F.B.I. Director Suggests Bill for iPhone Hacking Topped $1.3 Million

Previously, the F.B.I. had been unwilling to say how much it paid to look into the iPhone of a gunman in the San Bernardino shootings.

Comments: 72

  1. What surprised me was not the cost, but why the FBI did not pro-actively know how to hack the phone before the San Bernardino attack. The use of this and similar technology by terrorists and those wishing to cause us harm should be assumed. Our national security apparatus should not be mired in reactive mode.

  2. And you think the best minds in Tech want to work for the FBI for pennies? I read these comments and realize that very few people commenting here actually have first hand experience working in government. You all are a bunch of rubes.

  3. They'll never release it, but I'd sure like to see what they read that they considered worth $1.3 million.

  4. What in the world is the necessity of making this payment public knowledge? I am continually amazed at how the government chooses to play out every detail, whether security sensitive or not, on the front pages of the newspapers for everyone, friend and foe, to read.

  5. ...and if Apple thought that it was in it's best business interest, the cost would be $10 million. Apple is a cut throat business enterprise. I don't give Apple any credit other that this subject allowed them to be thought of as noble. A convenient fact for them.

  6. The actual price - whatever-it-was - should be assessed by the court to Apple, or consider in the alternative, whether the "outside source" was Apple? Which would have been a very wise PR/Marketing move considering all of the negative publicity the matter had generated within the public domain...

  7. Apple is considered heroic by the tech community for standing up for encryption and standing against the All Writs Act, which if upheld would have long-reaching consequences for any hardware or software services vendor. Google and Microsoft supported them.

    How is that bad publicity?

  8. Money well spent.

  9. Several thoughts.
    A. The Director's salary is not that much. For his responsibility he should be paid at least as much as the Chairman of JP Morgan. His job saves more of our sorry bottoms than JPM ever has or ever will.
    B. Now we can all understand the revolving door -- government/industry/government/industry -- you get the picture.
    C. It is money more than well spent. Now if only someone could sue Apple for recovery. It was their product that had the potential to shield terrorists.
    D. I do wonder what was found.

  10. Why would the FBI spend $1.3 million to open a single iPhone when numerous knowledgeable people have said that the NSA has the ability to hacking into an iPhone?

  11. Are we misinformed here? It's what the populace believes, not what is factually correct.

  12. And they found nothing in the phone? Don't you see that our country cannot afford such extravagant expenditures any more? Please use some common sense before using taxpayer's money. Very concerning.

  13. Send the bill to Apple. Oh wait they don't pay any US taxes.

  14. Apple paid almost $7 billion in 2014 taxes.

  15. Does anyone really believe they had so much trouble getting into an iPhone? I mean they do know about Edward Snowden and what he leaked. This is such a charade.

  16. The FBI paid $1.3 million to discover that the iPhone 5c contained no relevant data. It was a search conducted without any prior knowledge or expectation of finding anything. It didn't make sense from the outset that the terrorist would have used his government-owned phone to "manage" a terrorist network. He had a private phone and burner phones at his disposal.

    The FBI's only interest in that particular iPhone was its connection to a high-profile terrorist case. FBI chief Comey thought the terrorism link would provide a pretext for the courts to force Apple to reveal (or create) a back door into iOS for the FBI -- which it could subsequently use for hacking into the iPhones of other suspects, without any court order.

    Now that Mr. Comedy has spent $1.3 million on a fishing expedition, it is time for him to retire to the private sector. Neither his words nor his judgment are reliable.

  17. You state as a fact that no useful data was recovered. You clearly do not know whether that is true or not. You close by stating of the FBI director "Neither his words nor his judgement are reliable". That assessment may be better applied to you.

  18. As I remarked similarly, the fact that "no useful data was recovered" is clear from the fact that there have been no charges brought against any alleged co-conspirators in the US or elsewhere. Apparently the case is closed, as it was earlier in fact.

