For years, the FBI has claimed it needs a backdoor for encrypted devices because too much evidence is being lost in our brave new world. At the end of 2017, law enforcement began a new push, claiming there were 7,800 devices waiting to be cracked. Now it says there was a programming error and that number was totally off the mark.
The Washington Post first broke the story on Tuesday, and the FBI has confirmed its error, saying that an internal audit is planned to make a new assessment of the numbers. From the Post:
The FBI first became aware of the miscount about a month ago and still does not have an accurate count of how many encrypted phones they received as part of criminal investigations last year, officials said. Last week, one internal estimate put the correct number of locked phones at 1,200, though officials expect that number to change as they launch a new audit, which could take weeks to complete, according to people familiar with the work.
“The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,’’ the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.
The recent fight for a private governmental gateway into encrypted devices began in earnest back in 2016 under former FBI Director James Comey and the Obama administration. The FBI made a public case against Apple’s refusal to build in a backdoor on the iPhone in the wake of the San Bernardino shooting and the subsequent difficulty of accessing one of the shooter’s devices. At the time, Apple CEO Tim Cook called a master key for his company’s encryption “the software equivalent of cancer.” The FBI subsequently found another way to break into the device, essentially nullifying its argument.
Since then the FBI has taken to calling cases in which it believes there’s important evidence on an inaccessible device, “Going Dark.” In his typically florid style, Comey wrote in his recent book that Silicon Valley execs “don’t see the darkness the FBI sees.” And since Comey’s firing, the new director, Christopher Wray, has ramped up the complaints. In January, he told the House Judiciary Committee, “In fiscal year 2017, the FBI was unable to access the content of approximately 7,800 mobile devices using appropriate and available technical tools, even though there was legal authority to do so.” He’s repeatedly parroted the statistic, which held even scarier significance because, in 2016, the agency claimed that only 880 devices were uncrackable. The implication was clear, this problem is becoming an epidemic.
The FBI’s admission that it’s really not sure how many devices are giving it trouble comes at an interesting time. Just last week, the Electronic Freedom Foundation, filed a FOIA request regarding numerous aspects of the FBI’s claims. The dramatic spike in problematic devices raised red flags, but the EFF also wants to know, “when and how the FBI discovered that some outside entity was capable of hacking the San Bernardino iPhone, and what the FBI was telling Congress about its capabilities to hack into cellphones.”
To put it simply, encryption experts overwhelmingly agree that there’s no such thing as a “safe backdoor.” Our devices aren’t secure enough as it is—a point that is clearly demonstrated by the GrayKey and Cellebrite services that the FBI already uses to access iPhones. Hardcoding a backdoor makes it virtually impossible to close in the inevitable event that hackers find the opening. And they always find the opening.
The FBI wants us to entrust it with the keys to our devices, while it makes “programming errors” performing a simple count of how many devices it has in its inventory. It wants to make a case that technology has changed so much that law enforcement is being locked out, but it has far more investigative tools at its disposal than ever. We’re surveilled from every direction, and we leave digital trails everywhere. The agency is simply being lazy and disingenuous.