FBI Allegedly Paid More Than $1 Million To Get Into Encrypted iPhone… And To Avoid Setting Legal Precedent It Didn't Like
from the just-saying dept
On Thursday, FBI Director James Comey suggested that the FBI paid over a million dollars to a group of hackers who helped it get into Syed Farook’s encrypted work iPhone. Of course, just as pretty much everyone predicted, the FBI found nothing of value on the iPhone. This was hardly a surprise. It was a case where we already know who did it, and that they were already dead. We also know that they destroyed their two personal iPhones, leaving open the question why anyone would think there was anything valuable on the work iPhone.
Specifically, Comey said that buying the exploit from this group cost the FBI “more than I will make in the remainder of this job, which is seven years and four months, for sure.” Comey makes $185,100 per year at his job, implying that buying the exploit cost at least $1.3 million or so.
This has, understandably caused some to ask how it could possibly be worth it to pay so much money for an exploit that everyone must have known was worthless.
It would have been more responsible to give the FBI?s slush fund over to the victims? families than to pursue such an obvious non-lead.
— Jonathan Zdziarski (@JZdziarski) April 21, 2016
Things that would've better served the American public with $1.3M than Comey's goose chase: Mental health funding.
— Jonathan Zdziarski (@JZdziarski) April 21, 2016
Filed Under: doj, fbi, hack, iphone, james comey, precedent, syed farook
Companies: apple
Comments on “FBI Allegedly Paid More Than $1 Million To Get Into Encrypted iPhone… And To Avoid Setting Legal Precedent It Didn't Like”
I would be curious who the hackers were. Did the FBI reach out to a group that knowingly does illegal acts or was it all above board.
Would be nice to know if the FBI once again broke the law in getting what they wanted or if it was legal.
Re: Re:
Writing and software/exploits is not illegal and never should be.
Re: Re: Re:
Ever hear of this thing called the DMCA?
Re: Re: Re: Re:
Nah, never bothered to learn of it. Too many copyright claims involved.
Israeli company
http://thehill.com/policy/cybersecurity/274619-israeli-firm-behind-iphone-hack-report
Re: Re:
Israeli company
http://thehill.com/policy/cybersecurity/274619-israeli-firm-behind-iphone-hack-report
This was widely reported… and then debunked. Wasn’t them.
Small price...
Especially when it’s not “their” money!
Re: Small price...
Everything’s cheap when you’re not the one paying the bill.
Re: Small price...
Hey, it’s only tax dollars. Always plenty more where that came from.
Wasn't cellebrite
It wasn’t Cellebrite, but we may never find out who it really was.
FBI vs. iPhone opens up a whole new angle of economic terrorism
1. Buy encryptable mobile phone(s).
2. Encrypt the phones. Store nothing of value of them, even in the encrypted areas. Prefer encryption that could be broken with enough effort, but not something broken easily.
3. Commit horrific crime, preferably for as little cost as possible.
4. Die during crime, or get caught and refuse to talk. Either way, leave vague suggestions that the mobile phones have valuable information on them. Alternately, leave suggestions that the mobile phones have nothing of value, which by reverse psychology means they are extremely valuable.
5. Let government waste huge amounts of time and money trying to break into a box that, if they manage to enter, has nothing of value.
Granted, it is not quite the magnitude of waste that 9/11 caused with the creation of TSA, but it is still a fairly significant multiplier.
Re: FBI vs. iPhone opens up a whole new angle of economic terrorism
Wouldn’t fewer illegal things, and fewer deaths, need to happen if a bunch of people who are all on the watch lists just start sending each other encrypted random data? You get the bonus of once the encryption is cracked, the feds are still left with data that appears still encrypted.
As long as the terrorists don’t have data caps, all they do is just DOS the decryption department with swaths of garbage data to sort through.