  19. It would be interesting to know how much Apple spent on lawyers to fight helping the FBI get at the information in the phone. I am pretty sure it was more than the FBI spent to get the information, but I am equally sure it was not as much as 7 years of Tim Cooks compensation package.

  20. Too bad that Apple can not sue the FBI to recover the legal costs of contesting an illegal demand. Too bad that such a recovery could not come directly out of the pay of the bureaucrats responsible.

  21. What a monumental waste of money. There's no way the information gained from the phone is of any real value, especially this long after the attack.
    The only way that this can be of value to the F.B.I. is for future use digging into the privacy of Americans.
    I certainly don't feel safer.

  22. The refusal of the FBI to disclose what if anything they actually learned from that iPhone and their failure to bring new charages against any alleged co-conspirators imply that they learned nothing. The incident seems to have been driven entirely by the unwarranted belief that somehow the San Bernadino attack was sponsored by sinister foreign interests rather than by homegrown US religious fanatics.

  23. P.S. Sorry for the typo due to fast typing: "charages" was meant to be "charges".

  24. The cost should be charged to Apple who thinks it's marketing is more important than preventing terrorist attacks.

  25. There's no indication that unlocking this phone helped to prevent any terrorist attacks, or even provide additional information about the one that already happened. Do you have information that the rest of the world doesn't? Because the FBI hasn't revealed any information they found on the phone, and haven't mentioned any new co-conspirators or criminal charges since it was unlocked.

  26. Liz Beth - The reason the FBI wanted the phone opened was to search for more info on terrorism FROM THE PHONE OF A KNOWN TERRORIST!! What was or was not found is irrelevant. Apple tried to turn this sincere search into a marketing ploy and it lost big time!

  27. Correction: the phone of a known terrorist's employer. It wasn't his personal phone. That they already had.

  28. If the FBI is paying millions for this kind of information, the tax paying public has a right to know a few things:
    1) Who profited from this exchange?
    2) Exactly how much tax payer money was spent on this?
    3) Do they intend to share the zero-day flaw with Apple so that it can be patched? If not then, in my opinion, the FBI is colluding with criminals and openly admitting the criminals have better capabilities than the FBI does.
    3) What if any useful information was gleaned from gaining access to this device? Was it really worth it? I do not accept an answer in the form of "well we now know they did not do X, Y or Z", because we do not know that any more now than we did before the device was accessed.
    I have a great deal of concern about law enforcement officials doing business with what essentially appear to be technologically proficient criminals.

  29. The tax paying public has a "right to know" information, the disclosure of which does not jeopardize the authorities' operations or public safety. The tax paying public paid for the development of atomic weapons. That does not mean the tax paying public has a right to see the plans created with its money.

    Security firms crack systems for pay all the time. That is not a criminal act. You have to look at the color hat they are wearing . . .

  30. You need to look at how much money they charged and the harm they caused to Americans privacy to see the true color of the hat they are wearing.

  31. You think the federal government doesn't do business every day with gray hats, as well as plenty of bona fide black hat criminals, as well?

  32. And pursuing the matter in a court of law would have cost??

  33. You think the government doesn't pay their lawyers when they're not in the court room?

  34. The FBI should not be paying cyber-criminals.

  35. They just sanctioned, publicly, the idea of "legal relativity." No one should take the laws of this country seriously, anyway. Now, there is public precedent. Laws are made by rent controllers (meta) to enforce their will on inferiors. Always.

  36. Unless there was some very specific information that was not publicly known that led the FBI to expect a big pay off from the data on the phone, this is outrageous. From everything I gleaned about this case in the news, San Bernardino seemed very much an isolated case and nothing that would lead to any significant information about a vast terrorist cell or coordinated effort. When are we going to start realizing that not all terrorists are the same? Had this been a phone related to something like the highly coordinated Paris attacks, it would be more understandable.

