FBI Claims It Has No Record Of Why It Deleted Its Recommendation To Encrypt Phones
from the maybe-it-was-encrypted dept
A couple of years ago, I wrote about how — just as the FBI was whining about encryption and “going dark” — it was, at the same time, urging people to encrypt their mobile phones to protect against crime:
It, of course, took much longer than the legally mandated 20-day response time, but the FBI has finally “responded” to tell me that it can’t find anything. So sorry, too bad.
Based on the information you provided, we conducted a search of the locations or entities where records responsive to your request would reasonably be found. We were unable to locate records responsive to your request. If you have additional information that may assist in locating records concerning the subject of your request, please provide us the details and we will conduct an additional search.
It is, of course, entirely possible that my request was not clear enough — though I specifically pointed them to where the URL used to be and what was on it. So I’m not entirely sure what other information to provide in response. And that’s part of the problem with the FOIA process. It’s something of a guessing game, where if you don’t guess exactly the proper way to phrase what you want, they’ll just come back with a no responsive documents response. Of course, perhaps they just encrypted the information on an iPhone and they won’t be able to get it for me unless they win their fight against Apple… right?
Filed Under: doj, encryption, fbi, foia, mobile encryption, phones
Comments on “FBI Claims It Has No Record Of Why It Deleted Its Recommendation To Encrypt Phones”
Much more likely...
FBI Agent 1: “I just realized something. Given we are currently trying to demonize and undermine encryption, spinning it as something that only criminals use, having a page up telling people how encryption should be employed as it makes them safer from criminals kinda makes us look like gigantic hypocrites.”
FBI Agent 2: “Good point. Yeah, I’ll go and have a chat with the techies, have that page removed.”
FBI 1: “Do we need to notify anyone? Fill out any forms or anything? We are talking about changing the site by removing something after all.”
FBI 2: “Nah, no need to write this up, it’s a minor change, should have been done before now anyway.”
FBI 1: “True enough. Also means if someone tries to ask us why the page is no longer there we can play the standard ‘How long can we force them to wait?’ game before telling them there’s no documents with regards to their requests.”
FBI 2: “Heh, yeah, that never gets old.”
Huh. So they were mysteriously deleted? Well then, time to put them back in then, right?
The real problem with he FOI process is that people have to request records that should be made public by default. Such records should be available so that the public can scrutinize what public servants are doing on their behalf.
Re: Re:
You know, we don’t know where to send you the cigar if you’re anonymous, right?
It’s still there, at least in the form of a press release from a branch office – https://www.fbi.gov/sandiego/press-releases/2012/smartphone-users-should-be-aware-of-malware-targeting-mobile-devices-and-the-safety-measures-to-help-avoid-compromise
Re: Re:
Start the timer!
It's the same reason they can't find anything else...
They can’t find any responsive documents because they are encrypted, using the FBI’s own SBO2 (Security By Obscurity v2.0) algorithm.
It has a two letter key, an “F” followed by a “U”.
Re: It's the same reason they can't find anything else...
And here I thought it was security by deletion
It's always in the last place you look
…we conducted a search of the locations or entities where records responsive to your request would reasonably be found.
If the information exists at all, it may have been put somewhere it would not reasonably be found. Whenever I lose something, that’s typically where I find it.
You’ll still find that list here
https://www.ic3.gov/media/2012/121012.aspx
Sounds to me like someone got their butt chewed, likes their job, and now has amnesia.
It is good to understand how the real criminals operate. Thank goodness the Chinese and the Russians understand how to keep my financial and medical information safe. Krebs 2016
The FBI have gone into business for themselves. They do not work for you anymore, you are the enemy by trying to hold their actions accountable.
Re: Re:
Oh, so they went back to their previous business model.
Re: Re: Re:
Never left it..well not if the hundreds of murdered informants are anything to go by.
Not Specific Enough
You didn’t specifically tell them the from, to, date and time of the e-mail requesting the removal. How could they possibly find it without this critical information.
wayback machine to the rescue
Of course the wayback machine has the original
https://web.archive.org/web/*/http://www.fbi.gov/scams-safety/e-scams?utm_campaign=email-Immediate&utm_content=145512
So it has no record of why it has no record.
Re: Re:
Actually it has no record of why it has no record of why it has no
It could be worse
They could have revised it to this (borrowed from the copyright warning screens) statement:
“Depending on the type of phone, the operating system may have encryption available. Criminal encryption use including encryption use without monetary gain, is investigated by the FBI and is punishable by up to 5 years in federal prison and a fine of $250,000.”
Perhaps they are back to the old purposefully looking on only C: drives when all the information they would rather keep quiet is stored on D: +.
Or if stored on a mainframe, perhaps in reverse EBSDIC where it would never be found with a search tool only using EBSDIC.
Re: Re:
E2 does have the same even parity as C3.
FBI wants to outlaw encryption eh?
All we have to do is speak logical common sense..that’s something they’ll NEVER decrypt.
Fat-Fingers at FBI
FBI Claims It Has No Record Of Why It Deleted Its Recommendation To Encrypt Phones
The terrorists must have Deleted the FBI’s Recommendation To Encrypt Phones.
What I find interesting is how you try to paint the FBI as a single, monolithic thing. Rather than being a collection of people, offices, and operating groups, you portray it as a single unified entity where everything it does is immediately known and understood at every other levels by every other people at every time.
It’s sort of like an organizational strawman: Find the contradictory document from X years ago, and prove that the single entity FBI (or CIA, or other organization) is some how full of sh-t.
This whole story is a great example: The “FBI says encrypt” document that you point to part of tips to avoid being a victim of malware or ransomware. It does give the tip to encrypt personal data, and seems to be more aimed at individual data and not the full phone.
Oh. and it’s from four years ago, before many had considered the implications of encryption and the criminal element. It’s certainly before any of this headed to court on any meaningful level.
So if you expanded coverage is mostly going to be “caught you!” stories, well… I guess the sheep got sheared!
Re: Re:
If you insist on throwing stones, don’t be too surprised when people point out your glass house breaking.
Re: Re:
So you are saying we should be lenient with a group that has proven they have no intention of holding those members of their organization accountable for when they screw up in these sorts of cases?
So they can ruin your life if they want to, we should give them the benefit of the doubt because there are rogue elements in their organization they refuse to hold accountable. But it’s ok because they can’t be expected to know what everyone is doing.
Re: Re:
Most things in large organizations are done based on policies. For example I bet it is their policy to encrypt their information internally.
https://www.ic3.gov/media/2012/121012.aspx
It’s just moved