At the International Association of Chiefs of Police conference, held in Philadelphia last week, Federal Bureau of Investigation Director Christopher Wray noted that the FBI has nearly 7,000 encrypted devices it cannot access. Per the phillyvoice.com:
In the first 11 months of the fiscal year , federal agents were unable to access the content of more than 6,900 mobile devices, Wray said in a speech….
Considering what Wray’s predecessor had to say about the issue in 2016, the problem is growing, fast:
[Former FBI Director James Comey] said, during the last three months of 2016 the FBI lab received 2,800 electronic devices sent in by local police and federal agents looking for evidence they contain. But analysts were unable to open 1,200 of them, “using any technique.”
Assuming that the influx of inaccessible encrypted devices to the FBI’s labs remained relatively constant last year, the implication is that the FBI possessed 4,800 encrypted mobile devices in 2016. In other words, there was a 50% increase year-over-year.
A Growing Problem
One can expect the number of inaccessible smartphones to keep growing for a number of reasons.
First, older devices get replaced with new ones, eventually. That in of itself doesn’t mean anything security-wise, except that encryption was not turned on by default for many older devices. Even if encryption were turned on, a password may not have been required.
Smartphones and tablets now come with encryption turned on by default and require a form of password; one can assume that nearly 100% of the phones the FBI needs to search in the future will be inaccessible.
Second, encryption tends to get stronger over time because researchers are constantly trying to find flaws in it. When found, they’re patched up. Cracking techniques that may have worked in the past may not be available on newer devices.
When the FBI filed and then dropped a lawsuit against Apple in 2016, the Bureau revealed that it had obtained a method to gain access to an iPhone 5C (they didn’t reveal what it was). Thus, it didn’t need to force Apple through the courts. It also noted that this method didn’t work on iPhones newer than the 5C, so that’s as far as that technique will go. Seeing how OS updates to the iPhone 5C ended this past summer, the FBI’s mysterious technique will see limited action in the future.
This tends to be the general pattern for flaws in security (assuming, of course, that you have bright people working on the problem; sometimes, flaws go undetected for years, possibly decades. Still, encryption performance points in one direction).
Third, more people are aware of the power and need for encryption. When the FBI butted heads with Apple (and, indirectly, with the entire tech community) in 2016, many in Congress initially supported the FBI. Calls for encryption backdoors, explicit or otherwise, were in the air. As time went by and these representatives educated themselves on the pros and cons of purposefully hamstringing cryptography, they started backtracking.
But, it’s not just Congress. Ironically, the Apple vs. FBI case caused ripples and worked to educate a lot of people about encryption and its benefits, detriments, and importance. With more people aware of what encryption does and how it works, you can expect encryption to extend to even those devices that don’t come with it by default.
How to Solve It?
So, yeah, encryption is problematic for the FBI. And, it will continue to be problematic. Hence, it’s not surprising to find that,
The Justice Department under President Donald Trump has suggested it will be aggressive in seeking access to encrypted information from technology companies. But in a recent speech, Deputy Attorney General Rod Rosenstein stopped short of saying exactly what action it might take. [apnews.com]
Honestly, short of a backdoor, there isn’t a solution here, and a backdoor is not a solution. Still, seeing how strange 2017 has been (and will probably be for the next three years, at least), it wouldn’t be surprising if the FBI finally got what they wished for.
No matter how ill-advised it might be.
Related Articles and Sites: