“Someone outside the government, in response to that attention, came up with a solution, one that I am confident will be closely protected and used lawfully and appropriately,” Comey said, adding that the government “purchased” the tool. Apple has so far not been told by the government how it managed to get past the iPhone’s safeguards, leaving the company with a very public hole in its security.
Federal agencies do have a non-binding process used when reviewing whether or not a newly discovered security flaw should be revealed to technology companies. Intelligence agencies, criminals, and hackers all value these so-called “zero days” for the access they can provide to software and devices.
“We’re having discussions within the government about, OK, so should we tell Apple what the flaw is that was found. That’s an interesting conversation, because we tell Apple, they’re going to fix it, and then we’re back where we started from,” Comey said.
“As silly as that may sound, we may end up there, we just haven’t decided yet.”
“If we decide not to disclose it to Apple, it’s still quite perishable and it will disappear if Apple changes its software in some way,” Comey said of the technique in response to a question. “It will also disappear if we use it in a criminal case and then it has to be disclosed.”
While the government’s case against Apple in California was dropped at the end of March, the discussion around encryption and security has continued. A spokesman for Senator Dianne Feinstein confirmed to NBC News on Wednesday that the lawmaker had received a briefing on the FBI’s technique, but did not provide any other details.
“I don’t believe the government has any obligation to Apple,” Feinstein said in a statement shared by her office. “No company or individual is above the law, and I’m dismayed that anyone would refuse to help the government in a major terrorism investigation.”
Feinstein and Senator Richard Burr are expected to introduce an encryption bill as soon as this week. The popular messaging service WhatsApp, which is owned by Facebook and has 1 billion users worldwide, enacted “end-to-end” encryption on Tuesday, meaning that only the sender and a receiver of a message can see what is said.
Comey has been at the head of a group of law enforcement officials that has raised concerns about criminals and terrorists using encryption and other technology to “go dark” — a position that has been criticized by technologists and privacy advocates.
“What if law enforcement had a phone owned by somebody that abducted your sister? Or a phone used by a suicide bomber who blew up the train station in your home town?” Comey said on Wednesday.