Tuesday, March 29, 2016

FBI Breaks into iPhone. We Have Some Questions. | Electronic Frontier Foundation

Check the full post for more details; also see Apple Says the San Bernardino iPhone Case 'Should Never Have Been Brought' (Gizmodo)
"In addition, this new method of accessing the phone raises questions about the government’s apparent use of security vulnerabilities in iOS and whether it will inform Apple about these vulnerabilities. As a panel of experts hand-picked by the White House recognized, any decision to withhold a security vulnerability for intelligence or law enforcement purposes leaves ordinary users at risk from malicious third parties who also may use the vulnerability. Thanks to a lawsuit by EFF, the government has released its official policy for determining when to disclose security vulnerabilities, the Vulnerabilities Equities Process (VEP).

If the FBI used a vulnerability to get into the iPhone in the San Bernardino case, the VEP must apply, meaning that there should be a very strong bias in favor of informing Apple of the vulnerability. That would allow Apple to fix the flaw and protect the security of all its users. We look forward to seeing more transparency on this issue as well."
FBI Breaks into iPhone. We Have Some Questions. | Electronic Frontier Foundation

No comments: