FBI Says It Can't Get Into 6,900 Encrypted Phones. So What?
from the doing-less-with-more dept
The new director of the FBI, Christopher Wray, has apparently decided to take up James Comey’s anti-encryption fight. He’s been mostly quiet on the issue since assuming the position, but the DOJ’s recent calls for “responsible encryption” has emboldened the new FBI boss to speak up on the subject.
And speak up he has. Although the FBI still hasn’t released the text of his remarks to the International Association of Chiefs of Police, more than a few sites are reporting it was the usual “go team law enforcement” boosterism, but with the added zest of phone encryption complaints.
He also spoke about roadblocks in dealing with cellphone encryption technology, saying that in first 11 months of the fiscal year, the FBI has been unable to access content from 6,900 mobile devices despite having the proper legal authority to do so.
“It’s going to be a lot worse than that in just a couple of years if we don’t come up with some responsible solution,” he lamented. “I’m open to all ideas.”
All ideas, maybe. But certainly not all viewpoints. The Deputy Attorney General has made it clear in multiple speeches he views phone encryption as the end result of tech companies’ low-minded pursuit of revenue. DAG Rosenstein repeatedly emphasized US law enforcement measures success by a different standard — a standard mercenary phone manufacturers couldn’t even begin to approach.
Of course, the FBI head also nodded towards the importance of device security.
“I get it, there’s a balance that needs to be struck between encryption and the importance of giving us the tools we need to keep the public safe.”
But does he actually “get it?” What if the status quo is the ending “balance?” Would that satisfy Wray? Doubtful. He wants law enforcement-friendly security holes and he wants tech companies to provide them voluntarily.
The number of locked devices means nothing. The “6,900 mobile devices” will be 8,000 or 10,000 by early next year — sound-and-fury totals signifying nothing. It was 6,000 phones when Comey trotted out numbers earlier this year. It will always increase and it will always grab eyeballs but it won’t ever mean anything unless the FBI is willing to provide a lot more context.
Is the FBI just spectacularly bad at cracking cell phones? We’re not hearing these complaints from local law enforcement agencies with less expertise and lower budgets. Is the FBI just not even trying? Is it not using everything it has available — including a number of judicial forgiveness plans for rights violations — to get into these phones? It’s inconceivable the nation’s top law enforcement agency is experiencing nearly a 50% failure rate when it comes to locked phones.
All Wray says is there are 6,900 phones the FBI hasn’t gotten into. Yet. What’s never discussed is how many investigations resumed unimpeded by cellphone encryption. Phones are not the sole repository of criminal evidence in any investigation. The FBI has options even if the seized phone seems impermeable. The FBI insinuates it’s being stopped, but never specifies how many of these phones have resulted in terminated investigations.
It’s just a number, divorced from context, but one the FBI can ensure will always be larger than last time it was mentioned.
Filed Under: chris wray, context, crime, encryption, fbi, going dark, phones
Comments on “FBI Says It Can't Get Into 6,900 Encrypted Phones. So What?”
6900 cases
Proper legal authority? They have 6900 warrants with sufficient specificity to search those phones, or are there 6900 subpoenas that authorize non-specific fishing expeditions issued by some DoJ rubber stamping troglodyte supervisor? Or are these the phones confiscated for having the temerity to cross a border without every single byte in ones possession or that one has access to being exposed?
Re: 6900 cases
Orrr…
Maybe it is that there are 6,900 phones that they are unable to access content from …. maaaybe here’s the part they left out … without using our advanced methods.
Homeland Security
At the ISACA conference yesterday a Special Agent of Homeland Security didn’t give a very good answer when I asked why there was such a disconnect between law enforcement and the people who develop encryption.
Re: Homeland Security
Possibly it is because leos do not understand encryption, computer security or how things go terribly wrong in a hurry … on a computer.
Re: Homeland Security
(BS) “You cannot trust an encryption algorithm designed by someone who had not ‘earned their bones’ by first spending a lot of time cracking codes.”
