The FBI could indeed be unable to provide Apple with the information required to patch the flaw in its iPhone 5c that allowed the bureau, or rather a team of “professional hackers,” to get into the San Bernardino suspect’s handset.
If the method remains undisclosed, then other iPhone 5c handsets remain vulnerable.
The reason? Well, according to Reuters (which in turn cites informtion provided by sources), the company hired by the FBI to get into the controversial iPhone 5c handset has “sole legal ownership of the method,” indicating that it’s more than likely Apple won’t be briefed on the flaw expoited to get into the smartphone’s software. The information also suggests that the method might remain private even from the U.S. government:
The White House has a procedure for reviewing technology security flaws and deciding which ones should be made public. But it is not set up to handle or reveal flaws that are discovered and owned by private companies, the sources said, raising questions about the effectiveness of the so-called Vulnerabilities Equities Process.
Before now, we’d heard that Apple isn’t planning on suing the FBI in order to discover the method, and at the same time, the bureau had faced criticism for withholding the information from Cupertino. Apple could patch the flaw, rendering other iPhone 5c handsets immune. But it needs more details before this can happen.
We indeed also heard that professional hackers, including at least one so-called “gray hat” hacker, had been employed by the FBI to get into the handset. Yet now, it seems, this group maintains ownership of the method in question, and isn’t going to unwillingly disclose it to any other group or individual.
About that encryption bill
In similar news today, the controversial encryption bill backed by two U.S. senators has been published as an official draft, The Verge reports. This bill, if passed, would force companies (including Apple) to decrypt data if commanded to by a judge. The published draft isn’t so different from the leaked version we told you about last week (as such, the current iteration remains “absurd” and technologically ignorant).
Significantly, however, one senator – Rob Wyden – has gone so far as to pledge a filibuster of the bill if it “reaches the Senate floor.” The news came in a pair of Twitter updates from the senator, in which he described the bill as threatening to “effectively outlaw tech that Americans use to protect themselves.”
If this dangerous anti-encryption legislation reaches the Senate floor, I will filibuster it. Period.
— Ron Wyden (@RonWyden) 13 April 2016
Of course, this kind of bill would force companies like Apple to decrypt user data if required to by court. Apple, for one, is completely against this kind of practice, and vehemently opposed the FBI’s request for it to unlock the San Bernardino suspect’s iPhone earlier this year. Many other companies in the technology industry (as well as countless members of the general public) supported Apple in its move.
We’ll keep you updated with further information as we receive it.