There is no other way to put it.
The recent federal court ruling in favor of the FBI regarding the Bureau's hacking of San Bernardino shooter Syed Farook is a big win for the government for its agenda and interests when it comes to information security.
To give some context, as part of the investigation into the San Bernardino shooting in December of 2015, the FBI confiscated Farook’s iPhone and requested from Apple a backdoor program with which they could access personal information in the device. Investigators claimed that information contained on the phone could be vital for the investigation, not to mention national security, such as contacts with links to terror groups.
Apple on its part refused, claiming that such an action would create a bad precedent, and undermine its commitment to customers privacy. After an aggressive back and forth, the FBI withdrew its request and stated that it had found other means with the help of an “outside party” - possibly an Israeli cyber firm - through which to access the device.
After the FBI announced they had successfully broken into the iPhone, there were immediate demands from both Apple and private media to reveal the methods through which the device was accessed. The Associated Press, USA Today, and Vice Media all sued the FBI last year under the Freedom of Information Act (FOIA), with the claim that the public had the right to be informed how taxpayer money was being spent by the agency.
The suit reached the Federal District Court of Washington DC, and finally, a recently released ruling decided that the FBI was not required to disclose its methods. According to the court, divulging the information “reasonably could be expected to result in damage to the national security, which includes defense against transnational terrorism.”
The ruling also means that the Bureau was not obligated to reveal the identity of the firm hired to help with the hack. The presiding judge felt that revealing the identity could put the firm at risk of malicious actors seeking to gain access to the company’s assets and capabilities. As the ruling states: "It is logical and plausible that the vendor may be less capable than the FBI of protecting its proprietary information in the face of a cyber attack."
In summary, the FBI does not have to reveal anything about its investigation.
The significance of this legal win for the government goes to the heart of the debate on government intrusion into private user information.
True that in this case there was no actual hacking of a private citizen. The phone had become the property of the US government upon being collected during the investigation. But the fact remains, that the government did create for itself a tool that could potentially access the private information of millions of Americans. The recent ruling essentially means that they are allowed to keep the vulnerabilities exploited for the hack, a secret from the public.
With Congress in a frenzy over recent security breaches, and efforts coalescing to produce legislation to counter threats, the ruling certainly strengthens the government’s position that it has a prerogative when it comes to information security.