DOJ, FBI Issuing Corrections To Statements, Testimony Containing Bogus Uncracked Device Numbers

from the cleanup-on-aisle-7800 dept

The FBI's push for encryption backdoors relied on ever-skyrocketing numbers of uncracked devices the agency's best and brightest just couldn't seem to access. "Look!" DOJ and FBI officials said, pointing lawmakers at charts showing an explosion in the number of locked devices over the last couple of years. Unsustainable, it seemed to say. But it was all a lie. Not a deliberate lie, maybe, but a lie nonetheless. A convenient misrepresentation of the problem caused by a software error.

How does an agency with the technical capabilities the FBI has miscount physical items? Apparently, you let software do the counting and hope for the best.

“The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,’’ the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.

This inflated the count from somewhere between 1,000-2,000 to nearly 8,000. That was the number used by Director Christopher Wray and AG Jeff Sessions in testimony to Congress and speeches to law enforcement. That was the center of the narrative: a number that kept growing exponentially with no end in sight.

You'd think the agency would track devices better, what with officials constantly claiming each and every phone was "tied to a threat to the American people." Something that important shouldn't be carelessly handled. But the phones "tied to threats" were overcounted, suggesting a severe problem in the FBI's tracking system that might make it difficult to figure out which "threats" each phone is "tied" to if and when it ever gets around to cracking the devices.

Now, the DOJ is in damage control mode. Robyn Greene was the first to notice the corrections made to officials' statements using the FBI's bullshit ~8,000 number. Edits to AG Sessions' recent comments at a law enforcement conference have replaced this:

Last year the FBI was unable to access investigation-related content on more than 7,700 devices…

With this:

Last year the FBI was unable to access investigation-related content on more than ** devices…

The footnote reads:

** Due to an error in the FBI's methodology, an earlier version of this speech incorrectly stated that the FBI had been unable to access 7,800 devices. The correct number will be substantially lower.

The FBI's been doing a bit of cleanup at its own site. Here's one from May 3, 2017 that has since been corrected.

In just the first half of this fiscal year, the FBI was unable to access the content of more than 3,000* mobile devices...

The FBI's footnote is far more concise and vague.

* Due to an error in methodology, this number is incorrect. A review is ongoing to determine an updated number.

It helpfully doesn't mention the FBI screwed up its own count. Nor does it state the new estimate will be "substantially lower." Cowards.

Here's another one, from September 27, 2017:

In the first 10 months of this fiscal year, the FBI was unable to access the content of more than 6,000* mobile devices…

How did this jump -- 3,000 phones in five months -- escape notice? As of November 2016, the number was only around 880 devices. Then it jumped to 3,000 six months later. Then it doubled to 6,000 in less than five months. By the end of that fiscal year four months later, the FBI had supposedly added another 1,775 uncrackable devices.

In fiscal year 2017, we were unable to access the content of 7,775* devices…

Even if the count had been accurate (which it wasn't), the numbers were delivered dishonestly. What appears to be a cumulative total of all devices the FBI had collected over the years is presented in testimony as being the total number of devices the FBI couldn't unlock during a single fiscal year. This vastly misconstrues the severity of the issue and while FBI officials may have been unaware the FBI's software was delivering bogus counts, it didn't stop them from overstating the problem by presenting historical cumulative numbers as a single year's total.

Whatever number the FBI finally delivers will be decidedly underwhelming. Considering it still hasn't provided Congress with details of its attempts to access supposedly uncrackable devices, the FBI has managed to decimate its own forces in the new War on Encryption. It overplayed its hand -- perhaps inadvertently -- and weakened its argument severely. Something this important to the FBI was handled carelessly -- not because the FBI doesn't really want weakened encryption, but because the FBI will not do anything to weaken its anti-encryption position. It never bothered to check the phone count because the number given to officials was sufficiently impressive. That mattered far more than accuracy or honesty. "Fidelity, Bravery, Integrity" my ass.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 29 May 2018 @ 9:36am

    Maybe they were counting clones of the phones

    It is always possible they had cloned some of the phones and were attempting to crack them in multiple locations. This still wouldn't excuse the lack of MD5Hash values or something similar to identify duplicate entries. Every database needs something like this.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Hero, 29 May 2018 @ 10:11am

      Re: Maybe they were counting clones of the phones

      They were counting duplicates because they used three databases and some phones appeared in more than one database. They probably just dumped the number of entries in each of the three databases and summed them together without realizing there might be duplicates (and clearly there were). But the 7,775 number sounded so juicy that they got too excited and just rolled with it instead of double checking.

      At least the FBI did come clean after someone noticed the problem (though did so as quietly as possible). ICE (or was it CBP?) still thinks that 7 people throwing sticks/bottles/rocks at 6 officers constituted 126 individual assaults and they are happy to admit they are fudging the numbers.

      At the end of the day, any talk about how Law Enforcement agencies are not political entities is bullshit.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 May 2018 @ 12:54pm

      Re: Maybe they were counting clones of the phones

      Nah, they just make up their own math. This is the same government forcing "Common Core" on our kids.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 29 May 2018 @ 2:24pm

        Re: Re: Maybe they were counting clones of the phones

        What about her emails?

