Jordanian authorities used Cellebrite phone-cracking technology to access the devices of domestic activists and human rights defenders and then extract information from them, according to an investigation published Thursday.

The nonconsensual access stood in conflict with international human rights treaties that Jordan ratified, the University of Toronto’s Citizen Lab investigation determined, prompting the research organization to call on Cellebrite to open a probe into clients in Jordan.

Citizen Lab, which released its investigation in coordination with the Organized Crime and Corruption Reporting Project (OCCRP), analyzed the phones of four activists after Jordanian authorities seized and returned them, then concluded with “high confidence” that the  devices had been subjected to Cellebrite’s forensic extraction products. Court documents from criminal proceedings under Jordan’s 2023 Cybercrime Law supplied additional evidence.

The cases Citizen Lab evaluated transpired between late 2023 and mid-2025, during a time of protests in support of Palestinians. They involved a political activist, student organizer, activist/researcher and human rights defender, three of whom had iPhones and the other of whom had an Android device.

The Citizen Lab probe adds to a body of reporting about alleged Cellebrite abuses. Last year, Amnesty International reported that Serbian authorities had used Cellebrite in conjunction with spyware to eavesdrop on activists and journalists, the latter category of whom have reportedly had their phones accessed in a number of countries via Cellebrite tech.

Citizen Lab further concluded that products by the Israel-based Cellebrite are widely used against civil society in Jordan, with forensic data showing its use dating back to at least 2020.

“Surveillance is not limited to spyware,” said the lead author of the report, Kamel Al-Shawareb, a pseudonymous research fellow at Citizen Lab. “Authoritarian states access smartphone data remotely with spyware like Pegasus or by physically seizing a device and using Cellebrite to access the contents.”

Activists whose phones Citizen Lab examined said it shook their confidence and had them resorting to self-censorship.

“I felt wronged and violated, like they stole something from me, and not because they’re strong, but because we’re legally weak,” one of the people told the OCCRP on condition of anonymity. 

Victor Cooper, a spokesperson for Cellebrite, said that the company can’t disclose specific information on its customers. But he said it prohibits transactions with any entities on the sanctions list of the United States and other nations and organizations. 

“Beyond these baselines, the company vets potential customers against internal human rights parameters, leading us to historically cease business in jurisdictions where risks were deemed incompatible with our corporate values,” he said in an email to CyberScoop. “We license technology solely for lawful purposes, requiring customers to explicitly certify they possess valid legal authority prior to usage.”

He said that Cellebrite tech, unlike spyware, can’t intercept communications or monitor devices in real time, but rather can access private data under legal processes to aid investigations after something has occurred.

“We take seriously all allegations of potential misuse of our technology in ways that would run counter to both explicit and implied conditions outlined in our end-user agreement,” Cooper said. “ Once solid information is shared with Cellebrite, we review the allegations and take proactive precise steps to investigate each claim in accordance with our ethics and integrity policies. When appropriate we stop the use of our products by the relevant customers. ”

Citizen Lab said Cellebrite’s responses to its questions as part of the investigation were “vague and unsubstantiated.”

Jordan’s Ministry of Government Affairs and its embassy in the United States did not respond to requests for comment.

The post Researchers find Jordan government used Cellebrite phone-cracking tech against activists appeared first on CyberScoop.

A fresh effort is mounting in Congress to require federal agents to obtain a warrant before searching a government surveillance database for information about U.S. citizens, as Congress again faces an impending deadline, in four months, to renew a major surveillance law.

But there are also signs that renewal of Section 702 of the Foreign Intelligence Surveillance Act (FISA), set to expire in April, could see the reversal of political headwinds that endangered the last reauthorization two years ago: Democrats are now concerned about President Donald Trump’s usage of those spying powers, rather than Republicans being worried about then-President Joe Biden.

A key debate in 2024 was the idea of a warrant requirement, and a House Judiciary Committee hearing Thursday made clear it’s set to reemerge. Under Section 702 of FISA, the government can warrantlessly surveil foreign targets. But it also doesn’t require a warrant to warrantlessly search a database using U.S. individuals’ personal information to obtain communications from people who are electronically communicating with surveillance targets.

A House vote to require a warrant for U.S. person queries fell on a tie vote in 2024 before Congress ultimately passed the Reforming Intelligence and Securing America Act with changes intended to rein in government surveillance abuses. Proponents say a warrant is the best way to  protect U.S. citizens’ Fourth Amendment rights against unreasonable searches and seizures. Opponents, including FBI Director Kash Patel, say it would slow crucial national security investigations.

House Judiciary Chairman Jim Jordan, R-Ohio, said the 2024 law included some “good reforms.” He cited a watchdog report from October that the number of warrantless U.S. person queries had dropped to around 9,000 in the first year of the law’s existence, down from 3.4 million.

But Jordan said Congress still needs to require warrants.

“If you’re going to search this database and you’re going to search using an American’s name, phone number, email address, we believe you should go to a separate and equal branch of government to do so,” he said. “We think that’s fundamental.”

Others weren’t as convinced about the progress. Witnesses told lawmakers that the FBI has changed the definition of a “query” in ways that distort that figure.

‘Apparently what the FBI did recently is they started treating a mechanism by which they sort data in the database — which of course requires them to look at the names and identifying information about specific people — that apparently they have some kind of a sorting process that they go through when looking through the data, and they don’t count the sorting as a query,”  said Gene Schaerr, general counsel for the Project for Privacy & Surveillance Accountability

“They only actually count as a query when they drill down on a specific individual.”

Arizona Republican Rep. Andy Biggs, a leading figure in Congress pushing for warrant requirements, said he was dismayed that there was “no way to determine how many actual queries are taking place.”

Under Trump, Democrats could be less willing to vote to renew the expiring surveillance powers, however. 

The top Democrat on the Judiciary panel, Maryland Rep. Jamie Raskin, said “the results are alarming” when looking at surveillance in the United States since the passage of the 2024 law, such as the Trump administration moving to consolidate databases on U.S. citizen information.

​”The landscape has changed,”  Raskin said. “We have a lot to be concerned about at this point.”

The post Warrant requirements, Democratic worries could factor into spy law renewal debate appeared first on CyberScoop.