(PRZ) “…Practically no one in the commercial world of cryptography qualified under this criterion!”
(BS) “Yes, and that makes our job at the NSA so much easier”
– Conversation between Philip Zimmermann and Brian Snow, a senior cryptographer with the NSA.
It would be interesting to ask how many of those 6900 inaccessible devices have completely stalled an investigation.
I’d wager the answer is “not many”.
Re: Re:
I would say that if the only proof of wrongdoing is what someone has on their phone, you dont have much of a case to start with…
I’ll agree that encryption can be weakened when all those calling for such to do their online banking in the clear on the internet.
What they say can be bullshit.
If it’s true, it means that encryption is working as intended.
“the FBI has been unable to access content from 6,900 mobile devices despite having the proper legal authority to do so”
I think the real story here is that the FBI seems to be able to acquire the legal authority to access an awful lot of phones. According to some simple Google searches, 67% of people don’t even have a password on their phone. Why are they searching so many phones?
Balance?
As someone else pointed out, there is no “balance” between mathematics and wishful thinking.
"Pursuit of revenue"
Let’s focus on that: how is phone encryption aiding revenue unless there is a significant ratio of people wanting privacy and not trusting the infrastructure’s and/or the government’s integrity? Does that mean that a revenue-relevant ratio of tech company customers consists of criminals and/or terrorists?
Or does it rather mean that a revenue-relevant ratio of tech company customers thinks the government cares shit about the Fourth Amendment to a degree that they’d listen in on anything including stuff of private nature without warrant?
If you want to target terrorists and criminals, wouldn’t it make more sense to mess with the Second rather than the Fourth Amendment once you decide the Bill of Rights is optional? Obviously, the problem is that that’s harder to do in a sneaky and underhanded manner.
Re: "Pursuit of revenue"
The analogy is a little loose, but it’s rather like an agency that got busted peeking through every window in every house they could now whining that ‘house designers’ have built ‘closed by default blinds’ on the windows.
If ‘encryption by default’ has become a selling point it’s because they made it absolutely clear that it was needed. That if people wanted to protect their privacy they were going to have to do it themselves, as they could not trust the police/government to do so.
How many criminals were unable to get into stolen phones? I suspect more than 6,900.
Re: Re:
In particular if you include in the count the number of law enforcement officials illegally trying to access a phone without a warrant outside of exigent circumstances.
One after the other.
Let’s start with responsible law enforcement.
Re: One after the other.
So long as we use a dictionary other than the one they seem to be using for ‘responsible’ perhaps.
Responsible encryption, is that the same thing as responsible gun control?
Re: Re:
Gun control isn’t responsible. Gunplay is.
The FBI are notorious Luddites
Their inability to access the phones might well be another example of their extreme resistance to joining the 20th century.
Yeah, that’s right, the 20th. The FBI only recently switched from having all of their interviews and interrogations recorded by an agent with a pencil and paper tablet. They still refuse to switch to even tape recorders, let alone digital recorders, for all such recordings — they claim the paper and pencil method is somehow more accurate and less prone to error, though they won’t or can’t say how.
The majority of FBI agents have a very extensive history of simply behind incapable of comprehending modern technology — there was a book about it back in the 1990s, called The Hacker Crackdown, which is available online for free. They haven’t improved much since then. The sheer Keystone Kops absurdity of how the feds acted, combined with the astounding constitutional violations, mean that many people refuse to accept it could possibly be a work of non-fiction, and shelve it accordingly in libraries.
How ever did any crimes get solved before smartphones were invented?
Re: Re:
They didn’t. At all. That’s why prisons were completely empty before smartphones were invented, they couldn’t successfully convict anyone due to lack of evidence.
It was only once smartphones really hit the market that prosecutors and investigators finally had a way to find incriminating evidence, and now they’re upset that the Golden Era of Law Enforcement might be coming to a close, that the narrow window where they could at last successfully prosecute someone might be ending, and naturally they’re upset about it.