Surveillance technology like the Fusus camera network and license plate readers has drawn widespread scrutiny in Nashville — but other surveillance technologies remain more secretive. Chief among them is a powerful phone-hacking device called GrayKey used by the Metro Nashville Police Department and several other law enforcement agencies throughout Tennessee.
In a case study published last year, digital investigation software provider Magnet Forensics boasted that MNPD uses a suite of its products, including GrayKey, to unlock and extract data from suspects’ smartphones. GrayKey can retrieve everything from text messages and call logs to app data, location history and even deleted files.
Citing Trump administration’s willingness to defy courts, mayor says ‘guardrails’ may not be enough to implement a contract with Fusus
“When the security threat team obtains a suspect’s mobile device, they submit it to MNPD examiners and need a quick turnaround,” the study notes, going on to explain that one case can involve dozens of devices, many capable of storing terabytes of data.
MNPD spokesperson Don Aaron confirms the department’s use of GrayKey, stating that roughly 90 percent of all MNPD investigations today involve digital evidence. “We can only use it under the judicial authority of a warrant or court order, or with the consent of the owner,” he said.
GrayKey is used by thousands of law enforcement agencies across more than 30 countries, including the FBI and local police forces in the U.S., the United Kingdom and Canada. Early versions were compact boxes with Lightning cables. More recent iterations, updated in 2022, have advanced capabilities, according to FCC filings. Although GrayKey isn’t capable of remote surveillance, its ability to retrieve vast amounts of sensitive data makes it a controversial tool. Its use by local law enforcement is often unknown to the public, and even to some in the criminal justice system. Several Nashville defense attorneys tell the Scene they were unfamiliar with the technology.
“GrayKey is very expensive, and it’s sitting in a digital forensics lab most of the time, not a patrol car,” says Scott Greene, founder of Evidence Solutions, a forensics and expert witness firm. He adds that typically, trained forensic analysts — not patrol officers — operate it.
GrayKey’s use in Tennessee isn’t limited to MNPD. Murfreesboro has deployed the tool since 2020, with a June 2025 council vote approving a $57,110 license renewal. Smyrna authorized a license in 2023. The Tennessee Bureau of Investigation entered into a $458,619 contract with Magnet Forensics in 2021, acquiring licenses for GrayKey’s companion platform, Axiom, as well as other evidence-processing tools like Atlas and Automate.
Last year, the Tennessee Court of Criminal Appeals ruled that Shelbyville police lawfully used GrayKey to access a suspect’s iPhone in a murder investigation. After obtaining a warrant, Shelbyville officers hacked the device when the suspect said he couldn’t recall the passcode. Data pulled from the iPhone, including call records and location history, helped solve the case. The court ruled that the search complied with the warrant.
Such cases illustrate how valuable GrayKey is for police when investigating violent crimes. But digital privacy advocates remain wary and warn that the power of the technology could easily be abused without clear oversight.
“Hacking and extraction software often leads to overbroad search-and-seizures,” says Jake Laperruque, deputy director of the Security and Surveillance Project at the Center for Democracy and Technology, a national nonprofit that advocates for digital rights. “Police may grab huge swaths of data beyond what’s necessary or even beyond what’s legally authorized.”
Laperruque warns that because of the technical complexity involved, improper or unconstitutional data extractions may go unchallenged in court. He argues that oversight is critical in an era when smartphones store massive amounts of personal information.
“Police often take a ‘better to ask forgiveness than permission’ approach,” he says, with investigators bypassing public debate and skirting disclosure requirements to defense attorneys. This, he notes, risks denying defendants their constitutional rights.
The Electronic Privacy Information Center, a nonprofit research center that also advocates for digital rights, believes police should not be using phone-hacking tools like GrayKey at all. But if such tools are deployed, EPIC argues they must come with stricter transparency and oversight.
Flock Safety searches in Nolensville, Oak Ridge and Memphis indicate LPRs can be used for immigration enforcement
“There should be a state registry that provides notice of who is using this technology, along with requirements to disclose its use, and how it was used, to defense attorneys in criminal trials,” says Maria Villegas Bravo, a law fellow at EPIC specializing in international privacy law and surveillance oversight.
Villegas Bravo also notes that Apple, Meta and Google don’t authorize the use of devices like GrayKey, which could lead to legal action, as in a recent case involving Meta-owned WhatsApp. In May, a California federal jury found that notorious spyware vendor NSO Group must pay more than $167 million in punitive damages for enabling the hacks of approximately 1,400 users on WhatsApp. Governments were reportedly using NSO Group’s technologies to spy on human rights activists, dissidents and journalists.
While the use of GrayKey isn’t entirely secretive, police departments nationwide generally don’t volunteer much information about it. That hasn’t stopped Magnet Forensics from boasting about MNPD’s success with GrayKey.
YouTube videos and trade journal articles continue to reference MNPD’s use of GrayKey. In April 2026, the company will host the Magnet User Summit at the JW Marriott in downtown Nashville, inviting law enforcement to “learn more about how our solutions will provide you with an investigative edge.”
