X

FBI doesn't have to reveal iPhone hack details, judge rules

Agency doesn't have to name the vendor that helped hack iPhone from San Bernardino attack, judge rules.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
CNET

The FBI doesn't have to identify the company it contracted with to hack an iPhone used by one of the terrorists involved in the 2015 mass shooting in San Bernardino, California, a federal judge ruled Saturday.

Three news organizations sued the FBI a year ago under the Freedom of Information Act to learn the name of the company it hired to hack into the iPhone 5C or how much it paid that vendor. But US District Court Judge Tanya Chutkan ruled Saturday that information is exempt from mandatory disclosure under the government transparency law.

The iPhone was at the center of a legal back-and-forth between the government and Apple last year after the December 2015 attack that left 14 people dead. The government wanted Apple to write new software that would unlock the phone and make its data readable. Apple refused, saying that weakening the encryption would potentially leave other iPhone users at risk.

Watch this: FBI's iPhone hack raises troubling questions

The lawsuit against the FBI was filed by the Associated Press, Vice and Gannett, the parent of national newspaper USA Today. The three news organizations sought details about the hacker the FBI used and associated costs. The FBI reportedly refused to provide that information to the organizations under the Freedom of Information Act.

In the lawsuit complaint, the news organizations argued the public has a right to know how the government spent taxpayer funds to obtain the hacking technique. They also argued that the existence of a secret flaw in the iPhone could leave the public in danger.

Chutkan said the the vendor's networks are not as sophisticated as the FBI's and releasing its name could put the company at greater risk of being hacked itself.

"It is logical and plausible that the vendor may be less capable than the FBI of protecting its proprietary information in the face of a cyberattack. The FBI's conclusion that releasing the name of the vendor to the general public could put the vendor's systems, and thereby crucial information about the technology, at risk of incursion is a reasonable one," the judge wrote.

Solving for XX: The industry seeks to overcome outdated ideas about "women in tech."

Special Reports: All of CNET's most in-depth features in one easy spot.