FBI Admits Overstating Locked Phone Problem, and Critics Pounce

WASHINGTON — The FBI came under fire from electronic privacy and security advocates on Wednesday after acknowledging it has repeatedly exaggerated the number of locked smartphones and other mobile electronic devices it has been unable to access because of encryption, including in congressional testimony and public speeches.

The miscount, which the bureau said was because of an inadvertent programming error in a system that gathered statistics from FBI databases, was a significant embarrassment at a time when the bureau has been pushing for a legal mandate that tech companies build unlocking tools into such devices for law-enforcement access to potential evidence.

Electronic privacy and security activists have opposed the FBI’s push to mandate an unlocking mechanism — which the government calls “extraordinary access” and critics call “back doors” — saying it would make devices too vulnerable to hacking. Among those who seized on the disclosure to rain criticism down upon the bureau was Greg Nojeim, director of the Center for Democracy and Technology’s Freedom, Security and Technology Project.

“The factual basis of the FBI’s arguments to weaken encryption has been called into doubt,” Nojeim said, calling for an investigation by the Justice Department’s internal watchdog.

Kevin Bankston, director of New America’s Open Technology Institute, questioned the FBI’s competence and trustworthiness on encryption. He, too, called for an inspector general investigation to determine “just how the FBI could have made such a massive mistake on such an important issue, and repeatedly given false information in sworn testimony for Congress.”

The FBI said it was conducting its own “in-depth review of how this overcounting previously occurred, and how the methodology can be corrected to capture future data accurately.”

Specifically, top law enforcement officials — including the FBI director, Christopher A. Wray, and the deputy attorney general, Rod Rosenstein — have touted a talking point that in the fiscal year that ended in September, encryption prevented the FBI from unlocking about 7,800 smartphones and other devices despite having legal authority to access them for evidence.

“This figure represents slightly over half of all the mobile devices the FBI attempted to access in that time frame,” Wray told the House Judiciary Committee in December.

But that number is wrong, the FBI said in a statement late on Tuesday. The bureau said it had discovered in late April that the system it was using to gather such statistics from its databases was flawed. It appeared that inadvertent “programming errors resulted in significant overcounting” of how many mobile devices it had been thwarted from accessing, it said.

FBI officials refused to provide an estimate for the real number of such devices, saying it was still conducting a review to both figure that out and determine what methodology to use in the future. The Washington Post, which first disclosed the miscount, cited unnamed officials as saying said the real number was probably between 1,000 and 2,000.

The FBI has been pushing, in fits and starts, since 2010 for legal changes that would require tech companies to help it gain access to secured data, saying the ability of law-enforcement officials to carry out court-approved wiretaps and searches is “going dark” because of the spreading use of encryption. That fight last peaked in 2016, when the Justice Department obtained a court order requiring Apple to design a specialized operating system that would help the FBI unlock an iPhone recovered after the mass shooting in San Bernardino, California.

Apple fought the order, and the case launched a debate over tech freedom, security and encryption. The issue was eventually defused when prosecutors disclosed that the FBI had unlocked the phone using a method developed by another company. (No significant evidence was found on the phone.)

In March, the Justice Department’s inspector general issued a report finding that the FBI had not searched for all possible solutions to unlock the phone before seeking the court order, raising suspicions among the privacy and technology community about whether the bureau tried to use the San Bernardino case to create a precedent for weakening encryption.

In recent months, the Justice Department and the FBI under the Trump administration have revived their push for a solution, leading to the speeches and congressional testimony that invoked the inaccurately large number of devices that the bureau purportedly was stymied from accessing.

“The report is a clear reminder that policymakers should take the FBI’s claims of going dark with a big grain of salt,” Nojeim said.

But the FBI also insisted that its growing inability to access devices that are encrypted remains a significant challenge, whatever the correct number turns out to be, vowing to keep pushing for changes.

“Going Dark remains a serious problem for the FBI, as well as other federal, state, local and international law enforcement partners, all of whom face similar challenges in maintaining access to electronic evidence despite having legal authorization to do so,” it said. “The FBI will continue pursuing a solution that ensures law enforcement can access evidence of criminal activity with appropriate legal authority.”