FBI Director James Comey has revealed that the FBI purchased “a tool” from a private party to crack the San Bernardino iPhone, according to a report from CNN Money. Specifically, in formally announcing that litigation between the government and Apple has ended, Comey stated that “the government has purchased, from a private party, a way to get into that phone, 5C, running iOS 9.” Comey also added that he knows “a fair amount” about the people that the FBI purchased the tool from, that he has a “high degree of confidence that they are very good at protecting it,” and that the private party’s motivations align with those of the FBI. He also revealed that the tool purchased by the FBI only works on a “narrow slice of phones” that does not include the iPhone 5s or later models, possibly due to Apple’s new Touch ID and Secure Enclave architecture on those devices.
The FBI Director also noted that the government has not yet decided whether to reveal the details of the hack to Apple, as he assumes Apple will fix the vulnerability if it is revealed to them, and the FBI will be “back where we started from.”
In related news, Reuters reports that the White House has officially declined to offer any public support for new legislation that would allow judges to compel companies such as Apple to assist law enforcement in cracking encrypted data in cases such as the San Bernardino one. Sources familiar with the discussions indicate that the Obama administration remains “deeply divided on the issue,” despite comments by President Obama last month suggesting that he was warming up to the need for law enforcement agencies to be able to gain access to encrypted information on smartphones. Draft legislation from Senators Richard Burr and Dianne Feinstein, who sit on the Senate Intelligence Committee, will likely be introduced within the next week or so.
The new bill would give federal judges much broader authority to order companies to assist the government in encryption cases — however, it doesn’t provide any specific guidance on what companies could be compelled to do, circumstances under which compliance could be required, or even any specific penalties for non-compliance. While the White House has reviewed the bill and offered some feedback, sources suggest that it will provide “minimal public input,” likely due to the controversial nature of the bill. A White House spokesman declined to comment specifically on the legislation, pointing instead to White House press secretary Josh Earnest, who made a general statement on encryption legislation last month, specifically that the administration is “skeptical” of the ability of lawmakers to resolve the current debate due to their difficulty in tackling “simple things.”
.