FBI Admits It's Been Using A Highly-Inflated Number Of Locked Devices To Push Its 'Going Dark' Narrative

from the seriously-fuck-these-guys dept

Call it a lie. Call it a misrepresentation. Call it a convenient error. Call it what you want. Just don't call it a fact. Devlin Barrett at the Washington Post delivers a bombshell: the thousands of phones the FBI supposedly just can't crack despite a wealth of tech solutions at its disposal? It's nowhere near as many as consecutive FBI directors have claimed.

The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000, The Washington Post has learned.

This number aligns more with reality than the frequent claims the number of locked phones was nearing 8,000 devices. In 2016, the FBI reported it was only locked out of around 880 devices. Less than two years later, it was stating it had 7,800 impregnable devices in its possession.

This exponential increase followed the FBI's failure to convince a court Apple should be ordered to break a phone's encryption whenever the government wanted access. This courtroom demand was predicated on a deliberately backburnered quest to find a tech solution from a third party, as a recently-released Inspector General's report revealed.

So, we know the FBI can't be trusted to tell the whole story when quizzed about its "going dark" assertions. Now, we know the FBI can't be trusted to count physical devices accurately.

The FBI first became aware of the miscount about a month ago and still does not have an accurate count of how many encrypted phones they received as part of criminal investigations last year, officials said. Last week, one internal estimate put the correct number of locked phones at 1,200, though officials expect that number to change as they launch a new audit, which could take weeks to complete, according to people familiar with the work.

“The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,’’ the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.

The FBI's count was inflated by bad software and sloppy record keeping. But it had no incentive to fix it. Even if the error was never detected by the methodology test, someone should have asked how the FBI's stash of locked phones suddenly exploded from less than 900 to nearly 8,000 in 18 months. But, given the IG's findings about its slow-walked search for outside tech solutions in the Apple court battle, any red flags were probably ignored in favor of pushing the most dramatic "going dark" narrative possible. Why ask why? Just go with the more jaw-dropping number, even if there's no physical evidence to back the claim.

This discovery was likely prompted by FOIA requests and demands for answers from Congress. Without this outside pressure, the FBI had no motivation to double check its math. Now that it must answer to both Congressional oversight and tenacious members of the public, it has finally decided to audit its locked phone stash.

AG Sessions has also played a part in expanding the "going dark" narrative. He had this to say earlier this month, painting a picture of thousands of latent threats stored in FBI evidence lockers.

Last year, the FBI was unable to access investigation-related content on more than 7,700 devices — even though they had the legal authority to do so. Each of those devices was tied to a threat to the American people.

Except they're obviously not. Most of the devices don't even exist. Therefore, most of the threats don't exist. And this statement can't be definitively made about the number of actual devices the FBI has on hand because the FBI has yet to provide any info whatsoever about these devices or their relation to ongoing or stalled investigations. We don't know how many are tied to "threats to the American people" and how many are tied to bog standard investigatory work, like drug busts or white collar crime or any number of other non-threatening criminal activities the Bureau investigates.

The "going dark" narrative is a house of cards erected on a loose bedding of bullshit. It always has been. Now the FBI is slowly being forced to admit it has nothing to offer but shadow play in which a small pile of phones is stacked carefully to portray a towering, monstrous threat to the American public. At best, the FBI handled its precious cargo of anti-encryption warriors extremely carelessly. At worst, it looked at the incongruous leap in locked device numbers and figured it better served the "going dark" narrative than an accurate count would.


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 23 May 2018 @ 4:24am

    You mean it's like the time when the MPAA claimed that 45% of students were pirates and later admitted it was more like 15%? Color me shocked!

    Funny how out_of_the_blue's greatest heroes have to rely on overinflated statistics to put their points across. It's almost like their actual claims don't have a leg to stand on...

