FBI Allegedly Paid More Than $1 Million To Get Into Encrypted iPhone... And To Avoid Setting Legal Precedent It Didn't Like

from the just-saying dept

Fri, Apr 22nd 2016 6:32am — Mike Masnick

On Thursday, FBI Director James Comey suggested that the FBI paid over a million dollars to a group of hackers who helped it get into Syed Farook's encrypted work iPhone. Of course, just as pretty much everyone predicted, the FBI found nothing of value on the iPhone. This was hardly a surprise. It was a case where we already know who did it, and that they were already dead. We also know that they destroyed their two personal iPhones, leaving open the question why anyone would think there was anything valuable on the work iPhone.

Specifically, Comey said that buying the exploit from this group cost the FBI "more than I will make in the remainder of this job, which is seven years and four months, for sure." Comey makes $185,100 per year at his job, implying that buying the exploit cost at least $1.3 million or so.

This has, understandably caused some to ask how it could possibly be worth it to pay so much money for an exploit that everyone must have known was worthless.

It would have been more responsible to give the FBI’s slush fund over to the victims’ families than to pursue such an obvious non-lead.
— Jonathan Zdziarski (@JZdziarski) April 21, 2016

Things that would've better served the American public with $1.3M than Comey's goose chase: Mental health funding.
— Jonathan Zdziarski (@JZdziarski) April 21, 2016

Of course, that is taking a slightly narrow view on things, considering that many people believe, strongly, that the FBI's motive here was really to extricate itself from the legal dispute over the phone that had the very strong potential of ending with a bad precedent for the FBI and the DOJ. When looked at through that lens, $1.3 million or whatever seems like very little money to pay...

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: doj, fbi, hack, iphone, james comey, precedent, syed farook
Companies: apple

40 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 22 Apr 2016 @ 6:53am

I would be curious who the hackers were. Did the FBI reach out to a group that knowingly does illegal acts or was it all above board.

Would be nice to know if the FBI once again broke the law in getting what they wanted or if it was legal.
[ link to this | view in chronology ]
- Anonymous Coward, 22 Apr 2016 @ 9:31am
  
  Re:
  Writing and software/exploits is not illegal and never should be.
  [ link to this | view in chronology ]
  - Anonymous Coward, 22 Apr 2016 @ 9:59am
    
    Re: Re:
    Ever hear of this thing called the DMCA?
    [ link to this | view in chronology ]
    - Anonymous Coward, 22 Apr 2016 @ 4:11pm
      
      Re: Re: Re:
      Nah, never bothered to learn of it. Too many copyright claims involved.
      [ link to this | view in chronology ]
Anonymous Coward, 22 Apr 2016 @ 7:02am

Israeli company
http://thehill.com/policy/cybersecurity/274619-israeli-firm-behind-iphone-hack-report
[ link to this | view in chronology ]
- Mike Masnick (profile), 22 Apr 2016 @ 11:46am
  
  Re:
  Israeli company
  http://thehill.com/policy/cybersecurity/274619-israeli-firm-behind-iphone-hack-report
  
  This was widely reported... and then debunked. Wasn't them.
  [ link to this | view in chronology ]
Jason, 22 Apr 2016 @ 7:24am

Small price...
$1.3 million or whatever seems like very little money to pay...
Especially when it's not "their" money!
[ link to this | view in chronology ]
- That One Guy (profile), 22 Apr 2016 @ 7:54am
  
  Re: Small price...
  Everything's cheap when you're not the one paying the bill.
  [ link to this | view in chronology ]
- Anonymous Coward, 22 Apr 2016 @ 10:21am
  
  Re: Small price...
  Hey, it's only tax dollars. Always plenty more where that came from.
  [ link to this | view in chronology ]
Anonymous Coward, 22 Apr 2016 @ 7:32am

Wasn't cellebrite
It wasn't Cellebrite, but we may never find out who it really was.
[ link to this | view in chronology ]
Anonymous Coward, 22 Apr 2016 @ 7:42am

FBI vs. iPhone opens up a whole new angle of economic terrorism
1. Buy encryptable mobile phone(s).
2. Encrypt the phones. Store nothing of value of them, even in the encrypted areas. Prefer encryption that could be broken with enough effort, but not something broken easily.
3. Commit horrific crime, preferably for as little cost as possible.
4. Die during crime, or get caught and refuse to talk. Either way, leave vague suggestions that the mobile phones have valuable information on them. Alternately, leave suggestions that the mobile phones have nothing of value, which by reverse psychology means they are extremely valuable.
5. Let government waste huge amounts of time and money trying to break into a box that, if they manage to enter, has nothing of value.

