In March of this year, an FBI employee made a mistake while interacting with the iPhone of San Bernardino attacker Syed Farook Rizwan. It locked the device, requiring a long delay between PIN attempts to open the device in an attempt to retrieve important information. The FBI asked Apple to help them unlock the device, but the company refused. A case was scheduled to attempt to force the company to comply, but before it happened, the FBI dropped the case.
In April, FBI Director James Comey spoke at a conference in London at which he made a comment which suggested why they changed directions. Rather than waiting for Apple to refuse a court order, the FBI decided to employ a software firm to exploit a zero-day to unlock the device. The FBI allegedly paid $1.3 million for this exploit, which Comey described as "worth it." Avoiding the time and hassle of Apple for $1.3 million seems less than what it would have cost to fight.
This week, a new suit was filed relating to the situation, and it comes from a surprising place: The Associated Press, USA Today and Vice Media. This small coalition of media companies wants the details on the deal that led to the unlocking of the iPhone. All three companies have requested the information separately under the Freedom of Information Act, which primarily consists of contractual details, including finances. These requests have been denied.
The complaint states,
Information about the FBI's contracting arrangement would also ensure transparency about the expenditure of public funds. Understanding the amount that the FBI deemed appropriate to spend on the tool, as well as the identity and reputation of the vendor it did business with, is essential for the public to provide effective oversight of government functions and help guard against potential improprieties. Further, the public is entitled to know the nature of the vendors the Government finds it necessary to deal with in cases of access to private information, including whether or not the FBI feels compelled to contract with groups of hackers with suspect reputations, because it will inform the public debate over whether the current legislative apparatus is sufficient to meet the Government's need for such information.
Another interesting clash is getting started, between a side that says it is protecting government overreach and a side that will likely argue this type of information could make difficulties for future negotiations, as well as cause problems for the firm that provided the exploit information.