A new report from The Citizen Lab reveals that Russian government investigators used Cellebrite forensic tool UFED to access the iPhone of opposition politician Andrey Pivovarov in June 2021 — three months after Cellebrite publicly said it would stop selling to Russian government customers.
The finding raises a hard question: can Western tech companies actually control what happens to their tools once they have been sold to foreign governments?
Cellebrite claimed that after March 2021, it could remotely disable devices or block updates for customers it cut off. But Pivovarov’s phone was accessed well after that deadline, suggesting those safeguards either didn’t work or weren’t applied.
Human rights lawyer Eitay Mack argued that simply ceasing sales or revoking licenses doesn’t stop former customers from misusing technology they already have. John Scott-Railton of The Citizen Lab pushed for stronger measures: remote disabling of tools and digital watermarks to trace when data gets extracted.
Cellebrite maintains that any use of its hardware in Russia after March 2021 is unauthorized. But unauthorized use is hard to prevent when the tools are already in hand.
This case is a stark reminder: once surveillance tech leaves your control, getting it back is nearly impossible.
