FBI Can Keep How It Hacked San Bernardino Suspect’s iPhone Secret, Judge Rules
Photo: PixabayMilitary & Intelligence18:14 02.10.2017(updated 18:37 02.10.2017) Get short URL114010
After months of legal wrangles, a US Federal Judge has ruled the FBI is under no obligation to publicly disclose which third-party hacking tool it used to access an iPhone’s content without Apple’s consent – or how much it cost taxpayers.
US Federal Judge Tanya Chutkan has ruled the Federal Bureau of Investigation (FBI) will not have to reveal any details about the hacking tool it used to crack the iPhone at the center of the December 2015 San Bernardino terrorism case, allowing the agency to keep the information entirely secret.
The ruling means both the name of the tool’s vendor, and the price paid by the FBI, will not be revealed.
The court agreed with the FBI’s argument that if the vendor’s identity were made public, a review of the company’s work could lead “antagonists” to develop exploits for the vendor’s “unique product.”
Additionally, the FBI asserted that because the vendor’s networks were not as sophisticated as the FBI’s cybersecurity facilities, releasing the name of the vendor could subject the vendor to attacks by hostile actors wishing to exploit the technology.
Since the vendor is apparently not as well equipped to guard against these types of attacks as the FBI, revealing the vendor’s identity would risk “disclosure, exploitation, and circumvention of a classified intelligence source and method.”
As a result, the vendor’s identity could be “reasonably expected” to cause serious damage to national security, as it would allow hostile entities to uncover current intelligence gathering methods employed by the Bureau, as well as the “capabilities and limitations” of those methods.
“Moreover, it is logical and plausible the vendor may be less capable than the FBI of protecting its proprietary information in the face of a cyber-attack. The FBI’s conclusion that releasing the name of the vendor to the public could put the vendor’s systems, and thereby crucial information about the technology, at risk of incursion is a reasonable one,” the ruling said.
Moreover, Judge Chutkan criticized the plaintiffs’ apparent assumption the FBI’s concerns weren’t founded, and that if the tool were so critically important to national security, the FBI would not have left it in the hands of a “poorly guarded vendor.”
The judge decided the vendor may continue to possess the tool for any number of reasons related to national security interests, and even if the possibility of an attack on the vendor’s systems was remote, the FBI still demonstrated a logically reasonable risk of harm to national security in this respect.
Tech experts seemingly believe the tool could only be used to access iPhone 5C handsets, running iOS 9, but the FBI expressed concern that should the tool fall into the wrong hands, someone may determine “a way to enhance the tool’s capabilities” beyond these limits.
The court also denied requests for the price paid for the tool to be made public, although former FBI director James Comey and Senator Dianne Feinstein have previously suggested it may have cost up to US$1.3 million.
“Releasing the purchase price would designate a finite value for the technology and help adversaries determine whether the FBI can broadly utilize the technology to access their encrypted devices,” the court ruled.
Judge Chutkan’s ruling is final, and there is no right to appeal the decision.
Apple vs FBI: The Battle
The standoff between tech giant Apple and the bureau endured for months.
At first, the FBI tried unsuccessfully to compel the iPhone-innovator to offer them access to a phone at the center of the case.
Apple repeatedly refused to help the FBI develop a backdoor into the device, which the FBI believed contained sensitive information on Farook Malik and his wife Tashfeen, who participated in an attack that left 14 dead.
Eventually however, the FBI resorted to using a third-party hacking tool to access to the information it needed, without Apple’s assistance or consent.
Several individuals and privacy groups filed Freedom of Information act requests in an attempt to secure details of the method used by authorities, as it was not clear how many phones the exploit could be used on, and whether the FBI could and would use it surreptitiously in the future.