How exactly the FBI was able to unlock the iPhone used by one of the San Bernardino shooters remains a mystery to the public, but investigators have offered to disclose their technique to some top members of Congress.
Sen. Dianne Feinstein of California, the Intelligence Committee’s top Democrat, told National Journal this week that the FBI explained to her how agents were able to access the contents of the phone that was at the center of a high-profile court fight. Intelligence Committee Chairman Richard Burr, a North Carolina Republican, said he has been in touch with the FBI, but hasn’t learned about its technique yet. “I have been offered [a briefing], but I haven’t taken it,” Burr said.
Jack Langer, a spokesman for the House Intelligence Committee, declined to say whether the FBI has briefed any House members on the issue. The FBI, the National Security Agency, and other intelligence agencies routinely provide classified briefings to the intelligence committees, but other lawmakers can have limited access to the information.
Although the FBI has been reaching out to members of Congress to discuss the secretive technique, both Feinstein and Burr argued that Apple should remain in the dark. “I don’t believe the government has any obligation to Apple,” Feinstein said in a separately emailed statement. “No company or individual is above the law, and I’m dismayed that anyone would refuse to help the government in a major terrorism investigation.”
But Apple is pressing the FBI for more information, fearing that there could be a flaw in the iPhone’s security, leaving it vulnerable to criminal hackers.
Joe Hall, the chief technologist for the Center for Democracy and Technology, a digital-rights group, argued that the government should “disclose vulnerabilities as quickly as possible to the people who can fix them.”
“The FBI and Apple fundamentally have the same mission here: to protect people,” he said.
Syed Farook, who along with his wife killed 14 people in California, used an iPhone 5C, a relatively unpopular model, and it’s unclear whether the FBI’s technique would work on other versions.
The Obama administration has recognized that it is often in the public interest to help companies bolster the cybersecurity of their products, and in 2010, the White House created a system called the “Vulnerabilities Equities Process” for disclosing security flaws to companies.
But the process allows the government to weigh the benefits of disclosing the glitch against the harm to law enforcement or intelligence investigations. And after a contentious legal showdown, the government may be reluctant to do anything that will make it harder to crack the security of Apple devices. Justice Department lawyers had asked a federal judge to order Apple to help unlock the device, but they pulled their request just the day before a crucial court hearing when they said they had discovered another way of getting into the device on their own.
In a public discussion at a privacy conference on Tuesday, James Baker, the FBI’s general counsel, declined to say whether investigators have obtained any useful information from the iPhone.
In the wake of the court fight, Feinstein and Burr are putting the final touches on a bill to ensure the government can access encrypted data. They could unveil the legislation as soon as this week, they said.
The measure is likely to face fierce resistance from civil liberties advocates. Hall said he has not seen a copy of the bill yet, but that anything requiring companies to build “backdoors” into their products would severely undermine cybersecurity and empower hackers. “Anything with a backdoor is not secure,” he said.
In a speech last week, Sen. Ron Wyden, an Oregon Democrat and leading privacy advocate, said he would use “every power I have as a senator to block plans to weaken strong encryption.”
Keith Chu, a spokesman for Wyden, said that although the senator is a member of the Intelligence Committee, he has not yet been briefed on how the FBI hacked the device.
What We're Following See More »
Congress voted 258-159 to "free thousands of small and medium-sized banks from strict rules enacted as part of the 2010 Dodd-Frank law to prevent another meltdown." The regulatory rollback, which passed the Senate earlier this year, frees banks with less than $250 billion in assets "from a post-crisis crackdown that they have long complained is too onerous." These banks "will no longer be required to undergo 'stress tests' aimed at measuring their ability to withstand a severe economic downturn."