Granted, it is not quite the magnitude of waste that 9/11 caused with the creation of TSA, but it is still a fairly significant multiplier.
[ link to this | view in chronology ]
- Anonymous Coward, 22 Apr 2016 @ 7:56am
  
  Re: FBI vs. iPhone opens up a whole new angle of economic terrorism
  Wouldn't fewer illegal things, and fewer deaths, need to happen if a bunch of people who are all on the watch lists just start sending each other encrypted random data? You get the bonus of once the encryption is cracked, the feds are still left with data that appears still encrypted.
  
  As long as the terrorists don't have data caps, all they do is just DOS the decryption department with swaths of garbage data to sort through.
  [ link to this | view in chronology ]
  - Anonymous Coward, 22 Apr 2016 @ 8:06am
    
    Re: Re: FBI vs. iPhone opens up a whole new angle of economic terrorism
    Sure, but how do you confirm you are on one of the "must decrypt at any cost" watch lists? While I believe that the government would love to have readable copies of everything, I doubt they are willing to spend indefinitely to read encrypted content that is not connected to an already committed crime. Remember, they are fundamentally lazy. I think the only reason they bothered to buy this hack is because they needed to resolve the situation they created. The resolution was expensive, but still cheaper than setting a precedent they dislike. If they could have gotten away with dropping the court order, and not getting into the phone, and not suffered even worse PR for taking that approach, they likely would have done it.
    [ link to this | view in chronology ]
- Anonymous Coward, 22 Apr 2016 @ 9:34am
  
  Re: FBI vs. iPhone opens up a whole new angle of economic terrorism
  If you're not keen on suicide, just keep some flash drives with encrypted junk data on them, write "why I did it" on it and wait for a mass shooting and sprinkle them around the crime scene. Mass shootings are pretty common in USA so you shouldn't have to wait long.
  [ link to this | view in chronology ]
- Ragnarredbeard, 22 Apr 2016 @ 9:36am
  
  Re: FBI vs. iPhone opens up a whole new angle of economic terrorism
  Another thing to do requires a bit of luck and timing, but you could drop said phone near an "incident". The police/FBI pick it up and think its the perps. Perp of course denies its his phone, which of course means it is his phone. Fun ensues.
  [ link to this | view in chronology ]
- Anonymous Coward, 22 Apr 2016 @ 12:43pm
  
  Re: FBI vs. iPhone opens up a whole new angle of economic terrorism
  1. Buy phone
  2. Encrypt phone
  3. Share password with comrades
  4. Go all suicide bomber preserving phone
  5. comrades approach FBI as 'hackers' who unlock the phone and receive $1.3mil in compensation.
  6. Rinse, repeat on larger scale with newly acquired funding.
  
  FTFY
  
  On another note, my new startup needs investors, we are offering 20% stake for 1 life.
  [ link to this | view in chronology ]
- Anonymous Coward, 23 Apr 2016 @ 6:53am
  
  Re: FBI vs. iPhone opens up a whole new angle of economic terrorism
  they already waste money creating fake terrorism plots to justify their fascist actions
  [ link to this | view in chronology ]
AricTheRed (profile), 22 Apr 2016 @ 7:45am

It's like...
The fibers, purchasing a hack of doofus's work phone seems more like a crappy divorce settlement. They paid a ton, although not to a lawyer this time, and still didn't get to keep the house, the kids, the dog, or the cash...
[ link to this | view in chronology ]
Anonymous Coward, 22 Apr 2016 @ 7:53am

I understand the legal argument, but the exploit is not a "use once on one phone and throw it away" solution. $1.3 gives them access to a lot more phones.
[ link to this | view in chronology ]
- Anonymous Coward, 22 Apr 2016 @ 7:58am
  
  Re:
  That's assuming a lot of what the hack can get into. Assuming its for that version and older, the number of vulnerable phones will only decrease as a function of time.
  [ link to this | view in chronology ]
  - Anonymous Coward, 22 Apr 2016 @ 8:12am
    
    Re: Re:
    But the outrage seems to stem from spending >1m to access Syed Farook's phone; it won't just be his phone.
    
