FBI won't be forced to reveal San Bernardino iPhone hacking tool

A disclosure would allegedly invite retaliatory hacks.

Reuters/Stephen Lam

The Associated Press, USA Today and Vice News have failed in their attempt to reveal the hacking tool the FBI used to access San Bernardino terrorist Syed Farook's iPhone. Judge Tanya Chutkan denied their request in a summary judgment ruling issued late on September 30th, arguing that the risks involved in naming the vendor (and thus the tool) or the price paid are too serious to honor a Freedom of Information Act request. It would make the company a target for retaliatory hacks and exploits that it likely couldn't withstand, Judge Chutkan said, while the price would tell "adversaries" how readily the FBI can use the tool in the future.

She also rejected the argument that former FBI director James Comey's mention of a "very high" price equated to official disclosure that compelled a wider release. The information had to be more specific than that, according to the ruling. And while Comey noted that the tool was only effective against an iPhone 5c running iOS 9, the FBI could theoretically find a way to expand its usefulness or ask the developer to build a similar implementation. If the vendor is exposed, Judge Chutkan said, this could "hurt the FBI's future efforts to protect national security."

This isn't going to please privacy advocates concerned that the FBI has such power, especially as it might be maintaining this power solely through obscurity -- it might get into your phone only because an outside security researcher hasn't discovered the flaw yet. And is the theoretical future usefulness of the tool a good enough excuse to keep it under wraps? At the same time, it's hard to ignore the likelihood that any public disclosure would likely invite some kind of retaliation. The judge had to strike a difficult balance, and it's not necessarily clear that it's the right balance.