Why FBI won't share details of iPhone hack with White House

The FBI announced Wednesday it would not share the vulnerability that allowed hired hackers to unlock the iPhone of San Bernardino shooter Syed Rizwan Farouk last month.

|
Carlos Barria/Reuters
FBI Director James Comey delivers a speech at the Master of Science in Foreign Service CyberProject's sixth annual conference at Georgetown University in Washington, D.C., on Tuesday.

Story updated at 1:45 p.m. Eastern time.

The Federal Bureau of Investigation announced that it will not share the mechanism used to hack into the San Bernardino, Calif., shooter's iPhone with other government agencies.

Earlier this week, the FBI's director had said that he was still considering whether to inform Apple, and the public, of the device vulnerability that enabled a contractor to hack into the phone.

“We are in the midst of trying to sort that out,” FBI Director James Comey said Tuesday. “The threshold (for disclosure) is, are we aware of the vulnerability, or did we just buy a tool and don't have sufficient knowledge of the vulnerability to implicate the process?”

The FBI successfully unlocked the San Bernardino County-issued cell phone belonging to Syed Rizwan Farouk, one of the two attackers in the December rampage, following a drawn-out legal battle with Apple pertaining to the tech company’s obligation to aid law enforcement.

The FBI eventually gained access to the iPhone after it paid hackers well over $1 million to crack Apple’s security measures, an estimate that has been derived from Mr. Comey's current salary based on comments that the contract cost more than he expects to earn in the remainder of his FBI tenure. Despite the hefty price tag, Comey said that the successful penetration “was, in my view, worth it.”

The FBI has yet to disclose the identity of the hacker or hackers who aided in the unlocking process, although Reuters sources reported that the help came from outside of the United States. Comey’s earlier statements suggested that the FBI does not own the secret method used by the hackers, or perhaps even know exactly what vulnerability was exploited.

Now, Comey's agency has decided to keep all of the details surrounding the hack private. Following a loose protocol established by the White House for such situations, mostly favoring a policy of disclosure, the FBI announced its intentions in a statement by Science and Technology Branch head Amy Hess.

The FBI did not "purchase the rights to technical details about how the method functions," from the hired hackers, meaning that its technology experts do not "have enough technical information about any vulnerability," according to Ms. Hess, per Reuters.

While the procedure for deciding on the disclosure of similar information favors transparency, White House cybersecurity coordinator Michael Daniel acknowledged in a 2014 release that “there are no hard and fast rules” on the issue in place.

“Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence... or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks,” Mr. Daniel wrote.

“Building up a huge stockpile of undisclosed vulnerabilities while leaving the Internet vulnerable and the American people unprotected would not be in our national security interest,” he added.

An earlier statement by Comey suggests that he didn't want to sent the clash with Apple back to square one in the event that the vulnerabilities were disclosed.

“If we tell Apple, they're going to fix it and we're back where we started,” he told AP earlier this month. “As silly as it may sound, we may end up there. We just haven't decided yet.”

This report contains material from Reuters and the Associated Press.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Why FBI won't share details of iPhone hack with White House
Read this article in
https://www.csmonitor.com/Technology/2016/0427/Why-FBI-won-t-share-details-of-iPhone-hack-with-White-House
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe