The FBI and Justice Department are debating whether the hacking tool that helped the bureau unlock the iPhone of one of the San Bernardino, California, terrorists can be used to help state and local law enforcement, officials said Friday.
That will be a challenge because the bureau has classified the tool, making it difficult to use in state and local criminal prosecutions requiring disclosure of evidence to defendants, officials said.
“There’s a desire to be forward-leaning to help state and local law enforcement,” said a senior law enforcement official, who, like others, spoke on the condition of anonymity to discuss an ongoing investigation. “But no one knows quite what the answer is.”
Moreover, the tool itself likely will have a shelf life of only a few months, as tech companies may find and fix the vulnerabilities that the tool exploits, and they periodically update the underlying software.
The firm that helped the bureau – not the Israeli company Cellebrite, as had been widely rumored – charged a one-time flat fee, officials said.
The bureau is not releasing the company’s name and has declined to discuss details of the solution. Officials last week said the approach was aimed at dismantling security features on the iPhone 5C to permit investigators to make many attempts to crack the pass code without wiping data from the device.
Since its announcement, the bureau has been peppered with inquiries from state and local law enforcement officials seeking to know whether the solution might be useful for their cases.
Manhattan District Attorney Cyrus R. Vance Jr. was among those who called. But, he said, he recognized that the solution itself may not be applicable to more than 200 iPhones that he has sitting in a crime lab and his technicians cannot unlock.
None is a 5C running iOS 9, which is the model and operating system of the phone used by Syed Rizwan Farook, who was killed by police in December after a shooting attack that claimed 14 lives.
“The overwhelming majority of criminal investigations stalled by default device encryption will remain so until Congress intervenes,” Vance said.
One-off technical solutions will result in a “cat-and-mouse cyber arms race” between the government and industry, he said in an interview. “I don’t think that’s the smart way to approach public safety or privacy policy.”
The classification of the method highlights a tension between criminal and national security cases in which the most sophisticated tools are not always available to law enforcement. Peter Modafferi, chief of detectives of New York’s Rockland County, said he does not fault federal authorities for keeping some of their tools on a high shelf. “That’s life,” he said. “The bureau goes out of its way to help us when they can, but there’s a difference between national security and local law enforcement.”
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.