FBI Claims It Has No Record Of Why It Deleted Its Recommendation To Encrypt Phones

from the maybe-it-was-encrypted dept

Mon, Feb 29th 2016 6:27am — Mike Masnick

A couple of years ago, I wrote about how -- just as the FBI was whining about encryption and "going dark" -- it was, at the same time, urging people to encrypt their mobile phones to protect against crime:

Then, last year, I noticed that the page had been deleted. Seemed curious, so I sent in a Freedom of Information Act (FOIA) to the FBI to better understand why that page had magically been deleted, just at the time it seemed to contradict the FBI Director's statements about encryption.

It, of course, took much longer than the legally mandated 20-day response time, but the FBI has finally "responded" to tell me that it can't find anything. So sorry, too bad.

If you can't read that, it says:

Based on the information you provided, we conducted a search of the locations or entities where records responsive to your request would reasonably be found. We were unable to locate records responsive to your request. If you have additional information that may assist in locating records concerning the subject of your request, please provide us the details and we will conduct an additional search.

It is, of course, entirely possible that my request was not clear enough -- though I specifically pointed them to where the URL used to be and what was on it. So I'm not entirely sure what other information to provide in response. And that's part of the problem with the FOIA process. It's something of a guessing game, where if you don't guess exactly the proper way to phrase what you want, they'll just come back with a no responsive documents response. Of course, perhaps they just encrypted the information on an iPhone and they won't be able to get it for me unless they win their fight against Apple... right?

Help us keep covering stories like these!

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: doj, encryption, fbi, foia, mobile encryption, phones

29 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

That One Guy (profile), 29 Feb 2016 @ 5:45am

Much more likely...
FBI Agent 1: "I just realized something. Given we are currently trying to demonize and undermine encryption, spinning it as something that only criminals use, having a page up telling people how encryption should be employed as it makes them safer from criminals kinda makes us look like gigantic hypocrites."

FBI Agent 2: "Good point. Yeah, I'll go and have a chat with the techies, have that page removed."

FBI 1: "Do we need to notify anyone? Fill out any forms or anything? We are talking about changing the site by removing something after all."

FBI 2: "Nah, no need to write this up, it's a minor change, should have been done before now anyway."

FBI 1: "True enough. Also means if someone tries to ask us why the page is no longer there we can play the standard 'How long can we force them to wait?' game before telling them there's no documents with regards to their requests."

FBI 2: "Heh, yeah, that never gets old."
[ link to this | view in chronology ]
Anonymous Coward, 29 Feb 2016 @ 6:36am

Huh. So they were mysteriously deleted? Well then, time to put them back in then, right?
[ link to this | view in chronology ]
Anonymous Coward, 29 Feb 2016 @ 6:37am

The real problem with he FOI process is that people have to request records that should be made public by default. Such records should be available so that the public can scrutinize what public servants are doing on their behalf.
[ link to this | view in chronology ]
- Anonymous Coward, 29 Feb 2016 @ 7:36am
  
  Re:
  You know, we don't know where to send you the cigar if you're anonymous, right?
  [ link to this | view in chronology ]
KnownHuman (profile), 29 Feb 2016 @ 6:56am

It's still there, at least in the form of a press release from a branch office - https://www.fbi.gov/sandiego/press-releases/2012/smartphone-users-should-be-aware-of-malware-targeti ng-mobile-devices-and-the-safety-measures-to-help-avoid-compromise
[ link to this | view in chronology ]
- ChurchHatesTucker (profile), 29 Feb 2016 @ 7:10am
  
  Re:
  Start the timer!
  [ link to this | view in chronology ]
Oblate (profile), 29 Feb 2016 @ 6:56am

It's the same reason they can't find anything else...
They can't find any responsive documents because they are encrypted, using the FBI's own SBO2 (Security By Obscurity v2.0) algorithm.

It has a two letter key, an "F" followed by a "U".
[ link to this | view in chronology ]
- Anonymous Coward, 29 Feb 2016 @ 8:58am
  
  Re: It's the same reason they can't find anything else...
  And here I thought it was security by deletion
  [ link to this | view in chronology ]
MarcAnthony (profile), 29 Feb 2016 @ 6:56am

It's always in the last place you look
...we conducted a search of the locations or entities where records responsive to your request would reasonably be found.

If the information exists at all, it may have been put somewhere it would not reasonably be found. Whenever I lose something, that's typically where I find it.
[ link to this | view in chronology ]
Anonymous Coward, 29 Feb 2016 @ 7:06am

You'll still find that list here
https://www.ic3.gov/media/2012/121012.aspx
[ link to this | view in chronology ]
Anonymous Coward, 29 Feb 2016 @ 7:13am

Sounds to me like someone got their butt chewed, likes their job, and now has amnesia.
[ link to this | view in chronology ]
Anonymous Coward, 29 Feb 2016 @ 7:27am

It is good to understand how the real criminals operate. Thank goodness the Chinese and the Russians understand how to keep my financial and medical information safe. Krebs 2016
[ link to this | view in chronology ]
Anonymous Coward, 29 Feb 2016 @ 7:41am

