The FBI’s method for unlocking an iPhone belonging to one of the attackers in San Bernardino, California, would only work on a very “narrow slice” of devices, according to the bureau’s director. As a result, FBI Director James Comey said, he is confident that the tool would not help unlock newer phones.
Federal authorities have not revealed the outside group that helped them unlock the San Bernardino phone, a device at the center of a weeks-long fight between the FBI and Apple over balancing privacy and security. Nor have they said how this tool – which the FBI bought from an outside firm – let them access the phone.
(Also see: The Little-Known Firm Said to Be Helping the FBI Crack iPhones)
The FBI is still weighing whether to tell Apple about how they were able to unlock the phone, Comey said during a discussion Wednesday night at Kenyon College.
“We’re having discussions within the government about, okay, so should we tell Apple what the flaw is that was found?” Comey said. “That’s an interesting conversation because you tell Apple and they’re going to fix it and then we’re back where we started from.”
Comey said that it is possible that authorities will tell Apple, but “we just haven’t decided yet.”
Apple and the FBI had engaged in a lengthy war of words over the locked iPhone 5c belonging to Syed Rizwan Farook, one of the two shooters who killed 14 people and wounded 22 others during the Dec. 2 terrorist attack in San Bernardino.
The Justice Department obtained a court order telling Apple to help investigators access its contents by writing new software to sidestep a feature that would erase the phone’s data after 10 incorrect password attempts. Apple pushed back, arguing that if it was forced to help, it would open the floodgates for other requests that would chip away at the encryption used to protect personal data.
After a barrage of back-and-forth court filings, open letters, statements and responses, the Justice Department abruptly said an outside group had offered to help it access the phone without Apple’s help. Last week, the FBI said that the unspecified third party’s help had worked and they had “successfully accessed the data” on the phone.
While Comey did not disclose the outside group’s method in his remarks Wednesday, he said it would only be useful on a select type of devices – specifically, the iPhone 5c, an older model released more than two years ago.
“The world has moved on to [iPhone] 6’s,” Comey said. “This doesn’t work in 6s, this doesn’t work in a 5s. So we have a tool that works on a narrow slice of phones. . . . I can never be completely confident, but I’m pretty confident about that.”
(Also see: FBI’s iPhone Hack May Not Necessarily Crack Other Cases)
Comey did not seem concerned that the method for accessing Farook’s iPhone would be revealed by the outside group that helped them.
“The FBI is very good at keeping secrets, and the people we bought this from, I know a fair amount about them, and I have a high degree of confidence that they are very good at protecting them,” he said.
He only identified this group as “someone outside the government” and said “their motivations align with ours.”
A day before Comey spoke, FBI General Counsel James Baker said authorities were still analyzing the phone’s data and that it was “simply too early” to say whether the iPhone contained any useful information.
Baker also said it was not clear whether or when the bureau would reveal what was found on the phone, a decision that he said would only come after they finish analyzing its contents.
On Wednesday, Comey said authorities were still debating whether this tool could be used to help state and local law enforcement efforts.
However, such prosecutions would require the disclosure of evidence to defendants. Comey noted that even if the FBI decides not to tell Apple the method, if the tool is used in a criminal case and disclosed to defendants, it would be made public and Apple could update its software to patch whatever weakness is being exploited.
“It will disappear if Apple changes its software in some way,” Comey said.
Comey floated the possibility that a local police department could send the FBI a device to unlock with the idea that federal authorities would help but refuse to testify or reveal how they accessed the data. As a result, while local authorities would not be able to use the device’s contents as evidence in such a case, they could use it to find possible leads, Comey said.
So far, it appears the FBI’s tool could be of limited value in many cases. For instance, the office of Manhattan District Attorney Cyrus Vance Jr. – who has criticized tech firms in the encryption fight – said none of the 200-plus phones they have collected but cannot unlock are iPhone 5Cs.
Since the FBI accessed the San Bernardino phone, numerous media reports suggested that the bureau then agreed to help local prosecutors in Arkansas unlock two Apple devices in a murder trial. However, an FBI spokesman said last week that while the bureau was asked for its assistance – something that happens regularly – it did not know whether it would be able to help. The spokesman also said that the FBI’s response in that case was not related to the San Bernardino situation.
© 2016 The Washington Post