FBI Couldn't Tell Apple What Hack It Used, Even If It Wanted To

An anonymous reader writes: The US Federal Bureau of Investigation doesn't own the technique used to unlock the San Bernardino iPhone, so it can't reveal the method to Apple even if it wanted to, Reuters reported, citing unnamed White House sources. The Washington Post reported yesterday, citing unnamed sources, that the FBI had paid a hacker a one-time fee to use a piece of hardware that allowed it to access the iPhone 5c belonging to one of the San Bernardino, California assailants. The vendor that supplied the hack is a non-US company, according to Reuters. But according to the Post report, it is not the Israeli firm Cellebrite, which had previously been named. The FBI would require the vendor's cooperation in order to submit the technique it used to Vulnerabilities Equities Process, a mechanism that allows the government to consider whether it should disclose security flaws to manufacturers. It's a move that mirrors Apple's own efforts to create security systems on its phones that even it wouldn't be able to crack, meaning it can't comply with a government order to hand over user data even if it wanted to.

Which lie did the FBI tell?

At least one of these things has to be false:

1) The FBI paid a hacker to unlock the phone and doesn't have access to the technique
2) The FBI is able to help local law enforcement unlock iPhones

Which of these is false? Assuming the FBI isn't going to foot the bill to pay a hacker each time local law enforcement wants an iPhone unlocked, these things are mutually exclusive. Which lie did the FBI tell?

And because the FBI lied, why should I have confidence in law enforcement at all? I understand that they may not want to disclose the details of an ongoing investigation, but that doesn't justify lying about things that don't have to be kept secret to preserve the integrity of the investigation.

But what about when they need it next time?

[um...+Lucas]

Certainly someone in government could reverse engineer the code to enable re-use?

Who would be the wiser? I mean besides defendants who suddenly start seeing the contents of their phones used as evidence against them in trial.

I mean, if the company that licensed the software to the FBI tried to force the them to reveal their decryption technique, could the FBI then argue that releasing such code into the wild could result in the widespread hacking of iPhones around the planet? You know, turn the tables a bit?

Can we trust what they found?

[wcrowe]

IANAL, but it seems like they would have a chain-of-evidence problem here or something like that. Let's imagine, instead of a phone, that the FBI wanted to unlock a safe. So they hire a safe cracker, and he says, "I'm going to unlock the safe, but you can't watch me do it." The safe cracker goes into the room, shuts the door. After a few minutes the safe cracker walks out and says, "It's all yours," wherein the FBI finds an open safe. But now we don't know what happened. Did the safe cracker take anything from the safe? Did he put anything in the safe? The FBI doesn't know for sure.

It seems like there could be a similar problem with the phone. If you don't know how it's done, then how do you know if what you see is what was really in the phone? Did the hacker put something in the phone? Did he take anything out? If there is evidence in the phone that says, for example, that Bob Loblaw was part of the conspiracy, can you trust that information?

Basically, it sounds like the FBI hired someone to make it rain. That person lit a fire, and did a little dance, and it rained. And now the FBI is saying, "Hey, we don't know what the guy did. We're just happy that it's raining."

Re:Can we trust what they found?

[Altus]

sure it might not be admissible but that wont stop them from creating warrantless wiretaps using the info found in the phone and then they can use evidence gathered there in court.

It should matter, but in this day and age,it really doesn't.

Re:how to stop the FBI from accessing your phone

Most Federal laws are not Mens Rea anymore; they are mostly Strict Liability. Add to this the fact that the Federal Government doesn't even know how many laws there are, and you get a situation where your ignorance of the law is a given and no excuse, and you don't even have to know what you were doing was wrong. Looks pretty bad for you doesn't it? But add to this situation the fact that the prosecutor/DA has total immunity for his actions and can get a grand jury to indict a ham sandwitch, and you've very likely broken three laws today without knowing it.

So what have we learned? You can't "stop breaking the law" and be safe. Your safety is purely due to the fact that no one in power in the Criminal Justice system has decided they want to prosecute you. As soon as they do, they'll go and look through all the records they've gathered about you, break into your phone, and find the laws you've broken and arrest you. You know they have a greater than 98% conviction rate, so you'll likely plea to something so you don't go to prison for the rest of your life.

Welcome to Soviet Amerika!