The FBI has promised to help local law enforcement authorities crack encrypted devices, in a letter that refers to the federal agency’s success in accessing the data on an iPhone 5c running iOS 9 that was used by one of the San Bernardino terrorists.
The agency did not, however, explicitly promise investigators that it would deploy the same tool, said to have been developed by an outside organization, on other iPhones.
The FBI had earlier demanded in court that Apple should assist it in its attempts to crack by brute force the passcode of the iPhone used by the terrorist, without triggering an auto-erase feature that could be activated after 10 unsuccessful tries.
It changed its stance and informed the court that it was trying out a technique from an external organization that could possibly help it access the data on the phone. It later informed the court that it was able to access the data on the phone and that Apple’s help would not be required. The order on Apple was vacated by the U.S. District Court for the Central District of California last week.
The FBI did not disclose in court the method it had used to access the data and whether it was device specific or could be used on other iPhones.
The letter by the FBI to local investigators appears to be a response to requests for help from local agencies after the hack of the phone used by the San Bernardino shooter, Syed Rizwan Farook, but does not make commitments.
“We know that the absence of lawful, critical investigative tools due to the 'Going Dark' problem is a substantial state and local law enforcement challenge that you face daily,” according to a copy of the letter obtained by BuzzFeed News and some other news outlets. The FBI has previously said that even when law enforcement has the legal authority to intercept and access communications and information, backed by court orders, it faces a 'Going Dark' problem to technically access the data in motion or at rest in devices.
“As has been our longstanding policy, the FBI will of course consider any tool that might be helpful to our partners,” it added. “Please know that we will continue to do everything we can to help you consistent with our legal and policy constraints. You have our commitment that we will maintain an open dialogue with you. We are in this together.”
Apple had said that helping the FBI would require it to create a new version of the iPhone operating system that would weaken its security, besides being dangerous if such a method was out in the wild.
The FBI could not be immediately reached for comment on the letter.
Advocacy group Fight for the Future has argued that by not telling Apple about the hack, the FBI is putting lives at risk. “If they really care about public safety, they must disclose the vulnerability they used to Apple to prevent criminals, hackers, and terrorists from exploiting the same security flaw and using it to do harm,” it said in a statement last week.
The Electronic Frontier Foundation has recommended a "very strong bias" in favor of an FBI disclosure to Apple, citing the Vulnerabilities Equities Process, a government policy for disclosing security vulnerabilities.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.