FBI admits to inflating number of crime-related devices it can’t crack

Investigators can’t get into 7,775 devices, FBI Director Christopher Wray repeatedly claimed in 2017, using the scary statistic to argue for encryption backdoors.

He made the same “this is letting the crooks go dark” argument over and over, including on 7 December, when he testified before the House Judiciary Committee. At that time, he said that selective encryption access is possible without jeopardizing everybody’s device encryption. The need for it is beyond urgent, he said: it’s vital to protect innocent citizens from criminals and terrorists who are using encrypted devices to “go dark.”

Nah, the FBI has now admitted. On Tuesday, The Washington Post reported that the FBI has admitted that the 7,800 number is a “grossly inflated” figment of FBI imagination, or what the FBI is saying is a miscount. It’s more like 1,200… maybe 2,000… honestly, the bureau isn’t really sure how many uncrackables it’s dealing with.

According to The Post, FBI officials say that they first became aware of the miscount about a month ago and still haven’t come up with an accurate count of how many encrypted phones they received as part of criminal investigations last year.

The Post quoted numbers from people who are familiar with the work: last week, they put an internal estimate of the correct number of locked phones at 1,200. Officials anticipate that number to change as they launch a new audit, which could take weeks to complete.

The FBI issued this statement on Tuesday:

The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported.

How did the number blow up? The bureau blamed the inaccuracy on the use of three distinct databases, which led to repeated counting of the same phones. People familiar with the work said that when the methodology was tested in April 2016, the tests didn’t reveal the flaw.

OK, so we tripled the number, the FBI said. But that doesn’t mean that “Going Dark” isn’t a “serious problem” for law enforcement. From its statement:

Going Dark remains a serious problem for the FBI, as well as other federal, state, local and international law enforcement partners… The FBI will continue pursuing a solution that ensures law enforcement can access evidence of criminal activity with appropriate legal authority.

How seriously should we take the FBI’s sloppiness with numbers? One way of looking at it is that this attention to an exaggerated number is a cheap shot at the cops. After all, the percentage of devices that are encrypted will increase toward 100%. So if we argue against the FBI now, on the grounds that the number is exaggerated we’ll inevitably be wrong as the FBI’s exaggeration approaches reality.

Another way to approach the inflated number is that the FBI has been using it as a central core of the Department of Justice’s obvious push for backdoors. It’s part of the argument for why baking backdoors into encryption is necessary. But with the news about the number’s inaccuracy comes the realization that the FBI/DOJ’s argument for backdoors is being pushed forward without much care for whether one of its central tenets is in fact true.