April 29, 2016—After Apple’s heroic stand against the FBI’s request for a backdoor giving investigators access to the San Bernardino shooter’s iPhone, the Department of Justice finally stood down, telling the court that it had found a way to crack into Syed Farook’s smartphone without the help of the tech giant. But once the issue was addressed, we were left wondering whether the FBI would comply with the Barack Obama administration’s “Vulnerabilities Equities Policy,” which states that US government agencies must meet with the president’s National Security Council in order to discuss whether vulnerabilities unearthed by official investigations should be disclosed or not.
While many news sources claimed there was a slim chance the feds would disclose the flaw they found with Apple, what the FBI disclosed instead on April 14th had nothing to do with the cracking of Farook’s iPhone. Instead, Apple announced that, for the first time since VEP became a policy, the FBI had finally contacted them to discuss a flaw. Unfortunately, the issues brought up by the FBI were associated with a particular vulnerability previously unveiled by Apple, which had already been fixed nine months ago.
To Tech Dirt, this revelation shows that “the VEP process generally means nothing gets disclosed. In fact, the timing of this really suggests that someone in the DOJ recently flipped out and realized that there’s now going to be scrutiny on the VEP, so they might as well disclose something. Thus, they found an old bug that had already been patched and ‘revealed’ it.”
But the fact the FBI only now decided to act on the VEP process is not what bother’s Tech Dirt.
From the publication:
“… things got stranger a couple of days later, when the FBI—which had already admitted to paying over $1 million to access Farook’s iPhone, said that, for all that money, the people it hired never explained the vulnerability. They just opened the phone. Really.”
From The New York Times:
“‘The F.B.I. purchased the method from an outside party so that we could unlock the San Bernardino device,’ Amy S. Hess, executive assistant director for science and technology, said in a statement.
‘We did not, however, purchase the rights to technical details about how the method functions, or the nature and extent of any vulnerability upon which the method may rely in order to operate. As a result, currently we do not have enough technical information about any vulnerability that would permit any meaningful review’ by the White House examiners, she said.”
According to Tech Dirt, this suggests that the DOJ and the FBI’s negotiations methods are either faulty, or that the DOJ “knew that it wouldn’t have to reveal the flaw to Apple.” Meaning that the feds may have chosen to keep the hacking methods under wraps in order to avoid having to admit that the hacking of the San Bernardino shooter’s phone could be used on other iPhones.
Tech Dirt adds that, “if the FBI never actually got the details,” that could also mean that, in the future, the American taxpayer might have to foot another $1 million hacking bill.
Should the FBI disclose how the iPhone was hacked? Share your thoughts with us!