In 2015, the Federal Bureau of Investigation purchased an iPhone exploit from an undisclosed vendor for more than one million dollars. The iPhone that needed exploitation had belonged to the San Bernardino shooter who killed 14 people. During the investigation, the FBI claimed that the lock on the iPhone had prevented authorities from accessing the phone. Three news agencies later sued the FBI under the the Freedom of Information Act (FOIA) in an effort to gather information on the exploit. In early October, a US federal judge ruled against the news agencies, allowing the FBI to keep yet another major exploit secret from the public.
The FBI first took Apple to court, forcing them to create a software update for the phone that would allow them to bypass the phone’s encryption. As it stood, the phone had been locked and thanks to security features implemented in the iPhone’s software, both Apple and the FBI found themselves unable to simply hack the phone. Apple fought the FBI on their inability to “backdoor” the phone, but the FBI knew that Apple could push a software update that would effectively remove security features on the phone. After several weeks of arguments, the FBI withdrew the motion and dropped the entire ordeal.
They claimed they had found an alternative method to crack the iPhone’s encryption. More specifically, the agency found a vendor that possessed the ability to backdoor the phone. Former FBI Director James Comey revealed that the exploit had cost taxpayers $1.3 million, but never said anything else. A FOIA lawsuit was then filed by the Associated Press, USA Today, and Vice.
U.S. District Judge Tanya S. Chutkan of the District of Columbia, in her ruling, announced that the vendor’s information—along with the hacking tool or exploit—were exempt from any mandatory government disclosure. “It is logical and plausible that the vendor may be less capable than the FBI of protecting its proprietary information in the face of a cyber attack,” the judge said. The FBI argued that revealing the vendor could put that vendor at risk, especially if the vendor poorly protected information about technology and various exploits.
Judge Chutkan agreed. Furthermore, she said, revealing the price paid by the FBI could pose a threat to national security. “Releasing the purchase price would designate a finite value for the technology and help adversaries determine whether the FBI can broadly utilise the technology to access their encrypted devices,” the judge explained. Former FBI Director James Comey unintentionally revealed the price the FBI paid for the exploit in 2016, but the FBI still argued that the price needed to remain a secret.
The exploit used by the FBI in Operation Pacifier remained a secret too. And in keeping the exploit a secret, they allowed a suspected pedophile to go free as they refused to reveal the information used to identify the man.