Date: May 22, 2018 at 7:48:01 PM EDT
Subject: FBI repeatedly overstated encryption threat figures to Congress, public
FBI repeatedly overstated encryption threat figures to Congress, public
by Devlin Barrett May 22 at 7:11 PM
https://www.washingtonpost.com/world/national-security/fbi-repeatedly-overstated-encryption-threat-figures-to-congress-public/2018/05/22/5b68ae90-5dce-11e8-a4a4-c070ef53f315_story.html
The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000, The Washington Post has learned.
Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls “Going Dark” — the spread of encrypted software that can block investigators’ access to digital data even with a court order.
The FBI first became aware of their phone-counting problem about a month ago, and still does not have an accurate count of how many encrypted phones they received as part of criminal investigations last year, officials said. Last week, one internal estimate put the correct number of locked phones at 1,200, though officials expect that number to change as they launch a new audit, which could take weeks to complete, according to people familiar with the work.
“The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,’’ the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of the same phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.
< - >
The bureau has long argued that encrypting data in a way that makes it impossible for investigators to unlock a phone or computer, even with a signed order from a judge, leaves the country and its citizens less safe. Privacy groups such as the Electronic Frontier Foundation argue that encryption prevents crime by protecting people’s data from hackers.
The FBI fought a bruising court fight in 2016 seeking to force Apple to help agents access the iPhone that had belonged to a dead gunman in San Bernardino, Calif. At first, the FBI said it had no ability to access the phone, though the government later dropped its case when a contracting firm came forward with a solution. That same year, a similar legal fight in a New York drug case ended when the defendant remembered his password and provided it to investigators.
The FBI’s conduct in the San Bernardino case also called into question the accuracy of officials’ statements on the encryption issue. Then-FBI Director James B. Comey overstated what the phone-hacking solution cost the bureau, according to people familiar with the matter, and a senior FBI official asked for an internal investigation to determine if her subordinates were lying about technical capabilities.
A Justice Department Inspector General report concluded in March that, while officials did not make false statements in connection with that case, there were “misunderstandings and incorrect assumptions” among key players in the FBI’s technology wing.
The FBI’s assertion that 7,775 phones could not be opened by their investigators last year has always struck a discordant note with critics and privacy advocates, who noted that just a year earlier, the FBI had claimed the figure was 880. Such a giant leap in locked phones could not be explained by changes in technology or criminal behavior, those critics reasoned.
It is unclear if the 880 figure is still accurate.
Lawmakers have tried unsuccessfully to get more details about the FBI’s claims. Officials say they plan to provide updated information to congressional committees and individual lawmakers.