A District of Columbia court ruled that the FBI can keep secret the name and vendor of a hacking tool it used to break into the iPhone of the San Bernardino shooter, Rizwan Farook.
The decision came in a lawsuit filed by a trio of news agencies formed by the Associated Press, Vice News, and USA Today.
The three filed a lawsuit against the FBI in September 2016 in an attempt to find out more details about the tool the FBI used to hack the shooter’s phone after previous FOIA requests were heavily redacted and included little to no information.
3 news agencies sue FBI for information on hacking tool
The events around this case were triggered by the San Bernardino mass shooting that took place in December 2015, during which Farook and his wife Tashfeen Malik killed 14 and injured 22 other.
The case got international media attention when the FBI asked Apple for help to search the shooter’s iPhone, which was locked and encrypted. Apple refused fearing it would set a dangerous legal precedent that US authorities could use in the future.
The FBI and the DOJ sued Apple, trying to force the company into aiding its investigators, but the two dropped their case after public backlash.
A few weeks later, the FBI announced it bought a hacking tool from an unnamed software vendor that allowed investigators to break into Farook’s iPhone 5C. Authorities refused to disclose any information about this tool, but FBI Director James Comey later said the Agency paid $900,000 for the tool.
Judge tries to protect hacking tool’s vendor
In a court decision published on Saturday, a judge sided with the FBI and allowed it to keep secret details about the hacking tool it purchased in the spring of 2016.
The judge agreed with the FBI, which cited national security concerns, fearing foreign intelligence agencies might get an insight into the FBI’s capabilities.
In addition, the judge also said it did not want to paint a target on the back of the hacking tool’s supplier, which would no doubt become a target of cyber-attacks.
Revealing the name of the company or any details about the hacking tool might allow foreign actors to piece together information about the vendor’s identity and launch cyber-attacks in an attempt to obtain a copy. The judge sided with the FBI’s assessment that the vendor was not technically equipped to handle such cyber-attacks and anonymity is needed to protect the company’s network.