>>https://news.yahoo.com/u-expected-withdraw-legal-action-against-apple-usa-213832065--finance.html
>>
>>So the U.S. Justice Department said it successfully accessed data stored on an encrypted iPhone used by one of the San Bernardino shooters. So now what happens? It sounds to me like they've discovered a zero day exploit of some kind - which a a hole in the iPhone security. Does this mean that now the government has to tell Apple how they did it?
>
>I don't think that's the most important question. Imagine if you were a judge (or DA/prosecutor for that matter) and the FBI or Justice Department came up and said "We want to arrest John Doe because according to the encrypted phone we broke into he's an accomplice". In that position I would want confirmation from a trusted 3rd party (Apple or ?) that the information obtained is what was actually on the phone, and was not manufactured.
>
>That trusted third party would need to be able to reproduce the steps taken, in order to make that confirmation.
>
>Actually, it runs deeper than that - if the feds unlocked it there's nothing stopping them from modifying its contents after doing so. So, for the confirmation to be meaningful it would need to be against a certified copy of the phone's encrypted contents prior to any hack attempts.
>
>My understanding is digital forensics protocols should be well enough developed to handle this sort of scenario but given the hiccups so far it wouldn't surprise me if chain-of-custody or other issues arise.
>
>One might think the above is pretty onerous but the alternative i.e. no confirmation, is unthinkable. Without confirmation the feds could manufacture anything they want and claim that's what they got from the phone, even if they couldn't decrypt it at all!

It's my understanding that an Israel company is who they got to do it (or at least that's who the feds say they were talking too about it last week) - so that is a 3rd party. But you do bring up interesting point about the 'chain of custody' of the phone and it's contents. My real question though is if there has been a zero day exploit discovered, are the feds obligated to tell Apple about it or not? If they don't tell Apple, then it seems to me that their encryption is now useless because now there is something out there that proves it can be beat. And if someone has already done it, we all know that others will follow.