    Yes, I agree it will diminish over time as people upgrade to newer phones. But if it's 2 phones, it 500k per phone, 10, 100k per phone, gaining access to a million phones, the cost is about $1 per phone.
    [ link to this | view in chronology ]
    - That One Guy (profile), 22 Apr 2016 @ 9:00am
      
      Re: Re: Re:
      According to their arguments during the case it was just one phone though, it was only once they ran away from the case and claimed that they'd found another way in that now the vulnerability is going to be used for multiple phones.
      
      Or put another way...
      
      When they didn't have a way in and were demanding Apple write custom code to disable the security on the device it was 'just one phone'.
      
      When they have a way in(or claim to anyway) that doesn't require Apple's 'assistance' now it's all similar phones.
      
      If people are slamming them for paying $1.3M to access a single phone that anyone could have told them wouldn't have anything valuable on it it's because their own arguments were based largely on how it was only ever about one phone, this one, which means if you give them the (undeserved) benefit of the doubt and assume they were telling the truth the entire amount was and is for just one phone, and it's just coincidental that it can also be used on other phones as well.
      [ link to this | view in chronology ]
      - kallethen, 22 Apr 2016 @ 9:13am
        
        Re: Re: Re: Re:
        Yeah, the FBI initially claimed it'd be just this one phone, but you are delusional if you think it was only about this one phone.
        
        https://www.techdirt.com/articles/20160222/17483233675/fbi-insists-not-trying-to-set-precedent -law-enforcement-is-drooling-over-exactly-that-possibility.shtml
        
        https://www.techdirt.com/articles/20 160223/07015733683/list-12-other-cases-where-doj-has-demanded-apple-help-it-hack-into-iphones.shtml
        [ link to this | view in chronology ]
        
        Anonymous Coward, 22 Apr 2016 @ 9:32am
        
        Re: Re: Re: Re: Re: "just one phone"
        That One Guy is not saying he ever believed that it was just one phone. He is saying that the FBI repeatedly said it was just one phone. So either we take them at their word that they just wanted one phone, and were willing to spend more than $1.3 million to get in, in which case they should not be surprised we are upset they spent so much for so little; or we agree that the "just one phone" was a lie and then spending that much for a whole class of phones is slightly more defensible (or would be if they ever get real value from using that hack).
        [ link to this | view in chronology ]
        
        Anonymous Coward, 22 Apr 2016 @ 1:33pm
        
        Re: Re: Re: Re: Re: Re: "just one phone"
        The Darmok version: 'Were you lying then or are you lying now?'
        [ link to this | view in chronology ]
        
        That One Guy (profile), 22 Apr 2016 @ 1:58pm
        
        Re: Re: Re: Re: Re: Re: Re: "just one phone"
        Given the agency in question the standard assumption should be 'Yes' until proven beyond a shadow of a doubt otherwise.
        [ link to this | view in chronology ]
I.T. Guy, 22 Apr 2016 @ 8:41am

"This has, understandably caused some to ask how it could possibly be worth it to pay so much money for an exploit that everyone must have known was worthless."

Because its just a number not relating to anything for them. It's just a number. It's not their money and might as well be Monopoly money.
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

Whatever, 22 Apr 2016 @ 8:45am

More nonsense from TechDirt's piratey, criminal advocates.
If Apple had simply given up the key to their easily exploitable software, this money wouldn't have been wasted in the first place. The fact that hackers were able to get into it means that Apple's backdoor isn't as secure as TechDirt would like to think it is.

Apple won't recover from this, mark my words.
[ link to this | view in chronology ]
- Anonymous Coward, 22 Apr 2016 @ 10:00am
  
  Re: More nonsense from TechDirt's piratey, criminal advocates.
  Though I am no iSheep, I believe there isn't much for Apple to recover from. They fought the good fight and won a lot of public goodwill. Now the onus is on them to figure out how the FBI did it and plug the hole.
  
