The United States Federal Bureau of Investigation paid almost a million dollars to break into the San Bernardino gunman’s iPhone, Senator Dianne Feinstein (D) said earlier this year. But thanks to a recent decision by the U.S. District Court, the exact figure may never be confirmed.
In 2016, the FBI contracted an unnamed third-party security firm to unlock the password-protected iPhone 5c of San Bernardino, California shooter Syed Rizwan Farook, who along with his wife killed 14 people in an attack in December 2015. But the agency refused to reveal how much it paid.
The Associated Press, Vice Media, and USA Today took the FBI to court over the agency’s nondisclosure, arguing that it had lacked “adequate justification.” But in late September 2017, U.S. District Court Judge Tanya Chutkan ruled that the information was exempt from the Freedom of Information Act’s (FOIA) mandatory disclosure statute.
In her ruling, Chutkan said that both the name of the firm that cracked the iPhone’s security the price the FBI paid it to do so are “national security secrets,” and that the amount paid reflects a “confidential law enforcement technique” that’s exempt from FOIA disclosure.
That’s despite the fact that Fenstein and then-FBI director James Comey have hinted at the amount in public comments.
“I was so struck when San Bernardino happened and you made overtures to allow that device to be opened, and then the FBI had to spend $900,000 to hack it open,” Feinstein said in a speech. “And as I subsequently learned of some of the reason for it, there were good reasons to get into that device.”
FBI director James Comey gave a ballpark range last year, saying that the agency paid “more money than he would earn in his remaining seven years on the job” — or roughly least $1.3 million.
Last year, Apple challenged a judge’s order to help the Justice Department in its investigation of the San Bernardino shooter, arguing that an FBI to build a backdoor into the locked iPhone’s operating system would threaten its customers’ privacy.
The FBI dropped its case after it gained access to the iPhone.
The agency later stated that it didn’t find any evidence that Farook coordinated the attack with members of a terrorist organizations, and that it was unable to recover encrypted communications during an 18-minute gap in the agency’s knowledge of Farook’s location after the attack. But it maintained that the information was “helpful.”
Privacy advocates and tech experts argue that the FBI should disclose its method to Apple so it can repair any bugs in its operating system. Exploits discovered by federal agencies are typically reported to the Vulnerabilities Equities Process, a step the agency has so far refused to take.
Disclosure of this information could make the investigators’ decryption efforts more difficult, the FBI argues. Comey said that roughly 12 percent of consumer devices were inaccessible to FBI investigators, and that encryption would cause that number to grow.
“We are increasingly finding devices … that we can’t open,” he said at a keynote address at the annual Special Operations Forces Industry Conference in May 2016.
In response to the controversy, Senator Feinstein and Senator Richard Burr (R), drafted an encryption bill in April that would force companies to comply with the government’s demands for access to encrypted services.
Update: Added news of a Justice Department decision regarding the FBI’s security contract.
- ZTE and Huawei respond to intelligence agency warnings over security risks
- Facebook is on a fake-finding campaign before the next election
- Law enforcement agencies are buying GrayKey, a device to unlock iPhones
- Intel warned Chinese tech firms of security flaws before telling U.S. government
- North Carolina police force asks Google for data from devices near crime scenes