The FBI has not decided whether to share details with Apple about how the bureau hacked into an iPhone linked to a California terrorism investigation, FBI Director James Comey says.
Comey discussed the situation during a speech Wednesday evening at Kenyon College in Ohio. He called it a “technological corner case” and said the flaw the FBI exploited in Apple’s software works only on a “narrow slice of phones” — the iPhone 5C running iOS 9, the recent version of Apple’s mobile operating system — not on newer or older models.
“If we tell Apple, they’re going to fix it and we’re back where we started,” Comey said. “As silly as it may sound, we may end up there. We just haven’t decided yet.”
The Justice Department dropped its legal fight to compel Apple to provide it with specialized software that would allow the FBI to hack into the iPhone, which was issued to San Bernardino county health inspector Syed Farook. Farook and his wife Tashfeen Malik killed 14 people in December; the couple died in a shootout with authorities.
The iPhone was found in a vehicle the day after the shooting. Two personal phones were found destroyed so completely the FBI could not recover information from them.
U.S. Magistrate Sheri Pym had ordered Apple to provide the FBI with software to help it hack into Farook’s work-issued iPhone after the government said only Apple could help authorities access the encrypted and locked iPhone. The order touched off a debate pitting digital privacy rights against national security concerns.
Comey told the university audience that the case also inspired a lot of efforts to try to break into the phone — “everybody and his uncle Fred called us with ideas.”
“Someone outside the government, in response to that attention, came up with a solution,” Comey said. “One that I am confident will be closely protected and used lawfully and appropriately.”
The government then “purchased a tool that allows court authorized access to the phone,” Comey said. The government has declined to release the identity of the third party that made it possible to access the iPhone in the case.
“The FBI is very good at keeping secrets and the people we bought this from — I know a fair amount about them, and I have a high degree of confidence that they’re very good at protecting it and their motivations align with ours,” Comey said.
Comey’s comments were the closest hints about whether or what the FBI may do with its knowledge of a vulnerability in Apple’s software that could let someone bypass built-in digital locks to access private information. It remains unclear whether or when the FBI may share details about the technique with state or local police agencies or law enforcement offices.
The FBI’s solution apparently would not help Manhattan District Attorney Cyrus Vance, who told a congressional panel that he has 205 iPhones his investigators can’t access data from in criminal investigations. Not one of those phones is an iPhone 5C, according to his office.
CBS News Justice reporter Paula Reid noted that if prosecutors sought to use the technique to access phones in state or federal criminal cases, the method would have to be disclosed under discovery rules. So she believes the government is more likely to stick to using it in national security cases where such disclosure would not be required.
The encrypted phone in the California case was protected by a passcode that included security protocols: a time delay and self-destruct feature that erased the phone’s data after 10 tries. The two features made it impossible for the government to repeatedly and continuously test passcodes.