DOJ, FBI Issuing Corrections To Statements, Testimony Containing Bogus Uncracked Device Numbers

from the cleanup-on-aisle-7800 dept

The FBI’s push for encryption backdoors relied on ever-skyrocketing numbers of uncracked devices the agency’s best and brightest just couldn’t seem to access. “Look!” DOJ and FBI officials said, pointing lawmakers at charts showing an explosion in the number of locked devices over the last couple of years. Unsustainable, it seemed to say. But it was all a lie. Not a deliberate lie, maybe, but a lie nonetheless. A convenient misrepresentation of the problem caused by a software error.

How does an agency with the technical capabilities the FBI has miscount physical items? Apparently, you let software do the counting and hope for the best.

“The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,’’ the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.

This inflated the count from somewhere between 1,000-2,000 to nearly 8,000. That was the number used by Director Christopher Wray and AG Jeff Sessions in testimony to Congress and speeches to law enforcement. That was the center of the narrative: a number that kept growing exponentially with no end in sight.

You’d think the agency would track devices better, what with officials constantly claiming each and every phone was “tied to a threat to the American people.” Something that important shouldn’t be carelessly handled. But the phones “tied to threats” were overcounted, suggesting a severe problem in the FBI’s tracking system that might make it difficult to figure out which “threats” each phone is “tied” to if and when it ever gets around to cracking the devices.

Now, the DOJ is in damage control mode. Robyn Greene was the first to notice the corrections made to officials’ statements using the FBI’s bullshit ~8,000 number. Edits to AG Sessions’ recent comments at a law enforcement conference have replaced this:

Last year the FBI was unable to access investigation-related content on more than 7,700 devices…

With this:

Last year the FBI was unable to access investigation-related content on more than ** devices…

The footnote reads:

** Due to an error in the FBI’s methodology, an earlier version of this speech incorrectly stated that the FBI had been unable to access 7,800 devices. The correct number will be substantially lower.

The FBI’s been doing a bit of cleanup at its own site. Here’s one from May 3, 2017 that has since been corrected.

In just the first half of this fiscal year, the FBI was unable to access the content of more than 3,000* mobile devices...

The FBI’s footnote is far more concise and vague.

* Due to an error in methodology, this number is incorrect. A review is ongoing to determine an updated number.

It helpfully doesn’t mention the FBI screwed up its own count. Nor does it state the new estimate will be “substantially lower.” Cowards.

Here’s another one, from September 27, 2017:

In the first 10 months of this fiscal year, the FBI was unable to access the content of more than 6,000* mobile devices…

How did this jump — 3,000 phones in five months — escape notice? As of November 2016, the number was only around 880 devices. Then it jumped to 3,000 six months later. Then it doubled to 6,000 in less than five months. By the end of that fiscal year four months later, the FBI had supposedly added another 1,775 uncrackable devices.

In fiscal year 2017, we were unable to access the content of 7,775* devices…

Even if the count had been accurate (which it wasn’t), the numbers were delivered dishonestly. What appears to be a cumulative total of all devices the FBI had collected over the years is presented in testimony as being the total number of devices the FBI couldn’t unlock during a single fiscal year. This vastly misconstrues the severity of the issue and while FBI officials may have been unaware the FBI’s software was delivering bogus counts, it didn’t stop them from overstating the problem by presenting historical cumulative numbers as a single year’s total.

Whatever number the FBI finally delivers will be decidedly underwhelming. Considering it still hasn’t provided Congress with details of its attempts to access supposedly uncrackable devices, the FBI has managed to decimate its own forces in the new War on Encryption. It overplayed its hand — perhaps inadvertently — and weakened its argument severely. Something this important to the FBI was handled carelessly — not because the FBI doesn’t really want weakened encryption, but because the FBI will not do anything to weaken its anti-encryption position. It never bothered to check the phone count because the number given to officials was sufficiently impressive. That mattered far more than accuracy or honesty. “Fidelity, Bravery, Integrity” my ass.

