FBI Director James Comey may have overstated how much the agency paid for the hack to get into San Bernardino shooter Syed Farook's iPhone 5c. Instead of the US$1.3 million he implied, the figure is reportedly actually less than a million dollars. Director Comey may not even know who the FBI paid, but that doesn't necessarily mean he doesn't know what's going on under his command.
FBI Director Comey doesn't know much about San Bernardino iPhone hack
Unnamed government sources speaking with Reuters said the Director overstated how much money the iPhone hack cost when he said the price was "more than I will make in the remainder of this job, which is seven years and four months for sure."
Based on that statement, and his annual $183,300 salary, the FBI paid at least $1.3 million. Now sources are saying Director Comey overshot the amount, and that it's likely he doesn't know who the FBI paid.
That nebulous payment amount bought the FBI a hack that gained them access to the encrypted content on an iPhone 5c recovered from Syed Farook last December after he opened fire on his San Bernardino county co-workers, killing 14 and injuring 22 others. His wife, Tashfeen Malik, was involved in the mass shooting, too, and bother were killed by police later in the day.
Since the county didn't know the iPhone passcode, the FBI turned to Apple for help recovering any data they could. Apple handed over the most recent iCloud backups, which were more than a month old. When the FBI asked Apple to unlock the device, agents weren't happy to hear the company didn't have the means to do so.
Agents then turned to the Federal Courts where they obtained an order telling Apple to create a version of iOS that stripped out the protections preventing someone from trying all possible four-digit combinations to find the unlock code. Apple asked the court to reverse the order saying the FBI overstepped its authority, and that it would set a precedent where other companies would be expected to hack their own product security features.
The FBI dropped its fight with Apple after buying the hack, which ultimately netted them nothing of value since the iPhone didn't give them any new leads.
What we know now is that Director Comey probably overestimated how much was paid for the hack, and that he doesn't know who was paid. While that may come across as the Director not knowing what's going on in his own agency, it's possible he's intentionally keeping himself from those details to help preserve secrecy. The fewer people who know the details of the transaction, the less likely it is to leak.
Keeping the details of the hack purchase need to know gives Director Comey a plausible excuse for seeming to be in the dark, but it doesn't get him off the hook for pushing to erode security and privacy by intentionally creating holes in the encryption protecting our data and communications.
The FBI and Department of Justice are still trying to use the courts to force Apple to sidestep its own encryption features in the name of protecting us from hackers, hostile governments, and criminals. Director Comey doesn't get a pass there because the encryption he wants to strip away is, in many cases, a key part in truly protecting us from the elements he says are real threats.