FBI's iPhone cracking software to remain a secret
Judge slaps down FOI request seeking to reveal details of San Bernardino iPhone hack
The FBI can keep secret the details of a hacking tool used to break into an iPhone last year, a court has ruled.
This is the final word in a long-running series of contentious legal battles over an iPhone 5c belonging to one of the terrorists who launched an attack on an office party in San Bernardino in December 2015, in which 14 people were killed.
The owner of the phone, Syed Farook, died alongside his wife in a shootout with police following the incident. The FBI then tried to access the phone, believing it to contain valuable information related to the case, but in the process managed to lock the device, meaning Apple engineers who were then called out were unable to do anything.
A court order was issued in an attempt to force Apple to develop a tool to unlock the phone, but the company refused to comply, arguing it would be set a dangerous precedent with regard to the security services' ability to override US citizens' right to privacy.
However, in early 2016 the FBI dropped the case, having found a third-party company that could crack into the iPhone without Apple's help, for the bargain price of $1.3 million (900,000).
In September that year, three media organisations the Associated Press, USA Today and Vice Media sued the law-enforcement agency under the US Freedom of Information Act to try and force it to reveal the name of the company that succeeded in cracking the device and how much exactly it paid for the service.
After a year of legal wrangling, US district court judge Tanya Chutkan has finally ruled the information is not covered by FOI requests, citing national security and the threat of cyber attacks against the unnamed third party, IBT reports.
"It is logical and plausible that the vendor may be less capable than the FBI of protecting its proprietary information in the face of a cyber attack," Chutkan said in her ruling. "The FBI's conclusion that releasing the name of the vendor to the general public could put the vendor's systems, and thereby crucial information about the technology, at risk of incursion is a reasonable one."
She added: "Releasing the purchase price would designate a finite value for the technology and help adversaries determine whether the FBI can broadly utilise the technology to access their encrypted devices.
"Since the release of this information might 'reduce the effectiveness of a critical classified source and method', it is reasonable to expect that disclosure could endanger national security."
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now