(Adds detail from Apple about other vulnerability disclosure)
By Dustin Volz and Mark Hosenball
WASHINGTON, April 26 (Reuters) - The FBI has provisionally decided not to share an iPhone unlocking mechanism used by a contractor to open the phone of one of the San Bernardino shooters because the agency does not own the mechanism, two U.S. government sources said on Tuesday.
The FBI is expected within days to write to the White House explaining why the agency cannot share the unlocking mechanism with other government agencies, Apple or other third parties, said the sources, who asked to remain anonymous.
Several U.S. government sources said the FBI contractor that unlocked the shooter’s phone was a foreign entity and did not give U.S. authorities details of the mechanism. Without that, the FBI could not share it even if it wanted to, sources said.
Reuters reported on April 13 that the unnamed contractor had sole ownership of the method it used, making it unlikely that the government could share it.
A day later, the FBI warned Apple of a separate flaw in its iPhone and Mac software, the company told Reuters on Tuesday.
It was the first time the government had alerted Apple to a vulnerability under a White House interagency procedure, known as the Vulnerabilities Equities Process, for reviewing technology security flaws and deciding which ones should be made public, the company said.
The FBI’s provisional decision means that the unlocking mechanism used on the San Bernardino iPhone will not be referred to the interagency procedure for review.
Earlier on Tuesday, FBI Director James Comey said his agency was assessing whether the mechanism would go through the review.
“We are in the midst of trying to sort that out,” Comey said.
Officials have said that the interagency review process leans toward disclosure of technological flaws. But it is not set up to handle or reveal flaws which are discovered and owned by private companies, sources have told Reuters.
Comey’s comments appeared to confirm the FBI did not own the method used to crack the county-owned work phone belonging to Syed Farook, who with his wife opened fire in December on a San Bernardino, Calif., holiday party, killing 14 and wounding 22.
The method instead belongs to a still-unidentified third party that the FBI said came forward due to the attention received from its public pursuit of a court order to compel Apple’s assistance in unlocking the phone.
Apple’s refusal to comply prompted a high-profile standoff and fueled a long-simmering debate over security, privacy and law enforcement access to encrypted technology.
The government withdrew its case after it said the hacking method worked. Comey has said the method works on a “narrow slice” of iPhone 5c devices running iOS 9.
An Apple senior executive told reporters earlier this month that it was confident the flaw used by the third party would have a “short shelf life” and be patched through the firm’s ongoing efforts to improve the security of its devices. (Reporting by Dustin Volz and Mark Hosenball in Washington, additional reporting by Joseph Menn in San Francisco; Editing by Kevin Drawbaugh, Cynthia Osterman and Bernard Orr)