FBI Director James Comey Defends Purchase of iPhone Hacking Tool

FBI Director James Comey testifies on Capitol Hill in Washington in February. (Manuel Balce Ceneta/AP)
FBI Director James Comey testifies on Capitol Hill in Washington in February. (Manuel Balce Ceneta/AP)

FBI Director James B. Comey said Wednesday that the bureau did not purposely avoid a government process for determining whether it should share with Apple the way it cracked a terrorist’s iPhone.

In March, the FBI purchased a tool that exploited an Apple software flaw to hack into the phone of a shooter from the attack last year in San Bernardino, Calif.

Many observers expected the bureau to submit the method to a relatively new government process for figuring out when to share software flaws with tech firms so they can be fixed. But the bureau told the White House last month that its understanding of how a third party hacked the phone was so limited that there was no point in undertaking a government review.

Comey said Wednesday that the bureau purchased only the tool, not the rights to the software flaw. The FBI, he said, was focused on getting into the phone.

“We did not in any form or fashion structure the transaction . . . with an eye toward avoiding” the government review, he said.

The FBI spent what Comey said was “a lot of money” to buy the tool from a company that specializes in such exploits. “We bought what was necessary to get into that phone, and we tried not to spend more money than we needed to spend,” he said, suggesting that further information about the exact flaws being exploited would have cost more.

“It might cost you a whole lot of money. And if your interest is in investigating a particular terrorist attack and getting into a particular phone, I don’t know why you would spend that dough,” Comey said. The bureau spent in the high six-figures, according to a person familiar with the matter. “In my view, it was well worth it,” Comey said.

Comey’s comments come a week after senior National Security Agency officials, in a meeting with privacy advocates and academics, described a different approach for how they handle software flaws.

When the agency buys hacking tools or exploits from third parties, “we try to avoid getting into situations where we don’t know the underlying vulnerability” or security flaw, a senior NSA official said, according to several participants at an unusual five-hour meeting last Thursday to discuss security and privacy issues.

Click here to continue reading…

SOURCE: Ellen Nakashima 
The Washington Post