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DOJ, FBI Issuing Corrections To Statements, Testimony Containing Bogus Uncracked Device Numbers”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Maybe they were counting clones of the phones

It is always possible they had cloned some of the phones and were attempting to crack them in multiple locations. This still wouldn’t excuse the lack of MD5Hash values or something similar to identify duplicate entries. Every database needs something like this.

Anonymous Hero says:

Re: Maybe they were counting clones of the phones

They were counting duplicates because they used three databases and some phones appeared in more than one database. They probably just dumped the number of entries in each of the three databases and summed them together without realizing there might be duplicates (and clearly there were). But the 7,775 number sounded so juicy that they got too excited and just rolled with it instead of double checking.

At least the FBI did come clean after someone noticed the problem (though did so as quietly as possible). ICE (or was it CBP?) still thinks that 7 people throwing sticks/bottles/rocks at 6 officers constituted 126 individual assaults and they are happy to admit they are fudging the numbers.

At the end of the day, any talk about how Law Enforcement agencies are not political entities is bullshit.

Anonymous Hero says:

Re: Re: Maybe they were counting clones of the phones

Regarding “make up their own math”, let’s do some of our own without making up the numbers! The number of phones divided by the number of databases is 7775/3 = ~2591 phones. This would be the case if all phones were in all three databases.

Yet, people are saying the true number lies somewhere between 1000-2000. This is an estimate, so it may be quite wrong. As I mentioned above, even the high-end of 2000 devices doesn’t account for the case when all phones exist once in all three databases. This would imply that there are duplicates of phone info within a single database.

This is an example of the Pigeon Hole Principle: if n items are put into m containers, with n > m, then at least one container must contain more than one item. In this case, n = 2591 and m = 3.

This implies that either the 1000-2000 estimate is too small, or that there are duplicates within the same database, which further implies even worse record-keeping on the part of the FBI.

That One Guy (profile) says:

Re: The magic code strikes again!

I mean really, it’s not like there’s anything newsworthy about the DOJ/FBI lying to congress and the public about something they claimed were threats to the american public, and now trying to brush said lie under the rug quietly after they got caught.

You’re right, I can’t imagine what possible reason TD would cover this when I’m sure there’s some super important news on a celebrity’s latest dating scandal, or some ‘kitting trapped in tree’ story they could be covering that is much more important.

As always your impotent foot stomping that TD continues to write things that you claim not to care about continue to be entertaining, so thanks for the laugh once again.

Anonymous Coward says:

Re: Re: The magic code strikes again!

blue will cocksuck authority until he runs out of oxygen just to flail a semi-coherent point at Masnick.

This is the same fucktard who bitches about vanishing for a year, returning for hell knows why, and complains that he can’t bear to leave a site he loathes with every fiber of his being.

SESTA vote the fucker.

Anonymous Coward says:

Re: Re:

I must admit that I am not sure if this is in the articles, but here goes:
Also how many devices were actually relevant in the investigation and how many of the crimes being investigated were serious enough to justify this breach into a device that contains a lot – if not all – of your private information.

One of the reasons it should NEVER become easy to breach devices is that if they cannot justify spending resources to obtain evidence then maybe it is not important enough. If they could access the contents of anyone’s phone within 5 minutes, then we would all get our phones searched for jaywalking after a while.

Anonymous Coward says:

‘Not a deliberate lie’

anyone who believes that is thicker than can possibly be imagined! of course it was a lie! all they wanted to do/still want to do is have access to every device owned by every person everywhere, while ensuring that no ordinary person can ever have access to anything the ‘security forces’, the government, the rich, the famous and all their friends are up to! in other words do whatever they can to make sure we have no secrets and they have them all!!

That One Guy (profile) says:

Such dedication to the truth

I like how the FBI is keeping the bogus stats, and are merely adding footnotes about how the numbers are ‘incorrect’, wording that could go either way, up or down, for anyone unfamiliar with what happened.

Credit to the DOJ for at least being honest enough to cut the number entirely and admit that the real numbers are substantially lower, but at this point patting them on the back for that is like congratulating someone for face-planting and then being able to stand up afterwards. It’s the absolute least they should be capable of and doing.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...