In its efforts to crack Arvind Kejriwal’s iPhone, the Enforcement Directorate (ED) has reached out to Apple for assistance. The informal request was denied by Apple. The procedures of digital evidence gathering and surveillance by Indian security agencies are often secretive with no major information in the public domain. This is primarily because of the constant upgrades and patches made to improve software security by firms like Apple.
Security agencies often use clandestine tools that help them with intelligence activities, and the makers of these tools like Cellebrite also request agencies to keep them secret. The ED with its powers to intercept and decrypt any communications has the legal authority to break up encryption and brute force passwords of phones. The ED, which is conducting raids on opposition leaders, routinely seizes their smartphones for this purpose.
In its course of investigation in the Delhi liquor policy case, the ED sought all the phones used by Bharat Rashtra Samithi (BRS) leader K. Kavitha in 2023, alleging that she destroyed them. Kavitha showed all her iPhones to the media before submitting them to the ED as part of its summons with a reply raising the question of her right to privacy being violated as a woman.
The iPhone has become a headache for India’s security agencies with them encountering it everywhere they want to access it for evidence and surveillance. In the Delhi liquor policy case, the agency has already seized the phones of various other people who have turned approvers and shared their information with the ED. The agency has already used WhatsApp messages extracted from Gorantla Butchi Babu’s iPhone as evidence in courts.
The ED and other security agencies have been seizing phones from human rights activists, lawyers, and political leaders over the last decade. The seizing of phones was largely carried out without any due process and lack of procedures. In December 2023, in relation to a batch of petitions in the Supreme Court requiring India’s security agencies to lay out the procedures for seizures of mobile phones, the Union of India informed the court it will follow the Central Bureau of Investigation Manual 2020 on device seizure until new rules are framed.
While the legal procedures for evidence management are still under development, the question comes back to the technical capacity of these agencies to extract information from smartphones. In a procurement tender announced by the ED in 2022 for the purchase of forensic tools, the ED charts the list of its wishes to break any mobile phone out there and all the information contained in it. The tender was designed largely to procure the Universal Forensic Extraction Device (UFED) of Cellebrite, particularly its UFED 4PC variant.
UFED tools like Cellebrite provide access to all major smartphones to extract information using exploits that are available in the wild, bought privately or developed by them. In 2023, the hacktivist group “Enlace Hacktivista” released 1.7 TB of data stolen from Cellebrite, which was received from an anonymous hacker. The files show to what extent Cellebrite can access various iPhones as of October 2022.
As Cellebrite keeps cracking iPhones, Apple has been updating its software to provide better safety to its users. This is visible from the large-scale alerts of state-sponsored attacks the firm has sent to several Indian journalists, and opposition leaders in 2023. Apple was summoned by India’s Computer Emergency Response Team (CERT-IN) to explain these notifications with private meetings of Apple’s security team with CERT-IN in 2023. CERT-IN is yet to release any report on its investigations after meeting with Apple’s security team. CERT-IN continues to update vulnerabilities in iOS as part of its mandate as a cyber security agency.
The large-scale abuse of tools like Cellebrite and spyware like Pegasus have been documented by global media in both India and across the world. This has led to increased efforts to safeguard user’s privacy. Cellebrite and other spyware makers are playing catch-up with Apple and Signal to break into their systems. The hush-hush request to Apple by the ED to help break into Kejriwal’s iPhone without his password is their inability to break into new updated operating systems, yet.
The Delhi liquor policy case and how the ED demanded K Kavitha to produce all her 10 phones used in the past four years show that the security agencies want to exploit older versions of smartphones that are not updated. The WhatsApp messages of Gorantla Butchi Babu were potentially obtained from him after turned approver and shared his iPhone’s password.
The lack of due process related to mobile phone seizure, evidence extraction and chain of custody shows the failure of our criminal justice system. This failure is not only affecting human rights activists who have been arrested with fictitious charges in the Bhima Koregaon case, and opposition leaders in the Delhi liquor policy case but also India’s democracy with these weapons of the state being targeted against all democratic forces.
Srinivas Kodali is a researcher on digitisation and a hacktivist.
