The FBI could reveal how it was able to gain access to the iPhone used by one of the shooters in last December’s terror attack in San Bernardino, California.
“We are in the midst of trying to sort that out,” FBI Director James Comey said Tuesday at a conference on cyber engagement at Georgetown University. “I think we’re close to a resolution."
The Obama administration sometimes will share such information under the so-called Vulnerabilities Equities Process, if companies can use the information to work on a patch to protect information or systems.
At other times, the government will seek to keep the vulnerabilities secret if a case can be made that by releasing them, access to vital intelligence will be compromised.
Comey’s admission the FBI is close to deciding what to do about the vulnerability comes barely a week after the FBI admitted it had paid a private firm more than $1.3 million to gain access to the iPhone 5c that belonged to San Bernardino gunman Syed Rizwan Farook.
FBI officials said previously the technique used to access the data would not work on other so-called smart phones. iPhone maker Apple had been fighting a court order that required it to write new software to disable passcode protection.
Comey said Tuesday he was “very glad” the litigation with Apple regarding the iPhone encryption was over, though he cautioned, ”it would be bad if the conversation this started ended.”
He added, “Because we live our lives on these devices, as I do, the notion that they will be immune to judicial process takes us to a place we’ve never lived before. There has never been a time in the 240 years of our country that privacy was absolute.”
The FBI director also sought to reassure private companies that the government and law enforcement are looking for what he described as a constructive relationship, similar to what many companies have with local fire departments, which understand the layout of their buildings in case of an emergency.
“We have to get to a place where it becomes routine for there to be an exchange, an appropriate lawful exchange of information,” said Comey.
“Even in the midst of an attack we don’t want to read your memos, we don’t want to read your emails,” he said. “We need to understand how we can quickly get the indicators of attack so we can change the actor’s behaviors.”