The FBI has officially decided it can’t tell Apple how the agency hacked into the locked iPhone used by one of the San Bernardino attackers.
The agency has been weighing whether it would submit the details to a review process that helps decide whether software vulnerabilities known to the government should be disclosed to companies.
FBI science and technology chief Amy Hess said in a statement on Wednesday that the agency has determined it won’t be able to submit the third-party iPhone hack to the review, called the Vulnerabilities Equities Process:
“The VEP cannot perform its function without sufficient detail about the nature and extent of a vulnerability.
“The FBI purchased the method from an outside party so that we could unlock the San Bernardino device. We did not, however, purchase the rights to technical details about how the method functions, or the nature and extent of any vulnerability upon which the method may rely in order to operate. As a result, currently we do not have enough technical information about any vulnerability that would permit any meaningful review under the VEP process.”
This was exactly the kind of challenge predicted by Robert Knake, former director of cybersecurity policy for the National Security Council in the Obama administration, in his recent interview with NPR. Knake offered a detailed description of how the Vulnerabilities Equities Process works and suggested that intellectual property lawyers will in the future fight over whether hackers can own the rights to a vulnerability.