News orgs sue FBI for details on San Bernardino iPhone exploit

Next Story

Underrepresented founders: apply now for Include Office Hours with USV

The Associated Press, Vice Media and Gannett, the parent company of USA Today, sued the FBI today in an attempt to uncover information about how the law enforcement agency was able to unlock an iPhone used by Syed Farook, one of the San Bernardino shooters.

The Justice Department initially sought to force Apple to create custom software that would allow the device to be unlocked, but dropped its case when a third party found a way to break into the phone without Apple’s assistance. The case sparked widespread debate about encryption, with politicians including President Obama arguing for exceptional access to encrypted devices for law enforcement and tech leaders like Apple CEO Tim Cook saying that attempts to roll back encryption would cause broad harm to cybersecurity.

USA Today, the AP, and Vice requested information about the exploit the FBI purchased to unlock the phone under the Freedom of Information Act. Their requests were denied by the FBI, leading to the lawsuit filed today.

The FOIA requests asked for “basic contracting information” on the exploit, which the suit refers to as one of the FBI’s “most publicly-discussed and controversial acquisitions.” FBI director James Comey suggested the exploit was purchased by the bureau for close to $1 million, but has not provided details on the exact purchase amount nor the seller.

Comey said that the exploit would only work on a “narrow slice of phones” including the iPhone 5c used by Farook, and that the FBI would consider sharing the vulnerability with Apple so that it could be fixed. “We’re having discussions within the government about, OK, so should we tell Apple what the flaw is that was found. That’s an interesting conversation, because we tell Apple, they’re going to fix it, and then we’re back where we started from,” Comey said earlier this year. “As silly as that may sound, we may end up there, we just haven’t decided yet.”

Even if the FBI did not share the vulnerability with Apple, Comey said that it is “quite perishable” and that the company would likely patch it “if Apple changes its software in some way.”

The news organizations involved in the lawsuit argue that the vulnerability is of considerable public interest and should be disclosed and that Comey’s own comments reflect that.

“Moreover, the FBI’s purchase of the technology — and its subsequent verification that it had successfully obtained the data it was seeking thanks to that technology — confirmed that a serious undisclosed security vulnerability existed (and likely still exists) in one of the most popular consumer products in the world,” the lawsuit states, adding that “there is no lawful basis” for information about the purchase to be kept secret.

White House spokesperson Josh Earnest told USA Today, “I am confident that the Obama administration will comply with the law,” and that the administration has “tried to be as transparent as possible” about the situation. “Given the sensitive nature of the information, we’ve been quite limited in what we can discuss openly,” Earnest added. Apple has not commented on the lawsuit.

Featured Image: Songquan Deng/Mark Van Scyoc/Shutterstock