Apple remains in the dark about how a federally contracted "outside party" believed to be Israeli mobile forensics specialists Cellebrite succeeded in circumventing the security protections in the iPhone 5C in order to hack into San Bernardino terrorist Syed Farook's phone. The government announced the successful hack on Monday without revealing how they did it or what they may have found, and as the AP reports, though some clues have emerged, Apple is calling on the government to cooperate as they've done in the past in revealing security flaws in software and tech devices so that they might be fixed.
The Justice Department vacated their suit against Apple on Monday saying that they had successfully accessed data on Farook's iPhone, ending a month-long tug-of-war that's re-sparked the national debate on personal privacy vs. national security and the War on Terror. Many legal scholars weighed in on the government's attempt to invoke the All Writs Act to override the 1994 Communications Assistance for Law Enforcement Act (CALEA), which states that the government can not "require any specific design of equipment, facilities, services, features or system configurations” from any phone manufacturer.
That precedent has yet to be set, however, as the AP notes, the government has previously set a non-legally-binding precedent of working more closely with technology companies when security flaws are discovered, in the interest of protecting the privacy of hundreds of millions of people.
From the AP story:
The FBI's announcement - even without revealing precise details - that it had hacked the iPhone was at odds with the government's firm recommendations for nearly two decades that security researchers always work cooperatively and confidentially with software manufacturers before revealing that a product might be susceptible to hackers.
The aim is to ensure that American consumers stay as safe online as possible and prevent premature disclosures that might damage a U.S. company or the economy.
As far back as 2002, the Homeland Security Department ran a working group that included leading technology industry executives to advise the president on how to keep confidential discoveries by independent researchers that a company's software could be hacked until it was already fixed.
The Office of the Director of National Intelligence in fact issued a statement in 2014 saying, "When federal agencies discover a new vulnerability in commercial and open source software... it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose."
So far neither the Justice Department nor the FBI is talking, but this is what we know so far: According to a "senior law enforcement official" who spoke to the AP, the hack related to the iPhone's protection against "brute force" password entry software, allowing the government to enter more than 10 incorrect passwords without having data on the phone deleted, and without the increasing time delays between password entries. The FBI previously said that with those features removed, they could break into an iPhone in 26 minutes.
Given the contentiousness of this legal drama, it seems unlikely that the FBI is going to turn around and share information with Apple.
Also, as Wired notes today, this only the marks the beginning of what's likely to be a tense and ongoing "crypto war" between tech and the federal government. Apple has already promised a new version of iPhone software that will make it "impossible" to hack into in the future. And the Farook case has only "reminded anyone with the slightest interest in the encryption debate that the stakes are real, and immediate."