from the it's-just-that-I-don't-want-him-to-go-on-any-longer dept
The FBI needs to shut the fuck up about phone encryption.
This isn’t just profane hyperbole. Shut. The. Fuck. Up.
The FBI has continued — via consecutive directors — to agitate for encryption backdoors. And these directors have done this by delivering a false narrative, aided and abetted by the FBI’s refusal to correct its miscount of uncrackable devices in its possession.
For years, FBI Director James Comey made anti-encryption hay by citing escalating numbers of devices the FBI simply couldn’t break. But the numbers were bogus, the FBI finally admitted. But not before Comey was able to wield these false numbers as evidence the federal government needed to legislate backdoors.
Here’s what happened while Comey was still the FBI director:
The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000, The Washington Post has learned.
Here’s how this number expanded while Comey still had the FBI helm:
This number aligns more with reality than the frequent claims the number of locked phones was nearing 8,000 devices. In 2016, the FBI reported it was only locked out of around 880 devices. Less than two years later, it was stating it had 7,800 impregnable devices in its possession.
A few days later, the FBI promised to provide the public with an accurate number of devices in its possession. References to the ~8,000 devices made by FBI directors and DOJ officials were replaced with footnotes acknowledging the mistake.
** Due to an error in the FBI’s methodology, an earlier version of this speech incorrectly stated that the FBI had been unable to access 7,800 devices. The correct number will be substantially lower.
That promise debuted May 29, 2018. The FBI has yet to provide an updated number. That was 1,538 days ago. Or, to put in layman’s terms, more than four years ago. The FBI has spent four years and 76 days refusing to provide an accurate count.
Since then, James Comey has exited the public sphere, fired by then-president Donald Trump and riding off into the sunset, hailed as a savior by idiotic “Comey is my homey” people who apparently forgot Comey reopened an investigation into presidential candidate Hillary Clinton’s private email server only days before the 2016 election.
Comey was replaced by Christopher Wray. His replacement was no better. As the FBI continued to refuse to update this number, Wray leveraged the agency’s lack of honesty to argue against encryption. No longer able to use an inflated number to justify his agitation, Wray relied on unknown unknowns to make his case for backdoored encryption.
And, despite four years of FBI silence on the actual encryption problem, Wray continues to claim the US would be safer if encryption was easily breakable. Director Chris “Horseshit” Wray — delivering a statement to the House oversight committee — continues to claim encryption can be safely broken and that no one should be allowed to call this a backdoor.
Under a section misleadingly titled “Lawful Access,” Wray says this:
The problems caused by law enforcement agencies’ inability to access electronic evidence continue to grow.
We’ll stop on his first sentence because what even the fuck. This is citing facts not in evidence. And these facts are not in evidence because the FBI — over the course of 4+ years — has refused to provide them. We can’t possibly verify the “problem” (which was overstated for years) has “grown” because the FBI refuses to provide an accurate baseline or current count of encrypted devices in its possession.
It has also refused to provide any information about the phones in its “uncrackable” stash — information like how often encryption has terminated investigations or how often the FBI has obtained evidence supporting criminal charges through other means that don’t involve cracking a seized device. We don’t know how big the problem is because the FBI would obviously like us to believe it’s incredibly large. And it can do this by refusing to honestly discuss the issue by providing accurate stats and other information about criminal investigations.
That fact makes the rest of Wray’s whining irrelevant. None of the following should be granted credence without additional transparency by the FBI:
Increasingly, commercial device manufacturers have employed encryption in such a manner that only the device users can access the content of the devices. This is commonly referred to as “user-only-access” device encryption. Similarly, more and more communications service providers are designing their platforms and apps such that only the parties to the communication can access the content. This is generally known as “end-to-end” encryption. The proliferation of end-to-end and user-only-access encryption is a serious issue that increasingly limits law enforcement’s ability, even after obtaining a lawful warrant or court order, to access critical evidence and information needed to disrupt threats, protect the public, and bring perpetrators to justice.
Wray claims the proliferation of encryption is hampering law enforcement. But he provides no evidence of that. All he provides is assertions he believes to be unassailable. Bullshit. [Presses “ASSAIL” button repeatedly.] All we know for sure is that more entities are offering encryption. What we don’t know (because the FBI has refused to address this) is how often encryption derails investigations. The FBI continues to lie (by conspicuous omission) about this. For that reason, neither it or its front mouth can be trusted to address this issue honestly.
And when someone with all access to every possible resource available, that would assist in him getting the facts right, continues to make bullshit claims like these, there’s even less reason to believe Chris Wray knows what he’s talking about.
The FBI remains a strong advocate for the wide and consistent use of responsibly managed encryption. Protecting data and privacy in a digitally connected world is a top priority for the FBI, and we believe that promoting encryption is a vital part of that mission. Encryption without lawful access, though, does have a negative effect on law enforcement’s ability to protect the public. As I have testified previously, when the FBI discusses lawful access we mean putting providers who manage encrypted data in a position to decrypt it and provide it to us in response to legal process. We do not mean a “backdoor,” that is, for encryption to be weakened or compromised so that it can be defeated from the outside by law enforcement or anyone else.
End-to-end encryption that can be broken on demand isn’t actually end-to-end encryption. Putting processes in place that allow providers to break encryption when they’re asked to is the very definition of a “backdoor,” no matter how much Director Wray pretends it isn’t. Providers don’t know which of their users law enforcement will express an interest in thanks to encryption. So, to comply with “lawful access” demands, they would need to create an entry point that works with all accounts, rather than just those targeted by law enforcement. An entryway that did not previously exist is a backdoor. And this previously nonexistent entry point can never be considered exclusive to law enforcement. If the weakness exists, it can be exploited by anyone, even malicious hackers.
But, even if Chris Wray was correct about everything else, he still should be considered dis-invited from encryption discussions. If he’s not willing to force the FBI to cough up the corrected device count, he should keep his fucking mouth shut until he has these numbers in hand.