The U.S. government has the means to crack an iPhone. How long will it keep that a secret?
Days after federal officials announced that a third party had assisted the FBI in opening the locked iPhone of San Bernardino mass killer Syed Farook, the means of the hack — and the third party involved — remain secret.
How long they remain a secret will be determined by how vital the government believes the vulnerability found in this iPhone is to national security. Any information the bureau lets out increases the likelihood that Apple will isolate the vulnerability and close it on future products. But keeping the hack under lock and key means other law enforcement agencies wishing to pull evidence from iPhones connected to all kinds of crimes will have to ask the FBI for help.
“It’s the sole means the U.S. government has to conduct investigations with iPhones,” one former White House counterterrorism official told International Business Times. For the government, he said, the danger is that Apple “fixes the vulnerability and continues to be noncooperative in future cases.”
Indeed, Apple said Monday it was hard at work to find the weak spot. “We will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated,” the company said in a statement.
At the time of the dispute over the San Bernardino iPhone, the U.S. was seeking Apple’s assistance in cracking nine other iPhones, the New York Times reported, and hundreds more remain in evidence rooms in state, county and local jurisdictions around the country. But it’s unclear how helpful this hack will be in solving other cases where encrypted iPhones may hold evidence.
“At present, we know that this tool works on this iPhone 5C, which was running a version of iOS 9,” one U.S. law enforcement official said. “It remains a top priority to ensure that, when properly authorized, we can get access to evidence on mobile devices, whether through cooperation with manufacturers or, where necessary, the development of independent access solutions. But it’s premature to say anything about our ability to access other phones.”
In another time, the U.S. government might be sharing the vulnerability it found with Apple. A 2009 Obama administration policy dictates that if the government finds an exploit, it should share it with the manufacturer pending an “equities review,” where the national security interests are weighed. The administration has not confirmed whether this exploit is being put through that process, but officials speaking to IBT indicated that is unlikely.
Those sources also said that if the Department of Justice is not sharing the exploit with Apple, it probably won’t share it with local law enforcement. Rather, the FBI would intervene in cases where the technology could be helpful, but that would mean sending the phone to the FBI for the data extraction.
Manhattan District Attorney Cyrus Vance Jr. isn’t holding his breath. Vance, who testified on behalf of the government in hearings before the House Judiciary Committee, said in a statement Monday that, unlike the FBI, local law enforcement cannot do battle with Apple on encryption.
“We cannot ask crime victims across 3,000 local jurisdictions to stake their hope for justice on an unending technological arms race between the government and Apple,” Vance said. “The overwhelming majority of criminal investigations stalled by default device encryption will remain so until Congress intervenes.”
The U.S. government could also simply classify the information, but that would in part depend on the ability of this so-called outside vendor to keep a secret. Israeli press last week identified the digital forensics company Cellebrite as the company assisting the United States. Neither Cellebrite or the Department of Justice would confirm that to IBT, but the company has done at least $2 million in business with the U.S. government, according to the Federal Procurement Data System database.