(Bloomberg) -- FBI officials have recommended against conducting a review to determine whether the vulnerability that was used to hack into a dead terrorist’s iPhone should be disclosed to Apple Inc., according to a person familiar with the matter.
The recommendation has been submitted to FBI Director James Comey for a final decision, after which it will be conveyed to the White House, said the person, who asked not to be identified before Comey acts.
A review would be conducted under a secret process developed by the Obama administration to determine if newly discovered software and hardware vulnerabilities should be disclosed to companies and the public so that they can be fixed. Called the equities review process, it would involve officials from multiple agencies.
The FBI may not even know enough technical details about the vulnerability to share it with a review board, Comey said Tuesday at a cybersecurity conference in Washington. The law enforcement agency bought the hacking tool used to get into the Apple phone from an entity it hasn’t named.
‘What Do We Know?’
"We are in the midst of trying to sort that out," Comey said. "That involves answering a key question, which is: What do we know about the vulnerability? And given that, is the process implicated? And that’s something that we’ve been sorting out the last couple of weeks."
Comey disclosed last week that the FBI paid more than $1.3 million to buy the hacking tool to access data on an encrypted iPhone used by Syed Rizwan Farook, who with his wife carried out a deadly December attack in San Bernardino, California. The bureau dropped a legal case compelling Apple to help unlock the phone after learning of the tool.
Although the FBI said the tool was used only to get into one phone, questions were raised about whether the vulnerability affected other devices and whether a review on its possible disclosure should be conducted.
Apple declined to comment on the FBI officials’ recommendation against reviewing the vulnerability and referred to past comments by company representatives.
Apple won’t sue the government to try to learn of the hacking tool, a company lawyer previously said. The company is confident that the vulnerability the government alleges to have found will have a short shelf life because the company will continue to improve phones and at some point any needed fix will get implemented, the lawyer said.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access