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 May 2018 @ 7:09am

      Re:

      Or how support for Pai's NN repeal is at 69.9%, if you include the millions fake of comments and exclude most of the comments from real people.

      reply to this | link to this | view in chronology ]

      • icon
        Anonymous Anonymous Coward (profile), 23 May 2018 @ 7:45am

        Re: Re:

        I imagine that Pai would count those comments that support his agenda, real or fake, and then the underlying data would be destroyed by a 'malfunction' of some sort. His public statement would be a gushing proclamation of how the public supports 'the program', and um, er, sorry about the data loss, it was inevitable, ahh unavoidable, I mean 'unintentional'.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 May 2018 @ 8:36am

      Re:

      Or - like the 47% silliness when the actual number is in the teens. He also had the maker/taker thing backwards.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 May 2018 @ 8:42pm

      Copyright math has spread throughout the USA 520% more than previously estimated!

      reply to this | link to this | view in chronology ]

  • icon
    Jeremy Lyman (profile), 23 May 2018 @ 4:27am

    What's in the box?

    Beyond the raw device numbers, we should also be questioning what indispensable information resides solely on the devices the FBI does possess. What are the stats on evidence they have knowledge of but are unable to physically obtain vs devices that are fishing expeditions looking to more dirt on suspects? Remember "he uses an encrypted phone" is not probable cause.

    Keep in mind this is data which isn't backed-up/duplicated on a server somewhere, which on my phone is... nothing.

    reply to this | link to this | view in chronology ]

  • identicon
    David, 23 May 2018 @ 4:33am

    Color me surprised.

    You'll need a whole lot of color, though.

    reply to this | link to this | view in chronology ]

  • icon
    discordian_eris (profile), 23 May 2018 @ 4:47am

    The FBI's count was inflated by bad software and sloppy recordkeeping.

    The "going dark" narrative is a house of cards erected on a loose bedding of bullshit.

    The FBI has shown since its inception that it is not trustworthy. According to 18 U.S.C. § 1001* what the FBI is doing is considered a federal crime. When the FBI makes these statements to Congress and to the courts it is engaged in an ongoing criminal activity that amounts to a conspiracy against the US government. Not just this bullshit, but their years of lying on the stand about forensic evidence, the reliability of their agents under oath, about framing people for 'terrorism', etc. Time for a house cleaning since the three branches of government have shown since the 50s that they will not hold the FBI to account for their misdeeds.

    *(a) Except as otherwise provided in this section, whoever, in any matter within the jurisdiction of the executive, legislative, or judicial branch of the Government of the United States, knowingly and willfully— (1) falsifies, conceals, or covers up by any trick, scheme, or device a material fact; (2) makes any materially false, fictitious, or fraudulent statement or representation; or (3) makes or uses any false writing or document knowing the same to contain any materially false, fictitious, or fraudulent statement or entry; shall be fined under this title, imprisoned not more than 5 years or, if the offense involves international or domestic terrorism (as defined in section 2331), imprisoned not more than 8 years, or both. If the matter relates to an offense under chapter 109A, 109B, 110, or 117, or section 1591, then the term of imprisonment imposed under this section shall be not more than 8 years

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 May 2018 @ 4:52am

    Well, Steve Jobs himself did describe the original iPhone as a a "widescreen iPod with touch controls" a "revolutionary mobile phone" and a "breakthrough Internet communicator" so really the FBI is just counting each physical device as 3 different devices like Apple said they should.

    reply to this | link to this | view in chronology ]

  • identicon
    Canuck, 23 May 2018 @ 5:14am

    1200 phones times three databases still doesn't add up to 7700. They're just lying sacks of shit.

    reply to this | link to this | view in chronology ]

  • icon
    Andrew Cook (profile), 23 May 2018 @ 5:14am

    I might know how they came up with such a large number for so few still-possessed devices. Let's tweak the premise slightly and then fill in some of the blanks...

    "Last year, the FBI was unable to [immediately] access investigation-related content on more than 7,700 devices..." ... but they obtained access to the iCloud/Google Drive accounts and the backups just came through. ... but the suspect used the same PIN on a less secure device. ... but they convinced her she'd get a reduced sentence if she told them the password. ... but they got the data from a co-conspirator's device. ... but the data they were interested in they got from $telco instead. ... but it wasn't actually* an FBI investigation; they were just holding a device for the local police. * ... but Harris just came out with a new cracking device and it's super awesome* but they can't tell you about it :shh:.

    reply to this | link to this | view in chronology ]

  • identicon
    Capt ICE Enforcer, 23 May 2018 @ 5:23am

    Public math

    Well, public math was never their strong suit. Especially with big numbers like we are seeing.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 May 2018 @ 6:27am

    It's quite possible that the FBI has never conducted any kind of nationwide cellphone census covering all their field offices and headquarters and they're just pulling numbers out of the air.

