For days, the tech media was mesmerized: Rumors were running amok about the mysterious third party that helped the FBI unlock the San Bernardino shooter's iPhone and one particular Israeli security company landed in the spotlight.
As weeks go by, the expectations that the third-party helper or its mysterious technique would be revealed are quickly declining. The theories, however, continue to ripple out.
The Washington Postthis week produced the latest:
"The FBI cracked a San Bernardino terrorist's phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter.
"...The people who helped the U.S. government come from the sometimes shadowy world of hackers and security researchers who profit from finding flaws in companies' software or systems."
The Post said that "at least one of the people who helped the FBI" was a so-called "gray hat" hacker — as opposed to "black hat" or "white hat," which mark the edges of the ethics spectrum — someone who digs up software security flaws and sells them to governments or to companies that make surveillance tools.
Reuters followed up with additional tidbits:
"The company that helped the FBI unlock a San Bernardino shooter's iPhone to get data has sole legal ownership of the method, making it highly unlikely the technique will be disclosed by the government to Apple or any other entity, Obama administration sources said this week.
"...The sources said the technology used to get into the phone was supplied by a non-U.S. company that they declined to identify."
OK, so it may or may not be several helpers. It may or may not involve semi-ethical professional hackers. It may or may not come from a foreign entity. Here's how FBI Director James Comey has described them on the record:
"The people we bought this from I know a fair amount about them," he said in a recent speech at Kenyon College, "and I have a high degree of confidence that they are very good at protecting it, and their motivations align with ours."
One thing that we've learned from Comey, too, is that the undisclosed technique used the iPhone 5C in San Bernardino does not work on newer phones. "This doesn't work on sixes, doesn't work on a 5S," he said in the speech. "So we have a tool that works on a narrow slice of phones."
And as Reuters reports, the FBI itself may not know the details of the technique, "just enough to determine that it worked." (And Apple lawyers have even questioned whether the tool has, in fact, worked.)
With that, we also don't know whether this tool can or will be applied to other investigations involving iPhones. After the flurry of publicized quests for help that followed the FBI's announcement of a successful iPhone hack, it's now far from clear that the tool can or is being used in other cases.
And finally, we have little insight into the value of the information discovered on the San Bernardino shooter's iPhone. The Washington Post, citing law enforcement officials, has reported that the content has indicated no links to foreign terrorists, but that investigators were still hoping that the data might yet help figure out what the terrorists did before and after the shooting.
San Bernardino Police Chief Jarrod Burguan previously told NPR, before the iPhone was unlocked, that there was "a reasonably good chance" that the phone would have "nothing of any value," but he explained: "This is an effort to leave no stone unturned in the investigation."
The issue of the scope of the government's ability to compel a tech company to assist with investigations continues to percolate in other parts of the country. Microsoft has sued the Justice Department over gag orders on searches of information stored in the cloud and a district court judge is weighing a dispute over another iPhone in New York.
"The government has utterly failed to satisfy its burden to demonstrate that Apple's assistance in this case is necessary," Apple wrote on Friday in the latest legal briefs in the New York case.
Apple's top lawyer, Bruce Sewell, FBI Executive Assistant Director for Science and Technology Amy Hess and several law enforcement officials and security experts are slated to testify in a new encryption hearing in Congress on Tuesday.
NPR's Aarti Shahani contributed to this report.
Copyright 2020 NPR. To see more, visit https://www.npr.org.