# Vendor-Imposed Secrecy as Procurement Routine The surveillance-procurement record in this corpus contains a recurring structural feature distinct from the funding-pathway and federal-access patterns documented elsewhere: the **vendor's contract is also the vendor's secrecy instrument.** The clearest documentary instance is the Cellebrite Advanced Services Agreement that the City of Little Rock executed for the Little Rock Police Department on 2024-10-07 ([[Cellebrite Advanced Services Agreement]]). Its operative terms do not merely license a forensic capability; they impose, on the public agency, affirmative obligations to limit who learns what the vendor does — including an obligation running against the agency's own employees. This page documents those terms verbatim and frames the analytic question they raise. Whether the regime is deliberate transparency-defeating design or inherited vendor boilerplate is contested and tracked at [[T003 - Vendor-Imposed Secrecy or Procurement Boilerplate]]; this synthesis is provisional on that tension. ## The record Four clauses of the executed Cellebrite Advanced Services General Terms and Conditions, quoted as they appear in the corpus ([[Cellebrite Advanced Services Agreement]], `2024.10.07 Cellebrite General Terms and Conditions for Advanced Services - FULLY EXECUTED.txt`): - **§5.5 — interception and circumvention.** Cellebrite "is authorised to … intercept communications … and circumvent measures designed to prevent unauthorised access" in performing the lab service. - **§5.7 — employee-reporting mitigation.** The customer "shall use reasonable efforts to mitigate the risk that its own employees will report Cellebrite's services to law enforcement." - **§6.4 — non-disclosable Sources and Methods.** Cellebrite's unlocking "Sources and Methods" are treated as non-disclosable trade secrets. - **§10.3 — cross-border transfer.** Extracted "Personal Data may be transferred or stored outside the EEA or the country where Customer is located." The §5.7 obligation is the surprising one. In its ordinary register a public-records context expects the opposite default — that a government agency's employees are free, and often obligated, to report what they observe. §5.7 inverts that: it makes the *agency* contractually responsible for reducing the chance its own staff report the vendor's "services" to law enforcement. The clause is reproduced here without paraphrase precisely because its plain text is more arresting than any characterization of it; the synthesis does not assert a motive the contract does not state, and the record does not establish what conduct §5.7 was drafted to forestall. §6.4 closes the loop on visibility. By designating the unlocking "Sources and Methods" non-disclosable trade secrets, the contract supplies the vendor a standing basis to resist disclosure of *how* a device was accessed — the very fact a defendant, a court, or the public might most want to test. §10.3 then permits the extracted data itself to leave the country, so that even the location of the processing is contractually unfixed (see [[Foreign-Headquartered Surveillance Vendors]] for the Cellebrite-DI-Ltd.-Israel corporate axis and the §14.4 Israeli-export-control disclosure). ## Why the record exists at all The agreement is in the corpus only because of two clauses pulling the other way. The bundle was redlined to add **§§11.1 and 11.8 — Arkansas FOIA carve-outs** — under which Cellebrite "acknowledges that the agreement and its negotiation cannot block Arkansas Freedom of Information Act disclosure of the contract itself or substantively related records" ([[Cellebrite Advanced Services Agreement]]). Without that negotiated carve-out, the vendor's confidentiality regime would, on its face, have furnished a basis to wall the document off from production. The carve-out is therefore doubly significant: it is both the reason the public can read the secrecy clauses, and evidence that the agency *can* negotiate against vendor secrecy when it chooses to. The corpus does not show a comparable City Attorney risk memo for this agreement — [[Sherri Latimer]] filed one for the Flock EULA but none appears for the Cellebrite Advanced Services bundle, whose §§5.5/5.7/6.4/10.3 provisions are at least as notable ([[Cellebrite Advanced Services Agreement]], Open questions). ## The pattern across the corpus Vendor-imposed secrecy is not unique to Cellebrite; it recurs as a procurement routine, in graded forms: - **Vendor confidentiality embedded in the instrument (Cellebrite).