    Also, considering the way that police will routinely harvest cameras and phones from innocent bystanders who are witnesses to a crime but not suspects of any kind (and presumably return the devices once they copy the video they need) it would seem that the number of recording devices in their possession could fluctuate to a high degree.

    reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 23 May 2018 @ 6:41am

    Where's Trumps outrage at the FBI's brand of fake news?

    reply to this | link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 23 May 2018 @ 8:30am

    The FBI's count was inflated by bad software and sloppy recordkeeping.

    How? How is that even possible? Counting things is literally one of the simplest possible tasks for a computer. When you make a mistake in programming, you'll usually have one too many or too few, (this is common enough that there's a name for it: off-by-one errors,) but off by several thousand?

    There's an old saying: never attribute to malice that which is adequately explained by stupidity. But as a professional programmer, I can't see any good way how this can be adequately explained by stupidity or incompetence. This has to be someone messing around.

    reply to this | link to this | view in chronology ]

    • icon
      JoeCool (profile), 23 May 2018 @ 8:41am

      Re:

      I don't know... these people are REALLY stupid. I see it going something like this:

      FBI Director: I need to make a speech about "going dark" and need to know how many phones we have we can't crack.

      FBI Grunt: We don't have any figures on that.

      FBI Director: Well, I have to say SOMETHING! How about "We have seven MILLION phones we can't hack."

      FBI Grunt: That's crazy! That's almost as many as the total number of arrests last year!

      FBI Director: Don't most people have phones these days?

      FBI Grunt (face-palming): How did you become director again? (sighs) Just say seven hundred.

      FBI Director: That's not big enough! How about seven THOUSAND?

      FBI Grunt: Yeah, whatever.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 May 2018 @ 8:42am

      Re:

      "How is that even possible? Counting things is literally one of the simplest possible tasks for a computer. "

      The software was probably developed in an agile environment, this could explain why said sw was not properly reviewed and tested.

      reply to this | link to this | view in chronology ]

    • identicon
      nona, 23 May 2018 @ 10:27am

      Re:

      How? How is that even possible? Counting things is literally one of the simplest possible tasks for a computer. When you make a mistake in programming, you'll usually have one too many or too few, (this is common enough that there's a name for it: off-by-one errors,) but off by several thousand?

      in debugging code and sql i find it very easy to be off by orders of magnitude. of course simple testing to verify sanity is the very next step. best practice also suggests not duplicating data across multiple databases. so if we rule out intentional misdirection, which i wouldn't(^^), it would appear like the work of some one very lacking in competence on several levels, or as you say messing around, is an option.

      reply to this | link to this | view in chronology ]

      • identicon
        bob, 23 May 2018 @ 10:46am

        Re: Re:

        Given the track record of government contractors and the practice of always selecting the cheapest price, I will wager incompetence is still a good (plausible sounding) possibility. However I still agree that the FBI is just making crap up.

        reply to this | link to this | view in chronology ]

    • icon
      discordian_eris (profile), 23 May 2018 @ 2:25pm

      Re:

      There's an old saying: never attribute to malice that which is adequately explained by stupidity.

      There is an updated version of that. Any sufficiently advanced stupidity is indistinguishable from malice.

      In this case though, I don't think stupidity was involved at all. It is straight up malice from beginning to end.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 May 2018 @ 8:44am

    Briefly put...

    ...had the FBI been in charge, Apollo 7's crew would have ended up in the Mariana trench instead of orbit (yet somehow no one would have batted an eyelid).

    reply to this | link to this | view in chronology ]

    • identicon
      David, 23 May 2018 @ 11:05am

      Re: Briefly put...

      > ...had the FBI been in charge, Apollo 7's crew would have ended up in the Mariana trench instead of orbit (yet somehow no one would have batted an eyelid).

      Because the news reports would have been the same. Or else.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 May 2018 @ 9:08am

    Their numbers still doesn't add up.

    Assume that all three databases have a complete list of all the phones in the FBI's possession. Further assume that the overcount was a simple matter of not getting rid of the duplicates. That in turn would imply that the phone count was inflated by a factor of 3, so the FBI would have 7800/3 = 2600 phones in their possession.