    But it seems like slightest reference to terrorism makes both law enforcement and the public loose all sense of proportion. Seems like any effort of thinking in terms of a cost/benefit analysis, like how much effort and money to spend vs how useful or significant the information gained is likely to be, goes out the window. Had this couple been significant ISIS operatives, they would have left a digital footprint bigger than just an iPhone. How cracking this one device became such a holy grail is beyond me.

    Meanwhile other areas of law enforcement that have a more direct impact in the daily lives of a much larger number of Americans are woefully underfunded.

  37. Your headline reads "$1.3 Milllion" like that's a lot of dough. A rounding error.

    Moreover, the FBI got results. Can't say the same for the mega billions paid the Obamacare consultants for software development. A friend of Michelle. A Canadian - not US - company.

    It failed miserably. They had to pay a fortune in workarounds to Silicon Valley.

  38. It is a symptom of the times when an organization is ready to defy the law – a Constitutionally correct court order – to maintain its image and increase its profits. A companion article in today’s NYT points out that China – now Apple’s fastest growing market – would not permit such behavior: “Chinese lawyers have pointed out that the country’s antiterrorism law requires companies to help with decryption when the police or state security agents demand it for investigating or preventing terrorist acts.” Of course, China defines many more activities that we consider ordinary crimes to be “terrorist acts.”

    There are literally hundreds of locked iPhones in the possession of US authorities for which courts have ordered access. The FBI has paid for this phone to be unlocked; now that they’ve proven it can be done, the remaining cases will be pursued in court, and Apple will lose; the phones will be unlocked.

    Tim Cook made this case a cause célèbre – why? Quiet cooperation was the obvious route; indeed, this is not the first device Apple has been asked to unlock, and has done so before. Did he really believe Apple’s commercial success put it above US law? Trying to defy the Chinese when they come calling won’t work. I expect, though, the Chinese will ask quietly and, to protect that market, Apple will cooperate quietly. It’s still, always, about the money.

  39. Actually, Apple is legally correct, and its opposition to the unconstitutional request would have been won. Why do you think the FBI withdrew its request? They didn't really believe the info was VITAL and URGENT. Let's see how the courts precede hence. Just because the government sanctioned and paid for someone or org to violate the law, does not then make their illegal request legal.

  40. Apple was not legally correct. A court of competent jurisdiction issued a warrant, with the authority of law and fully consistent with the 4th amendment, and Apple illegally refused to comply.

    The FBI withdrew their request for two reasons: (1) To announce to Apple's followers that their phones are not secure, even without a warrant; that will be a technical and, per force, financial embarrassment when their sales fall. (2) This is not the only case against Apple; another is still wending its way through the courts, the DOJ will prevail, and that's the second punch to Apple's reputation.

    Tim Cook believed Apple was Too Big To Fail. Hubris never wins the day.

  41. Actually it wasn't determined yet whether it was a legal order. They were using a law that predates electricity so the likely outcome would have been an Apple victory. The FBI admitted that the "fix" would have taken as much as 6 weeks of programming by a team. And ask the Feds if they want a backdoor on their devices and the answer would be no. You can't require a private individual or company to work for you at no pay to "break" something they made that was too strong for the FBI. And legislation to require keys or backdoors to encryption will fail. It would be like requiring safe and lock builders to give the government master keys to all their products. Will never happen!

  42. Brings a new definition to the word 'out sourcing'. All it tells us is that anything can be hacked, for a price. The hacking provides a shield from law enforcement, given they can tell the court to have the law enforcement agency to go get their 'hacker'. Seems Apple has now invented the 'go get a hacker' defense.

  43. Will colleges soon offer courses in hacking? Hacking 101 will be economically feasible in which to enroll!!!

  44. The legal fees to keep fighting with Apple would be AT LEAST twice that. Probably much more.

    It wasn't a $1.3 million dollar fishing expedition - the FBI now knows how to do this for everyone's iPhones. That's actually pretty cheap.

