Foreign-Headquartered Surveillance Vendors - Arkansas Surveillance Wiki

# Foreign-Headquartered Surveillance Vendors A new analytic axis entering the Arkansas Surveillance corpus with the [[CLR-2026-778]] production: **[[Cellebrite]]** and **[[NICE Systems]]** are both Israeli-headquartered (with US subsidiaries that contract with American customers), and **[[i2 Group]]**'s current owner **N. Harris Computer Corporation** is Canadian. The Arkansas Surveillance corpus's earlier productions documented exclusively US/Canada-headquartered vendors (Flock Atlanta; Axon Arizona; Genetec Canada; SkyCop Memphis); the LRPD production is the first to include vendors whose parent companies' regulatory regime sits outside North America. This concept is not a critique. It is an analytic frame: foreign-headquartered surveillance vendors operate under additional regulatory layers (their home country's export controls, foreign data-protection laws) that domestically-headquartered vendors do not. Whether those regulatory layers practically affect Arkansas data is generally not visible from procurement records — but the *contractual permissions and disclosures* documenting how foreign-HQ vendors handle US public-sector customer data are visible, and the corpus records them. ## How it appears in the corpus The [[CLR-2026-778]] production documents three foreign-headquartered surveillance vendors at LRPD: | Vendor | Parent country | US subsidiary | Public listing | |---|---|---|---| | **[[Cellebrite]]** | Israel (Petah Tikva) | Cellebrite Inc. (Vienna VA) | NASDAQ: CLBT (foreign private issuer; 20-F filer) | | **[[NICE Systems]]** | Israel (Ra'anana) | NICE Systems, Inc. (Hoboken NJ) | NASDAQ: NICE (foreign private issuer; 20-F filer) | | **[[i2 Group]]** (current vendor) | Canada (Constellation Software, Inc., Toronto) | N. Harris Computer Corporation (subsidiary) | (Constellation Software, TSX-listed) | ## Cross-border data-transfer posture — the key distinction The two Israeli vendors carry different contractual postures regarding cross-border data transfer: | Vendor | Data residency clause | What the contract permits | |---|---|---| | **Cellebrite Advanced Services Agreement § 10.3** | Permits cross-border transfer | "Personal Data may be transferred or stored outside the EEA or the country where Customer is located" (Tier-1 corpus, [[Cellebrite Advanced Services Agreement]]) | | **NICE Investigate Order 00479378** | Explicit US-only | Geo-redundant Microsoft Azure Government storage; AES-256 encryption at rest (Tier-1 corpus, [[NICE Investigate (MRA and Order 00479378)]]) | The Cellebrite contract permits cross-border data transfer; the NICE contract does not. This is the analytic distinction worth tracking. Both vendors are Israeli-headquartered, but their contracts with the City of Little Rock treat data-residency differently. ## Export-control posture Both Israeli vendors disclose export-control compliance obligations: > **Cellebrite Endpoint SaaS Terms § 14.4:** "the Service is subject to certain export, re-export, customs or import controls, applicable in Israel, the European Union, the United States… the US Export Administration Regulations (EAR) … not … exported or re-exported to countries as to which the United States maintains an embargo… none of the Customer Data… used for nuclear activities, chemical or biological weapons, or missile projects." (Tier-1 corpus, [[Cellebrite Advanced Services Agreement]]) > **NICE Master Relationship Agreement § 7.2:** "Each Party represents that it is not on any United States government denied-party list… [The Customer] will comply with all applicable Export Laws and will not export, re-export, ship, transfer, permit access to, or otherwise use the Services or Software in any country subject to an embargo or other sanction by the United States, including the Crimea, Luhansk or Donetsk regions, Cuba, Iran, North Korea, or Syria, or for any purpose in violation of Export Laws." (Tier-1 corpus, [[NICE Investigate (MRA and Order 00479378)]]) Cellebrite's Endpoint SaaS Terms § 14.4 explicitly invokes **Israeli** export controls alongside US and EU. NICE's MRA references US export controls only. ## Foreign Private Issuer status (Tier-2 disclosure) Both Cellebrite Ltd. and NICE Ltd. file Form 20-F with the SEC (the annual report for foreign private issuers), not Form 10-K. This is the formal status indicator confirming foreign-issuer treatment under US securities law. The FY2024 20-Fs of both companies establish their Israeli incorporation and operating environment: > **Cellebrite:** "We are incorporated under Israeli law, and many of our employees, including many of our management members, operate from our principal office and other facilities located in Israel… Accordingly, our business and operations are directly affected by economic, political, geopolitical, and military conditions in Israel and the surrounding region." (primary public record, [Cellebrite FY2024 20-F](../../web%20archive/2026-06-05/sec.gov/cellebrite-20f-2024-cele-20241231.md)) > **NICE:** "We are incorporated in Israel and therefore are subject to various corporate governance practices under the Israeli Companies Law, relating to such matters as outside directors, the internal audit committee, the internal auditor and approvals of interested party transactions." (primary public record, [NICE FY2024 20-F](../../web%20archive/2026-06-05/sec.gov/nice-20f-2024-nice-20241231.md)) ## Stakeholders - **Vendor parent entities** (Cellebrite DI Ltd. — Israel; NICE Ltd. — Israel; Constellation Software, Inc. — Canada). - **Vendor US subsidiaries** (Cellebrite Inc.; NICE Systems, Inc.; N. Harris Computer Corporation). - **LRPD operators** — relying on these vendors for capabilities the corpus does not document any US-headquartered alternative providing. - **US public-sector resellers** (Carahsoft for Cellebrite; direct sales for NICE; direct sales for N. Harris/i2). ## Notes - See [[Cellebrite]] for full corporate-identity context. - See [[NICE Systems]] for full corporate-identity context. - See [[i2 Group]] for the Canadian corporate-parent context. - The corpus does not produce evidence that any Arkansas LRPD data has ever been transferred internationally. The Cellebrite Advanced Services Agreement *permits* such transfer; the NICE contract *does not permit* it. What actually occurs operationally is not documented in this production. - The "foreign" axis is procurement-records-derived. It does not extend to Tier-3 reporting on either vendor's intelligence-sector lineage (Cellebrite's reported sales to authoritarian governments; NICE's earlier intelligence-services business that was sold to Elbit Systems in 2015 — sold not by NICE Investigate's product line specifically, which is the LRPD-facing product). Those are out-of-corpus topics; the corpus does not document them at the LRPD-vendor-relationship level.