafficking, child exploitation and money laundering, alongside immigration crimes. "ICE does not generally discuss law-enforcement tactics, surveillance techniques or investigative tools used during the course of criminal enforcement," the spokesperson added.

GrayKey's expansion

Meanwhile, powerful phone cracking tools are increasing in use across America. Forbes not only found previously undisclosed GrayKey deals in Texas and California, but also obtained the most recent GrayKey brochure.

GrayKey was capable of breaking into and grabbing information from devices up to and including the latest iPhone XR, XS and XS Max, according to the marketing material shared at policing and security event in London. However, there's an unexplained asterisk next to the newest Apple phones and one next to the latest iOS version 12.x. That could indicate there are limitations as to what could be done on those iPhones, one source in the forensics industry told Forbes.

There appears to be no limit what can be done on other iPhones, however, including passcode recovery and access to all the data inside, including user passwords stored on the Apple Keychain. There are also some "advanced features" that Grayshift has deemed so sensitive they're available only under nondisclosure agreements.

It's those kinds of features that are helping Grayshift score increasingly profitable business across America and beyond. Among its many other federal government customers beyond those at the border are all manner of three-letter agencies, including the FBI, the SEC and the IRS.

At the state level, Forbes uncovered another recent Grayshift contract in a document from the Texas Department of Public Safety (DPS), valued at nearly $150,000. According to the file, the GrayKey license was for the Criminal Investigations Division. Another document detailed a separate $30,000 deal with the Texas DPS. That makes Texas the biggest known spender among U.S. states on GrayKey tech.

California, where the FBI sought to compel Apple to open an iPhone in the infamous 2016 San Bernardino terror investigation, has also bought into GrayKey. Amongst other notable contracts, one was for three years' worth of Grayshift services at $50,000 in San Mateo County, California. Another was for $30,000 with the Los Angeles Police Department.

The company is scoring deals in other countries too. In the U.K., Forbes found an official filing from the Nottinghamshire's Police and Crime Panel, which detailed £11,000 expenditure with Grayshift for unlocking devices. In Wales, a Gwent police budget document also recently revealed the same expenditure on the GrayKey product. Wired UK had previously reported on Grayshift's sales to British police forces.

As Forbes previously reported, the use of Grayshift and rival tools by government agencies led to questions from members of Congress about the FBI's calls for more assistance from Silicon Valley companies in bypassing encryption on modern smartphones. Why, they asked, does the U.S. government need help from the likes of Apple to get at data when the tools already exist to get the information they require?