In a bombshell confession, the FBI has admitted that it has been wildly exaggerating the number of encrypted smartphones it holds and is unable to unlock. The margin of errors in their published figures seems to have been as high as a staggering 550%.
Far fewer unlocked phones than the FBI claimed
The story first emerged earlier this week in the Washington Post, which says that the FBI has been aware of its misleading numbers for more than a month and still cannot accurately say how many locked devices they hold.
Earlier this year, FBI Director Christopher Wray claimed that the FBU held 7,775 encrypted devices that it could not access relating to criminal or national security issues. He described the situation as an “urgent public safety issue.”
However, the FBI has now admitted this figure was wildly inaccurate. They have blamed a programming error for the mistake, claiming that the number was arrived at by searching through three different databases.
However, these databases contained many duplicate entries meaning that the number arrived at was over-inflated. They now believe the true figure to be between 1,000 and 1,500 devices, but it could be even lower.
A new audit has been launched to pin down the number, but that is expected to take weeks and there is no guarantee the results will be made public.
How the false figures drove the campaign against encryption
The FBI has flatly denied that the figures were deliberately exaggerated for political purposes. But the figure previously used has played a big part in their arguments in favour of the undermining of encryption.
In his speech, Christopher Wray claimed the number of inaccessible devices represented more than half of the total number of devices they had tried to access in the same period. This statement now appears to be false.
The issue, which is commonly referred to in law enforcement circles as ‘going dark’ has been the bedrock of calls for tech firms like Apple to be required to create backdoors into their encrypted devices.
Encryption experts have repeatedly tried to explain that this would render the encryption essentially meaningless as you would be creating a vulnerability which anyone could potentially search for and exploit.
Highlighting the scale of the problem has been one of the law enforcement communities main defences, but now it seems that this has been built on incorrect data.
While the FBI claims it is investigating the true number of locked devices in its possession, it has not confirmed if or when it will make this information public. They have also refused to respond to a Freedom of Information Act (FOIA) request from the ZDNet website asking how many investigations these devices relate to.
Even if the total number of encrypted devices the FBI does hold is between 1,000 and 1,500, it is highly likely that the number of cases they relate to is lower than this. The FOIA request also sought to find out how many of the devices were deemed important to their cases. Again, this figure is likely to be significantly lower.
A boost for encryption proponents
While there is no sign that the FBI or other law enforcement agencies are going to back down in their campaign for encryption backdoors, this revelation has seriously undermined their arguments, as has their refusal to elaborate about the locked devices that they do actually have
But, while the encryption debate in the USA has now edged towards those who advocate for online privacy and freedom, it is still far from over.
Law enforcement agencies remain determined to provoke legislation against encryption rather than doing the legwork to find a solution to their issue that doesn’t have such far-reaching consequences.
Because encryption remains the best way for people all over the world to keep their online information secure and private. It is used in countless different online services and is rapidly growing in popularity.
Encrypted devices like iPhones and services like WhatsApp are seeing user numbers continue to grow, while VPN use is also on the rise globally. Providers such as IPVanish and ExpressVPN can encrypt all of your online data and offer a great way to ensure that everything you do online is protected.
Despite the FBI’s effort to undermine it, and their use of false data to do so, encryption is here to stay.