The FBI have gone into business for themselves. They do not work for you anymore, you are the enemy by trying to hold their actions accountable.
[ link to this | view in chronology ]
- orbitalinsertion (profile), 29 Feb 2016 @ 7:52am
  
  Re:
  Oh, so they went back to their previous business model.
  [ link to this | view in chronology ]
  - Anonymous Coward, 29 Feb 2016 @ 12:58pm
    
    Re: Re:
    Never left it..well not if the hundreds of murdered informants are anything to go by.
    [ link to this | view in chronology ]
ArkieGuy (profile), 29 Feb 2016 @ 8:00am

Not Specific Enough
though I specifically pointed them to where the URL used to be and what was on it. So I'm not entirely sure what other information to provide in response

You didn't specifically tell them the from, to, date and time of the e-mail requesting the removal. How could they possibly find it without this critical information.
[ link to this | view in chronology ]
derekcohen (profile), 29 Feb 2016 @ 8:13am

wayback machine to the rescue
Of course the wayback machine has the original
https://web.archive.org/web/*/http://www.fbi.gov/scams-safety/e-scams?utm_campaign=email-Imm ediate&utm_content=145512
[ link to this | view in chronology ]
Anonymous Coward, 29 Feb 2016 @ 8:16am

So it has no record of why it has no record.
[ link to this | view in chronology ]
- Anonymous Coward, 29 Feb 2016 @ 12:59pm
  
  Re:
  Actually it has no record of why it has no record of why it has no
  [ link to this | view in chronology ]
Coyne Tibbets (profile), 29 Feb 2016 @ 8:16am

It could be worse
They could have revised it to this (borrowed from the copyright warning screens) statement:

"Depending on the type of phone, the operating system may have encryption available. Criminal encryption use including encryption use without monetary gain, is investigated by the FBI and is punishable by up to 5 years in federal prison and a fine of $250,000."
[ link to this | view in chronology ]
Groaker (profile), 29 Feb 2016 @ 8:28am

Perhaps they are back to the old purposefully looking on only C: drives when all the information they would rather keep quiet is stored on D: +.

Or if stored on a mainframe, perhaps in reverse EBSDIC where it would never be found with a search tool only using EBSDIC.
[ link to this | view in chronology ]
- Anonymous Coward, 29 Feb 2016 @ 10:13am
  
  Re: Re: Re:
  
  EBSDIC
  Extended Binary S????? Decimal Interchange Code
  CRC
  E2 does have the same even parity as C3.
  [ link to this | view in chronology ]
Anonymous Coward, 29 Feb 2016 @ 1:00pm

FBI wants to outlaw encryption eh?

All we have to do is speak logical common sense..that's something they'll NEVER decrypt.
[ link to this | view in chronology ]
Personanongrata, 29 Feb 2016 @ 1:19pm

Fat-Fingers at FBI
FBI Claims It Has No Record Of Why It Deleted Its Recommendation To Encrypt Phones

The terrorists must have Deleted the FBI's Recommendation To Encrypt Phones.
[ link to this | view in chronology ]
Whatever (profile), 29 Feb 2016 @ 4:21pm

What I find interesting is how you try to paint the FBI as a single, monolithic thing. Rather than being a collection of people, offices, and operating groups, you portray it as a single unified entity where everything it does is immediately known and understood at every other levels by every other people at every time.

It's sort of like an organizational strawman: Find the contradictory document from X years ago, and prove that the single entity FBI (or CIA, or other organization) is some how full of sh-t.

This whole story is a great example: The "FBI says encrypt" document that you point to part of tips to avoid being a victim of malware or ransomware. It does give the tip to encrypt personal data, and seems to be more aimed at individual data and not the full phone.

Oh. and it's from four years ago, before many had considered the implications of encryption and the criminal element. It's certainly before any of this headed to court on any meaningful level.

So if you expanded coverage is mostly going to be "caught you!" stories, well... I guess the sheep got sheared!
[ link to this | view in chronology ]
- Anonymous Coward, 29 Feb 2016 @ 4:56pm
  
  Re:
  If you insist on throwing stones, don't be too surprised when people point out your glass house breaking.
  [ link to this | view in chronology ]
- Anonymous Coward, 1 Mar 2016 @ 6:55am
  
  Re:
  So you are saying we should be lenient with a group that has proven they have no intention of holding those members of their organization accountable for when they screw up in these sorts of cases?
  
  So they can ruin your life if they want to, we should give them the benefit of the doubt because there are rogue elements in their organization they refuse to hold accountable. But it's ok because they can't be expected to know what everyone is doing.
  [ link to this | view in chronology ]
- Anonymous Coward, 5 Mar 2016 @ 7:26am
  
  Re:
  Most things in large organizations are done based on policies. For example I bet it is their policy to encrypt their information internally.
  [ link to this | view in chronology ]
nick, 1 Mar 2016 @ 5:23pm

https://www.ic3.gov/media/2012/121012.aspx

It's just moved
[ link to this | view in chronology ]