FBI Might Not Tell Apple How It Cracked the iPhone
The FBI has found its way into the iPhone used by San Bernardino attacker Syed Farook. But that doesn’t mean it has to share how it did so.
Speaking to Ars Technica during a conference call on Monday, an unidentified federal law enforcement official said that he or she could not “comment on the possibility of future disclosures to Apple (AAPL)” in response to a question of whether or not it would inform the iPhone maker how it cracked Farook’s smartphone.
Without saying it outright, the agency official implied that the Justice Department will decide for itself if it would tell Apple how it obtained access to Farook’s data. Even if the law enforcement agency does open up talks with Apple, the FBI can share whatever it wants—and hold back everything else.
As Ars Technica noted, the comment is eerily similar to a blog post published on the White House’s website in 2014 by Michael Daniel, cybersecurity coordinator and special assistant to the President. In that post, Daniel outlined how the government goes about disclosing vulnerabilities it discovers in products. Although one would think that the government would disclose any serious vulnerability, Daniel argued that at least in some cases, such a move could be a mistake.
Get Data Sheet, Fortune’s technology newsletter.
“There are legitimate pros and cons to the decision to disclose, and the trade-offs between prompt disclosure and withholding knowledge of some vulnerabilities for a limited time can have significant consequences,” Daniel wrote. “Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack stop the theft of our nation’s intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks.”
Daniel’s argument is perhaps understandable. If the U.S. government, in connection with a criminal investigation, has found a way to obtain data and infiltrate a possible threat, leaking it to the public would effectively eliminate its opportunity to thwart the attack. Still, not telling the public about a vulnerability leaves people in danger.
“Building up a huge stockpile of undisclosed vulnerabilities while leaving the Internet vulnerable and the American people unprotected would not be in our national security interest,” Daniel wrote, reassuring the public. “But that is not the same as arguing that we should completely forgo this tool as a way to conduct intelligence collection, and better protect our country in the long-run.”
For Tim Cook’s take on Apple vs. FBI, watch:
The Justice Department has been noncommittal over disclosing how it obtained access to the iPhone 5c used by Farook. In a court filing, the Justice Department noted only that it no longer needs Apple’s help and will drop the case it brought against the company, attempting to compel the tech giant to develop software that would crack the iPhone’s security measures.
“The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple,” the Justice Department said in its filing.
All along, Apple has been staunchly supporting privacy and data protection, arguing that it’s incumbent upon the company to protect all users’ information. The company also previously told a U.S. judge in a separate lawsuit that security updates available in iOS 8 and higher would make it practically “impossible” to hack its device and take data.
Now that it’s been proven wrong, Apple may have no choice but to ask for the data. If nothing else, asking for the method shows that Apple will try to patch whatever hole used by the FBI and its unidentified third-party helper.
In a conference call last week with reporters, Apple reportedly told AppleInsider that if the FBI succeeded in obtaining access to Farook’s data, it would indeed ask what method was used. Considering Apple would likely find a way to patch that vulnerability, it’s entirely possible that this time, the FBI won’t comply with Apple’s request, leaving the parties once again at an impasse.
At that point, Apple could be left with no options. Then again, reports abound that the third-party company the FBI has partnered with to hack Farook’s iPhone is Israel-based forensic-security firm Cellebrite. Considering Apple has boatloads of cash, what’s stopping the company from acquiring Cellebrite to bolster its security, find out its tricks, and use that expertise to its own advantage? Apple hasn’t said it has plans to acquire such a company, but if it’s really hungry for the method—and it wants to address its security black eye—making such a move wouldn’t be a bad idea.
Neither Apple nor the Justice Department immediately responded to a request for comment.