Published May 23, 2018
For the past several months, the FBI has been claiming that encryption has prevented the agency from accessing around 7,000 mobile devices connected to various crimes. But it turns out that number is very wrong.
On Tuesday, the FBI told PCMag that a programming error resulted in a "significant overcounting" of the encrypted devices. "The FBI is currently conducting an in-depth review of how this over-counting previously occurred," the agency said in a statement.
The news was first reported by The Washington Post, which said the correct number is probably between 1,000 and 2,000 devices. One internal estimate from the FBI puts the figure at 1,200, but the agency plans to launch an audit to get the full number, The Post said, citing unnamed sources.
The mistake seriously undercuts one of the FBI's central arguments in the ongoing encryption debate. For years now, the agency has been pushing for what critics call a "backdoor" into smartphone products that'll let federal agents easily unlock mobile devices tied to crimes. Without such access, some investigations may grind to halt, the agency claims.
In October, FBI director Christopher Wray highlighted the problem by claiming encryption had stopped it from accessing close to 7,000 devices. "To put it mildly, this is a huge, huge problem," he reportedly said during a public speech. "It impacts investigations across the board."
In January, he essentially repeated the claim, saying the FBI had failed to access 7,775 devices during the 2017 fiscal year. However, the FBI has now marked that estimate with an asterisk, which notes that the figure is actually incorrect.
How did the FBI make the mistake? According to the agency, starting in April 2016, it began using a new "collection methodology" with how it counted the encrypted devices. But only recently did the FBI become aware of flaws in the methodology, it said, without elaborating.
Despite the mistake, the FBI claims that encryption still poses a serious problem to law enforcement investigations, including those from state and local police. "The FBI will continue pursuing a solution that ensures law enforcement can access evidence of criminal activity with appropriate legal authority," the agency said in its statement.
Some encryption supporters weren't surprised that the 7,000 figure was off. It's also been widely reported that the FBI has been hiring third-party security vendors to help the agency break into smartphones including iPhones.
"Given the availability of these third-party solutions, we've questioned how and why the FBI finds itself thwarted by so many locked phones," the Electronic Frontier Foundation said in a blog post.