Security Experts:

FBI Inflated Numbers on Unhackable Devices

The FBI claimed it was unable to analyze roughly 7,700 devices last year due to strong encryption, but the actual number is likely much lower and the agency has admitted its mistake.

Over the past years, the FBI and some U.S. lawmakers have been pushing technology companies to find ways to provide law enforcement access to encrypted communications and information. However, tech firms and experts have warned that implementing backdoors could pose a serious risk and it would undermine the purpose of encryption.

In 2016, the FBI attempted to convince a judge to force Apple to hack into the iPhone of the man behind the 2015 terrorist attack in San Bernardino. The agency ultimately dropped the case after finding an alternative way to access the data on the phone, but it later came to light that the FBI was probably only trying to create legal precedent.

There are several companies, including Israel-based Cellebrite and US-based Grayshift, that claim to have the tools and skills needed to access nearly any locked device, including the latest iPhone X.

The FBI came under fire earlier this year after a report from the Department of Justice’s Office of the Inspector General (OIG) revealed that senior leaders within the agency were not happy that an alternative solution had been found for getting into the San Bernardino shooter’s phone.

The FBI has even set up a page on its official website dedicated to “Going Dark,” the term used to describe the inability to intercept and access communications and information due to technological factors.

Over the past months, FBI Director Christopher Wray repeatedly claimed that the agency had been unable to access data from nearly 7,800 devices in the previous fiscal year due to encryption. However, it has now come to light that the actual number of devices is only between 1,000 and 2,000, The Washington Post reported.

The FBI has admitted the error and blamed it on a flawed methodology introduced in April 2016, but insists that Going Dark is still a serious problem.

The Electronic Frontier Foundation (EFF) recently submitted a Freedom of Information Act (FOIA) request to learn more about this methodology and the FBI’s use of third-party solutions for bypassing encryption.

“Imposing an exceptional access mandate on encryption providers would be extraordinarily dangerous from a security perspective, but the government has never provided details about the scope of the supposed Going Dark problem,” said EFF’s Andrew Crocker. “The latest revision to Director Wray’s favorite talking point demonstrates that the case for legislation is even weaker than we thought.”

Related: The Argument Against a Mobile Device Backdoor for Government

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.