�鶹������ý

Four years ago, when their plan to encrypt their devices by default, the FBI and DOJ responded immediately and critically. Top that companies’ adoption of encryption by default would put children at risk and that “encryption threatens to lead all of us to a very dark place…We need to fix this problem.” Since then, we’ve heard from other government officials, including the and , who have argued that encryption is essential to cybersecurity. Even the said that be using encryption to protect all of their phone calls. Despite this, the FBI has continued the counterproductive and . However, the FBI’s credibility is in question after a recent wave of news stories and a Justice Department Inspector General (IG) report that suggest the “going dark” problem isn’t nearly as bad as the FBI has claimed.

Most recently, the that the FBI’s claims that it in 2017 massively overstated the actual number, spurring a calling for a new IG investigation. While the FBI does not yet have an accurate count, and does not know when one will be established, they estimate the number is closer to 1,200 devices. The over-count was reportedly that resulted in double-counting some devices and improperly adding the number of encrypted applications that could not be accessed into the total of locked devices. This news should raise even the most law-enforcement-friendly eyebrows. It undermines the FBI’s assertions about the pervasiveness of this problem, and it is cause for concern about the Justice Department’s candor. Despite learning about this miscalculation in April, Attorney General Jeff Sessions cited the inflated number in , and another official used it when the following day.

It also calls into question the FBI’s claims that if cryptographers worked hard enough, they could create a secure backdoor. The fact that this miscalculation was the result of a “programming error” reveals how the FBI fails or refuses to appreciate the technical difficulties of what it is demanding. On the scale from easy math to building a sound encryption system and implementing it securely, the FBI’s error was a failure of . This isn’t a knock on the FBI’s technical expertise. They have some of the most highly regarded software engineers in the country, who develop exceedingly complex data management systems and secure them against foreign adversaries and internal threats. This calculation error is proof that whether you are writing simple queries or building complex systems, coding is really hard. It also shows that the FBI was more interested in using a figure helpful to its case than in making sure its facts were correct.

Effectively encrypting devices and services is challenging beyond measure. Just two weeks ago, we learned that certain resulting from flaws in how they implemented the encryption algorithm, and there have been several recent stories about companies that can , including one company selling a device to unlock an . In this light, the FBI’s demands that Silicon Valley coders to find a technical solution show that the FBI is either willfully blind or unconcerned about the technical problems that come with that impossible task. These stories raise another question too – one that : Is the FBI choosing to ignore the many hacking tools already on the market in favor of a legislative agenda or litigation? The FBI has not answered Congress’ inquiries, but this question was central to the IG investigation of the FBI’s conduct concerning the San Bernardino shooter’s iPhone.

In the San Bernardino case, the FBI made repeated statements to Congress and the Courts that it had no means of accessing the contents of the subject iPhone unless the court . Yet, shortly after making those statements, the FBI dropped the case because it found a third-party that could get into the device. The Inspector General’s concluded that the FBI didn’t intentionally make false statements or engage in wrongdoing, but it wasn’t a model of propriety either. The Inspector General found that the FBI’s Cryptographic and Electronic Analysis Unit (CEAU) “did not pursue all possible avenues in the search for a solution.” CEAU’s chief was even frustrated when he found out the the FBI’s Remote Operations Unit had turned to trusted vendors for a solution. It appears the FBI was intentionally flat-footed in its efforts to unlock the iPhone in order to bolster its litigation position.

Instead of reassessing its position and seeking to regain public trust after the recent litany of missteps and misstatements, the FBI is digging in its heels. At the Aspen Institute, FBI Associate Deputy Director that "Each one of those [encrypted devices] represents a terrorist attack that could have been prevented or a child that could have been protected.” The Inspector General should investigate how the FBI could have made such a massive calculating error, and why Sessions and at least one other Justice Department official were still using the flawed figure after the FBI identified the mistake. Irrespective of any Inspector General findings, one thing is clear: despite the FBI’s good intentions, it no longer has any credibility when it comes to the feasibility of or the need for encryption backdoors.