News: Privacy advocates hail ‘win’ for security as FBI drops Apple iPhone hack court case.
The FBI has dropped its court battle against Apple after a third-party provided a means to hack into the San Bernandino killer’s iPhone.
"The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court’s Order Compelling Apple Inc. to Assist Agents in Search dated February 16, 2016," wrote Eileen M. Decker, US Attorney.
The US security agency had been set to face Apple in a court hearing aimed at compelling the technology company to create software to allow the iPhone of Syed Rizwan Farook to be unlocked.
A judge had ordered Apple to produce a version of its operating system that would allow the FBI to bypass password protection.
However, the company firmly resisted, appealing the case on the grounds that it violated the trust of customers.
While the FBI cited an unnamed third party as the source, the Yedioth Ahronoth newspaper reported that Israeli mobile forensics company Cellebrite had unlocked the iPhone for the FBI.
According to the website iPhoneHacks.com, the FBI paid Cellebrite $15,000 the day before the FBI and Apple court hearing was scheduled.
Overall, this is a victory for Apple, as it has not been forced to weaken its security at the expense of its customers.
David Kaye, UN Special Rapporteur on freedom of opinion and expression tweeted that "this ‘win’ for #DoJ/#FBI is specific. broadly, digital security wins."
Edward Snowden, who became a fugitive from the United States government after disclosing the extent of the National Security Agency’s spying, criticised the FBI for its "dishonesty" in claiming that it had no way to hack into the phone.
He wrote on Twitter: "please remember that government argued for months that this was impossible, despite expert consensus."
It is unclear what steps the FBI will now take, and whether it will disclose the vulnerability that was used to hack the phone to Apple or to the general public.
In a blog about the Heartbleed vulnerability on the White House website, Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, indicated that decisions to disclose vulnerabilities to the public were made on a case-by-case basis, but that most of the time vulnerabilities were disclosed.
"This administration takes seriously its commitment to an open and interoperable, secure and reliable Internet, and in the majority of cases, responsibly disclosing a newly discovered vulnerability is clearly in the national interest," Daniel wrote.
However, he added that "the trade-offs between prompt disclosure and withholding knowledge of some vulnerabilities for a limited time can have significant consequences.
"Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack stop the theft of our nation’s intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks," he wrote.
Bruce Schneier, cyber security expert and CTO of Resilient Systems, said that a key question remained over which vulnerabilities actually went through this assessment process, known as the ‘vulnerability equities process’.