FBI Explains Why It Won't Disclose How It Unlocked iPhone : All Tech Considered The agency says it doesn't have the rights to the technical details of the unlocking method, and so it can't submit it to a special review that would have determined whether Apple should be informed.
NPR logo FBI Explains Why It Won't Disclose How It Unlocked iPhone

FBI Explains Why It Won't Disclose How It Unlocked iPhone

FBI Director James Comey testifies March 1 before the House Judiciary Committee on the encryption of the iPhone belonging to one of the San Bernardino attackers. Nicholas Kamm/AFP/Getty Images hide caption

toggle caption
Nicholas Kamm/AFP/Getty Images

FBI Director James Comey testifies March 1 before the House Judiciary Committee on the encryption of the iPhone belonging to one of the San Bernardino attackers.

Nicholas Kamm/AFP/Getty Images

The FBI has officially decided it can't tell Apple how the agency hacked into the locked iPhone used by one of the San Bernardino attackers.

The FBI paid undisclosed professional hackers more than $1 million to get inside the locked and encrypted iPhone 5C through a previously unknown flaw in the software.

The agency has been weighing whether it would submit the details to a review process that helps decide whether software vulnerabilities known to the government should be disclosed to companies.

FBI science and technology chief Amy Hess said in a statement on Wednesday that the agency has determined it won't be able to submit the third-party iPhone hack to the review, called the Vulnerabilities Equities Process:

"The VEP cannot perform its function without sufficient detail about the nature and extent of a vulnerability.

"The FBI purchased the method from an outside party so that we could unlock the San Bernardino device. We did not, however, purchase the rights to technical details about how the method functions, or the nature and extent of any vulnerability upon which the method may rely in order to operate. As a result, currently we do not have enough technical information about any vulnerability that would permit any meaningful review under the VEP process."

This was exactly the kind of challenge predicted by Robert Knake, former director of cybersecurity policy for the National Security Council in the Obama administration, in his recent interview with NPR. Knake offered a detailed description of how the Vulnerabilities Equities Process works and suggested that intellectual property lawyers will in the future fight over whether hackers can own the rights to a vulnerability.