The FBI has made official its decision against submitting the method used to hack into a dead terrorist’s iPhone to a government review that would determine whether it should be shared with Apple Inc. or the public.
Although the FBI paid more than $1.3 million for the method, Amy Hess, the agency’s executive assistant director for science and technology, said Wednesday that it didn’t purchase the rights to the technical details and therefore doesn’t have the necessary information to submit the method for an Obama administration review known as the Vulnerabilities Equities Process.
"The FBI assesses that it cannot submit the method to the VEP," Hess said in a statement. "We do not have enough technical information about any vulnerability that would permit any meaningful review.”
The FBI has faced questions about whether it would submit the method for a review in which officials from multiple agencies determine whether newly discovered computer security flaws should be disclosed to companies and the public so that they can be fixed.
The law enforcement agency bought the hacking tool from an entity it hasn’t identified and then used it to access data on an encrypted iPhone used by Syed Rizwan Farook, who with his wife carried out a deadly December attack in San Bernardino, California. After learning of the tool, the bureau dropped a legal case that sought to compel Apple to help unlock the phone.
Agencies usually don’t comment on whether they submit vulnerabilities to the review process.
"We recognize, however, the extraordinary nature of this particular case, the intense public interest in it, and the fact that the FBI already has disclosed publicly the existence of the method," Hess said. "Accordingly, we determined that it was appropriate to communicate with the interagency group, as well as the public about this important issue."