FBI Admits It's Been Using A Highly-Inflated Number Of Locked Devices To Push Its 'Going Dark' Narrative
from the seriously-fuck-these-guys dept
Call it a lie. Call it a misrepresentation. Call it a convenient error. Call it what you want. Just don't call it a fact. Devlin Barrett at the Washington Post delivers a bombshell: the thousands of phones the FBI supposedly just can't crack despite a wealth of tech solutions at its disposal? It's nowhere near as many as consecutive FBI directors have claimed.
The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000, The Washington Post has learned.
This number aligns more with reality than the frequent claims the number of locked phones was nearing 8,000 devices. In 2016, the FBI reported it was only locked out of around 880 devices. Less than two years later, it was stating it had 7,800 impregnable devices in its possession.
This exponential increase followed the FBI's failure to convince a court Apple should be ordered to break a phone's encryption whenever the government wanted access. This courtroom demand was predicated on a deliberately backburnered quest to find a tech solution from a third party, as a recently-released Inspector General's report revealed.
So, we know the FBI can't be trusted to tell the whole story when quizzed about its "going dark" assertions. Now, we know the FBI can't be trusted to count physical devices accurately.
The FBI first became aware of the miscount about a month ago and still does not have an accurate count of how many encrypted phones they received as part of criminal investigations last year, officials said. Last week, one internal estimate put the correct number of locked phones at 1,200, though officials expect that number to change as they launch a new audit, which could take weeks to complete, according to people familiar with the work.
“The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,’’ the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.
The FBI's count was inflated by bad software and sloppy record keeping. But it had no incentive to fix it. Even if the error was never detected by the methodology test, someone should have asked how the FBI's stash of locked phones suddenly exploded from less than 900 to nearly 8,000 in 18 months. But, given the IG's findings about its slow-walked search for outside tech solutions in the Apple court battle, any red flags were probably ignored in favor of pushing the most dramatic "going dark" narrative possible. Why ask why? Just go with the more jaw-dropping number, even if there's no physical evidence to back the claim.
This discovery was likely prompted by FOIA requests and demands for answers from Congress. Without this outside pressure, the FBI had no motivation to double check its math. Now that it must answer to both Congressional oversight and tenacious members of the public, it has finally decided to audit its locked phone stash.
AG Sessions has also played a part in expanding the "going dark" narrative. He had this to say earlier this month, painting a picture of thousands of latent threats stored in FBI evidence lockers.
Last year, the FBI was unable to access investigation-related content on more than 7,700 devices — even though they had the legal authority to do so. Each of those devices was tied to a threat to the American people.
Except they're obviously not. Most of the devices don't even exist. Therefore, most of the threats don't exist. And this statement can't be definitively made about the number of actual devices the FBI has on hand because the FBI has yet to provide any info whatsoever about these devices or their relation to ongoing or stalled investigations. We don't know how many are tied to "threats to the American people" and how many are tied to bog standard investigatory work, like drug busts or white collar crime or any number of other non-threatening criminal activities the Bureau investigates.
The "going dark" narrative is a house of cards erected on a loose bedding of bullshit. It always has been. Now the FBI is slowly being forced to admit it has nothing to offer but shadow play in which a small pile of phones is stacked carefully to portray a towering, monstrous threat to the American public. At best, the FBI handled its precious cargo of anti-encryption warriors extremely carelessly. At worst, it looked at the incongruous leap in locked device numbers and figured it better served the "going dark" narrative than an accurate count would.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: christopher wray, doj, encryption, fake numbers, fbi, going dark, inflated numbers
Reader Comments
The First Word
“How? How is that even possible? Counting things is literally one of the simplest possible tasks for a computer. When you make a mistake in programming, you'll usually have one too many or too few, (this is common enough that there's a name for it: off-by-one errors,) but off by several thousand?
There's an old saying: never attribute to malice that which is adequately explained by stupidity. But as a professional programmer, I can't see any good way how this can be adequately explained by stupidity or incompetence. This has to be someone messing around.
Subscribe: RSS
View by: Time | Thread
Funny how out_of_the_blue's greatest heroes have to rely on overinflated statistics to put their points across. It's almost like their actual claims don't have a leg to stand on...
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Copyright math has spread throughout the USA 520% more than previously estimated!
[ link to this | view in chronology ]
What's in the box?
