The FBI paid nearly a million dollars to unlock the San Bernardino shooter’s iPhone

Why it matters to you

Exploits don’t come cheap. The FBI paid roughly a million dollars to unlock the San Bernardino shooter’s iPhone.

The United States Federal Bureau of Investigation paid almost a million dollars to break into the San Bernardino gunman’s iPhone, Senator Dianne Feinstein (D) said this week.

“I was so struck when San Bernardino happened and you made overtures to allow that device to be opened, and then the FBI had to spend $900,000 to hack it open,” Feinstein said. “And as I subsequently learned of some of the reason for it, there were good reasons to get into that device.”

In 2016, the FBI contracted an unnamed third-party security firm to unlock the password-protected iPhone 5c of San Bernardino, California shooter Syed Rizwan Farook, who along with his wife killed 14 people in an attack in December 2015. But the agency later refused to reveal how much it paid.

The Associated Press, Vice Media, and USA Today took the FBI to court over the agency’s nondisclosure, arguing that it had lacked “adequate justification.” FBI director James Comey hinted at a ballpark range last year, saying that the agency paid “more money than he would earn in his remaining seven years on the job” — or roughly least $1.3 million.

Last year, Apple challenged a judge’s order to help the Justice Department in its investigation of the San Bernardino shooter, arguing that an FBI to build a backdoor into the locked iPhone’s operating system would threaten its customers’ privacy.

The FBI dropped its case after it gained access to the iPhone.

The agency later stated that it didn’t find any evidence that Farook coordinated the attack with members of a terrorist organizations, and that it was unable to recover encrypted communications during an 18-minute gap in the agency’s knowledge of Farook’s location after the attack. But it maintained that the information was “helpful.”

Privacy advocates and tech experts argue that the FBI should disclose its method to Apple so it can repair any bugs in its operating system. Exploits discovered by federal agencies are typically reported to the Vulnerabilities Equities Process, a step the agency has so far refused to take.

Disclosure of this information could make the investigators’ decryption efforts more difficult, the FBI argues. Comey said that roughly 12 percent of consumer devices were inaccessible to FBI investigators, and that encryption would cause that number to grow.

“We are increasingly finding devices … that we can’t open,” he said at a keynote address at the annual Special Operations Forces Industry Conference in May 2016.

In response to the controversy, Senator Feinstein and Senator Richard Burr (R), drafted an encryption bill in April that would force companies to comply with the government’s demands for access to encrypted services.