More than a year after the original filing, a judge has ruled that the FBI is not required to disclose any information on how it entered the iPhone 5c gathered as potential evidence in the San Bernardino shooting incident.
Late Saturday, federal Judge Tanya Chutkan ruled that should the FBI volunteer information about the tool it used to break into the iPhone 5c in question, it could put the method it used at risk. Additionally, since the FBI claims that the vendor who broke into the phone has networks “not as sophisticated” as U.S. government’s —so it could invite hacking attempts against the company.
“It is logical and plausible that the vendor may be less capable than the FBI of protecting its proprietary information in the face of a cyber-attack,” wrote Judge Chutkan. “The FBI’s conclusion that releasing the name of the vendor to the general public could put the vendor’s systems, and thereby crucial information about the technology, at risk of incursion is a reasonable one.”
The FBI believes it can find a way to “enhance” the tool, despite it working on the iPhone 5c —and not a phone with a Secure Enclave.
“If an adversary were determined to learn more information about the iPhone hacking tool the FBI acquired, it is certainly logical that the release of the name of the company that created the tool could provide insight into the tool’s technological design,” wrote the judge. “Adversaries could use this information to enhance their own encryption technologies to better guard against this tool or tools the vendor develops for the FBI in the future.”
No appeal is allowed.
On Dec. 2, 2015, 14 people were killed and 22 were seriously injured by a mass shooting by Syed Rizwan Farook and Tashfeen Malik in San Bernardino California. The pair were ultimately shot by law enforcement after a four-hour chase.
Discovered amongst their possessions was a county-owned iPhone 5c. In a botched attempt to penetrate the phone, the county ordered a password reset on the device, preventing any data more recent than Oct. 19 from being automatically backed up to iCloud, and accessible to subpoena.
The Department of Justice said that they already had all the call logs for the device up to the date of the attack, as well as data backups from before the last connection of the phone to Apple’s servers.
The judge overseeing the case dictated that Apple create a tool that would work with the seized iPhone 5c that would allow the government to unlock the phone, and grant access to the full contents and data store in the device’s flash storage.
Apple CEO Tim Cook refused the request. The FBI ultimately purchased the services of a “grey hat” hacking company to penetrate the phone just hours before a court hearing about the subject, and no tangible data directly related to the shooting was ultimately found.
In Sept. 2016, the Associated Press, USA Today, and Vice Media filed a freedom of information lawsuit, attempting to compel the FBI to divulge information about the hack it purchased to break into the San Bernardino shooters’ iPhone 5c. The trio argued that disclosure of the method of attack and vendor brings up issues about expenditure of public funds, governmental oversight concerns, and other ethical considerations surrounding the issue.
“The public is entitled to know the nature of the vendors the Government finds it necessary to deal with in cases of access to private information, ” the claimants declared. “Including whether or not the FBI feels compelled to contract with groups of hackers with suspect reputations.”
The FBI has refused requests for information regarding the iPhone 5c in the past, citing that since it does not own the hack, it can’t talk about it. Apple has also said that they have no intention of filing suit for data about the penetration method.