AP, USA Today, Vice Sue FBI Over Refusal To Release Information About Contractor Who Cracked iPhone For It

from the exemption-(b)ecause-shut-up dept

USA Today, the Associated Press, and Vice News have joined forces to sue the FBI over its refusal to release even the most minimal amount of information on the hack it purchased to crack open the iPhone seized during its San Bernardino shooting investigation.

The DOJ certainly seemed adamant that Apple disclose all sorts of inside info to the government during the heated litigation. It turned down offers of assistance from hackers and security researchers before finally shelling out an unknown amount of money to an Israeli firm to gain access to the phone's contents. It also ensured it would never have to discuss the technical details of the hacking by not demanding this information be included in the purchase price.

Now, it refuses to even discuss the purchase price. Educated guesses that put it north of $1 million are based on a James Comey comment in which he said it was several times his annual salary. Somehow, the actual amount paid -- if revealed -- would somehow prevent the FBI's investigation from reaching its conclusion.

This FOIA lawsuit [PDF] targets other innocuous information the FBI refuses to release: contractor info on the party used to open up the seized iPhone (and discover nothing of investigative use on it).

This action is brought pursuant to the Freedom of Information Act (“FOIA”), 5 U.S.C. §§ 552, et seq., for basic contracting information from the Federal Bureau of Investigation (“FBI”) regarding one of its most publicly-discussed and controversial acquisitions: a technological tool openly purchased from a third-party vendor that was used to circumvent the need for a court order to access the locked iPhone of Syed Rizwan Farook, one of the perpetrators of the mass killings in San Bernardino, California.

As the lawsuit cleverly points out by using FBI director James Comey's own words against him, the public's interest in this information should easily outweigh the FBI's stated reasons for withholding it.

[T]he News Organizations seek to compel the FBI to provide records of the publicly-acknowledged business transaction that resulted in the purchase this March of the so-called iPhone access tool. The public interest in receiving this information is significant. The FBI’s purchase of this tool allowed government access to Mr. Farook’s phone, providing new information about one of the deadliest attacks on American soil in recent years, but also apparently failing to reveal any evidence of links between Mr. Farook and foreign terrorists or terrorist organizations...

FBI Director James Comey has himself stressed the essential importance of a nationwide “adult conversation” about whether and when law enforcement should be able to access encrypted devices because, “‘We’ve got to get to a point where we can reach [wrongdoers] as easily as they can reach us and change behavior by that reach-out.’” Mr. Comey also noted the need for increased information sharing with the public, an acknowledgment particularly critical given the potential of future legislative action on this issue, noting, “‘We need to understand in the FBI, how is this exactly affecting our work, and then share that with folks.’”

Moreover, the FBI’s purchase of the technology – and its subsequent verification that it had successfully obtained the data it was seeking thanks to that technology – confirmed that a serious undisclosed security vulnerability existed (and likely still exists) in one of the most popular consumer products in the world. And in order to exploit that vulnerability, the FBI contracted with an unidentified third-party vendor, effectively sanctioning that party to retain this potentially dangerous technology without any public assurance about what that vendor represents, whether the vendor has adequate security measures, whether the vendor is a proper recipient of government funds, or whether it will act only in the public interest.

The complaint points out the FBI has offered up zero information on this mysterious contractor, leaving several questions unanswered. The agency has refused to turn over anything on the vetting process used to select this vendor, raising the possibility that the FBI's chosen hacking entity may also be aiding blacklisted governments, terrorist groups, or criminals with accessing communications and data.

The news agencies participating in the lawsuit have been seeking this info since the All Writs Order was vacated back in March. Every request has been denied. The lawsuit seeks an order compelling the release of this information.

The DOJ will obviously fight this but it should be an interesting case to watch… if there's anything to be seen from the outside. Despite the hack being specific to one iPhone make running one specific version of iOS -- and there being nothing of interest found on the cracked phone -- the DOJ is sure to claim that any disclosure, however minimal, will do serious damage to national security and law enforcement means and methods.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ryunosuke (profile), 16 Sep 2016 @ 12:06pm

    probably because the FBI hired... no compelled some 13 year old hacker to get into it. Or they used tools that aren't exactly legal.

    reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 16 Sep 2016 @ 12:09pm

    "the FBI contracted with an unidentified third-party vendor, effectively sanctioning that party to retain this potentially dangerous technology without any public assurance about what that vendor represents, whether the vendor has adequate security measures, whether the vendor is a proper recipient of government funds, or whether it will act only in the public interest."

