May 22, 2018
Today, the Washington Post reported that the FBI has been massively overstating the number of encrypted mobile devices that it could not unlock in 2017. In public speeches, sworn congressional testimony, and statements to the National Academy of Sciences committee on encryption policy, the FBI has consistently claimed that in 2017, it could not unlock 7,775 devices. However, due to what it describes as a “programming error” in the software used to count the devices, the FBI has now admitted that the number is approximately 1200, though it still does not have an accurate count. This news seriously undermines the FBI’s ongoing push for tech companies to weaken their products' encryption to facilitate law enforcement access, and calls into question the FBI’s trustworthiness and competence on this important issue.
This new information comes on the heels of the Justice Department Inspector General’s findings that although the FBI testified in court that it could not unlock the San Bernardino shooter’s iPhone without Apple’s intervention, it had actually dragged its feet in finding a technical solution (which it eventually did find, after claiming to the court that it was impossible). It also follows reports that for only $30,000, law enforcement can buy a tool that bypasses the iPhone’s security protocols to unlock an unlimited number of devices, and that Cellebrite can unlock devices running any version of the iPhone operating system. Members of the House Judiciary and Energy and Commerce Committees recently reacted to those reports by questioning why the FBI couldn’t unlock so many devices despite these resources, and the fact that the number is actually a small fraction of what the FBI previously claimed casts even more doubt on the FBI’s insistence that law enforcement is “going dark.”
The following statement can be attributed to Kevin Bankston, Director of New America’s Open Technology Institute:
“For years, the FBI has been pushing for backdoors into encrypted mobile devices based on broad claims that law enforcement is ‘going dark’, even as practically every expert outside of law enforcement has made clear that doing so would seriously undermine our cybersecurity, our digital privacy, and our tech economy. Now, it turns out that the FBI’s claims were based on bad math and the problem is only a small fraction of what we were originally told—making it all the more clear that Congress should refuse the FBI’s call for legislation that would undermine the security of our smartphones. What is still unclear, however, is just how the FBI could have made such a massive mistake on such an important issue, and repeatedly given false information in sworn testimony to Congress. We call on the Justice Department's Inspector General to open a new investigation to find the answer to that question, and on the FBI to finally drop its misguided crusade to undermine encryption.”