In FBI hacks, tech firms get left in the dark as feds resist call to divulge secrets

Even when courts compel law enforcement agencies to reveal the ways they hack into technology products, it's criminal suspects — not the makers of hardware or software — who are most likely to learn the details. As Apple considers legal tactics that could force the FBI to share how it unlocked an iPhone belonging to one of the San Bernardino (CA) shooters, a federal court case in Washington illuminates how the judicial process can leave the tech world in the dark.

The case involves the Tor browser, which is popular among activists, dissidents, journalists — and those who want to mask their identities when surfing online. The FBI hacked the browser as part of a sweeping child pornography investigation that led to 1,300 suspects. In one of the cases, a judge has ordered that the FBI give defense attorneys details about the software flaw that allowed the FBI to identify suspect Jay Michaud of Vancouver (WA) whose prosecution has been at the forefront of the investigation. But prosecutors opposed the ruling in a heavily redacted document. They say the defense already has enough information to analyze the operation. And former federal prosecutors say disclosing the vulnerability takes away the ability to use the technique to nab more offenders. But technology developers and privacy activists fear that consumers' safety could be put at risk if the Tor issue turns out to be an unpatched bug. The tension will manifest in "much more litigation to understand the techniques used to capture individuals," said Michael Zweiback, an attorney at Alston & Bird and former chief of the Justice Department's cybercrimes section. The issue will not go away as the FBI's growing interest in probing the Internet for criminal activity will require using "techniques that are more proactive — that are recognized exploits — to get access to information," Zweiback said.