    C'mon guys... it's the Israelis. Certainly we can trust them right?

    reply to this | link to this | view in chronology ]

  • icon
    OldGeezer (profile), 16 Sep 2016 @ 12:12pm

    It's a Lie!

    They wanted to use this case as a precedent to force companies to break encryption. They knew there was no useful intel in this work phone or the gunman would have destroyed it like his personal phone. They thought that no one would stand up to them because this was a really bad guy. I'm sure they got a warrant for the metadata so the claim they needed to know who he was in contact with was bullshit. When they realized this case was lost they lied to save face. They wouldn't have paid a dime to hack it. They knew this guy was not part of any terrorist organization.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Sep 2016 @ 12:28pm

    Verint.

    reply to this | link to this | view in chronology ]

  • identicon
    Norahc, 16 Sep 2016 @ 12:46pm

    It appears

    It appears as if the DOJ and FBI in particular view any sort of public oversight of their activities as something that hinders their job...much the same way they appear to view the Constitution.

    News flash... It's supposed to be a hindrance to keep you from overstepping your bounds.

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 16 Sep 2016 @ 1:04pm

    Part of me thinks they smelled trouble in the lawsuit when opposition started getting too much public attention and real heavyweights in the industry that usually fight with Apple got together to defend it...

    reply to this | link to this | view in chronology ]

  • identicon
    kallethen, 16 Sep 2016 @ 1:19pm

    My prediction if this lawsuit succeeds:

    The FBI won't be able to provide the information because there was no third party who cracked the phone. They said it just to save face as they dropped the case against Apple.

    reply to this | link to this | view in chronology ]

  • identicon
    bob, 16 Sep 2016 @ 1:29pm

    can't release info when there is none.

    my bet is that there wasn't really any purchase in the first place.

    When the FBI realized they would lose the case and get a bad precedent they instead made up a story that they were able to get into the phone so they could claim the case wasn't in vain. Really they just gave up because they knew nothing of significance was on it and if they admitted that publicly it would make them look bad because they had just wasted the world's time and the US's money screaming it was super necessary.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Sep 2016 @ 1:35pm

    I think we can safely assume that if they actually got into the phone at all (which I'm doubtful they did), nothing of value was found.

    Otherwise, they would've been saying "see? we told you how necessary this was..." over and over again, trying to sway public opinion in their favor, and justifying this staggering taxpayer expense.

    Their silence on the matter speaks volumes.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 16 Sep 2016 @ 1:40pm

    "The dog ate my homew- the paperwork."

    Yeah, the lawsuit will be interesting alright but primarily because there's nothing to reveal. I'd say it's almost certainly the case that there is no 'mystery company' who cracked the phone, and the FBI simply made it up as an excuse to drop a case that might have otherwise resulted in the 'wrong' precedent being set.

    You can't force the disclosure of information that doesn't exist, so it will be interesting to watch the FBI/DOJ flail about in an attempt to have the case dropped, or assuming it goes against them scramble about to avoid having to admit that they lied just to get out of a case going south.

    reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 16 Sep 2016 @ 8:04pm

    I would bet they just pull the old national security or if you are against us you support terrorism clause.

    reply to this | link to this | view in chronology ]

  • identicon
    imtheman, 17 Sep 2016 @ 10:03am

    I was the on who cracked the the iPhone for the FfffffBbbbbbI, All I got was 50Dollars and a T-Shirt

    reply to this | link to this | view in chronology ]

  • icon
    GEMont (profile), 17 Sep 2016 @ 1:10pm

    ...Nothing up my sleeve...

    Most probable reality.

    We need to make the American Public and a lot of companies that are not on the payroll, think we don't know how to unlock all their phones at will.

    Lets raise a public stink about how Apple won't help us open their phone. That will prove we do not know how to do it ourselves, even though we've already opened the thing and found it empty.

    To end the phony "stink" we made, we'll publicly acknowledge the opening of the phone by a third party - that should completely remove any thoughts that we already have the tech to open Apples' phones, (and any other encrypted electronic communications devise made anywhere on earth in the last three months, or older.)

    Its just damage control. Or more precisely, the best possible method of insuring that the "enemy", or "adversary" (the US Public) is kept in the dark about the USG's capabilities of global surveillance as long as possible.

    Because, its always easier to defeat an enemy that believes what you want them to believe, compared to those who know the truth.

    Once again folks, you've been played.

    ---

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.