    The entire issue of the locked phone came about because prior to iOS 8, Apple could extract the requested data from a locked phone without actually unlocking it because the data wasn't actually encrypted. With iOS 8, the data at issue was now also encrypted and not accessible to Apple. Apple can't just unlock the phone - they would have to write an entirely new version of iOS leaving a "backdoor" for access. The government cannot force a private company to write software the way they want, let alone forcing a private company to write software that deliberately leaves users vulnerable to hacking.

    Given that the US government has already proved abysmal at protecting information, no "backdoor" access could ever be deemed secured.

    Aside from that, most smartphone running business applications (ie business emails) are now run through Mobile Device Management, regardless of who owns the phone. Whether the MDM permits access to personal data depends on the terms of the MDM, and not all MDM applications are under the control of Apple. If this had happened now, the phone at issue would have been under MDM by San Bernadino County (the owner of the phone at issue) and they would likely have been able to access the phone.

  45. The government's legal fees are essentially zero since its counsel are already employed by the government.

    Apple's costs would have been higher to continue litigation, but for the government it's no added cost.

    This is actually a serious justice problem for people facing down the Justice department in court. They can basically use economic coercion via ruinous legal costs to force compliance since it costs the government no extra to pursue litigation.

  46. It was a pointless endeavor:

    Taxpayers paid a fortune.
    The FBI gleaned no useful information.
    It was an old iPhone 5, running older iOS 8 that hardly anyone has anymore. i.e. not shelf life utility for all the $$$ money spent on what was already outdated tech and old data of the long-dead terrorist.

  47. Get Apple to pay!

  48. Apple told both the feds and San Bernardino Co. govt. NOT to jerk around with the passciode or they'd limit the access to the phone, as well as to the phone's cloud back up. So, what did the feds and San Bernardino Co. do? Yep, you guessed it. Then the feds tried to publicaly shame and legally bully Apple into creating a new operating system to smooth over its mistake(s). ROFL. You still cannot fix stupid. And there's still ample truth to the old addage, "Pretty good for govt." i.e. inept. It was an older iPhone 5 running the older iOS 8; jailbraking it apparently was not that difficult, one the feds realized they were not going to be successful at holding hostage a private company for its own idiocy.

  49. Just another shining example of government incompetence.

  50. So did the FBI sole source or put it out for bids?

  51. The hacking might well have been undertaken by Apple itself under a secrecy agreement. That ended the legal dispute without sacrifice of its position.

  52. Depending on the current bitcoin exchange rate.

  53. It seems to me that the value of the exercise depends on what's been learned from the conversations uncovered on the phone. I for one would be interested in learning if others were involved in planning the attack or just the husband-wife couple?

  54. "They" didn't pay $1.3-million -- WE paid it... and for NOTHING.

  55. How much was that loosing battle to force Apple to comply with a legal search warrant costing us? It was a lot and it only served as free advertising for Apple's appeal to the non conformist in their loyal minions. It was a bargain not to by Apple's pawn.

  56. Let me get this straight, the FBI was going to compel Apple to unlock it for FREE with a court order but was willing to PAY more than a million to a hacker to do it? And why didn't the FBI just order the hacker to unlock it with a court order? This was supposedly national security.

  57. The FBI continues to play fast and lose with the facts. Data can be recovered from the NAND memory in a iPhone, even after it's been "erased. Last year scientists and engineers at the University of California published a research paper documenting how they were able to reliably recover data from NAND in multiple phones that had been erased using the standard DoD 5220.22-M protocol.

    The percentage of NAND data recovered was higher than for hard drive DoD 5220.22-M erasure ( >90%). The DOD and DOE both continue to use physical memory destruction (metal shredders) of critical storage, because software erasure is not that effective.

    Their continued cheap theatrics, "we're helpless!", is one reason they can't recruit technical talent. Who would choose to work for an organization that was 100% clueless, or 100% lying, or both.

