FBI's iPhone cracking software to remain a secret
Judge slaps down FOI request seeking to reveal details of San Bernardino iPhone hack
The FBI can keep secret the details of a hacking tool used to break into an iPhone last year, a court has ruled.
This is the final word in a long-running series of contentious legal battles over an iPhone 5c belonging to one of the terrorists who launched an attack on an office party in San Bernardino in December 2015, in which 14 people were killed.
The owner of the phone, Syed Farook, died alongside his wife in a shootout with police following the incident. The FBI then tried to access the phone, believing it to contain valuable information related to the case, but in the process managed to lock the device, meaning Apple engineers who were then called out were unable to do anything.
A court order was issued in an attempt to force Apple to develop a tool to unlock the phone, but the company refused to comply, arguing it would be set a dangerous precedent with regard to the security services' ability to override US citizens' right to privacy.
However, in early 2016 the FBI dropped the case, having found a third-party company that could crack into the iPhone without Apple's help, for the bargain price of $1.3 million (900,000).
In September that year, three media organisations the Associated Press, USA Today and Vice Media sued the law-enforcement agency under the US Freedom of Information Act to try and force it to reveal the name of the company that succeeded in cracking the device and how much exactly it paid for the service.
After a year of legal wrangling, US district court judge Tanya Chutkan has finally ruled the information is not covered by FOI requests, citing national security and the threat of cyber attacks against the unnamed third party, IBT reports.
"It is logical and plausible that the vendor may be less capable than the FBI of protecting its proprietary information in the face of a cyber attack," Chutkan said in her ruling. "The FBI's conclusion that releasing the name of the vendor to the general public could put the vendor's systems, and thereby crucial information about the technology, at risk of incursion is a reasonable one."
She added: "Releasing the purchase price would designate a finite value for the technology and help adversaries determine whether the FBI can broadly utilise the technology to access their encrypted devices.
"Since the release of this information might 'reduce the effectiveness of a critical classified source and method', it is reasonable to expect that disclosure could endanger national security."
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now