The FBI is using its newfound ability to crack the San Bernardino terrorist iPhone to see if it can open other versions of the phone, according to The Wall Street Journal. In the meantime, the law enforcement agency is keeping its unlocking technology private.
The American Civil Liberties Union said the FBI is taking a chance that no other entity will discover the capability. Government officials say it could take months for the FBI to decide whether and how to disclose the security gap.
Third Party Unlocks iPhone
The legal conflict between the FBI and Apple over the locked iPhone that was used by the San Bernardino, Calif. terrorist came to a halt this week when the FBI said an undisclosed third party demonstrated how to decrypt the phone’s data. The agency has not disclosed the technique or the data found on the phone. The government did drop its order requiring Apple to help investigators unlock the device’s security features.
Apple has not revealed the security flaw that allowed the FBI to access the iPhone 5C, nor has it determined how many other phones are at risk. The 5C was not a big seller for the company, a fact which limits the technique’s value unless it works on other models.
Chris Soghoian, the American Civil Liberty Union’s principal technologist, said the FBI faces a “million dollar question” in deciding if it should prioritize its surveillance needs over cybersecurity.
The longer the agency keeps the security flaw private, the more they gamble that no other entity will find the flaw. The ACLU criticized the agency’s efforts to coerce Apple to help unlock the phone.
FBI Unsure About Disclosing Flaw
The process that law enforcement agencies use to determine how or whether to disclose a security gap can take months, according to former officials.
The White House supervises the deliberations on whether the flaw should be disclosed publicly or kept private.
Current and former government officials have said the process could be especially complex since Apple has said it will resist the government’s efforts to require it to help unlock iPhones.
The government claims it needs to retain the ability to penetrate the devices when it has a warrant. Apple claims the government was wrong to order them to develop vulnerabilities in their systems that would expose customers to hacking.
FBI Has Questions To Consider
If the government provides Apple information about the security flaw, Apple could update its software to remove the access. The government also will need to determine what to tell local law enforcement officials about the new technique. A number of local officials say they are locked out of phones holding evidence of criminal activities.
Robert Anderson, an executive at Navigant Consulting Inc. and a former FBI official, said the more phones that can be opened with the technique, the greater the likelihood the government would reveal it to Apple. He said the government would not hide the technique and jeopardize the privacy and safety of millions.
Anderson said that the discussion throughout the FBI/Apple conflict failed to account for the fact that technology advances faster than the government’s ability to stay abreast of it.
Anderson said the FBI’s success in cracking the iPhone will last about 30 seconds in the cyberworld.
Soghoian of the ACLU said while federal officials claim the review process is designed to favor disclosing security flaws, the process is skewed toward holding secret vulnerabilities for intelligence gathering rather than sharing them in order to fix flaws. The approach may be good for the government in the short term but cause more damage over time.