FBI Repeatedly Overstated Encryption Threat Figures to Congress, Public

Devlin Barrett, reporting for The Washington Post:

The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000, The Washington Post has learned.

Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls “Going Dark” — the spread of encrypted software that can block investigators’ access to digital data even with a court order.

The FBI first became aware of the miscount about a month ago and still does not have an accurate count of how many encrypted phones they received as part of criminal investigations last year, officials said. Last week, one internal estimate put the correct number of locked phones at 1,200, though officials expect that number to change as they launch a new audit, which could take weeks to complete, according to people familiar with the work.

Even if the accurate number really was 7,800, it wouldn’t change the fact that adding backdoors to phones would be a disaster for security and privacy. The number really doesn’t matter. But the fact that they overstated it by a factor of 6 makes the FBI look really bad. I’m not saying they lied, but I think it’s unlikely they would have undercounted the number of phones by a factor of 6.

Wednesday, 23 May 2018