In numerous public appearances over the last several months, FBI Director Christopher Wray has spoken about encryption and the undue burden that he thinks encryption imposes on law enforcement. In making his argument, Director Wray has repeated the same statistic often, that in 2017 alone the FBI was unable to unlock 7,800 mobile devices that held information pertinent to an ongoing criminal case. This statistic was so core to Director Wray’s argument about the dangers of encryption that he repeated it to Congress and it was picked up by Attorney General Jeff Sessions in making the same claim from the Justice Department. Predictably, recent investigative reporting from the Washington Post has revealed that the FBI grossly exaggerated the number of devices it was unable to gain access to because of encryption and that the Trump administration continued to cite this data even after it was shown to be false.
In recent years, the FBI has increasingly made the argument that they are “going dark” and require a means to bypass encryption, as they allege encryption can impede criminal investigators from gaining access to mobile devices that contain evidence of criminal activity. The national conversation about encryption came to a head in 2016, when the FBI approached Apple and asked that they create a backdoor that would disable the security features on an iPhone used by a perpetrator of the 2015 San Bernardino attack. During this dispute, the FBI repeatedly showed themselves to be unreliable in relaying the facts of how encryption was impacting the bureau and their investigation. For example, the FBI misled the public on their ability to “crack” the encrypted iPhone and also inflated the material cost to the FBI of breaking into the phone.
The FBI’s pattern of not being honest with the public on encryption continued into this year, with the claim that they were not able to unlock 7,800 encrypted devices throughout 2017. The Washington Post learned that this number was not accurate but was the result of a serious programming error. According to a statement released by the bureau, the error occurred because separate databases were being used to keep track of the number, so the same devices ended up being counted multiple times. In reality, the FBI was not able to unlock about 1,200 devices, which means the initial number was inflated in excess of 500 percent. Civil liberties groups suspected that the FBI was using an incorrect 2017 figure almost immediately, since the number did not square with the 2016 figure, which was 880 encrypted mobile devices that were not accessible within the year.
Troublingly, the FBI discovered that they were using an incorrect number in April, but the 7,800-figure continued to be used by Attorney General Sessions and others into mid-May. The San Bernardino dispute and the misrepresentation of the 2017 encryption data both demonstrate the FBI’s well-established history of overstating the problems that arise for them because of encryption. Their insistence on overinflating the problem is particularly troubling when considered alongside how hard they are vying for a backdoor to encrypted devices used by most Americans.
Defending Rights and Dissent has joined a coalition of 20 other civil liberties organizations in demanding that the Justice Department Inspector General review how the incorrect figure of 7,800 unlockable devices originally came to be. The coalition of groups is also pushing for an investigation into why Justice Department officials and Attorney General Jeff Sessions continued to cite this statistic even after it was discovered that the FBI had made an error in their calculations. Additionally, the letter inquires as to whether or not the FBI or Justice Department made any effort to correct the record before the story was published in the Washington Post, and what actions they are taking now to retract the false information they disseminated.
The FBI claims that they are currently completing an updated audit of how many devices they were unable to gain access to in the course of their criminal investigations throughout 2017, and that they will be forthcoming with what they find when the audit is complete. We will keep you updated, and we will continue to work with our fellow privacy organizations to keep the FBI honest.