The strange tale of the San Bernardino iPhone seems like it’s almost over, although it touched off a national debate about encryption that’s just getting started. Apple probably won’t find out what method was used by the third-party firm that broke into the iPhone 5c used by shooter Syed Rizwan Farook,
The government says that the unidentified international firm that did the hack has legal ownership of the method, so while the FBI got the data it wanted, it’s unable to disclose the method to Apple. There’s actually a system in place, known as the
Vulnerabilities Equities Process, that’s designed to evaluate flaws discovered by the government’s own agencies to determine if they should be disclosed to the technology companies who can patch them, or if the vulnerabilities can remain secret to be used by the NSA, FBI, or other agencies.
But in this case, the FBI says it doesn’t even know enough about the method to be able to submit it for evaluation. The firm that “owns” the hack is free to keep it secret and sell it to anyone—government or criminal alike.
As recently as last week, FBI Director James Comey made it sound like the bureau was still weighing its options about disclosing the flaw to Apple, not that it was technologically or legally prohibited from doing so. Speaking at Kenyon College on April 6,
Comey said, “If we tell Apple, they’re going to fix it and we’re back where we started. As silly as it may sound, we may end up there. We just haven’t decided yet.”
The other piece of bad news in this case: A source in law enforcement
told CBS News that the San Bernardino iPhone hasn’t produced useful evidence so far, although they aren’t done analyzing all the data. You may recall that the iPhone 5c in question was provided by Farook’s employer, San Bernardino County, and he also had a personal cell phone that he destroyed prior to committing the crime. Farook and his wife and co-conspirator Tashfeen Malik were killed in a gunfight with law enforcement after murdering 14 people and seriously wounding 22.