New clues into how FBI cracked the iPhone

New clues into how FBI cracked the iPhone
© Getty Images

The FBI has released highly redacted contract solicitation documents it sent to companies when trying to crack the iPhone of Syed Farook, one of the shooters in the San Bernardino terrorist attack in December 2015.

Farook and his wife, Tashfeen Malik, opened fire at a holiday party for his fellow county workers, killing 14 people and seriously injuring 22 others. 

The FBI obtained an iPhone belonging to Syed, and ended up in a legal showdown with Apple when the company refused to comply with law enforcement requests for access.   

After Apple’s refusal, the FBI said it was working with an entity outside the government to potentially unlock the phone — an effort that was ultimately successful.

Now documents released by the FBI last week under a Freedom of Information Act (FOIA) request are providing new clues as to how the agency cracked the iPhone.

The agency sent an RFP — request for proposal — for anyone who might be able to help the agency break through the phone’s encryption.

“One challenge the FBI encountered, as it conducted the investigation [into the San Bernardino attack], was the inability to access data on the Apple iPhone 5c that San Bernardino County issued Farook in connection with his employment. The data is potentially critical to the FBI’s investigation, as it could reveal, among other things, terrorist ties and individual contacts maintained by Farook,” the FBI wrote in the RFP. 

“Exploiting this information could help the FBI determine whether the attack in San Bernardino was an isolated incident or whether it was part of a broader plan supported by a terrorist network,” the document continues. 

The bureau had obtained a court order that compelled Apple to help unlock the phone, but the tech giant contested the order.

“During the course of those proceeding, the FBI continued to search for a way to access Farook’s data without Apple’s assistance,” the FBI said in its RFP.

Additional information below that explanation is redacted, citing national security concerns, worries about the release of “trade secrets and commercial or financial information,” and the need to protect “techniques and procedures for law enforcement investigations or investigations or prosecutions.” 

Those same disclosure exemptions are listed throughout the document, in addition to one preventing the release of information because another law prohibits it from being published.

The roughly 100 pages of the FBI’s request — with the “secret” classification designation crossed out — primarily consist of the regulations that are part of any contract agreement with the government, according to two Washington lawyers who specialize in such matters.  

“Government contracts can be 100-pages plus,” said Dismas Locaria, a partner at Venable. “It's got all the typical sections you see in a government contract.”

The documents released by the FBI do not say who received the award to crack the iPhone or how much they were paid.

The sensitivity of the operation enabled the FBI to solicit potential contractors in a non-competitive way, which is not unusual for something classified as secret or in the interest of national security. That means the FBI can proactively reach out to companies they think might be able to help.

“The FBI received at least three inquiries from companies indicating an interest in developing a product for the FBI to assess Farook’s iPhone. However, none of these companies had begun to develop or test a solution at the time of the inquiry, and thus would not be able to produce a solution quickly enough to meet the FBI’s investigative requirements,” the documents say. 

“The FBI will continue to conduct market surveys to identify potential sources on subsequent acquisitions,” they continue. 

The FBI released the RFP in response to a FOIA request from Eric Tucker of the Associated Press, according to the documents posted online. Tucker had requested documents and contracts detailing who the government paid to hack into the phone and how much.  

In September, the AP sued after the government rejected requests for the information. USA Today publisher Gannett and Vice Media joined in the suit. 

The final contract awards are not part of the FBI’s recent release. 

Bob Tompkins, the co-chair of the national government contracts practice at Holland & Knight, estimated that the contract could be worth anywhere from $700,000 to $13.5 million, based on the authorizing signatures. 

To authorize a non-competitive contract costing the government more than $700,000 but worth less than $13.5 million, both the agency’s contracting officer and the competition advocate would have to sign off on it, Tompkins explained. 

The FBI’s RFP appears to be signed by a contracting officer, a general counsel and a competition advocate. However, the names and dates are blocked out, citing both privacy and the law enforcement reasons. 

There is not a “statement of work” listed in the document, which outlines a proposal for what is expected of a contractor.

“It’s likely the proposal is prepared while the contractor is in discussions with the government,” Tompkins said. 

Based only on these documents, however, it’s not clear that a contract was ever awarded. 

Media reports last year speculated that an Israeli company called Cellebrite might have been helping the FBI crack Farook’s iPhone, as it lists bypassing cell phone encryption as one of its services. 

In March of last year, the FBI awarded Cellebrite a $15,000 contract, around the time the agency announced it would be enlisting a non-governmental third party to help open the phone. The contract lists the services as updates to software used to extract information from mobile devices.

However, both Thompson and Locaria say that formatting within the documents released last week by the FBI suggests that the bureau went to a company that is not already a government contractor. Cellebrite has been a government contractor for several years. 

If the government wants to engage in a contract with a company in the system of existing vendors, the agency could simply have a “task order” — a more streamlined approach that doesn’t require the extensive listing of regulations included in the RFP. 

Locaria, of Venable, also said that the redaction of some routine information and the summaries of regulation agreements also points to a new contractor. 

"It's odd they're redacting requirements that don't identify the contractor specifically," he said.

“There are several clauses that only require offerors to make certain representations,” such as certifying that they have an affirmative action plan in place. “The fact they redact them may indicate that they are not in compliance with these traditional government contract requirements,” he added. 

“They can waive some of the requirements based on national security concerns, so it doesn't surprise me that they may have,” Locaria said. “They may be waiving a lot of requirements because it's not a traditional government contractor, and could be someone new to the space.” 

It is unclear if the FBI plans to release more documents responsive to the FOIA request.