FBI Allegedly Paid More Than $1 Million To Get Into Encrypted iPhone... And To Avoid Setting Legal Precedent It Didn't Like

from the just-saying dept

On Thursday, FBI Director James Comey suggested that the FBI paid over a million dollars to a group of hackers who helped it get into Syed Farook's encrypted work iPhone. Of course, just as pretty much everyone predicted, the FBI found nothing of value on the iPhone. This was hardly a surprise. It was a case where we already know who did it, and that they were already dead. We also know that they destroyed their two personal iPhones, leaving open the question why anyone would think there was anything valuable on the work iPhone.

Specifically, Comey said that buying the exploit from this group cost the FBI "more than I will make in the remainder of this job, which is seven years and four months, for sure." Comey makes $185,100 per year at his job, implying that buying the exploit cost at least $1.3 million or so.

This has, understandably caused some to ask how it could possibly be worth it to pay so much money for an exploit that everyone must have known was worthless.


Of course, that is taking a slightly narrow view on things, considering that many people believe, strongly, that the FBI's motive here was really to extricate itself from the legal dispute over the phone that had the very strong potential of ending with a bad precedent for the FBI and the DOJ. When looked at through that lens, $1.3 million or whatever seems like very little money to pay...

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 22 Apr 2016 @ 6:53am

    I would be curious who the hackers were. Did the FBI reach out to a group that knowingly does illegal acts or was it all above board.

    Would be nice to know if the FBI once again broke the law in getting what they wanted or if it was legal.

    reply to this | link to this | view in chronology ]

  • identicon
    Jason, 22 Apr 2016 @ 7:24am

    Small price...

    $1.3 million or whatever seems like very little money to pay...
    Especially when it's not "their" money!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Apr 2016 @ 7:32am

    Wasn't cellebrite

    It wasn't Cellebrite, but we may never find out who it really was.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Apr 2016 @ 7:42am

    FBI vs. iPhone opens up a whole new angle of economic terrorism

    1. Buy encryptable mobile phone(s).
    2. Encrypt the phones. Store nothing of value of them, even in the encrypted areas. Prefer encryption that could be broken with enough effort, but not something broken easily.
    3. Commit horrific crime, preferably for as little cost as possible.
    4. Die during crime, or get caught and refuse to talk. Either way, leave vague suggestions that the mobile phones have valuable information on them. Alternately, leave suggestions that the mobile phones have nothing of value, which by reverse psychology means they are extremely valuable.
    5. Let government waste huge amounts of time and money trying to break into a box that, if they manage to enter, has nothing of value.

    Granted, it is not quite the magnitude of waste that 9/11 caused with the creation of TSA, but it is still a fairly significant multiplier.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Apr 2016 @ 7:56am

      Re: FBI vs. iPhone opens up a whole new angle of economic terrorism

      Wouldn't fewer illegal things, and fewer deaths, need to happen if a bunch of people who are all on the watch lists just start sending each other encrypted random data? You get the bonus of once the encryption is cracked, the feds are still left with data that appears still encrypted.

      As long as the terrorists don't have data caps, all they do is just DOS the decryption department with swaths of garbage data to sort through.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 22 Apr 2016 @ 8:06am

        Re: Re: FBI vs. iPhone opens up a whole new angle of economic terrorism

        Sure, but how do you confirm you are on one of the "must decrypt at any cost" watch lists? While I believe that the government would love to have readable copies of everything, I doubt they are willing to spend indefinitely to read encrypted content that is not connected to an already committed crime. Remember, they are fundamentally lazy. I think the only reason they bothered to buy this hack is because they needed to resolve the situation they created. The resolution was expensive, but still cheaper than setting a precedent they dislike. If they could have gotten away with dropping the court order, and not getting into the phone, and not suffered even worse PR for taking that approach, they likely would have done it.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Apr 2016 @ 9:34am

      Re: FBI vs. iPhone opens up a whole new angle of economic terrorism

      If you're not keen on suicide, just keep some flash drives with encrypted junk data on them, write "why I did it" on it and wait for a mass shooting and sprinkle them around the crime scene. Mass shootings are pretty common in USA so you shouldn't have to wait long.

      reply to this | link to this | view in chronology ]

    • identicon
      Ragnarredbeard, 22 Apr 2016 @ 9:36am

      Re: FBI vs. iPhone opens up a whole new angle of economic terrorism

      Another thing to do requires a bit of luck and timing, but you could drop said phone near an "incident". The police/FBI pick it up and think its the perps. Perp of course denies its his phone, which of course means it is his phone. Fun ensues.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Apr 2016 @ 12:43pm

      Re: FBI vs. iPhone opens up a whole new angle of economic terrorism

      1. Buy phone
      2. Encrypt phone
      3. Share password with comrades
      4. Go all suicide bomber preserving phone
      5. comrades approach FBI as 'hackers' who unlock the phone and receive $1.3mil in compensation.
      6. Rinse, repeat on larger scale with newly acquired funding.


      FTFY

      On another note, my new startup needs investors, we are offering 20% stake for 1 life.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Apr 2016 @ 6:53am

      Re: FBI vs. iPhone opens up a whole new angle of economic terrorism

      they already waste money creating fake terrorism plots to justify their fascist actions

      reply to this | link to this | view in chronology ]

  • icon
    AricTheRed (profile), 22 Apr 2016 @ 7:45am

    It's like...

    The fibers, purchasing a hack of doofus's work phone seems more like a crappy divorce settlement. They paid a ton, although not to a lawyer this time, and still didn't get to keep the house, the kids, the dog, or the cash...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Apr 2016 @ 7:53am

    I understand the legal argument, but the exploit is not a "use once on one phone and throw it away" solution. $1.3 gives them access to a lot more phones.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Apr 2016 @ 7:58am

      Re:

      That's assuming a lot of what the hack can get into. Assuming its for that version and older, the number of vulnerable phones will only decrease as a function of time.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 22 Apr 2016 @ 8:12am

        Re: Re:

        But the outrage seems to stem from spending >1m to access Syed Farook's phone; it won't just be his phone.

