The courts have ruled that the FBI can keep a tool it used to break into a terrorist’s iPhone a secret. The ruling came down late Saturday from Federal Judge Tanya Chutkan, of the US District Court for the District of Colombia. The ruling is the result of a lawsuit filed by several major news organizations. The lawsuit was aimed at getting the FBI to reveal details of the tool. The basis for the lawsuit is that public has a right to know about device vulnerabilities, and if they can be spied on.
How did this come about?
This ruling is the culmination of events that started with 14 people murdered in San Bernardino, CA in December of 2015. The murders, executed by cowards who I will not name, were ruled terrorism, and the FBI began an investigation. During this investigation the FBI retrieved one of the terrorists iPhone, but were unable to access it due to security features. The Feds turned to the devices manufacturer, Apple, for help unlocking the device. Apple, refused to cooperate, resulting in legal battle between the Feds and Apple. Eventually, this battle ended because the FBI found a way to gain access to the iPhone.
The FBI’s Secret Weapon
The FBI gained access to the IPhone by using a tool provided by a third-party vendor. The FBI repeatedly refused to provide details on how the tool works. It has also refused to offer details on what vendor provided the hack, or the price it paid for it. The the tool will only work on a small number of devices, specifically the iPhone 5C. This appears to be because the 5C does not have the “secure enclave” that the 5S and later have, according to ZDNet. The FBI told the court, however, that they are looking to increase the capabilities of the tool.
Several public statements by officials have included details of this tool. Regardless, the FBI has made the argument that the vendor, if known, could fall victim to a cyber-attack. Such an attack could expose critical information about the hacking tool. Additionally the FBI said that releasing the purchase price of the tool provides a finite price on the tool. The FBI says that this information could be used by adversaries to determine if the tool could be deployed “broadly”. The arguments on the side of the media companies are based on just that fact. They believe that the public has a right to know about the tool they should know scope of its capability to allow the FBI to break encryption. Additionally, if this is exploiting vulnerability, the public and security research’s need to know.
Where do we go from here?
The balance between the authorities need to know, and the right to privacy is often a very blurry line. It is nearly impossible to find a good balance in the digital age. The government, sometimes, does have a right and an obligation to investigate its citizens. The government may search those citizens and their property, in the course of those investigations. With modern encryption this is a difficult task. The problem with offering the government a master-key, so to speak, is that it has the potential for serious abuse. The government has a spotty record in this area. In addition, any method for deliberately allowing circumvention of protections, could allow a way in for malicious actors.
Impeding government investigations, is not a good thing. Terrorists and criminals lose their rights to privacy when they commit heinous acts. However, when the investigation calls for accessing secure data, privacy of innocent people is paramount. Allowing that access, without allowing abuse, is the question that we need to answer.