EFF sent a Freedom of Information Act (FOIA) request to the FBI and other Department of Justice agencies to get some straight answers about approximately 7,800 supposedly un-hackable cellphones.
Law enforcement agencies say they have a problem–criminals all use encrypted devices, making those devices inaccessible to law enforcement. They call this the “Going Dark” problem, saying that modern encryption is so good that all the criminals in the world are “going dark” to government surveillance. To stop this, these agencies are clamoring for laws that would mandate backdoors be placed in encryption algorithms that allow for law enforcement access.
EFF is very concerned about these efforts to introduce backdoors into encryption, because as we’ve said, there’s no such thing as a safe backdoor. Any backdoor in encryption can be just as easily used by bad actors as by law enforcement if it gets leaked, and once a hard-coded backdoor is discovered, it often can’t be closed.
Nevertheless, law enforcement agencies leaders continue to argue that they will be helpless without these backdoors. In particular, FBI Director Christopher Wray has repeatedly [.pdf] claimed that the FBI failed to break the encryption of 7,775 mobile devices during the 2017 fiscal year.
This number sure is interesting, since we know that the FBI was able to get into the iPhone of the San Bernardino shooter without forcing Apple to help them do it, and we know that companies like Cellebrite and Grayshift sell access to iPhones for a few thousand dollars each. If these companies are actively providing their products to law enforcement, and have been doing so for years, where does Wray find 7,775 devices the FBI cannot hack?
To find out, we have submitted a FOIA request to the FBI, as well as the Offices of the Inspector General and Information Policy at DoJ. Among other things, we are asking the FBI to tell the public how they arrived at that 7,775 devices figure, when and how the FBI discovered that some outside entity was capable of hacking the San Bernardino iPhone, and what the FBI was telling Congress about its capabilities to hack into cellphones.
When law enforcement argues for legally mandating encryption backdoors into our devices, and justifies that argument by claiming they can’t get in any other way, it’s important for legislators and the public to know whether that justification is actually true.