The FBI refused to ever share how much it paid for the hack into San Bernardino (D-CA) shooter Syed Farook’s iPhone, but thanks to Senator Diane Feinstein we now know the price was US$900,000. The Senator accidentally spilled the beans during a Judiciary Committee meeting on accessing encrypted data on smartphones and personal computers.
The $900,000 price tag, as well as the name of the company the FBI paid, was classified information—at least until Senator Feinstein shared the number while questioning FBI Director James Comey. She said,
I was so struck when San Bernardino happened and you made overtures to allow that device to be opened, and then the FBI had to spend $900,000 to hack it open. And as I subsequently learned of some of the reason for it, there were good reasons to get into that device.
The FBI Versus iPhone Encryption
The phone she referred to had been issued to Farook by his employer, San Bernardino County. Farook and his wife, Tashfeen Malik, opened fire on their coworkers during a holiday party in December 2015. They killed 14 people and injured 22 others.
The two were killed later that day in a shootout with police. Law enforcement recovered the county-issued iPhone, but found Farook and Malik had destroyed their personal phones and computers.
No one knew the passcode for the iPhone 5c in Farook’s possession, so the FBI turned to Apple for help. Apple was able to recover data from the iCloud account linked to the iPhone, but didn’t have any way to bypass the on-device encryption.
When Apple hit the device passcode roadblock, the FBI obtained a court order compelling the company to make a version of iOS without the security measures that keep hackers out. The FBI said the hackable iOS version would be used only on Farook’s iPhone.
Apple refused, kicking off a very public battle between the company and FBI over our security and our privacy rights. That fight ended abruptly only hours before a court hearing over whether or not Apple had to comply when the FBI said it found a way into the iPhone.
FBI Director Comey said the agency paid an unnamed company for the hack, so Apple’s sell secure operating system wasn’t necessary for the case. He said the hack cost less than a million dollars, but wouldn’t elaborate on the actual cost or who the seller was. The evidence points strongly to Cellebrite as the seller, although the actual company name is still classified.
The Cost for Hacking iPhones
Now it seems we know just how much the FBI paid for its iPhone hack. Considering there wasn’t any useful information on the phone, just as law enforcement suspected, that dollar figure is about the only thing of value that’s come from the phone so far.
Feinstein’s classified information slip up came as she was pushing to revive her bill requiring companies to create ways for law enforcement to access encrypted data on our personal devices. Director Comey is supporting her efforts saying it’s necessary to track down criminals and terrorists.
He claims the FBI isn’t asking for a back door into our data, although it sounds like that’s exactly what he wants. Intentionally creating a way to bypass the encryption on our electronic devices is the very definition of a back door.
The Senator’s bill fizzled out last year when it failed to gain real support. Hopefully that’s exactly what will happen again this year, too.
[Thanks to CNBC for the heads up]