The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000, The Washington Post has learned.
Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls “Going Dark” — the spread of encrypted software that can block investigators’ access to digital data even with a court order.
The FBI first became aware of the miscount about a month ago and still does not have an accurate count of how many encrypted phones they received as part of criminal investigations last year, officials said. Last week, one internal estimate put the correct number of locked phones at 1,200, though officials expect that number to change as they launch a new audit, which could take weeks to complete, according to people familiar with the work.
“The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,’’ the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.
The acknowledgment comes at a perilous time for the FBI, whose credibility is being challenged by President Trump and his supporters over the ongoing investigation into whether any Trump associates helped Russia interfere with the 2016 election. The bureau has also been under pressure for other mistakes, including its failure to act on a tip that a Florida teen was likely to carry out a school shooting which police said he did weeks later, killing 17.
The FBI said that despite the phone-counting errors, “Going Dark remains a serious problem for the FBI, as well as other federal, state, local and international law enforcement partners. ... The FBI will continue pursuing a solution that ensures law enforcement can access evidence of criminal activity with appropriate legal authority.”
Wray first referenced the inflated figure in an October speech, saying the bureau had found nearly 7,000 locked phones in just 11 months. In December, he told Congress that, in the 2017 budget year, his agency “was unable to access the content of approximately 7,800 mobile devices using appropriate and available technical tools, even though there was legal authority to do so.”
Wray has said the precise number of locked phones that year was 7,775, pairing that figure with forceful language to argue for changes, in technology company practices or in the law, that would make all phones accessible to investigators with a valid court order.
“While the FBI and law enforcement happen to be on the front lines of this problem, this is an urgent public safety issue for all of us,” Wray said during a January speech in New York. “Because as horrifying as 7,800 in one year sounds, it’s going to be a lot worse in just a couple of years if we don’t find a responsible solution.”
Since then, Wray has repeated the claim about 7,800 locked phones, including in a March speech. Those remarks were echoed earlier this month by Attorney General Jeff Sessions.
“Last year, the FBI was unable to access investigation-related content on more than 7,700 devices — even though they had the legal authority to do so. Each of those devices was tied to a threat to the American people,” Sessions said.
Officials now admit none of those statements are true.
The FBI’s admission is likely to fuel further criticism from lawmakers, privacy advocates and tech companies, and hinder the bureau’s public efforts to address encryption issues.
The bureau has long argued that encrypting data in a way that makes it impossible for investigators to unlock a phone or computer, even with a signed order from a judge, leaves the country and its citizens less safe. Privacy groups such as the Electronic Frontier Foundation argue that encryption prevents crime by protecting people’s data from hackers.
The FBI fought a bruising court fight in 2016 seeking to force Apple to help agents access the iPhone that had belonged to a dead gunman in San Bernardino, Calif. At first, the FBI said it had no ability to access the phone, though the government later dropped its case when a contracting firm came forward with a solution. That same year, a similar legal fight in a New York drug case ended when the defendant remembered his password and provided it to investigators.
The FBI’s conduct in the San Bernardino case also called into question the accuracy of officials’ statements on the encryption issue. Then-Director James B. Comey overstated what the phone-hacking solution cost the bureau, according to people familiar with the matter, and a senior FBI official asked for an internal investigation to determine if her subordinates were lying about technical capabilities.
A Justice Department Inspector General report concluded in March that, while officials did not make false statements in connection with that case, there were “misunderstandings and incorrect assumptions” among key players in the FBI’s technology wing.
The FBI’s assertion that 7,775 phones could not be opened by their investigators last year has always struck a discordant note with critics and privacy advocates, who noted that just a year earlier, the FBI had claimed the figure was 880. Such a giant leap in locked phones could not be explained by changes in technology or criminal behavior, those critics reasoned.
It is unclear if the 880 figure is still accurate.
Lawmakers have tried unsuccessfully to get more details about the FBI’s claims. Officials say they plan to provide updated information to congressional committees and individual lawmakers.