The FBI can keep secret the controversial details about how much it paid and who it hired to unlock a terrorist’s iPhone 5C in 2016.
In a judgment (.PDF) released late Saturday, Judge Tanya Chutkan for the United States District Court for the District of Columbia, sided with the FBI’s reasoning that the need for national security outweighed the public’s right to know how the phone was cracked.
“It is certainly plausible that disclosure of the vendor’s name could hurt the FBI’s future efforts to protect national security, despite opportunities to circumvent the tool that may arise from Comey’s comments,” Chutkan wrote, “The FBI therefore properly invoked Exemption 1 with respect to the vendor’s identity.”
Three media outlets, The Associated Press, Vice Media and Gannett, the parent company of USA Today, filed a Freedom of Information Act (FOIA) request last year to compel the agency to reveal how and how much taxpayers paid to have the phone cracked. The lawsuit claimed there was no legal basis to keep that information secret as the FBI received government funds and is supposed to act in the public’s interest.
Chutkan ruled that information – specifically the amount the FBI paid and the identity of the company it paid – is exempt from mandatory disclosure under FOIA.
The phone in question belonged to Syed Rizwan Farook, one of two shooters behind a December 2015 attack in San Bernardino, Calif., that left 14 dead. While the Justice Department argued information on the device was valuable, Apple said having a way to unlock its customers’ encrypted devices to give access to such data would be tantamount to a backdoor.
The debate over whether Apple should help the FBI unlock the phone ignited a ethical tug of war. The issue commanded headlines for the bulk of last winter until late March when the FBI said that it had managed to break into the iPhone without Apple’s help.
Chutkan on Saturday said that disclosing the technology the FBI used could open the vendor to risks, especially “in the face of a cyber attack.”
“It is logical and plausible that the vendor may be less capable than the FBI of protecting its proprietary information in the face of a cyber-attack. The FBI’s conclusion that releasing the name of the vendor to the general public could put the vendor’s systems, and thereby crucial information about the technology, at risk of incursion is a reasonable one,” Chutkan wrote.
Censored documents released in January showed the FBI fielded three inquiries from companies interested in unlocking the iPhone but details around the companies and how much it would have cost were omitted.
While the FBI won’t go on record with how much it paid to open Farook’s iPhone, it didn’t halt rampant conjecture around the sum over the last year and a half.
Former FBI Director James Comey said that April the agency paid an undisclosed third-party more than he would make in seven years at his job. While President Trump fired Comey in May this year, estimates at the time placed the sum roughly around $1.3 million.
Sen. Dianne Feinstein (D-Calif.) hinted earlier this year, during a Senate Judiciary Committee hearing with Comey, that it cost the FBI a smaller sum, $900,000, to hack the iPhone.
Speculation will continue, but it’s likely concrete information around the hack and its price tag will never see the light of day, even though it’s possible that the FBI may tweak the tool over time and potentially redeploy it at a future date.
“The FBI may find a way to enhance the tool’s capabilities, choose to continue using advanced versions of similar technology in the future, or re-employ the vendor to develop another similar product,” Chutkan wrote in the judgment.