FBI Follows Apple's Example, Says It Doesn't Have iPhone Hack Info

FBI's assistant director says the agency doesn't have the information necessary to disclose how it hacked terrorist Syed Farook's iPhone, so it can't share it with Apple or the public.

FBI iPhone Hack 2

At first glance, it seems like a case of turnabout being fair play when the Federal Bureau of Investigation (FBI) announced on April 27 that it would not tell Apple how it got into terrorist Syed Farook's iPhone 5C, which was recovered by authorities following Farook's December killing rampage in San Bernardino, Calif.

After all, the wording used by FBI Executive Assistant Director Amy Hess seems similar to how Apple said it couldn't help the FBI in the first place.

In a statement provided to eWEEK by the FBI National Press Office, Hess, who is the executive assistant director for Science and Technology, said the agency has determined it cannot submit the method used to the Vulnerabilities Equities Process (VEP), a method sponsored by the White House to allow federal agencies to tell technology makers about vulnerabilities uncovered during the course of their activities.

The VEP is itself classified, but the Electronic Frontier Foundation was given a redacted version as part of a Freedom of Information Act request.

"The VEP is a disciplined, rigorous and high-level interagency decision-making process for vulnerability disclosure that helps to ensure that all of the pros and cons of disclosing or not disclosing a vulnerability are properly considered and weighed. By necessity, that process requires significant technical insight into a vulnerability," Hess said in her statement.

The FBI can't provide the required information to the VEP because it doesn't actually have the information it would be required to submit, according to the agency. While this might sound like the FBI is pulling a fast one, it's probably true.

Note that a few days ago, FBI Director James Comey told an audience that his agency had hired a company to retrieve the information at a cost of more than he'd make in the rest of his time at the FBI.

If you multiply his $182,000 per-year salary by the seven years he has remaining in his appointment, the cost to the FBI is at least $1.3 million. Let's face it, when a company can pull down well over a million bucks in a single job, it's not going to give away the details.

So it's highly likely that the FBI had to sign a non-disclosure agreement. While the agency didn't spell this out, it was clear in Hess' statement. "The FBI assesses that it cannot submit the method to the VEP. The FBI purchased the method from an outside party so that we could unlock the San Bernardino device," Hess explained.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...