Skip to content
Naked Security Naked Security

FBI admits to inflating number of crime-related devices it can’t crack

Investigators can't get into 7,775 devices? Nah, the FBI admits: it's more like 1,200... or 2000... pending an audit, it's not really sure.

Investigators can’t get into 7,775 devices, FBI Director Christopher Wray repeatedly claimed in 2017, using the scary statistic to argue for encryption backdoors.
He made the same “this is letting the crooks go dark” argument over and over, including on 7 December, when he testified before the House Judiciary Committee. At that time, he said that selective encryption access is possible without jeopardizing everybody’s device encryption. The need for it is beyond urgent, he said: it’s vital to protect innocent citizens from criminals and terrorists who are using encrypted devices to “go dark.”
Nah, the FBI has now admitted. On Tuesday, The Washington Post reported that the FBI has admitted that the 7,800 number is a “grossly inflated” figment of FBI imagination, or what the FBI is saying is a miscount. It’s more like 1,200… maybe 2,000… honestly, the bureau isn’t really sure how many uncrackables it’s dealing with.
According to The Post, FBI officials say that they first became aware of the miscount about a month ago and still haven’t come up with an accurate count of how many encrypted phones they received as part of criminal investigations last year.
The Post quoted numbers from people who are familiar with the work: last week, they put an internal estimate of the correct number of locked phones at 1,200. Officials anticipate that number to change as they launch a new audit, which could take weeks to complete.
The FBI issued this statement on Tuesday:

The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported.

How did the number blow up? The bureau blamed the inaccuracy on the use of three distinct databases, which led to repeated counting of the same phones. People familiar with the work said that when the methodology was tested in April 2016, the tests didn’t reveal the flaw.
OK, so we tripled the number, the FBI said. But that doesn’t mean that “Going Dark” isn’t a “serious problem” for law enforcement. From its statement:

Going Dark remains a serious problem for the FBI, as well as other federal, state, local and international law enforcement partners… The FBI will continue pursuing a solution that ensures law enforcement can access evidence of criminal activity with appropriate legal authority.

How seriously should we take the FBI’s sloppiness with numbers? One way of looking at it is that this attention to an exaggerated number is a cheap shot at the cops. After all, the percentage of devices that are encrypted will increase toward 100%. So if we argue against the FBI now, on the grounds that the number is exaggerated we’ll inevitably be wrong as the FBI’s exaggeration approaches reality.
Another way to approach the inflated number is that the FBI has been using it as a central core of the Department of Justice’s obvious push for backdoors. It’s part of the argument for why baking backdoors into encryption is necessary. But with the news about the number’s inaccuracy comes the realization that the FBI/DOJ’s argument for backdoors is being pushed forward without much care for whether one of its central tenets is in fact true.


4 Comments

Better yet, let’s leave the arguments about the numbers out of it. The more we get involved in the little details the less time we get to make the main points, which is that government mandated backdoors are a bad idea.
It’s a tactic Trump used endlessly. Argue that there’s 50,000 of something and it’s a threat to America, critics answer that it’s not 50,000 only 500 and most people have stopped listening by that point and don’t hear the important thing that there is no threat.

+1.
I don’t buy the headline on this article, where the word “inflating” clearly sets out to imply a deliberate attempt by the FBI to mislead, thereby discrediting the FBI by making out they’re crooked when in fact they are merely wrong. If the FBI had genuinely thought the number was 1200 they’d have hammered that home instead, because their point really goes along the lines that “one encrypted phone is enough to justify a backdoor system”. Contrariwise, if the number really were 7775, that oughtn’t to strengthen their point.
Anyone ought to be able to see why the Feds are asking for backdoors, and quite frankly it would be surprising if they didn’t.
But the counter-argument is quite simple, and doesn’t require big numbers. Namely, “even one backdoor is one too many”.

I’m thinking they are missing the reality of personal choice when asking for a back door in phones. If that happens (or the masses find out it already has – who knows), people will use phones like PonyExpress, jailbroken or other custom phones with their own encryption. Then the 3 letter agencies will go after telcos to make them block non-factory configurations (do some do that already? (uncertified)) and we will only be allowed to have government approved/monitored devices like in China. :/

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?