Irony alert! FBI won’t tell Apple how it hacked terrorist’s iPhone
NEW YORK — The fight between Apple and the FBI has taken an ironic twist.
Originally, Apple refused to help the FBI break into the San Bernardino terrorist’s iPhone. Apple’s argument? It didn’t even know how to hack the phone.
Now that the FBI has broken into that phone, the law enforcement agency is taking the stance that it can’t tell Apple how it pulled it off.
Why? Because the FBI doesn’t even know how it hacked the phone.
The hacking tool belongs to the mysterious “outside party” that helped the agency, according to Amy S. Hess, the FBI’s executive assistant director for science and technology.
That means the FBI paid more than $1.3 million to hack an iPhone without learning how the method works.
That also means the agency might be able to dodge a transparency rule set up by President Obama in 2010.
Whenever the government discovers a powerful new hack, top government officials must consider disclosing it so a tech company can fix it and prevent hackers from using it in the future. It’s called the “Vulnerabilities Equities Process.”
But this time around, the government can’t disclose what it doesn’t know, according to the FBI. Therefore, the White House won’t have anything to review.
“The FBI purchased the method from an outside party so that we could unlock the San Bernardino device. We did not, however, purchase the rights to technical details about how the method functions, or the nature and extent of any vulnerability,” Hess said in a statement to CNNMoney.
“As a result, currently we do not have enough technical information about any vulnerability that would permit any meaningful review under the VEP process,” she said.
Ross Schulman, one of the few experts in this White House transparency rule, criticized the FBI’s decision.
“If the FBI believes that the Vulnerabilities Equities Process doesn’t apply because it purchased the vulnerability from a third party, that is a hole in the supposedly robust VEP that you could drive a truck through,” said Schulman, a senior policy counsel at the Open Technology Institute think tank.
Additionally, the government is taking the stance that this vulnerability in the iPhone doesn’t pose a risk to consumers, because it only works if someone has possession of the device, and it only works on the older iPhone 5C model, according to law enforcement officials.
But computer experts, such as world-renowned cryptographer Bruce Schneier, have repeatedly warned that unpatched holes in technology could be used by hackers — and foreign spies — in the future. Bugs have a way of finding their way into the wrong hands.
Typically, a technology company like Apple would want to learn about the hack so it could update its next version of iOS software — or eliminate a physical weakness in the next iPhone.
Apple did not respond to CNNMoney’s request for comment.
Hess noted that the FBI doesn’t normally share details about the White House review of dangerous hacks, but it did so this time because of “the extraordinary nature of this particular case” and “the intense public interest in it.”