The FBI has officially decided it can't tell Apple how the agency hacked into the locked iPhone used by one of the San Bernardino attackers.

The FBI paid undisclosed professional hackers more than $1 million to get inside the locked and encrypted iPhone 5C through a previously unknown flaw in the software.

The agency has been weighing whether it would submit the details to a review process that helps decide whether software vulnerabilities known to the government should be disclosed to companies.

FBI science and technology chief Amy Hess said in a statement on Wednesday that the agency has determined it won't be able to submit the third-party iPhone hack to the review, called the Vulnerabilities Equities Process:

"The VEP cannot perform its function without sufficient detail about the nature and extent of a vulnerability.

"The FBI purchased the method from an outside party so that we could unlock the San Bernardino device. We did not, however, purchase the rights to technical details about how the method functions, or the nature and extent of any vulnerability upon which the method may rely in order to operate. As a result, currently we do not have enough technical information about any vulnerability that would permit any meaningful review under the VEP process."

This was exactly the kind of challenge predicted by Robert Knake, former director of cybersecurity policy for the National Security Council in the Obama administration, in his recent interview with NPR. Knake offered a detailed description of how the Vulnerabilities Equities Process works and suggested that intellectual property lawyers will in the future fight over whether hackers can own the rights to a vulnerability.

Copyright 2016 NPR. To see more, visit NPR.

300x250 Ad

300x250 Ad

Support quality journalism, like the story above, with your gift right now.

Donate