Skip to main content

FBI won’t have to reveal details on iPhone hacking tool used in San Bernardino case

FBI won’t have to reveal details on iPhone hacking tool used in San Bernardino case

/

The vendor and the price paid will remain secret

Share this story

iPhone 5C 1024px

A federal court ruled yesterday that the FBI does not have to disclose either the name of the vendor used or price the government paid to hack into the iPhone 5C of mass shooter Syed Farook, according to ZDNet. The device became embroiled in a heated national controversy and legal standoff last year when Apple refused to help the FBI develop a backdoor into it for the purpose of obtaining sensitive information on Farook and his wife Tashfeen Malik, both of whom participated in the terrorist attack that left 14 dead in San Bernardino, California in December 2015.

The Justice Department originally filed a lawsuit against Apple to compel it to participate by creating a special version of its mobile operating system, something Apple was vehemently against because of the risk such a tool posed to users. But very soon after, the government withdrew from the case when a third-party vendor secretly demonstrated to the FBI a workable method to bypass the iPhone’s security system. Three news organizations — the Associated Press, Vice News, and USA Todayfiled a Freedom of Information Act lawsuit in September 2016 to reveal details of the hacking method used. Because it was not clear how many phones the workaround could be used on, and whether the FBI could use it surreptitiously in the future, the lawsuit was seeking information that would be pertinent to the public and security researchers around the globe.

The FBI won’t have to reveal the name of the vendor or the price paid

Federal judge Tanya Chutkan, in her ruling issued Saturday, cited the risk revealing such information could pose to the vendor, which does not have the same cyberattack protections as the FBI and might become subject to a number of high-profile attacks from independent or state-sponsored organizations. “It is logical and plausible that the vendor may be less capable than the FBI of protecting its proprietary information in the face of a cyberattack,” the court said. “The FBI's conclusion that releasing the name of the vendor to the general public could put the vendor's systems, and thereby crucial information about the technology, at risk of incursion is a reasonable one.”

The court also denied the request for the price paid by the US government for the tool, despite former FBI director James Comey and Senator Dianne Feinstein’s public disclosures that the cost was around $1 million. “Releasing the purchase price would designate a finite value for the technology and help adversaries determine whether the FBI can broadly utilize the technology to access their encrypted devices,” the court ruled.

Correction: An earlier version of this article misidentified the phone at the center of the San Bernardino case. It was an iPhone 5C, not an iPhone SE.