Re: Re: FBI vs. iPhone opens up a whole new angle of economic terrorism
Sure, but how do you confirm you are on one of the “must decrypt at any cost” watch lists? While I believe that the government would love to have readable copies of everything, I doubt they are willing to spend indefinitely to read encrypted content that is not connected to an already committed crime. Remember, they are fundamentally lazy. I think the only reason they bothered to buy this hack is because they needed to resolve the situation they created. The resolution was expensive, but still cheaper than setting a precedent they dislike. If they could have gotten away with dropping the court order, and not getting into the phone, and not suffered even worse PR for taking that approach, they likely would have done it.
Re: FBI vs. iPhone opens up a whole new angle of economic terrorism
If you’re not keen on suicide, just keep some flash drives with encrypted junk data on them, write “why I did it” on it and wait for a mass shooting and sprinkle them around the crime scene. Mass shootings are pretty common in USA so you shouldn’t have to wait long.
Re: FBI vs. iPhone opens up a whole new angle of economic terrorism
Another thing to do requires a bit of luck and timing, but you could drop said phone near an “incident”. The police/FBI pick it up and think its the perps. Perp of course denies its his phone, which of course means it is his phone. Fun ensues.
Re: FBI vs. iPhone opens up a whole new angle of economic terrorism
2. Encrypt phone
3. Share password with comrades
4. Go all suicide bomber preserving phone
5. comrades approach FBI as ‘hackers’ who unlock the phone and receive $1.3mil in compensation.
6. Rinse, repeat on larger scale with newly acquired funding.
FTFY
On another note, my new startup needs investors, we are offering 20% stake for 1 life.
Re: FBI vs. iPhone opens up a whole new angle of economic terrorism
they already waste money creating fake terrorism plots to justify their fascist actions
It's like...
The fibers, purchasing a hack of doofus’s work phone seems more like a crappy divorce settlement. They paid a ton, although not to a lawyer this time, and still didn’t get to keep the house, the kids, the dog, or the cash…
I understand the legal argument, but the exploit is not a “use once on one phone and throw it away” solution. $1.3 gives them access to a lot more phones.
Re: Re:
That’s assuming a lot of what the hack can get into. Assuming its for that version and older, the number of vulnerable phones will only decrease as a function of time.
Re: Re: Re:
But the outrage seems to stem from spending >1m to access Syed Farook’s phone; it won’t just be his phone.
Yes, I agree it will diminish over time as people upgrade to newer phones. But if it’s 2 phones, it 500k per phone, 10, 100k per phone, gaining access to a million phones, the cost is about $1 per phone.
Re: Re: Re: Re:
According to their arguments during the case it was just one phone though, it was only once they ran away from the case and claimed that they’d found another way in that now the vulnerability is going to be used for multiple phones.
Or put another way…
When they didn’t have a way in and were demanding Apple write custom code to disable the security on the device it was ‘just one phone’.
When they have a way in(or claim to anyway) that doesn’t require Apple’s ‘assistance’ now it’s all similar phones.
If people are slamming them for paying $1.3M to access a single phone that anyone could have told them wouldn’t have anything valuable on it it’s because their own arguments were based largely on how it was only ever about one phone, this one, which means if you give them the (undeserved) benefit of the doubt and assume they were telling the truth the entire amount was and is for just one phone, and it’s just coincidental that it can also be used on other phones as well.
Re: Re: Re:2 Re:
Yeah, the FBI initially claimed it’d be just this one phone, but you are delusional if you think it was only about this one phone.
https://www.techdirt.com/articles/20160222/17483233675/fbi-insists-not-trying-to-set-precedent-law-enforcement-is-drooling-over-exactly-that-possibility.shtml
https://www.techdirt.com/articles/20160223/07015733683/list-12-other-cases-where-doj-has-demanded-apple-help-it-hack-into-iphones.shtml
Re: Re: Re:3 "just one phone"
That One Guy is not saying he ever believed that it was just one phone. He is saying that the FBI repeatedly said it was just one phone. So either we take them at their word that they just wanted one phone, and were willing to spend more than $1.3 million to get in, in which case they should not be surprised we are upset they spent so much for so little; or we agree that the “just one phone” was a lie and then spending that much for a whole class of phones is slightly more defensible (or would be if they ever get real value from using that hack).
