News agencies ask court to force FBI to reveal cost, source of San Bernardino iPhone hack
The U.S. government should be forced to reveal how much the FBI paid for tools to unlock an iPhone at the center of the San Bernardino shooting investigation, three major news organizations insisted to a judge on Monday.
There is "no adequate justification" for the FBI to continue withholding basic information about the tool, such as how much it cost the bureau and the identity of the company that provided the tool, which may have helped law enforcement agents gather evidence from the San Bernardino shooter's iPhone 5c. CBC reports the requests are said to be specific enough that they could not jeopardize national security, by being exploited by enemies of the United States.
The trio of news establishments, consisting of the Associated Press, USA Today, and Vice Media, have already petitioned the court for information about the purchased hack, previously suggesting in September the acquisition raised issues about the use of public funds, government oversight, and ethical considerations when dealing with "groups of hackers with suspect reputations."
The latest court request narrows the breadth of the request, simplifying the query down to the price and source of the hack. The previous request asked for what some would consider to be sensitive security details, including the method for the hack.
Source: iFixit
Last month, the U.S. Justice Department released heavily redacted records from the transaction, censoring the source and cost along with other sensitive data, with the government arguing the information could be used by hostile forces to develop "countermeasures" against FBI intelligence work. According to the Justice Department, the disclosure would "result in severe damage to the FBI's efforts to detect and apprehend violators of the United States' national security and criminal laws."
The news organizations did not want the sensitive information relating to how the hack worked, the latest court filing advises, claiming the government is improperly invoking national security exemptions to the Freedom of Information Act to hide this data.
"Release of this information goes to the very heart of FOIA's purpose, allowing the government to access government activity - Here, the decision to pay public funds to an outside entity in possession of a tool that can compromise the digital security of millions of Americans," writes lawyers for the media companies.
The amount the FBI is believed to have paid for the San Bernardino iPhone hack is unknown, but considered to be high. In early 2016, FBI director James Comey suggested the agency paid more than $1.34 million to hack in to the iPhone 5c, but a later report claims the FBI paid a figure less than $1 million for the tool.
It is currently believed the FBI sourced the tool from Cellebrite, an Israeli digital forensics firm that offers a product called the Universal Forensic Extraction Device (UFED) to law enforcement agencies, used to extract data from smartphones. Earlier this year, the company was itself victim to a hack, with a cache of files acquired in a server breach later revealing some of the tools Cellebrite used in its work.
There is "no adequate justification" for the FBI to continue withholding basic information about the tool, such as how much it cost the bureau and the identity of the company that provided the tool, which may have helped law enforcement agents gather evidence from the San Bernardino shooter's iPhone 5c. CBC reports the requests are said to be specific enough that they could not jeopardize national security, by being exploited by enemies of the United States.
The trio of news establishments, consisting of the Associated Press, USA Today, and Vice Media, have already petitioned the court for information about the purchased hack, previously suggesting in September the acquisition raised issues about the use of public funds, government oversight, and ethical considerations when dealing with "groups of hackers with suspect reputations."
The latest court request narrows the breadth of the request, simplifying the query down to the price and source of the hack. The previous request asked for what some would consider to be sensitive security details, including the method for the hack.
Source: iFixit
Last month, the U.S. Justice Department released heavily redacted records from the transaction, censoring the source and cost along with other sensitive data, with the government arguing the information could be used by hostile forces to develop "countermeasures" against FBI intelligence work. According to the Justice Department, the disclosure would "result in severe damage to the FBI's efforts to detect and apprehend violators of the United States' national security and criminal laws."
The news organizations did not want the sensitive information relating to how the hack worked, the latest court filing advises, claiming the government is improperly invoking national security exemptions to the Freedom of Information Act to hide this data.
"Release of this information goes to the very heart of FOIA's purpose, allowing the government to access government activity - Here, the decision to pay public funds to an outside entity in possession of a tool that can compromise the digital security of millions of Americans," writes lawyers for the media companies.
The amount the FBI is believed to have paid for the San Bernardino iPhone hack is unknown, but considered to be high. In early 2016, FBI director James Comey suggested the agency paid more than $1.34 million to hack in to the iPhone 5c, but a later report claims the FBI paid a figure less than $1 million for the tool.
It is currently believed the FBI sourced the tool from Cellebrite, an Israeli digital forensics firm that offers a product called the Universal Forensic Extraction Device (UFED) to law enforcement agencies, used to extract data from smartphones. Earlier this year, the company was itself victim to a hack, with a cache of files acquired in a server breach later revealing some of the tools Cellebrite used in its work.
Comments
This case was about the FBI trying to create legal precedence. There was almost zero chance there was any useful data on the phone (they admitted that).
In normal situations, court orders are needed to invade a persons privacy (and rightly so) but our security agency's goals lately seem to want to circumvent that and the protections in the Constitution (that are there to protect the people).
I'm all for the government working with American companies to protect the people. They should be working (with companies) to plug security holes in products Americans use, rather doing the opposite. For example, the routers we use are garbage with regards to security. And, the IoT devices being sold are an enormous security risk with the potential for DDOS attacks on critical infrastructure. Those kinds of things are National Security threats, along with hacker groups (govt funded or otherwise) to steal IP. For example, China stealing plans for the F-35 to modernize their Air Force. Corporate espionage remains a big problem that need government assistance (and trust) to successfully combat.
Attempting to spy on everyone to catch the occasional criminal is not only illegal (under the Constitution) it's just lazy. The courts exist for a reason, and warrants aren't that difficult to get. The way things stand now, American companies (in my perception) see the security agency's more as a threat than a partner with regards to security. Which is 'ass backwards'. Earning back their trust should be a top priority...
I don't care how much the crack tool cost, it's almost irrelevant to their budget. The decision to use (pay for) an outside tool seemed more political than useful. Out of all the 'security agencies' my perception was the FBI were the "good guys" that perception is now broken. I can't tell you how incredibly disappointing that is... the only organization left that has my respect is the military. At least there is one org left that exists & does protect the people...sigh.
The courts also occasionally 'step up' but it's often a mixed bag.
With regards to news agencies, their existence and independence is guaranteed by the constitution. They serve as an important pillar to combat government propaganda. I think of them as one of the 'checks and balances' protected by the Constitution. When weakened you end up with an authoritarian regime (like Russia under Putin).
In this case, I suspect their questions to the courts are more financially motivated.
And also these guys: http://www.gao.gov
Just remember when FBI asked for that help because if news agencies have some political plan it may backfire.
Government exists to serve the people, not the other way round.
Obviously the identifies of undercover agents would never be released (quite silly to pretend they'd ask that), but sure, we certainly have a right to audit how much an agency spends on furnishing its office. It's our money.