  58. I would, along with thousands of other underemployed, underpaid, and over-worked IT people.

  59. The money was paid by the American taxpayer - not the FBI.

  60. Normal price $1000, government price $1.3 million. Nothing out of the ordinary here...

  61. "which would have destroyed the data inside after 10 failed password attempts"

    It drives me nuts to see "The Paper of Record" make this mistake along with the rest of the press. It was not clear whether or not the erase after 10 feature was enabled, so the only proper way to state this is "which COULD have destroyed the data after 10 failed password attempts IF IT WAS ENABLED."

  62. They should've given it to my 12-year-old daughter. She would have hacked it for nothing.

  63. The iphone kerfuffle distracts from the more important lesson of the terrorism incident, which is the all too easy access to automatic weaponry in this country.

  64. I think that you are confusing semi-automatic weaponry, that fire one shot for each pull of the trigger, with full-automatic weaponry that fire for as long as the trigger is held back and there is ammunition in the magazine. For ordinary people, full automatic weapons are very difficult and expensive to obtain.

  65. So, it seems simple enough to me: Apple works secretly (and gets paid by the FBI) to break their own encryption codes. After all, the codes were not designed to be decrypted.

    In the public eye, the FBI saves face that they did not force Apple to hand over the code, and Apple saves face that they did not hand it over. And, in fact, they did not. They just worked secretly with the FBI to decrypt it.

  66. To think that the FBI couldn't hack this phone or at least asked another Government agency to take care of it is RIDICULOUS. The FBI budget is 8 billion dollars - for what? The FBI is trying to do something besides get into a phone - can't quite figure out what it is - hey - maybe they don't know what it is? Before any of this tragedy occurred - them and Homeland Security could have looked at Facebook for God sakes and figured out what was coming next. At every corner - Comey and the gang want to get more of our records, more of our internet traffic, more inside our phones when in fact they wouldn't know what to do with an invasion of Privacy on a MASSIVE SCALE like that. Every time this guy speaks - I think more and more that the FBI needs to be retired.

  67. " The FBI budget is 8 billion dollars - for what?"

    To protect us from the evils of video piracy of course.

  68. I've read the comments here and on other websites. No one has mentioned how similar this is to actually negotiating with terrorists or paying ransom for hostages. Bounties are now technologically legitimized. How does this make us safer or more secure? I also wish it was mentioned more often that this was a County-issued phone that was given to employees without security safeguards enabled. They "hadn't gotten around to that" yet. That crucial and preventable lapse by authorities is not "common knowledge."

  69. " this was a County-issued phone that was given to employees without security safeguards enabled. They "hadn't gotten around to that" yet."

    Even the government worshiping NYTs had admitted that "government is always inefficient and usually corrupt" so why should this be any different?

  70. This payment just makes no sense at all.

    The work they needed done required simply cloning the flash memory of the phone, then rapidly brute-force cracking the 4-digit code. Every time the phone auto-erases (after ten failed tries), they automatically re-write their copy of the flash, and try the next ten combinations. There are only 10,000 combinations, so doing this 1,000 times would have cracked it, in an almost entirely automated process.

    Total equipment cost maybe fifteen thousand dollars, time cost for one reasonably competent hacker, maybe a weekend? Pay any of half a dozen people I personally know here in the bay area a couple of grand and they would have done it.

    Alternatively, they could have just used the dead terrorist's actual thumb (attached or detached from his body) and unlocked it even more easily.

  71. What kind of a government or even employer, issues a piece of hardware to employees, over which they have no control? It was an employer owned phone, and the employer simply should have maintained complete control of the phone, including the ability to wipe it or read its contents. There is software to do this. At one time it was exclusive to Blackberry but now I think it is not. Governments should maintain full control of the phones they give to employees for work-related use.

  72. Hmm, now why would anybody want to discredit James Comey and the FBI? Maybe someone on the verge of being indicted.....