Keep in mind this is data which isn't backed-up/duplicated on a server somewhere, which on my phone is... nothing.
[ link to this | view in chronology ]
Color me surprised.
[ link to this | view in chronology ]
Re: Color me surprised.
[ link to this | view in chronology ]
Re: Color me surprised.
FBI lies to push it's own agenda. Shocked.
FBI fabricates its own terror plots to push its own agenda.
FBI engages in parallel construction to bolster its numbers.
When the executive goes rogue you have a big problem.
[ link to this | view in chronology ]
Re: Re: Color me surprised.
[ link to this | view in chronology ]
Re: Re: Re: Color me surprised.
[ link to this | view in chronology ]
Re: Re: Re: Color me surprised.
[ link to this | view in chronology ]
The FBI's count was inflated by bad software and sloppy recordkeeping.
The "going dark" narrative is a house of cards erected on a loose bedding of bullshit.
The FBI has shown since its inception that it is not trustworthy. According to 18 U.S.C. § 1001* what the FBI is doing is considered a federal crime. When the FBI makes these statements to Congress and to the courts it is engaged in an ongoing criminal activity that amounts to a conspiracy against the US government. Not just this bullshit, but their years of lying on the stand about forensic evidence, the reliability of their agents under oath, about framing people for 'terrorism', etc. Time for a house cleaning since the three branches of government have shown since the 50s that they will not hold the FBI to account for their misdeeds.
*(a) Except as otherwise provided in this section, whoever, in any matter within the jurisdiction of the executive, legislative, or judicial branch of the Government of the United States, knowingly and willfully— (1) falsifies, conceals, or covers up by any trick, scheme, or device a material fact; (2) makes any materially false, fictitious, or fraudulent statement or representation; or (3) makes or uses any false writing or document knowing the same to contain any materially false, fictitious, or fraudulent statement or entry; shall be fined under this title, imprisoned not more than 5 years or, if the offense involves international or domestic terrorism (as defined in section 2331), imprisoned not more than 8 years, or both. If the matter relates to an offense under chapter 109A, 109B, 110, or 117, or section 1591, then the term of imprisonment imposed under this section shall be not more than 8 years
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I might know how they came up with such a large number for so few still-possessed devices. Let's tweak the premise slightly and then fill in some of the blanks...
"Last year, the FBI was unable to [immediately] access investigation-related content on more than 7,700 devices..." ... but they obtained access to the iCloud/Google Drive accounts and the backups just came through. ... but the suspect used the same PIN on a less secure device. ... but they convinced her she'd get a reduced sentence if she told them the password. ... but they got the data from a co-conspirator's device. ... but the data they were interested in they got from $telco instead. ... but it wasn't actually* an FBI investigation; they were just holding a device for the local police. * ... but Harris just came out with a new cracking device and it's super awesome* but they can't tell you about it :shh:.
[ link to this | view in chronology ]
Public math
[ link to this | view in chronology ]
Also, considering the way that police will routinely harvest cameras and phones from innocent bystanders who are witnesses to a crime but not suspects of any kind (and presumably return the devices once they copy the video they need) it would seem that the number of recording devices in their possession could fluctuate to a high degree.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
How? How is that even possible? Counting things is literally one of the simplest possible tasks for a computer. When you make a mistake in programming, you'll usually have one too many or too few, (this is common enough that there's a name for it: off-by-one errors,) but off by several thousand?
There's an old saying: never attribute to malice that which is adequately explained by stupidity. But as a professional programmer, I can't see any good way how this can be adequately explained by stupidity or incompetence. This has to be someone messing around.
[ link to this | view in chronology ]
Re:
FBI Director: I need to make a speech about "going dark" and need to know how many phones we have we can't crack.
FBI Grunt: We don't have any figures on that.
FBI Director: Well, I have to say SOMETHING! How about "We have seven MILLION phones we can't hack."
FBI Grunt: That's crazy! That's almost as many as the total number of arrests last year!
FBI Director: Don't most people have phones these days?
FBI Grunt (face-palming): How did you become director again? (sighs) Just say seven hundred.
FBI Director: That's not big enough! How about seven THOUSAND?
FBI Grunt: Yeah, whatever.
[ link to this | view in chronology ]
Re:
The software was probably developed in an agile environment, this could explain why said sw was not properly reviewed and tested.
