The company that the FBI used for help in unlocking the San Bernardino iPhone case has revealed that it has sole legal ownership of the approach used to unlock the iPhone. This makes it unlikely that the method will be disclosed to Apple or any other entity by the government, Obama administration sources said.
The White House claims it has a procedure where it reviews technology security flaws and decides which ones to publicize and which ones not to. It, however, is not set up to handle or even reveal flaws that are owned by private companies, which raises a question about the so-called Vulnerabilities Equities Process.
The VEP was created for the various government interests to debate what should be done with a given technology flaw, instead of leaving it in the hands of agencies such as the NSA, which prefer to keep the flaws a secret for later use.
The government was locked in a court battle with Apple, in an effort to force Apple to help it unlock the San Bernardino iPhone used by a terrorist. The court case ignited an international debate on data encryption, privacy, and security; that is still going on even after the FBI said they had found a way into the iPhone without Apple’s help.
The company that was able to get into the iPhone is a non-US entity that sources refused to identify. Sources also report that without co-operation from the company, the FBI cannot report the method to the Vulnerabilities Equities Process even if they wanted to.
The FBI might not even know how the process works according to Rob Knake, who managed the White House process last year before leaving.
In another separate New York case, the Justice Department is also trying to force the tech giant, to extract data from an iPhone 5s owned by a drug dealer.
The two court cases have brought up a conflicting debate on whether software security flaws should be kept secret by the government or disclosed to technology companies so they can fix them up.
Questions have been raised about Vulnerabilities Equities Process. Back in 2013, coordinator for the policy, Michael Daniel, said the process was reinvigorated though basic information as to which departments were involved was not disclosed. Daniel said that there were factors involved like how easy a flaw was to manipulate and how much danger it posed.