Cybersecurity

FBI: Third-party hacking not a solution for locked iPhones

A top FBI official on Tuesday insisted law enforcement cannot rely on outside hackers to access data on locked phones.

“That certainly is one potential situation. But these solutions are very case-by-case specific,” said Amy Hess, the FBI’s executive assistant director for science and technology, during a House hearing.

{mosads}“They’re very dependent on the fragility of the system,” she added. “And also they’re very time intensive and resource intensive, which may not be scalable.”

The bureau recently turned to third-party hackers to help access an iPhone used by one of the shooters in last year’s San Bernardino, Calif., terrorist attacks.

The outside assistance allowed the government to drop a court order directing Apple to help investigators hack into the phone.

The outcome has led to calls that the FBI should approach other locked phones in a similar fashion. Instead of waging contentious and protracted legal battles with tech giants, some believe the bureau’s efforts would be better spent searching for hacking methods that don’t require a company’s assistance.

“Do you think it’s a good policy to follow?” asked Rep. Diana DeGette (D-Colo.), the top Democrat on the House Energy and Commerce Committee subpanel holding Tuesday’s hearing.

“I do not think that should be the solution,” Hess responded.

DeGette agreed, but she pressed Hess about developing better in-house hacking expertise so the agency doesn’t have to turn to third-party hackers.

Hess noted that such specific hacking solutions “require a lot of highly skilled special resources that we may not have available.”

“Can we develop those?” DeGette asked.

“No ma’am, I don’t see that as possible,” Hess replied.

But on a second panel at the hearing, several top cybersecurity specialists said that with the proper resources, the FBI could bolster its internal hacking skills.

“It requires enormous resources,” said Matthew Blaze, a leading cryptographer and a professor of computer science at the University of Pennsylvania’s School of Engineering and Applied Science.

And at current funding levels, he added, “I think it’s likely they don’t have the ability.”

But Blaze and other security specialists agreed the FBI could get there.

“They certainly should have the resources,” said Daniel Weitzner, a former top White House cyber official and current head of the MIT Cybersecurity and Internet Policy Research Initiative.

“The key question is whether they have the personnel,” he added. “I think they can.”