Apple-FBI Questions for Robert Knake
NPR reports that many questions remain after the FBI announced that it had, with the help of a third party, cracked the iPhone used by one of the San Bernardino shooters. NPR’s Renee Montagne talked to Robert Knake, former director of cybersecurity policy for the National Security Countil in the Obama administration, about the “complex relationships between technology companies, professional hackers and the government.
“We may be in a situation where, if the government does decide it wants to disclose this vulnerability, it may have to figure out how it can legally do that,” Knake says. “Does it have the right to disclose that or are those rights held by the company that discovered the vulnerability in the first place?” (NPR).
Below are some points made by Knake about the state of cybersecurity in the U.S. today.
- “What we’re seeing is sort of a trend away from sort of an old model, in which either government agencies had laboratories and they discovered these vulnerabilities or they would contract with a defense contractor like Lockheed Martin or Boeing to find the vulnerability. Now what we’re seeing are these third-party groups whose full-time job is to discover vulnerabilities that they can exploit and sell — sometimes back to the government, sometimes back to the companies that make the software, and then oftentimes on the black market or on the grey market to criminals or other intelligence agencies.”
- On the rate for buying a security vulnerability: “The reports coming out are that for past vulnerabilities in iOS they fetch upwards of a million dollars. There was a contest that was held by a third-party company to find a vulnerability and they offered that amount of money. … It’s hard to get data on what is going on in the black market, what is going on in the grey market and the amount law enforcement agencies pay for this kind of vulnerabilities is very hard to come by.”
- On federal officials’ decisions on revealing vulnerabilities that are known to the government: At the top of the Vulnerabilities Equities Process, you’ve got an equities review board, which is made up of senior members of every agency that might have an equity in this kind of case. So you would, for instance, have the FBI counterterrorism team advocating probably on behalf of retaining this vulnerability. On the other side of the FBI you’d have their counterintelligence team probably saying, “Hey, we’ve got to protect all those (iPhones) that have government information on them, we need to disclose this vulnerability to Apple (so they can patch it).”
When asked if he thinks that the public will ever know how the San Bernardino phone got unlocked, Knake says that normally he doesn’t believe the government would ever disclose more than what it knows to Apple, in which case the public would never know how it happened. However, because the case has become so public, it’s possible that the FBI may share more details than usual (NPR).
For now, we will have to wait and see how this new territory in cybersecurity negotiations will pan out.
If you or a family member are facing legal difficulties, please call us at 504-522-7260. We offer free initial consultations with our clients in mind.
See the full article here.