New Report Shows Phone Cracking Tech is Being Used to Target Journalists in Botswana

Illustration for article titled New Report Shows Phone Cracking Tech is Being Used to Target Journalists in Botswana
Photo: David Ramos (Getty Images)

The willingness of digital forensics firms to sell to pretty much any paying law enforcement agency, regardless of the country’s human rights record, has stirred up no minor amount of controversy. These tools, critics say, allow bad governments expansive, invasive powers, and may be used in the course of investigations that illegitimately target activists or journalists.

Advertisement

In what seems like a key example of this problem, a new report published this week by the Committee to Protect Journalists shows how U.S. and Israeli digital forensics firms were recently used by the government of Botswana to investigate several journalists for... well, that part isn’t exactly clear.

The report details the ordeal of Oratile Dikologang, a reporter and co-founder of the Botswana People’s Daily News, who was arrested last year and allegedly tortured after being accused of spreading “fake news” about the nation’s President and Covid-19. Police officers, claiming Dikologang was responsible for producing a series of inflammatory Facebook posts, charged him with “publishing statements with intention to deceive persons about the COVID-19 infection.” They then allegedly hauled him into a local station, stripped him naked, and put a black bag over his head before interrogating him about his sources.

In interviews with CPJ, the journalist denied actually writing the social media posts in question and said that authorities sought to use the incident to retrieve information from him about his reporting practices.

Adding to the dystopian tenor of this whole episode was the way in which data extraction tools were used by police to quickly achieve a full-spectrum understanding of who the reporter’s contacts were. Authorities allegedly used Israeli firm Cellebrite’s Universal Forensic Extraction Device (UFED) product and U.S.-based company AccessData’s Forensic Toolkit, which helped police to extract thousands of pieces of data from the reporter’s phone. CPJ reports:

Dikologang told CPJ that he refused to reveal his sources – but he did provide the password to his phone. Police then “successfully extracted” and “thoroughly analyzed” thousands of the journalist’s messages, contacts, images, audio files, and videos, as well social media accounts and applications, according to an affidavit that they submitted to court to support the ongoing prosecution.

Jonathan Rozen, one of the researchers who investigated the episode, said that the presence of digital forensics technology in government investigations of journalists is a growing problem. In numerous cases, CPJ has discovered these kinds of technologies being sold in countries where authorities “have demonstrated a willingness to arrest reporters, seize their devices and then seek access [to the contents] of those devices,” Rozen said, in a phone call with Gizmodo.

“The idea that the authorities could seize and access the contents of your phone, your research, the information you’re gathering as a part of your work—that has a real chilling effect [on journalism]. Privacy is a really important press freedom,” he said. “Everywhere where we have identified the acquisition of this technology by authorities, journalists are alarmed.”

Advertisement

Companies should be reviewing their sales practices and looking at these issues in a more comprehensive way, Rozen said.

“We have been pursuing dialogue with these companies for some time now, as have other researchers,” he said. “We consistently get responses that make general references to human rights considerations. Their terms of service make sweeping statements of compliance with human rights vetting...and we are not clear exactly on what those processes include. What kind of due diligence are these companies doing before they sell this technology to a security agency or a government?”

Advertisement

Recent research has also shown how easily some of these data extraction devices can be manipulated, potentially spoiling evidence. The ongoing question of what exactly is up with Cellebrite’s own security—as helpfully pointed out by Signal CEO Moxie Marlinspike—adds an additional layer of concern to incidents like this.

Rozen also said that the Botswana episode is one of a growing number of cases worldwide in which journalists have been jailed on accusations of spreading fake news. In Dikologang’s case, the legal charges against him included a bevy of violations, including producing an “offensive electronic communication,” of “publishing alarming statements” and of violating the government’s emergency Covid-19 regulations by “publishing with the intention to deceive,” Rozen said. All over the world, governments have increasingly relied on similar arguments to go after reporters, he added.

Advertisement

We reached out to both Cellebrite and AccessData for comment. We will update this story when they get back to us.

Staff writer at Gizmodo

DISCUSSION