Following a very public fight over the unlocking of the iPhone used by Syed Rizwan Farook, a gunman in the San Bernardino, Calif., shooting last December, the Federal Bureau of Investigation (FBI) has found a way to crack the device without help from Apple. Now, will the federal agency have to tell the tech giant how it was done?
The tables have turned on Apple, which is now on the outside looking in on its popular phone’s security. Apple's initial rationale for not helping the FBI was to avoid risks posed by unlocking the device. But now that the technology to do so exists, Apple wants to shore up its digital defenses so that millions of iPhones are not suddenly compromised.
The FBI most likely will not go out of its way to help Apple, after the company refused to aid the FBI. But a recently enacted federal policy suggests that the agency should end up sharing its methods with Apple.
The government’s Vulnerabilities Equities Process (VEP) established how federal agencies must release information about any “zero-day” weaknesses, or unknown software holes, it finds in existing technology. While the FBI falls under the jurisdiction of the VEP – which concerns the discovery of zero-days that are “newly discovered and not publicly known,” such as the key to unlocking an iPhone – it is not known whether the VEP would eventually lead to the bureau releasing any information.
“[T]here are no hard and fast rules,” White House cybersecurity coordinator Michael Daniel wrote in 2014. “Too little transparency and citizens can lose faith in their government and institutions, while exposing too much can make it impossible to collect the intelligence we need to protect the nation.”
Whether the government review will compel the FBI to divulge its hacking approach, it seems Apple has people on its side once again. A poll of The Christian Science Monitor’s Passcode Influencers found that 81 percent thought the FBI should inform Apple of the security flaw so that it can be fixed.
“While it is appropriate for law enforcement, with a warrant, to use a security flaw to gain access to which it is legally entitled, the flaw should be patched as soon as possible for everyone else’s sake,” Jonathan Zittrain, a professor of law and computer science at Harvard Law School, told the Monitor.
“It would be dangerously shortsighted and irresponsible for the government to stockpile that vulnerability for its own use and leave every iPhone user at risk,” Open Technology Institute director Kevin Bankston added.
A minority of respondents said that Apple should have to work out the method on its own, regardless of what the FBI accomplished.
“Apple asking the FBI to reveal its methods is as bad as the FBI asking Apple to weaken its encryption. Both need to stay in their respective lanes,” Taia Global CEO Jeffrey Carr told the Monitor.
It remains to be seen if the FBI will go through the VEP in this situation, and what results that review process could yield Apple and the tech market. But Apple may have a legal fallback if the FBI can withhold its iPhone hack. According to Reuters, a New York case involving locked iPhones may lead to a discovery phase in court that would force the FBI to show how it broke into the iPhone.
Whether that case continues or a VEP leads to sharing between the agency and Apple, what the FBI ends up doing and how the tech company responds will set an important precedent in cybersecurity and in the relationship between the tech sector and the government for similar cases in the future.