back to article FBI's iPhone paid-for hack should be barred, say ex-govt officials

The FBI's purchase of a hack to get into the San Bernardino shooter's iPhone should not have been allowed. That's according to a new paper from two former US government cybersecurity officials, Ari Schwartz and Rob Knake. In their paper [PDF] they dig into the current vulnerability equities process (VEP), disclosed in 2014, …

  1. Jack of Shadows Silver badge

    As they're finding out already in a pedophile case, the vulnerability will be disclosed during discovery so that criteria should be part of the process right there.

    1. Anonymous Coward
      Anonymous Coward

      Well if Herr Trump takes over there won't be a discovery phase at Gitmo for all the Muslims and then Democrats.

      1. Long John Baldrick

        Well if Herr Trump takes over there won't be a discovery phase at Gitmo for all Democrats and then the Muslims.

        FTFY

      2. Destroy All Monsters Silver badge
        Holmes

        Well if Herr Trump takes over there won't be a discovery phase at Gitmo for all the Muslims and then Democrats.

        Cheap liberal demagoguery.

        Is he going around threatening to FEMA-trail illegal undesirables and bleeding heart "bombing you hurts me more than it does you" Democrats?

        No he isn't.

        Though confused, guy's is probably less bad than Hillary, a rancid neocon zombie and pathological liar.

        1. Anonymous Coward
          Anonymous Coward

          >Though confused, guy's is probably less bad than Hillary, a rancid neocon zombie and pathological liar.

          A real shit sandwich either way around really.

        2. Anonymous Coward
          Meh

          illegal undesirables

          That would be the white Europeans then?

    2. Paul Crawford Silver badge

      Indeed the discovery phase and details of the data gathering are essential. After all, if the police have hacked in to my computer to gather evidence, how can the jury be sure they did not plant it there?

      I'm not saying such techniques should be banned, but there must be proper rules for the use and full traceability of the actions and method presented at the trial so both sides can be sure the evidence is valid.

  2. something_or_another
    Mushroom

    Good for both, Goose and Gander.....

    So, US citizens are authorized to use exploits against other US citizens - Glad to hear it. Time for some fun.

    1. Jeff Lewis

      Re: Good for both, Goose and Gander.....

      No.. government law enforcement agencies are allows - with a warrant - to use exploits in the process of investigating a crime - in very specific and controlled ways.

      But nice straw-man argument you've got going there. I recommend going out and testing in the real world.

      1. Mad Chaz

        Re: Good for both, Goose and Gander.....

        except we all know it'll never be properly controlled or follow due process from past experience.

  3. asdf Silver badge

    stupid government

    Real smart. One of the societies most dependent on technology and probably the most vulnerable as well, government thinks its a good idea to keep zero days secret to attack the bad guys because of course the bad guys will never learn or fight back. Yeah because asymmetric warfare in cyber space will go so much better for us than it does in real life.

    1. Anonymous Coward
      Anonymous Coward

      Re: stupid government

      Govt (like any big organization) is a confederation of tribes pursuing differing goals and frequently incoherent to the point of civil war and only ever united by an external threat like dropping budget cuts. So it may well be the stupidest thing all week for the nation but got a swell bonus for that team...

    2. a_yank_lurker Silver badge

      Re: stupid government

      Governments are often not much different from Mafia crime families. In fact, some Mafia families may be an improvement over many governments.

  4. Kanhef
    Black Helicopters

    Obvious loophole

    As long as they keep at least one ongoing investigation using a given vulnerability, it never has to be disclosed. If they're only using an exploit on one person, drag out that investigation until they can get another one started.

    1. Queasy Rider

      Re: Obvious loophole

      ...And just because the investigation using the exploit has finished, doesn't mean that the exploit couldn't or wouldn't be useful in any future investigations, so revealing the exploit would be shortsighted in the extreme.

  5. a_yank_lurker Silver badge

    Basic Problem

    The problem is too many TLA ferals want the ability to spy, thinking this is an excellent substitute for old-fashioned pavement-pounding while sitting the local donut shop. Two major problems with intercepts; context of the message and completeness of the message. There are numerous, well-known stories about intelligence information suffering from both. A good example of this is shown in the movie "Tora, Tora, Tora".

    1. Destroy All Monsters Silver badge
      Big Brother

      Re: Basic Problem

      A good example of this is shown in the movie "Tora, Tora, Tora".

      Some would say that said message was suspiciously delayed, and General Marshell suspiciously not on his post at the time, being out doing horseback riding in spite of being fully aware that the Japanes Embassy would deliver a certain note at 07:30 Hawaiian Time. Luckily the aircraft carriers were not in port, eh?

      Meanwhile, serious policing is serious: Dude Writes ‘ISIS Beer Funds!!!’ in Venmo Memo, Feds Impound His $42 Transfer

  6. Mahhn

    "is probably less bad than Hillary"

    Is the same as saying it's less bad to be hit by a car than a truck on the interstate while walking.

    Johnson is the only hope to keep these two greedy nut jobs out of office.

  7. JCitizen
    Big Brother

    BAAH!

    As long as they have permission from the courts, having an exploit doesn't bother me - this will motivate the OEMs to review their code better next time! I was dead set against forcing OEMs to put back doors in, or forcing them to crack the phone either; but HEY, if there is a discoverable exploit, they are at least doing us a favor by giving a heads up. I don't feel they need permission to keep it secret either. Did Bletchley Park tell the whole world about breaking the Enigma code? Of course not! That kind of competition, is fair in love and war!

  8. Anonymous Coward
    Anonymous Coward

    No problem

    I have no problem with the FBI or any other agency buying exploits, as long as agents do it with their own personal funds and don't get reimbursed.

    Maybe the reason they keep missing opportunities to stop the enemy is that their real investigatory skills have been allowed to atrophy, what with their leadership becoming so enamored of high tech tools that (falsely) promise "more for less". All of this is more about middle managers and government "executives" seeking to be heroes at budget time than a serious effort to get the job done.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019