[ link to this | view in chronology ]
Re:
How? How is that even possible? Counting things is literally one of the simplest possible tasks for a computer. When you make a mistake in programming, you'll usually have one too many or too few, (this is common enough that there's a name for it: off-by-one errors,) but off by several thousand?
in debugging code and sql i find it very easy to be off by orders of magnitude. of course simple testing to verify sanity is the very next step. best practice also suggests not duplicating data across multiple databases. so if we rule out intentional misdirection, which i wouldn't(^^), it would appear like the work of some one very lacking in competence on several levels, or as you say messing around, is an option.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
There's an old saying: never attribute to malice that which is adequately explained by stupidity.
There is an updated version of that. Any sufficiently advanced stupidity is indistinguishable from malice.
In this case though, I don't think stupidity was involved at all. It is straight up malice from beginning to end.
[ link to this | view in chronology ]
Briefly put...
[ link to this | view in chronology ]
Re: Briefly put...
Because the news reports would have been the same. Or else.
[ link to this | view in chronology ]
Their numbers still doesn't add up.
And now they think the number is somewhere between 1000 and 2000?
That discrepancy is not in any way explained by "programming errors", or "bad methodology". In my opinion, it's only explained by deliberate malfeasance.
[ link to this | view in chronology ]
As a software developer, I can attest that this is a fairly common error, so I buy that excuse from the FBI. However, when pushing for a policy that's based on a cost-benefit analysis, you need to know the costs (and benefits). If you can't trust the numbers, then you can't make an informed decision.
[ link to this | view in chronology ]
Charge stacking, but for phones
[ link to this | view in chronology ]
Re: Charge stacking, but for phones
[ link to this | view in chronology ]
Wonder about the education levels
This is an agency thats fired more Language interpreters then they can count on 2 hands..
An agency that cant figure out HOW to setup a server system that safe from the rest of the world..
[ link to this | view in chronology ]
"No really, you can trust us on THAT part!"
Last year, the FBI was unable to access investigation-related content on more than 7,700 devices — even though they had the legal authority to do so. Each of those devices was tied to a threat to the American people.
So given they flat out lied about how many devices they had, barring those that have a personal stake in pushing the 'going dark' lie and therefore have a reason to want that number to be as high as possible, exactly why would anyone believe them when they say that each device is 'tied to a threat to the american people'?
In claiming that each device held information relating to a threat to the american public, they painted themselves into a rather unpleasant corner with this new 'revelation.' If they want to say that each device contained information on a threat to the american public, then not knowing how many there were would make it pretty clear that their only interest was in using those 'threats' for their own end.
Conversely, and better(but only just), they could argue that Sessions made a 'least untruthful statement'/flat-out lie in claiming that the devices were related to threats to the public. In that case they would still have been knowingly spreading lies in an attempt to scare people into doing what they wanted, but at least they wouldn't have been knowingly ignoring threats to the american public in the process.
No matter how you look at it though, the FBI(and AG Sessions) come out looking all sorts of bad here.
[ link to this | view in chronology ]
Re: "No really, you can trust us on THAT part!"
Technically correct.
Each phone is tied to the FBI, and the FBI's anti-encryption zealotry is certainly a threat to the American people.
[ link to this | view in chronology ]
Candle
[ link to this | view in chronology ]
What I said to Tim on the twitters when he tweeted about this...
Wow.
Just pondering here but doesn't this mean that the chain of custody is broken? All of these "hardened criminals" who have added 2 or 12 million phones (FBI lost count after 10 & put their shoes back on), should question alleged evidence gained from them.
Also how do we get the money back wasted on a study that managed to ignore that having 3 distinct databases for phones submitted as evidence was a shitty methodology? No wonder they keep inventing 'lone wolf plots' to distract us from their gross incompetence.
[ link to this | view in chronology ]
"We had 10...ish... devices, the defendant's among them."
If they can't accurately track how many devices they have then it does rather seem as though it would be difficult to demonstrate that the devices in question haven't been tampered with and/or in someone else's possession at some point, something a defense lawyer could easily bring up to get any evidence from a device prohibited from being used in court.
Chalk that one up as another bullet they put into their own foot I guess.
[ link to this | view in chronology ]
[ link to this | view in chronology ]