** The terms above. - **Vendor self-presentation substituting for agency analysis (Flock).** [[Vendor Capture of Local Surveillance Policy]] documents Flock supplying the customer-success cadence, the audit-system redesign, the political messaging, and the very answers an agency gave its City Council. The 2025-12-17 Network-Audit-Log narrowing — stripping officer names, plates, and vehicle-fingerprint data from the inter-agency audit view, with the stated rationale of "those abusing our transparency" — is a vendor-side reduction of what FOIA can reach ([[Audit-System Policy Emails (Aug 2025 - Apr 2026)]]). - **Agency-side language laundering to avoid a filing regime (Conway).** [[Sole-Source Procurement Language Avoidance]] documents Conway's removal of "sole source" from ordinance text to avoid the state documentation regime — the agency, not the vendor, suppressing the paper trail. - **Withholding the equivalents of already-produced records (Conway PD).** [[The Disclosure-Posture Reversal at Conway PD]] documents the Department producing its network-sharing, federal-search, and audit records in `PD-2026-354` and withholding the equivalents in `PD-2026-477`. The common thread is not a single actor's intent but a procurement environment in which **reduced public visibility travels with the technology** — sometimes vendor-imposed (Cellebrite §§5.5/5.7/6.4), sometimes vendor-supplied-and-agency-adopted (Flock), sometimes agency-authored (Conway). Little Rock's affirmative competitive-bid-exemption filing for the Cellebrite buy (#44, single source; [[Competitive-Bid Exemption (Sole-Source Procurement)]]) is the mirror image of Conway's language-stripping: Little Rock *files* the exemption with documentation, yet accepts the vendor's secrecy terms inside the contract it files. ## Evidence - §§5.5, 5.7, 6.4, 10.3 verbatim — [[Cellebrite Advanced Services Agreement]] (`2024.10.07 Cellebrite General Terms and Conditions for Advanced Services - FULLY EXECUTED.txt`). - §14.4 Israeli/EU/US export-control disclosure; Cellebrite DI Ltd. (Israel) as the SaaS contracting entity — same source; see [[Foreign-Headquartered Surveillance Vendors]]. - §§11.1, 11.8 Arkansas FOIA carve-outs — same source; the negotiated terms that put the document in the public record. - The single-source exemption filing ($21,136.06; Line #44) — same source, `LRPD_Cellebrite_Approved_10.17.24_Comp. Exemption Form.txt`. - Comparative patterns — [[Vendor Capture of Local Surveillance Policy]], [[Sole-Source Procurement Language Avoidance]], [[The Disclosure-Posture Reversal at Conway PD]]. ## Caveats - The synthesis quotes the contract terms and does not impute a purpose the contract does not state. In particular, §5.7's drafting history and the conduct it was meant to forestall are not in the corpus. - "Boilerplate" is itself a contested characterization. Whether these clauses are standard forensic-vendor licensing language accepted without bespoke negotiation, or a deliberate transparency-defeating architecture, is the load-bearing question filed at [[T003 - Vendor-Imposed Secrecy or Procurement Boilerplate]]; this page is provisional on it. - The corpus does not establish that any specific extraction, interception, or cross-border transfer occurred under these clauses — only that the contract authorizes them. The number of devices LRPD sent to Cellebrite's lab is not in the production ([[Cellebrite Advanced Services Agreement]], Open questions). - This page is the author's analytical synthesis, demarcated as such. Every factual claim is anchored to a source page and, through it, to a raw FOIA document. ## Open questions - Did the City Attorney ([[Sherri Latimer]] / [[Thomas M. Carpenter]]) review the §§5.5/5.7/6.4/10.3 provisions, as Latimer reviewed the Flock EULA? No such memo is in the corpus. - How standard are §5.5/§5.7/§6.4 across Cellebrite's public-agency contracts nationally? A Tier-2/3 comparison of other jurisdictions' Cellebrite Advanced Services agreements would test the "boilerplate" reading at the heart of [[T003 - Vendor-Imposed Secrecy or Procurement Boilerplate]]. - Does any Arkansas authority — the prosecuting attorney, the courts, ACIC — require disclosure of forensic "Sources and Methods" (§6.4) in discovery, notwithstanding the trade-secret designation?