To gain access to a locked iPhone at the center of the San Bernardino terrorism investigation, the FBI paid more than $1.4 million to unidentified hackers, the agency’s director told a London audience at the Aspen Security Forum Thursday.
As reported by the Financial Times, Comey did not cite a specific figure, but said the cost was more than he would make during his remaining seven years as FBI director. Comey’s annual salary is just over $180,000, suggesting that the agency’s iPhone hacking expense was at least $1.4 million. The price tag for the hack is an estimate; given the high-profile nature of the San Bernardino legal fight, and Apple’s reputation for top-tier products, the actual cost could be much higher.
Previous news reports indicated that the agency paid a onetime fee to an outside party which showed the FBI how to penetrate the device.
Neither Comey nor any representative of the FBI or the Justice Department has confirmed who the outside party is, what the hacking method entails, or if the data pulled from the iPhone was of any value to investigators.
But Comey insists that the price was “worth it.”
“I think it was very, very important that we got into that device,” he said.
FBI officials have said they are internally debating whether or not to share with Apple the details of the exploit, so that the company may patch the security vulnerability. But notifying Apple may also undermine the value of the method the FBI has purchased at such great expense, Comey has said.
The outside party that approached the FBI with a way to access the device did so unexpectedly, and just two days before government lawyers were scheduled to appear before a judge in a courtroom showdown with Apple.
For weeks, the FBI and the Justice Department argued that Apple alone had the capability to access the device. They urged a federal judge to compel Apple to design new software that would bypass the phone’s built-in security features, which would then allow federal investigators to pull potential evidence from the device. Apple challenged the government’s interpretation of the law, however, and argued that such a demand was legally unprecedented and would undermine the security of millions of iPhone customers.
Just one day before the two parties would make their case in front of the judge, the Justice Department called the whole thing off, announcing that an unidentified outside party demonstrated to the FBI a viable method to get inside the device.
Despite the last-minute breakthrough in the San Bernardino case, the Justice Department has continued to pursue additional cases against Apple involving other locked iPhones.
In parallel to these divisive legal battles, Comey and law enforcement officials hope to establish a broader solution, either through new encryption legislation in Congress or from the tech industry itself, where special access into encrypted communications is built into consumer products. During a congressional hearing earlier this week, a top technology official with the FBI told lawmakers that the agency lacks the resources and the expertise to hack encrypted devices on its own.
“I’m hoping we can get to a sensible solution that doesn’t involve hacking and that doesn’t involving spending loads of money,” Comey said.