        Yes, I agree it will diminish over time as people upgrade to newer phones. But if it's 2 phones, it 500k per phone, 10, 100k per phone, gaining access to a million phones, the cost is about $1 per phone.

        reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 22 Apr 2016 @ 9:00am

          Re: Re: Re:

          According to their arguments during the case it was just one phone though, it was only once they ran away from the case and claimed that they'd found another way in that now the vulnerability is going to be used for multiple phones.

          Or put another way...

          When they didn't have a way in and were demanding Apple write custom code to disable the security on the device it was 'just one phone'.

          When they have a way in(or claim to anyway) that doesn't require Apple's 'assistance' now it's all similar phones.

          If people are slamming them for paying $1.3M to access a single phone that anyone could have told them wouldn't have anything valuable on it it's because their own arguments were based largely on how it was only ever about one phone, this one, which means if you give them the (undeserved) benefit of the doubt and assume they were telling the truth the entire amount was and is for just one phone, and it's just coincidental that it can also be used on other phones as well.

          reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 22 Apr 2016 @ 8:41am

    "This has, understandably caused some to ask how it could possibly be worth it to pay so much money for an exploit that everyone must have known was worthless."

    Because its just a number not relating to anything for them. It's just a number. It's not their money and might as well be Monopoly money.

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Whatever, 22 Apr 2016 @ 8:45am

    More nonsense from TechDirt's piratey, criminal advocates.

    If Apple had simply given up the key to their easily exploitable software, this money wouldn't have been wasted in the first place. The fact that hackers were able to get into it means that Apple's backdoor isn't as secure as TechDirt would like to think it is.

    Apple won't recover from this, mark my words.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Apr 2016 @ 10:00am

      Re: More nonsense from TechDirt's piratey, criminal advocates.

      Though I am no iSheep, I believe there isn't much for Apple to recover from. They fought the good fight and won a lot of public goodwill. Now the onus is on them to figure out how the FBI did it and plug the hole.

      But as with anything like this, Apple will take measures to prevent hacking and hackers, including nation-states, will take counter measures to get into the devices. It is a never ending game.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Apr 2016 @ 11:53am

      Re: More nonsense from TechDirt's piratey, criminal advocates.

      If Apple had simply given up the key to their easily exploitable software, this money wouldn't have been wasted in the first place.

      How much money was spent suing Apple in court arguing that the government had "exhausted every means available?"

      Had they gone this route in the first place, that money wouldn't have been wasted in the first place.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Apr 2016 @ 12:57pm

      Re: More nonsense from TechDirt's piratey, criminal advocates.

      If Apple had simply given up the key to their easily exploitable software, this money wouldn't have been wasted in the first place.

      It's her own fault. If she hadn't resisted, he wouldn't have had to use force to rape her.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Apr 2016 @ 9:29am

    With that money FBI could have hired a whole team of hackers.

    reply to this | link to this | view in chronology ]

  • icon
    Whatever (profile), 22 Apr 2016 @ 9:40am

    It was all good until the money used was called a "slush fund". At that point, you know the person is pretty damned biased about the thing, and would find something scary no matter what.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Apr 2016 @ 10:31am

      Re:

      It was all good until the money used was called a "slush fund".

      Yah, everything's good, until it gets exposed, huh?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Apr 2016 @ 10:54am

      Re:

      Says the guy who in literally every article about encryption goes out of his way to say "but when is it too much?!"

      "Encryption is the devil." - Whatever (you could just leave this as a comment in all such articles and save us all some time)

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Apr 2016 @ 11:57am

      Re:

      Well given that the government argued in court that they had "exhausted every means available" to them, when clearly, they didn't, I'd say yeah, it was a slush fund.

      It's a bummer when the government you defended so vehemently lies, isn't it?

      I prefer to call shit "shit" - and not polish it just to suggest impartiality. The government lied - and they should be called liars for it.

      reply to this | link to this | view in chronology ]

  • identicon
    Yes, I know I'm commenting anonymously, 22 Apr 2016 @ 12:12pm

    Phrased differently

    The FBI revealed that iPhone encryption is not safe enough, because criminals hacked it.
    The FBI also admits it gives money to criminals as an effort to `keep up' with the times.

    reply to this | link to this | view in chronology ]

  • identicon
    Phils, 22 Apr 2016 @ 1:42pm

    Possible infringment

    Did the FBI buy the exploit or just licensed/leased it? If so, how many phones is it licenced for? Does the "first sale doctrine" apply here? Was the exploit copyrighted? If so would the FBI have to pay statutory damages if they made a copy of it for other TLA's?

    The exploit came from an organization that is much smarter than the FBI -- that organization probably could deal effectively with any infringement.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Apr 2016 @ 7:10pm

      Re: Possible infringment

      The exploit came from an organization that is much smarter than the FBI

      That's really not saying much these days with the level of stupidity and incompetence they like to display on a regular basis.

      reply to this | link to this | view in chronology ]

  • icon
    Monday (profile), 23 Apr 2016 @ 11:50am

    Correct first assumption...

    ... in that the money should have been better spent on the Families of the victims, but it is the FBI / DOJ whom have blinders on in this case. They really needed to extricate themselves from their losing positions.

    Nevertheless, every company that the FBI / DOJ comes at from that point of asking for "the backdoor", to asking for something akin somewhere in the future, will know exactly how Law Enforcement will come at them, and what cards to play. It won't be quite so easy, and messy in the future.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.