Should the FBI tell Apple how it cracked the iPhone?

Following a legal battle between the government and the technology company over the security of the iPhone, the FBI may now be the one protected from revealing its method of infiltrating the device.

|
Issei Kato/Reuters
An employee of Japanese electronics maker Sun Corp. demonstrates Cellebrite UFED TOUCH, a device for the data extraction from mobile device such as mobile phone or smart phone, during a photo opportunity at the company's Tokyo office. Sun Corp. and Cellebrite were reportedly both involved in the FBI's successful unlocking of an iPhone used by one of the San Bernardino, California shooters, although neither group has confirmed whether they helped the FBI.

Following a very public fight over the unlocking of the iPhone used by Syed Rizwan Farook, a gunman in the San Bernardino, Calif., shooting last December, the Federal Bureau of Investigation (FBI) has found a way to crack the device without help from Apple. Now, will the federal agency have to tell the tech giant how it was done?

The tables have turned on Apple, which is now on the outside looking in on its popular phone’s security. Apple's initial rationale for not helping the FBI was to avoid risks posed by unlocking the device. But now that the technology to do so exists, Apple wants to shore up its digital defenses so that millions of iPhones are not suddenly compromised.

The FBI most likely will not go out of its way to help Apple, after the company refused to aid the FBI. But a recently enacted federal policy suggests that the agency should end up sharing its methods with Apple.

The government’s Vulnerabilities Equities Process (VEP) established how federal agencies must release information about any “zero-day” weaknesses, or unknown software holes, it finds in existing technology. While the FBI falls under the jurisdiction of the VEP – which concerns the discovery of zero-days that are “newly discovered and not publicly known,” such as the key to unlocking an iPhone – it is not known whether the VEP would eventually lead to the bureau releasing any information.

[T]here are no hard and fast rules,” White House cybersecurity coordinator Michael Daniel wrote in 2014. “Too little transparency and citizens can lose faith in their government and institutions, while exposing too much can make it impossible to collect the intelligence we need to protect the nation.”

Whether the government review will compel the FBI to divulge its hacking approach, it seems Apple has people on its side once again. A poll of The Christian Science Monitor’s Passcode Influencers found that 81 percent thought the FBI should inform Apple of the security flaw so that it can be fixed.

“While it is appropriate for law enforcement, with a warrant, to use a security flaw to gain access to which it is legally entitled, the flaw should be patched as soon as possible for everyone else’s sake,” Jonathan Zittrain, a professor of law and computer science at Harvard Law School, told the Monitor.

“It would be dangerously shortsighted and irresponsible for the government to stockpile that vulnerability for its own use and leave every iPhone user at risk,” Open Technology Institute director Kevin Bankston added.

A minority of respondents said that Apple should have to work out the method on its own, regardless of what the FBI accomplished.

“Apple asking the FBI to reveal its methods is as bad as the FBI asking Apple to weaken its encryption. Both need to stay in their respective lanes,” Taia Global CEO Jeffrey Carr told the Monitor.

It remains to be seen if the FBI will go through the VEP in this situation, and what results that review process could yield Apple and the tech market. But Apple may have a legal fallback if the FBI can withhold its iPhone hack. According to Reuters, a New York case involving locked iPhones may lead to a discovery phase in court that would force the FBI to show how it broke into the iPhone.

Whether that case continues or a VEP leads to sharing between the agency and Apple, what the FBI ends up doing and how the tech company responds will set an important precedent in cybersecurity and in the relationship between the tech sector and the government for similar cases in the future.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Should the FBI tell Apple how it cracked the iPhone?
Read this article in
https://www.csmonitor.com/Technology/2016/0331/Should-the-FBI-tell-Apple-how-it-cracked-the-iPhone
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe