Accessibility links

USA

FBI Won't Share iPhone Vulnerability


The Apple logo appears on an Apple store in Los Angeles, California, United States, April 22, 2016. Apple has refused to write software for its devices to allow the FBI to bypass encrypted passcodes.

The Apple logo appears on an Apple store in Los Angeles, California, United States, April 22, 2016. Apple has refused to write software for its devices to allow the FBI to bypass encrypted passcodes.

The FBI confirmed Wednesday it will not reveal how it was able to gain access to the iPhone used by one of the shooters in last December’s terror attack in San Bernardino, California.

After failing to crack the security codes itself and seeking a court order that required iPhone-maker Apple to write new software to disable the phone’s passcode protection, officials last month paid an outside firm more than $1.3 million to gain access.

Investigators concluded they simply do not know enough about the process used to get into the iPhone 5c belonging to gunman Syed Rizwan Farook to share any more with the public.

FBI statement

In a statement released Wednesday, FBI Executive Assistant Director Amy Hess said the agency paid to crack the password protection but it “did not, however, purchase the rights to technical details about how the method functions, or the nature and extent of any vulnerability upon which the method may rely in order to operate.”

Federal Bureau of Investigation Executive Assistant Director for Science and Technology Amy Hess (L) testifies on Capitol Hill in Washington, April 19, 2016, before a House Oversight and Investigations subcommittee hearing on deciphering the debate over encryption.

Federal Bureau of Investigation Executive Assistant Director for Science and Technology Amy Hess (L) testifies on Capitol Hill in Washington, April 19, 2016, before a House Oversight and Investigations subcommittee hearing on deciphering the debate over encryption.

“As a result, currently we do not have enough technical information about any vulnerability that would permit any meaningful review under the VEP [Vulnerabilities Equities Process] process,” she said.

The VEP, or Vulnerabilities Equities Process, is a White House-led initiative in which government agencies debate whether to share software flaws with the companies that designed the software so the vulnerabilities can be fixed.

The White House says most flaws are shared, though exceptions are made in cases in which intelligence or law enforcement agencies may need to use the flaw in ongoing investigations.

The FBI said it planned to inform the White House of its decision in coming days.

Knotty issue

The move, for now, sidesteps a contentious debate over not just the San Bernardino iPhone, but also about how the issue will be handled in future cases.

FBI officials have said previously that the technique used to access the data would not work on other so-called smart phones.

FBI Director James Comey had hinted at the FBI decision Tuesday during a conference on cyber engagement at Georgetown University, saying “I think we’re close to a resolution."

Comey also said Tuesday he was “very glad” the litigation with Apple regarding the iPhone encryption was over, though he cautioned, ”it would be bad if the conversation this started ended.”

'Constructive relationship'

The FBI director also sought to reassure private companies that the government and law enforcement are looking for what he described as a constructive relationship, similar to what many companies have with local fire departments, which understand the layout of their buildings in case of an emergency.

“We have to get to a place where it becomes routine for there to be an exchange, an appropriate lawful exchange of information,” said Comey.

“Even in the midst of an attack we don’t want to read your memos, we don’t want to read your emails,” he said. “We need to understand how we can quickly get the indicators of attack so we can change the actor’s behaviors.”

But Comey cautioned it is not feasible to completely ban law enforcement agencies from access to personal devices.

“The notion that they will be immune to judicial process takes us to a place we’ve never lived before,’ said. “There has never been a time in the 240 years of our country that privacy was absolute.”

Show comments

XS
SM
MD
LG