    And now they think the number is somewhere between 1000 and 2000?

    That discrepancy is not in any way explained by "programming errors", or "bad methodology". In my opinion, it's only explained by deliberate malfeasance.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Hero, 23 May 2018 @ 9:28am

    > The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones.

    As a software developer, I can attest that this is a fairly common error, so I buy that excuse from the FBI. However, when pushing for a policy that's based on a cost-benefit analysis, you need to know the costs (and benefits). If you can't trust the numbers, then you can't make an informed decision.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 May 2018 @ 10:50am

    Charge stacking, but for phones

    Maybe a phone gets counted once for each investigation they want to use it in. So if they charge three people for fraud, and recover one physical phone that they cannot unlock, that counts as three phones, once for each of the three people charged. It's silly math, but it works for CBP when counting "assaults on an officer." The more people they charge in a conspiracy, the more times that one phone gets counted.

    reply to this | link to this | view in chronology ]

    • icon
      discordian_eris (profile), 23 May 2018 @ 2:32pm

      Re: Charge stacking, but for phones

      Are we sure that those two federal agencies aren't secretly sub-chapters of The Church of the SubGenius? Because Bob is nodding his approval in the corner of my living room.

      reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 23 May 2018 @ 12:03pm

    Wonder about the education levels

    For a branch of gov. that will take WEEKS to count a few thousand...
    This is an agency thats fired more Language interpreters then they can count on 2 hands..
    An agency that cant figure out HOW to setup a server system that safe from the rest of the world..

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 23 May 2018 @ 12:20pm

    "No really, you can trust us on THAT part!"

    Last year, the FBI was unable to access investigation-related content on more than 7,700 devices — even though they had the legal authority to do so. Each of those devices was tied to a threat to the American people.

    So given they flat out lied about how many devices they had, barring those that have a personal stake in pushing the 'going dark' lie and therefore have a reason to want that number to be as high as possible, exactly why would anyone believe them when they say that each device is 'tied to a threat to the american people'?

    In claiming that each device held information relating to a threat to the american public, they painted themselves into a rather unpleasant corner with this new 'revelation.' If they want to say that each device contained information on a threat to the american public, then not knowing how many there were would make it pretty clear that their only interest was in using those 'threats' for their own end.

    Conversely, and better(but only just), they could argue that Sessions made a 'least untruthful statement'/flat-out lie in claiming that the devices were related to threats to the public. In that case they would still have been knowingly spreading lies in an attempt to scare people into doing what they wanted, but at least they wouldn't have been knowingly ignoring threats to the american public in the process.

    No matter how you look at it though, the FBI(and AG Sessions) come out looking all sorts of bad here.

    reply to this | link to this | view in chronology ]

    • icon
      Toom1275 (profile), 27 May 2018 @ 3:14pm

      Re: "No really, you can trust us on THAT part!"

      > Each of those devices was tied to a threat to the American people.

      Technically correct.
      Each phone is tied to the FBI, and the FBI's anti-encryption zealotry is certainly a threat to the American people.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 May 2018 @ 12:46pm

    Candle

    FBI going dark? I think they're already there. The candle of their knowledge is dark indeed.

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 23 May 2018 @ 6:01pm

    My first responses are always the best....
    What I said to Tim on the twitters when he tweeted about this...

    Wow.
    Just pondering here but doesn't this mean that the chain of custody is broken? All of these "hardened criminals" who have added 2 or 12 million phones (FBI lost count after 10 & put their shoes back on), should question alleged evidence gained from them.

    Also how do we get the money back wasted on a study that managed to ignore that having 3 distinct databases for phones submitted as evidence was a shitty methodology? No wonder they keep inventing 'lone wolf plots' to distract us from their gross incompetence.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 24 May 2018 @ 12:05am

      "We had 10...ish... devices, the defendant's among them."

      If they can't accurately track how many devices they have then it does rather seem as though it would be difficult to demonstrate that the devices in question haven't been tampered with and/or in someone else's possession at some point, something a defense lawyer could easily bring up to get any evidence from a device prohibited from being used in court.

      Chalk that one up as another bullet they put into their own foot I guess.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 May 2018 @ 9:17pm

    FBI admit they are crooks; and, soon after, informed people say that water is wet.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.