  But as with anything like this, Apple will take measures to prevent hacking and hackers, including nation-states, will take counter measures to get into the devices. It is a never ending game.
  [ link to this | view in chronology ]
- Anonymous Coward, 22 Apr 2016 @ 11:53am
  
  Re: More nonsense from TechDirt's piratey, criminal advocates.
  If Apple had simply given up the key to their easily exploitable software, this money wouldn't have been wasted in the first place.
  
  How much money was spent suing Apple in court arguing that the government had "exhausted every means available?"
  
  Had they gone this route in the first place, that money wouldn't have been wasted in the first place.
  [ link to this | view in chronology ]
- Anonymous Coward, 22 Apr 2016 @ 12:57pm
  
  Re: More nonsense from TechDirt's piratey, criminal advocates.
  If Apple had simply given up the key to their easily exploitable software, this money wouldn't have been wasted in the first place.
  
  It's her own fault. If she hadn't resisted, he wouldn't have had to use force to rape her.
  [ link to this | view in chronology ]
Anonymous Coward, 22 Apr 2016 @ 9:29am

With that money FBI could have hired a whole team of hackers.
[ link to this | view in chronology ]
Whatever (profile), 22 Apr 2016 @ 9:40am

It was all good until the money used was called a "slush fund". At that point, you know the person is pretty damned biased about the thing, and would find something scary no matter what.
[ link to this | view in chronology ]
- Anonymous Coward, 22 Apr 2016 @ 10:31am
  
  Re:
  It was all good until the money used was called a "slush fund".
  
  Yah, everything's good, until it gets exposed, huh?
  [ link to this | view in chronology ]
- Anonymous Coward, 22 Apr 2016 @ 10:54am
  
  Re:
  Says the guy who in literally every article about encryption goes out of his way to say "but when is it too much?!"
  
  "Encryption is the devil." - Whatever (you could just leave this as a comment in all such articles and save us all some time)
  [ link to this | view in chronology ]
- Anonymous Coward, 22 Apr 2016 @ 11:57am
  
  Re:
  Well given that the government argued in court that they had "exhausted every means available" to them, when clearly, they didn't, I'd say yeah, it was a slush fund.
  
  It's a bummer when the government you defended so vehemently lies, isn't it?
  
  I prefer to call shit "shit" - and not polish it just to suggest impartiality. The government lied - and they should be called liars for it.
  [ link to this | view in chronology ]
Yes, I know I'm commenting anonymously, 22 Apr 2016 @ 12:12pm

Phrased differently
The FBI revealed that iPhone encryption is not safe enough, because criminals hacked it.
The FBI also admits it gives money to criminals as an effort to `keep up' with the times.
[ link to this | view in chronology ]
Phils, 22 Apr 2016 @ 1:42pm

Possible infringment
Did the FBI buy the exploit or just licensed/leased it? If so, how many phones is it licenced for? Does the "first sale doctrine" apply here? Was the exploit copyrighted? If so would the FBI have to pay statutory damages if they made a copy of it for other TLA's?

The exploit came from an organization that is much smarter than the FBI -- that organization probably could deal effectively with any infringement.
[ link to this | view in chronology ]
- Anonymous Coward, 22 Apr 2016 @ 7:10pm
  
  Re: Possible infringment
  The exploit came from an organization that is much smarter than the FBI
  
  That's really not saying much these days with the level of stupidity and incompetence they like to display on a regular basis.
  [ link to this | view in chronology ]
Monday (profile), 23 Apr 2016 @ 11:50am

Correct first assumption...
... in that the money should have been better spent on the Families of the victims, but it is the FBI / DOJ whom have blinders on in this case. They really needed to extricate themselves from their losing positions.

Nevertheless, every company that the FBI / DOJ comes at from that point of asking for "the backdoor", to asking for something akin somewhere in the future, will know exactly how Law Enforcement will come at them, and what cards to play. It won't be quite so easy, and messy in the future.
[ link to this | view in chronology ]