The FBI lied about the encryption threat, gave phony figures about unlockable devices
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

The FBI lied about the encryption threat, gave phony figures about unlockable devices

There were not 7,800 devices that the FBI couldn’t decrypt last year, despite the fact the claim has been repeated many times.

The FBI lied. A more charitable way of looking at it is to say that the FBI “overstated its case” regarding encryption backdoors and the number of encrypted devices it was unable to unlock. But either way, regardless of how generous you’re willing to be with your interpretation, the FBI has been touting fake numbers to bolster its case for “responsible encryption.” Before we get to the dishonesty, let’s back up and start from the top. If you’ll remember back a few years ago to the San Bernardino, California mass shooting – some people may not, which itself is a sad commentary on where are in the US – but it involved a pair of shooters that killed 14 people and gravely injured 22 others. That shooting’s real legacy is the dispute that evolved from it. The FBI could not access the shooter’s phone due to the encryption Apple protects its devices with. The FBI tried to compel Apple to unlock the phone. Apple said no. Now, there’s a lot more nuance to the debate than what I’ve just described. The problem is, many people – including some of the people leading our law enforcement agencies – don’t realize there is nuance. Encryption isn’t just some switch that Apple has the power to flip on and off remotely from its comfortable digs in Cupertino. Encryption is a mathematical process that was literally designed to prevent exactly the kind of thing the FBI wants it to do. Encryption isn’t supposed to be easily breakable. That’s actually the whole point. It’s the old, “that’s not a bug, it’s a feature” argument. The FBI’s problem isn’t with Apple or any other vendor, it’s with the concept of encryption itself. And that, folks, is a losing argument. So how do you make your case? Two things, first, you play on people’s ignorance. The average person has no idea what encryption is outside of a fancy term you hear tossed around in movies and possibly something Caesar did (though personally I remember him more for the salad). Second, you exaggerate the size of the threat. So when Christopher Wray, the director of the FBI, or before him James Comey, or Attorney General Jeff Sessions and his lieutenant Rod Rosenstein come out and tell the American public that terrorists are using encryption to hide their activity from law enforcement and then throws out an inflated number of devices that can’t be unlocked – it sounds really important. It sounds like this is a major issue and we are somehow unsafe. And that’s just patently dishonest. US Law Enforcement officials have been repeating that nearly 7,800 devices couldn’t be unlocked last year because of encryption since before last year was even over. The real number is likely between 1,000 and 2,000, with one official ballparking it at 1,200. When reached for comment, this was all the FBI could muster:

“The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported.’’

In reality, it probably doesn’t matter, even before the Washington Post broke news that the figure being floated is six or seven times higher than the real total, this position on encryption was being rebuffed around the world. The Article 29 Working Party, which provides much of the GDPR-related guidance for the European Union scoffed at the notion of including encryption backdoors or weakening encryption in any way to help grant access to law enforcement.

Imposing backdoors and master keys on law abiding citizens and organisations would not be an effective measure against criminals since they would continue to use or adapt the strongest state of the art encryption to protect their data, keeping them safe from law enforcement access. As a result, backdoors and master keys would only harm the honest citizen by making their data vulnerable.

The Working Group also told law enforcement agencies to learn to use the tools at their disposal before making these types of requests. Likewise, the Internet Engineering Task Force, which is behind most of the standards we use on the internet today, thumbed its nose at an 11th hour attempt by law enforcement (and the banking industry) to weaken the encryption in the new TLS 1.3 standard. So even with the faulty figures, the FBI wasn’t having much success in its war on encryption. Still, this news couldn’t come at a worse time for an agency that is caught in the middle of a national scandal involving the president of the United States, Russian operatives and an informant that many Trump-supporters are calling a planted spy. With its credibility already stretched thin, empirical evidence that the agency has been, at best, willfully misleading lawmakers and the public does not look good. Then again, empirical evidence has never counted for less in American politics than it does right now. As always, leave any comments or questions below.

Be the first to comment

Leave a Reply

Your email address will not be published. We will only use your email address to respond to your comment and/or notify you of responses. Required fields are marked *

Captcha *


Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.