FBI sued to divulge info on San Bernardino iPhone 5c encryption hack

Posted:
in iPhone edited September 2016
A trio of journalistic establishments have filed a freedom of information lawsuit, attempting to compel the FBI to divulge information about the hack it purchased to break into the San Bernardino shooters' iPhone 5c.




The filing, made by the Associated Press, USA Today, and Vice Media, seeks to compel the FBI to reveal not only the method of the phone hack, but who the hack was purchased from as well.

"The FBI's purchase of the technology -- and its subsequent verification that it had successfully obtained the data that it was seeking thanks to that technology -- confirmed that a serious undisclosed security vulnerability existed in one of the most popular consumer products in the world," the filing claims. "In order to exploit that vulnerability, the FBI contracted with an unidentified third-party vendor."

The trio also argue that disclosure of the method of attack and vendor brings up issues about expenditure of public funds, governmental oversight concerns, and other ethical considerations surrounding the issue.

"The public is entitled to know the nature of the vendors the Government finds it necessary to deal with in cases of access to private information, " the claimants declare. "Including whether or not the FBI feels compelled to contract with groups of hackers with suspect reputations."

Vice, Gannett, AP FOIA request about iPhone 5c hack



On Dec. 2, 2015, 14 people were killed and 22 were seriously injured by a mass shooting by Syed Rizwan Farook and Tashfeen Malik in San Bernardino California. The pair were ultimately shot by law enforcement after a four-hour chase.

Discovered amongst their possessions was a county-owned iPhone 5c. In a botched attempt to penetrate the phone, the county ordered a password reset on the device, preventing any data more recent than Oct. 19 from being automatically backed up to iCloud, and accessible to subpoena.

The Department of Justice said that they already had all the call logs for the device up to the date of the attack, as well as data backups from before the last connection of the phone to Apple's servers.

The judge overseeing the case dictated that Apple create a tool that would work with the seized iPhone 5c that would allow the government to unlock the phone, and grant access to the full contents and data store in the device's flash storage.

Apple CEO Tim Cook refused the request. The FBI ultimately purchased the services of a "grey hat" hacking company to penetrate the phone just hours before a court hearing about the subject, and no tangible data directly related to the shooting was ultimately found.

The FBI has refused requests for information regarding the iPhone 5c in the past, citing that since it does not own the hack, it can't talk about it. Apple has also said that they have no intention of filing suit for data about the penetration method.
SpamSandwich

Comments

  • Reply 1 of 15
    In Other News

    FBI to begin hacking a trio of journalistic establishments.

    Will reveal all the dirt they find, via WikiLeaks 
  • Reply 2 of 15
    This just as the FBI purchased a pallet of black Sharpies.
    dysamoriaDeelron
  • Reply 3 of 15
    gatorguygatorguy Posts: 18,735member
    They can sue under the FIA all day long, but IMO the chances of them receiving anything more than a sheet of paper with black lines is zero. 
  • Reply 4 of 15
    Seems that one or more of the following FOIA exclusions would apply:
    Exemption 1: Information that is classified to protect national security.
    Exemption 4: Trade secrets or commercial or financial information that is confidential or privileged.
    Exemption 7:
    Information compiled for law enforcement purposes that:
    7(E). Would disclose techniques and procedures for law enforcement investigations or prosecutions


    dysamoriabaconstangfastasleepjony0
  • Reply 5 of 15
    gatorguygatorguy Posts: 18,735member
    spacekid said:
    Seems that one or more of the following FOIA exclusions would apply:
    Exemption 1: Information that is classified to protect national security.
    Exemption 4: Trade secrets or commercial or financial information that is confidential or privileged.
    Exemption 7:
    Information compiled for law enforcement purposes that:
    7(E). Would disclose techniques and procedures for law enforcement investigations or prosecutions


