...Cellebrite’s involvement in human rights violations perpetrated by governments across the globe is especially concerning given Signal’s recent discovery of a major vulnerability in Cellebrite’s software that allows anyone to execute arbitrary code to modify the reports the software produces. While Cellebrite reportedly fixed this flaw, the incident exposed the risk of malicious actors tampering with evidence extracted for court cases, putting defendants’ rights in jeopardy.

Government surveillance has profound implications for individuals’ right to privacy and also produces a chilling effect on the ability to exercise other rights. Under international human rights law, such surveillance should never be used to target journalists, human rights activists, government critics, or minorities.

Cellebrite has to be aware of the systematic human rights violations of its customers, as the company has the responsibility to carry out due diligence on its government clients and their misuse of technology. Once it is aware of a client’s human rights record, Cellebrite must take steps to prevent or mitigate its own contribution to the human rights abuses involving its products and services...