FBI Director Complains About Encryption, Offers To Sacrifice Public Safety In The Interest Of Public Safety

FBI Director Christopher Wray offered testimony to the House Judiciary Committee at a hearing entitled "Oversight of Federal Bureau of Investigation." Not much in terms of oversight was discussed. Instead, Wray took time to ask for a reauthorization of Section 702 before using several paragraphs of his prepared comments to discuss the "going dark" problem.

It picks up where Wray left off in October: offering up meaningless statistics about device encryption. Through the first eleven months of the fiscal year, the FBI apparently had 6,900 locked phones in its possession. Wray claims this number represents "roughly half" of the devices in the FBI's possession. The number is meaningless, but it serves a purpose: to make it appear device encryption is resulting in thousands of unsolved crimes.

That number has been updated in Wray's latest comments [PDF]:

In fiscal year 2017, the FBI was unable to access the content of approximately 7800 mobile devices using appropriate and available technical tools, even though there was legal authority to do so. This figure represents slightly over half of all the mobile devices the FBI attempted to access in that timeframe.

This number will always grow. And it will always be meaningless. There's no context provided by the FBI, nor will there ever be. The FBI needs us to believe every locked cell phone contains evidence crucial to investigations and prosecutions. It needs us -- and our Congressional representatives -- to believe thousands of criminals are roaming the streets thanks to device encryption. But it should make people wonder how the FBI ever managed to complete investigations successfully before the advent of cell phones.

Wray goes on to make familiar complaints. Metadata isn't enough to generate evidence needed for convictions. (But Wray still believes every uncracked phone is loaded with just such evidence. Nothing provided by the FBI shows how many times accessing phones fails to produce prosecution-worthy evidence.) Hacking into phones isn't a solution that scales. (This is dubious as well. If hacking into phones can't scale, then the ongoing existence of companies like Cellebrite is a mystery. The solution must work often enough, across several models of phones, to justify the millions being spent by US law enforcement agencies.)

Finally, Wray again presents a intellectually dishonest equation.

Some observers have conceived of this challenge as a trade-off between privacy and security. In our view, the demanding requirements to obtain legal authority to access data-such as by applying to a court for a warrant or a wiretap-necessarily already account for both privacy and security.

"Some" observers may say this, but they're not the sort of observers worth observing. The real tradeoff is personal security versus government access. The FBI is willing to trade away citizens' personal security for easier access -- something only the FBI benefits from. (And as to how often access is truly a benefit, we're deliberately left in the dark. The FBI is unwilling to divulge how many accessed phones are dead ends and how many cases it closes despite the presence of a locked device.)

This willingness to make personal device use less safe for millions of phone owners is inserted directly into heartwarming statements about public safety. According to Wray, the existence of devices the FBI can't access is a public safety issue. This is said despite no evidence being provided there's been a correlating rise in criminal activity. We continue to live in an era of unprecedented safety -- even with the threat of worldwide terrorists organizations being supposedly omnipresent. The spikes in homicide rates experienced in a few cities do not indicate a new era of lawlessness being ushered in, led by criminals emboldened by device encryption.

If Wray gets his way, the public will be less safe. Encryption will either be backdoored or no longer an option. For years law enforcement asked cell phone providers to give their users more protection against device thieves. Encryption prevents thieves from doing much more than stealing a phone. They can't harvest personal info or directly access sensitive services accessible from a stolen phone. Now that companies are offering this, the FBI is complaining about its lack of access.

The numerous leaks of hacking tools from the CIA and NSA show the government can't be trusted with encryption backdoors. If the FBI truly values public safety, it would drop the anti-encryption arguments and continue working with companies to make cell phone use safer. Instead, it takes its misguided complaints directly to Congress, dropping hints that it would like a legislative "solution" -- mandated backdoors or an encryption ban -- rather than the tools it already has.