    Yup (and thanks for the research!). There will be plenty of black lines for all, but still probably years off even for those. 
    dysamoriafastasleepjony0
  • Reply 6 of 15
    Good. About time there was a bit more accountability over there.
    dysamoriaSpamSandwich
  • Reply 7 of 15
    SoliSoli Posts: 7,682member
    What a joke. I'm expecting a judge to throw out this case.
    daven
  • Reply 8 of 15
    Just a reminder: the FBI was willing to abridge the Constitution and everyone's personal security in a case where not only did they find nothing of value, but everyone had already told them there would be nothing of value, and indeed there was nothing of value.
    edited September 2016 SpamSandwichSolilostkiwitallest skiljony0
  • Reply 9 of 15
    gatorguy said:
    They can sue under the FIA all day long, but IMO the chances of them receiving anything more than a sheet of paper with black lines is zero. 
    if they win they won't. Because they were careful to word the suit to make sure it would bar redacting anything. So now the FBI will have to make a solid case that revealing the information is a determent to national security or the like to have the whole thing tossed.
  • Reply 10 of 15
    chasm said:
    Just a reminder: the FBI was willing to abridge the Constitution and everyone's personal security in a case where not only did they find nothing of value, but everyone had already told them there would be nothing of value, and indeed there was nothing of value.
    actually there was something of value. assuming that they aren't lying about having gotten into the phone, they found a potential security hole that could be exploited by overseas hackers etc. And until Apple knows the nature of that hole, they can't say its definitely not in the newer devices or software. But they were turned down for a forced disclosure. If this trio wins you can bet they will publish what they get and Apple will end up with at least some of the information they were seeking.
  • Reply 11 of 15
    gatorguy said:
    spacekid said:
    Seems that one or more of the following FOIA exclusions would apply:
    Exemption 1: Information that is classified to protect national security.
    Exemption 4: Trade secrets or commercial or financial information that is confidential or privileged.
    Exemption 7:
    Information compiled for law enforcement purposes that:
    7(E). Would disclose techniques and procedures for law enforcement investigations or prosecutions


    Yup (and thanks for the research!). There will be plenty of black lines for all, but still probably years off even for those. 
    I don't think so. The hack only works on iOS 8 and below. That's got to be less than 10% of the iPhones out there by now. It will not work on an iPhone with the secure enclave. Which means any iPhone 5s and newer. Which is about 80% on the iPhones in usage. Apple most likely already know how the iPhone 5c, running iOS 8 was hack and is not worry about the hack being used on any newer iPhones with the secure enclave and running iOS 9 and above. So Apple has already rendered the hack useless on newer iPhones. And may have also with iOS 9. That's why Apple is not interesting in pursuing this. So really, there is no threat to National Security. They don't have to reveal the actual code of the hack, Which the FBI might not have anyways. They just have to reveal the security hole they exploited. Which Apple probably already know about and is no longer exploitable. This hack will not work on 80% of the iPhones out there, as 80% of iPhones in usage are iPhone 5s or newer. And may not even work on older iPhones running iOS 9. So the only black out we might see, if they win this case, is the name of the 3rd party hacker that sold the FBI the hack. And maybe how much the FBI actually paid to use the hack, for just this one time. As that might prove to be an embarrassment. All the other info is immaterial by now and most likely we already have a good idea as to what they are. Just like how most had a good idea that there was nothing useful in the terrorist iPhone to begin with. Edit- I don't know why my paragraphs are not showing up. Maybe it'll correct itself later. But I did make this comment easier to read with paragraphs. And the paragraphs are there in the edit.
    edited September 2016
  • Reply 12 of 15
    Interesting choice of calling this a mass shooting rather than terrorist attack.  Of course is was both, but interesting nonetheless AI.
  • Reply 13 of 15
    Soli said:
    What a joke. I'm expecting a judge to throw out this case.
    They'll just get heavily redacted documents that won't tell them anything we don't already know. 
  • Reply 14 of 15
    pigybank said:
    Interesting choice of calling this a mass shooting rather than terrorist attack.  Of course is was both, but interesting nonetheless AI.
    Because it wasn't a terrorist attack. It was simply a workplace shooting for personal reasons by misguided individuals. 
    ibill
  • Reply 15 of 15
    SoliSoli Posts: 7,682member
    pigybank said:
    Interesting choice of calling this a mass shooting rather than terrorist attack.  Of course is was both, but interesting nonetheless AI.
    Because it wasn't a terrorist attack. It was simply a workplace shooting for personal reasons by misguided individuals. 
    But they were Mooslams¡
    dasanman69
Sign In or Register to comment.