AP, USA Today, Vice Sue FBI Over Refusal To Release Information About Contractor Who Cracked iPhone For It

from the exemption-(b)ecause-shut-up dept

USA Today, the Associated Press, and Vice News have joined forces to sue the FBI over its refusal to release even the most minimal amount of information on the hack it purchased to crack open the iPhone seized during its San Bernardino shooting investigation.

The DOJ certainly seemed adamant that Apple disclose all sorts of inside info to the government during the heated litigation. It turned down offers of assistance from hackers and security researchers before finally shelling out an unknown amount of money to an Israeli firm to gain access to the phone’s contents. It also ensured it would never have to discuss the technical details of the hacking by not demanding this information be included in the purchase price.

Now, it refuses to even discuss the purchase price. Educated guesses that put it north of $1 million are based on a James Comey comment in which he said it was several times his annual salary. Somehow, the actual amount paid — if revealed — would somehow prevent the FBI’s investigation from reaching its conclusion.

This FOIA lawsuit [PDF] targets other innocuous information the FBI refuses to release: contractor info on the party used to open up the seized iPhone (and discover nothing of investigative use on it).

This action is brought pursuant to the Freedom of Information Act (“FOIA”), 5 U.S.C. §§ 552, et seq., for basic contracting information from the Federal Bureau of Investigation (“FBI”) regarding one of its most publicly-discussed and controversial acquisitions: a technological tool openly purchased from a third-party vendor that was used to circumvent the need for a court order to access the locked iPhone of Syed Rizwan Farook, one of the perpetrators of the mass killings in San Bernardino, California.

As the lawsuit cleverly points out by using FBI director James Comey’s own words against him, the public’s interest in this information should easily outweigh the FBI’s stated reasons for withholding it.

[T]he News Organizations seek to compel the FBI to provide records of the publicly-acknowledged business transaction that resulted in the purchase this March of the so-called iPhone access tool. The public interest in receiving this information is significant. The FBI’s purchase of this tool allowed government access to Mr. Farook’s phone, providing new information about one of the deadliest attacks on American soil in recent years, but also apparently failing to reveal any evidence of links between Mr. Farook and foreign terrorists or terrorist organizations…

FBI Director James Comey has himself stressed the essential importance of a nationwide “adult conversation” about whether and when law enforcement should be able to access encrypted devices because, “‘We’ve got to get to a point where we can reach [wrongdoers] as easily as they can reach us and change behavior by that reach-out.’” Mr. Comey also noted the need for increased information sharing with the public, an acknowledgment particularly critical given the potential of future legislative action on this issue, noting, “‘We need to understand in the FBI, how is this exactly affecting our work, and then share that with folks.’”

Moreover, the FBI’s purchase of the technology – and its subsequent verification that it had successfully obtained the data it was seeking thanks to that technology – confirmed that a serious undisclosed security vulnerability existed (and likely still exists) in one of the most popular consumer products in the world. And in order to exploit that vulnerability, the FBI contracted with an unidentified third-party vendor, effectively sanctioning that party to retain this potentially dangerous technology without any public assurance about what that vendor represents, whether the vendor has adequate security measures, whether the vendor is a proper recipient of government funds, or whether it will act only in the public interest.

The complaint points out the FBI has offered up zero information on this mysterious contractor, leaving several questions unanswered. The agency has refused to turn over anything on the vetting process used to select this vendor, raising the possibility that the FBI’s chosen hacking entity may also be aiding blacklisted governments, terrorist groups, or criminals with accessing communications and data.

The news agencies participating in the lawsuit have been seeking this info since the All Writs Order was vacated back in March. Every request has been denied. The lawsuit seeks an order compelling the release of this information.

The DOJ will obviously fight this but it should be an interesting case to watch… if there’s anything to be seen from the outside. Despite the hack being specific to one iPhone make running one specific version of iOS — and there being nothing of interest found on the cracked phone — the DOJ is sure to claim that any disclosure, however minimal, will do serious damage to national security and law enforcement means and methods.

Filed Under: , , , , , , , ,
Companies: a&p, usa today, vice

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “AP, USA Today, Vice Sue FBI Over Refusal To Release Information About Contractor Who Cracked iPhone For It”

Subscribe: RSS Leave a comment
I.T. Guy says:

“the FBI contracted with an unidentified third-party vendor, effectively sanctioning that party to retain this potentially dangerous technology without any public assurance about what that vendor represents, whether the vendor has adequate security measures, whether the vendor is a proper recipient of government funds, or whether it will act only in the public interest.”

C’mon guys… it’s the Israelis. Certainly we can trust them right?

OldGeezer (profile) says:

It's a Lie!

They wanted to use this case as a precedent to force companies to break encryption. They knew there was no useful intel in this work phone or the gunman would have destroyed it like his personal phone. They thought that no one would stand up to them because this was a really bad guy. I’m sure they got a warrant for the metadata so the claim they needed to know who he was in contact with was bullshit. When they realized this case was lost they lied to save face. They wouldn’t have paid a dime to hack it. They knew this guy was not part of any terrorist organization.

bob says:

can't release info when there is none.

my bet is that there wasn’t really any purchase in the first place.

When the FBI realized they would lose the case and get a bad precedent they instead made up a story that they were able to get into the phone so they could claim the case wasn’t in vain. Really they just gave up because they knew nothing of significance was on it and if they admitted that publicly it would make them look bad because they had just wasted the world’s time and the US’s money screaming it was super necessary.

Anonymous Coward says:

I think we can safely assume that if they actually got into the phone at all (which I’m doubtful they did), nothing of value was found.

Otherwise, they would’ve been saying “see? we told you how necessary this was…” over and over again, trying to sway public opinion in their favor, and justifying this staggering taxpayer expense.

Their silence on the matter speaks volumes.

That One Guy (profile) says:

"The dog ate my homew- the paperwork."

Yeah, the lawsuit will be interesting alright but primarily because there’s nothing to reveal. I’d say it’s almost certainly the case that there is no ‘mystery company’ who cracked the phone, and the FBI simply made it up as an excuse to drop a case that might have otherwise resulted in the ‘wrong’ precedent being set.

You can’t force the disclosure of information that doesn’t exist, so it will be interesting to watch the FBI/DOJ flail about in an attempt to have the case dropped, or assuming it goes against them scramble about to avoid having to admit that they lied just to get out of a case going south.

GEMont (profile) says:

...Nothing up my sleeve...

Most probable reality.

We need to make the American Public and a lot of companies that are not on the payroll, think we don’t know how to unlock all their phones at will.

Lets raise a public stink about how Apple won’t help us open their phone. That will prove we do not know how to do it ourselves, even though we’ve already opened the thing and found it empty.

To end the phony “stink” we made, we’ll publicly acknowledge the opening of the phone by a third party – that should completely remove any thoughts that we already have the tech to open Apples’ phones, (and any other encrypted electronic communications devise made anywhere on earth in the last three months, or older.)

Its just damage control. Or more precisely, the best possible method of insuring that the “enemy”, or “adversary” (the US Public) is kept in the dark about the USG’s capabilities of global surveillance as long as possible.

Because, its always easier to defeat an enemy that believes what you want them to believe, compared to those who know the truth.

Once again folks, you’ve been played.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...