{"id":21218,"date":"2016-04-28T08:01:23","date_gmt":"2016-04-28T15:01:23","guid":{"rendered":"http:\/\/spijue.wpengine.com\/news\/fbi-wont-disclose-how-it-accessed-locked-iphone\/"},"modified":"2016-04-28T08:01:23","modified_gmt":"2016-04-28T15:01:23","slug":"fbi-wont-disclose-how-it-accessed-locked-iphone","status":"publish","type":"post","link":"https:\/\/www.juneauempire.com\/news\/fbi-wont-disclose-how-it-accessed-locked-iphone\/","title":{"rendered":"FBI won&#8217;t disclose how it accessed locked iPhone"},"content":{"rendered":"<p><strong>WASHINGTON<\/strong> \u2014 The FBI said Wednesday that it will not publicly disclose the method that allowed it to access a locked iPhone used by one of the San Bernardino attackers, saying it lacks enough \u201ctechnical information\u201d about the software vulnerability that was exploited.<\/p>\n<p>The decision resolves one of the thorniest questions that has confronted the federal government since it revealed last month, with minimal details, that an unidentified third party had come forward with a successful method for opening the phone. The FBI did not say how it had obtained access, leaving manufacturer Apple Inc. in the dark about how it was done.<\/p>\n<p>The new announcement means that details of how the outside entity and the FBI managed to bypass the digital locks on the phone without help from Apple will remain secret, frustrating public efforts to understand the vulnerability that was detected and potentially complicating efforts to fix it.<\/p>\n<p>In a statement Wednesday, FBI official Amy Hess said that although the FBI had purchased the method to access the phone \u2014 FBI Director James Comey suggested last week it had paid more than $1 million \u2014 the agency did not \u201cpurchase the rights to technical details about how the method functions,.\u201d<\/p>\n<p>The FBI\u2019s explanation raises the possibility that it applied a purchased exploit against what it described as a potentially key piece of evidence in a sensational terrorism investigation without knowing the full technical details of what it was doing to that iPhone.<\/p>\n<p>The government has for years recommended that security researchers work cooperatively and confidentially with software manufacturers before revealing that a product might be susceptible to hackers. The Obama administration has said that while disclosing a software vulnerability can weaken an opportunity to gather intelligence, leaving unprotected Internet users vulnerable to intrusions is not ideal either.<\/p>\n<p>An interagency federal government effort known as the vulnerabilities equities process is responsible for reviewing such defects and weighing the pros and cons of disclosing them, taking into account whether the vulnerability can be fixed, whether it poses a significant risk if left unpatched and how much harm it could cause if discovered by an adversary.<\/p>\n<p>Hess, the executive assistant director of the FBI\u2019s science and technology branch, said Wednesday the FBI did not have enough technical details about the vulnerability to submit it to that process.<\/p>\n<p>\u201cBy necessity, that process requires significant technical insight into a vulnerability. The VEP cannot perform its function without sufficient detail about the nature and extent of a vulnerability,\u201d she said.<\/p>\n<p>An Apple lawyer told reporters earlier this month that the company still believes the iPhone to be one of the most secure products on the market and expressed confidence that the vulnerability that was discovered would have a \u201cshort shelf life.\u201d<\/p>\n<p>The revelation last month that the FBI had managed to access the work phone of Syed Farook \u2014 who along with his wife killed 14 people in the December attacks in San Bernardino \u2014 halted an extraordinary court fight that flared a month earlier when a federal magistrate in California directed Apple to help the FBI hack into the device. Since then, the government has not disclosed the entity or said anything about how the work was done.<\/p>\n<p>At an appearance earlier this month at Kenyon College in Ohio, Comey said the FBI had not yet decided whether to disclose details to Apple but suggested that the agency had reservations about doing so.<\/p>\n<p>\u201cIf we tell Apple, they\u2019re going to fix it and we\u2019re back where we started,\u201d Comey said. \u201cAs silly as it may sound, we may end up there. We just haven\u2019t decided yet.\u201d<\/p>\n<p>The FBI director was correct, but that\u2019s exactly the way the process should work, said Joseph Lorenzo Hall, senior technologist at the Center for Democracy and Technology.<\/p>\n<p>\u201cIf you\u2019re going to use flaws in the technology to gain access, then you better be prepared to report it,\u201d he said.<\/p>\n<p>Given the imperfections inherent in software writing, and their ability to be exploited for access, \u201cThose bugs need to be fixed as fast as we can because we have no clue about whether there are tons and tons of bugs \u2014 or just a few,\u201d he said.<\/p>\n<p>Though one can imagine a scenario in which the FBI would hold onto its secret for \u201ca little while,\u201d vulnerabilities generally should be reported to the company so they have an opportunity to patch them, said Susan Landau, a cybersecurity policy professor at Worcester Polytechnic Institute.<\/p>\n<p>\u201cTo me, and I think the government would clearly agree, the default should be report,\u201d she said.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WASHINGTON \u2014 The FBI said Wednesday that it will not publicly disclose the method that allowed it to access a locked iPhone used by one of the San Bernardino attackers, saying it lacks enough \u201ctechnical information\u201d about the software vulnerability that was exploited. The decision resolves one of the thorniest questions that has confronted the [&hellip;]<\/p>\n","protected":false},"author":107,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_stopmodifiedupdate":false,"_modified_date":"","wds_primary_category":4,"footnotes":""},"categories":[4],"tags":[65],"yst_prominent_words":[],"class_list":["post-21218","post","type-post","status-publish","format-standard","hentry","category-news","tag-nation-world"],"_links":{"self":[{"href":"https:\/\/www.juneauempire.com\/wp-json\/wp\/v2\/posts\/21218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.juneauempire.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.juneauempire.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.juneauempire.com\/wp-json\/wp\/v2\/users\/107"}],"replies":[{"embeddable":true,"href":"https:\/\/www.juneauempire.com\/wp-json\/wp\/v2\/comments?post=21218"}],"version-history":[{"count":0,"href":"https:\/\/www.juneauempire.com\/wp-json\/wp\/v2\/posts\/21218\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.juneauempire.com\/wp-json\/wp\/v2\/media?parent=21218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.juneauempire.com\/wp-json\/wp\/v2\/categories?post=21218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.juneauempire.com\/wp-json\/wp\/v2\/tags?post=21218"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/www.juneauempire.com\/wp-json\/wp\/v2\/yst_prominent_words?post=21218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}