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Hero, 30 May 2018 @ 6:02am

        Re: Re: Maybe they were counting clones of the phones

        Regarding "make up their own math", let's do some of our own without making up the numbers! The number of phones divided by the number of databases is 7775/3 = ~2591 phones. This would be the case if all phones were in all three databases.

        Yet, people are saying the true number lies somewhere between 1000-2000. This is an estimate, so it may be quite wrong. As I mentioned above, even the high-end of 2000 devices doesn't account for the case when all phones exist once in all three databases. This would imply that there are duplicates of phone info within a single database.

        This is an example of the Pigeon Hole Principle: if n items are put into m containers, with n > m, then at least one container must contain more than one item. In this case, n = 2591 and m = 3.

        This implies that either the 1000-2000 estimate is too small, or that there are duplicates within the same database, which further implies even worse record-keeping on the part of the FBI.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Hero, 30 May 2018 @ 6:06am

          Re: Re: Re: Maybe they were counting clones of the phones

          Sorry, quick correction. n = 2591 and m = 2000 (the high end of the estimate).

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 May 2018 @ 9:39am

    How many times are you going to run this? Within last two weeks!

    Probably more recent.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 29 May 2018 @ 11:50am

      The magic code strikes again!

      I mean really, it's not like there's anything newsworthy about the DOJ/FBI lying to congress and the public about something they claimed were threats to the american public, and now trying to brush said lie under the rug quietly after they got caught.

      You're right, I can't imagine what possible reason TD would cover this when I'm sure there's some super important news on a celebrity's latest dating scandal, or some 'kitting trapped in tree' story they could be covering that is much more important.

      As always your impotent foot stomping that TD continues to write things that you claim not to care about continue to be entertaining, so thanks for the laugh once again.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 29 May 2018 @ 7:20pm

        Re: The magic code strikes again!

        blue will cocksuck authority until he runs out of oxygen just to flail a semi-coherent point at Masnick.

        This is the same fucktard who bitches about vanishing for a year, returning for hell knows why, and complains that he can't bear to leave a site he loathes with every fiber of his being.

        SESTA vote the fucker.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 May 2018 @ 9:40am

    Tim, a favor please?

    Can you point me to the part of the U.S. Constitution that waives perjury charges for government officials who lie to Congress (e.g., the FBI, Clapper)?

    Thanks!

    reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 29 May 2018 @ 9:40am

    "caused by a software error. "

    Oops. They had MPAA in the dropdown menu rather than FBI.

    reply to this | link to this | view in chronology ]

  • icon
    Bamboo Harvester (profile), 29 May 2018 @ 9:41am

    It's ALWAYS "unable to access", which only implies encryption. How many of those devices were stomped on or dropped in liquid to brick them?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 May 2018 @ 9:45am

      Re:

      Great question!

      reply to this | link to this | view in chronology ]

      • icon
        Bamboo Harvester (profile), 29 May 2018 @ 1:54pm

        Re: Re:

        I know my local Village Police (five officers, a dispatcher, and a desk jockey) have well over a hundred cell phones they're "unable to access".

        As soon as a street-level dealer even THNKS "cop" they drop their phone and stomp on it.

        Walmart sells a LOT of burners to the same people, over and over, and over....

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 May 2018 @ 10:35am

      Re:

      I must admit that I am not sure if this is in the articles, but here goes:
      Also how many devices were actually relevant in the investigation and how many of the crimes being investigated were serious enough to justify this breach into a device that contains a lot - if not all - of your private information.

      One of the reasons it should NEVER become easy to breach devices is that if they cannot justify spending resources to obtain evidence then maybe it is not important enough. If they could access the contents of anyone's phone within 5 minutes, then we would all get our phones searched for jaywalking after a while.

      reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 29 May 2018 @ 11:50am

    "I didn't mean what I clearly said" it is then?

    So when will the punishments for the lies start flying? (Rhetorical question)

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 May 2018 @ 11:56am

    'Not a deliberate lie'

    anyone who believes that is thicker than can possibly be imagined! of course it was a lie! all they wanted to do/still want to do is have access to every device owned by every person everywhere, while ensuring that no ordinary person can ever have access to anything the 'security forces', the government, the rich, the famous and all their friends are up to! in other words do whatever they can to make sure we have no secrets and they have them all!!

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 29 May 2018 @ 12:05pm

    Such dedication to the truth

    I like how the FBI is keeping the bogus stats, and are merely adding footnotes about how the numbers are 'incorrect', wording that could go either way, up or down, for anyone unfamiliar with what happened.

    Credit to the DOJ for at least being honest enough to cut the number entirely and admit that the real numbers are substantially lower, but at this point patting them on the back for that is like congratulating someone for face-planting and then being able to stand up afterwards. It's the absolute least they should be capable of and doing.

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 29 May 2018 @ 12:20pm

    Warning..

    Any gov. agency, esp Police agency..
    That gives stats...IS LYING..

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.