The FBI says the inflated figures were due to a methodology error.
The Justice Department’s internal watchdog should investigate how the FBI ended up using inaccurate figures to bolster its case that warrant-proof encryption was making Americans unsafe, according to a Monday letter from 20 civil society groups.
The FBI acknowledged last month that it could not support the claim made by top officials, including Attorney General Jeff Sessions, that encryption blocked law enforcement from retrieving evidence from 7,775 devices during the 2017 fiscal year.
Associate Deputy Director Paul Abbate insisted, however, that end-to-end encryption systems remain a major barrier to investigations and could result in the bureau failing to stop a terrorist attack before it happens or find an abducted child.
Officials blamed the erroneous figure on a flawed methodology the bureau used to count encrypted devices. The FBI has not yet determined the correct figure, Abbate said.
The erroneous figure was the second major blow this year to the FBI’s four-year-old battle against end-to-end encryption systems, which top officials say allow terrorists and criminals to “go dark” online.
In March, the Justice Department inspector general concluded that, despite claims to the contrary, the bureau did not explore all possible options before asking a judge to legally compel Apple to help it crack into an encrypted iPhone used by San Bernardino shooter Syed Farook in 2015.
Apple fought that effort and the FBI eventually withdrew the request after an unnamed third-party offered its own technical fix.
Investigating the FBI’s erroneous claims about inaccessible devices would be a useful and necessary follow up to that earlier report, according to Monday’s letter from groups including the New America think tank, the American Civil Liberties Union and the Center for Democracy and Technology.
The dispute centers on end-to-end encryption systems, which shield the contents of communication from anyone—including the service provider—except the sender and recipient. In other encryption implementations, the communications provider has an encryption key and can share decrypted communications in response to a warrant.
The problem, according to tech companies and most security experts, is that any technical solution that allows government access to end-to-end encryption systems could also be exploited by criminal hackers. That would make all technology users less secure, they say.
“Given the severe negative effects of an encryption backdoor mandate, the FBI’s miscalculation is particularly concerning,” the civil liberties groups write.
The inspector general should investigate both how the FBI came to rely on the faulty figures and why top officials continued to cite the figures during the first weeks after the FBI learned they were erroneous.