Re: Re: Re:4 "just one phone"
The Darmok version: ‘Were you lying then or are you lying now?’
Re: Re: Re:5 "just one phone"
Given the agency in question the standard assumption should be ‘Yes’ until proven beyond a shadow of a doubt otherwise.
“This has, understandably caused some to ask how it could possibly be worth it to pay so much money for an exploit that everyone must have known was worthless.”
Because its just a number not relating to anything for them. It’s just a number. It’s not their money and might as well be Monopoly money.
More nonsense from TechDirt's piratey, criminal advocates.
If Apple had simply given up the key to their easily exploitable software, this money wouldn’t have been wasted in the first place. The fact that hackers were able to get into it means that Apple’s backdoor isn’t as secure as TechDirt would like to think it is.
Apple won’t recover from this, mark my words.
Re: More nonsense from TechDirt's piratey, criminal advocates.
Though I am no iSheep, I believe there isn’t much for Apple to recover from. They fought the good fight and won a lot of public goodwill. Now the onus is on them to figure out how the FBI did it and plug the hole.
But as with anything like this, Apple will take measures to prevent hacking and hackers, including nation-states, will take counter measures to get into the devices. It is a never ending game.
Re: More nonsense from TechDirt's piratey, criminal advocates.
If Apple had simply given up the key to their easily exploitable software, this money wouldn’t have been wasted in the first place.
How much money was spent suing Apple in court arguing that the government had “exhausted every means available?”
Had they gone this route in the first place, that money wouldn’t have been wasted in the first place.
Re: More nonsense from TechDirt's piratey, criminal advocates.
If Apple had simply given up the key to their easily exploitable software, this money wouldn’t have been wasted in the first place.
It’s her own fault. If she hadn’t resisted, he wouldn’t have had to use force to rape her.
With that money FBI could have hired a whole team of hackers.
It was all good until the money used was called a “slush fund”. At that point, you know the person is pretty damned biased about the thing, and would find something scary no matter what.
Re: Re:
It was all good until the money used was called a “slush fund”.
Yah, everything’s good, until it gets exposed, huh?
Re: Re:
Says the guy who in literally every article about encryption goes out of his way to say “but when is it too much?!”
“Encryption is the devil.” – Whatever (you could just leave this as a comment in all such articles and save us all some time)
Re: Re:
Well given that the government argued in court that they had “exhausted every means available” to them, when clearly, they didn’t, I’d say yeah, it was a slush fund.
It’s a bummer when the government you defended so vehemently lies, isn’t it?
I prefer to call shit “shit” – and not polish it just to suggest impartiality. The government lied – and they should be called liars for it.
Phrased differently
The FBI revealed that iPhone encryption is not safe enough, because criminals hacked it.
The FBI also admits it gives money to criminals as an effort to `keep up’ with the times.
Possible infringment
Did the FBI buy the exploit or just licensed/leased it? If so, how many phones is it licenced for? Does the “first sale doctrine” apply here? Was the exploit copyrighted? If so would the FBI have to pay statutory damages if they made a copy of it for other TLA’s?
The exploit came from an organization that is much smarter than the FBI — that organization probably could deal effectively with any infringement.
Re: Possible infringment
The exploit came from an organization that is much smarter than the FBI
That’s really not saying much these days with the level of stupidity and incompetence they like to display on a regular basis.
Correct first assumption...
… in that the money should have been better spent on the Families of the victims, but it is the FBI / DOJ whom have blinders on in this case. They really needed to extricate themselves from their losing positions.
Nevertheless, every company that the FBI / DOJ comes at from that point of asking for “the backdoor”, to asking for something akin somewhere in the future, will know exactly how Law Enforcement will come at them, and what cards to play. It won’t be quite so easy, and messy in the future.