Judge Rules FBI Isn’t Required to Reveal How It Cracked Shooter’s iPhone

A federal judge has ruled that the FBI isn’t required to reveal how it unlocked the iPhone 5c belonging to one of the shooters in the 2015 San Bernardino terror attack that left 14 people dead and others injured.

In 2015, the Associated Press, USA Today and Vice Media sued the Bureau under the Freedom of Information Act (FOIA). They argued that the public had the right to know how much the FBI had paid to unlock the device, and which company had rendered the service, since it involved U.S. taxpayer money. But U.S. District Court Judge Tanya Chutkan ruled Saturday that the particular information didn’t qualify for mandatory disclosure, Politico reported.

In the wake of the 2015 terror attack in San Bernardino, the FBI and the Department of Justice had famously put pressure on Apple to create a backdoor to unlock an iPhone 5c apparently belonging to one of the shooters. Apple refused, and the ensuing court battle only stopped when federal investigators managed to access the phone without Cupertino’s help.

Reportedly, the Bureau enlisted help from a third — but refused to state which firm or individuals it had contracted, or how much the hack cost. However, former FBI Director James Comey indirectly stated that the service cost more than $1.4 million, the Hacker News reported.

Judge Chutkan said in her ruling that the name of the firm or the tools it provided that cracked the iPhone are classified “national security secrets” that can be justly withheld. Additionally, she ruled that the amount that the U.S. government had paid is also exempt from disclosure under FOIA. “Since the release of this information might ‘reduce the effectiveness of a critical classified source and method,’ it is reasonable to expect that disclosure to endanger national security.”

Chutkan went on to say that publicly disclosing the company’s name could put the firm and its tools at risk of being targeted. “It is logical and plausible that the vendor may be less capable than the FBI of protecting its proprietary information in the face of a cyberattack,” Chutkan added.

In fact, an Israeli data extraction firm named Cellebrite — largely believed to be the company that provided the FBI with the hacking tool — was hacked itself. The data breach had included 900GB of data, including information on the various data extraction systems and hacking tools that it creates. There are conflicting reports about whether Cellebrite was actually the company involved, but the data breach only reinforces Chutkan’s statement.

In addition to the estimated cost, Comey also revealed that the hacking tool was tailor-made to work on an iPhone 5c running iOS 9. The FBI had said that more modern smartphones are “increasingly inaccessible to them” due to updated security tech, Politico reported.