DOJ: No, we won’t say how much the FBI paid to hack terrorist’s iPhone

The U.S. Department of Justice yesterday argued that it should not have to reveal the maker of a tool used last year to crack an alleged terrorist’s iPhone or disclose how much it paid for the hacking job, court documents showed.

That tool was used last year by the FBI to access a password-protected iPhone 5C previously owned by Syed Rizwan Farook, who along with his wife, Tafsheen Malik, killed 14 in San Bernardino, Calif., in December 2015. The two died in a shootout with police later that day. Authorities quickly labeled them terrorists.

In March 2016, after weeks of wrangling with Apple, which balked at a court order compelling it to assist the FBI in unlocking the iPhone, the agency announced it had found a way to access the device without Apple’s help. Although the FBI acknowledged it had paid an outside group to crack the iPhone, it refused to identify the firm or how much it paid.

Three news organizations — the Associated Press wire service, the USA Today newspaper, and Vice Media — later filed requests under the Freedom of Information Act (FOIA) for that information, and more. When the FBI redacted the tool’s maker and what the agency paid, the news trio objected. In Monday’s filing, government attorneys asked a federal judge to uphold the redactions.

They contended that both the vendor’s identity and the price the FBI paid might be used by criminals or foreign intelligence services to help assemble a more complete picture of the tool’s efficacy and divine the government’s security priorities.

Information, including the exact workings of the technique used to hack Farook’s iPhone, might be stolen if the hack’s maker was made public, the DOJ continued.

“Revealing the vendor’s identity immediately exposes the vendor to attacks and infiltration by hostile entities willing to exploit the technology they provided to the FBI,” wrote David Hardy, a FBI section chief responsible for record dissemination, in a supporting declaration. “Since the same proprietary technology now owned by the FBI is also stored within the vendor’s facilities and computer systems, the security of this technology would only be as good as the vendor’s own security measures.”

Last year, the FBI confirmed that it would not tell Apple how it had hacked the iPhone, saying at the time that while it had paid for the crack — and from the information in Hardy’s declaration, actually owns the technology and technique — it had not purchased “the rights to technical details about how the method functions” or the iOS 9 vulnerability it exploited, and so had nothing to tell the Cupertino, Calif. company.