The FBI doesn’t have to tell Apple how it cracked the iPhone 5c in the San Bernardino terrorism case, and now the American Civil Liberties Union is taking the agency to task.
According to the Wall Street Journal, a White House review group will determine which of three avenues the FBI can take: publicly announce the security flaw, disclose the flaw to Apple, or keep it under wraps so it can use the flaw to crack more iPhones. For now, it looks like the FBI is keeping it a secret. Not even Apple knows what technique the agency is using to get into the iPhone 5c in the San Bernardino case. All the FBI will say is that an “outside party” helped investigators crack the phone, negating the need for Apple’s help.
That means the agency can continue to use that same technique on other iPhones at stake in court cases around the country without running the risk that Apple updates its software to prevent future attempts.
“[By] stockpiling vulnerabilities, and not reporting them, the U.S. government risks angering firms that it regularly goes to seeking voluntary help,” ACLU principal technologist Chris Soghoian told the WSJ. “And the U.S. government needs Silicon Valley more than Silicon Valley needs the U.S. government.”
A White House cybersecurity coordinator chairs a group that looks at whether the vulnerability should be disclosed to the company whose product is affected. The iPhone flaw that the FBI has found, reportedly with help from Israeli firm Cellebrite, would fall under that group’s purview, though the group has yet to take up this specific case.
Sign up for CIO Asia eNewsletters.