The FBI blunder on phone encryption, explained

Publication Type: 
Other Writing
Publication Date: 
May 30, 2018

The FBI has been arguing for years that the approach of Apple and other companies that strongly encrypt phones is a big problem for law enforcement, which cannot get access to information it needs to catch criminals. Some days ago, these claims led to a big controversy when it turned out the FBI had been accidentally exaggerating the number of phones it couldn’t open for years. Susan Landau is a renowned cryptographer and the author of the recent book “Listening In: Cybersecurity in an Insecure Age,” which looks at the argument between the FBI and the cryptographic community.  I asked her about her book and how to get law enforcement to a higher level of technological sophistication.

HF: The FBI has been claiming for years that it has thousands of encrypted phones that it can’t get access to and that might have vital information. Now it turns out that it has been massively overreporting the number of problem phones. How could this have happened?

SL: Records of the devices were in three different databases. The FBI wrote a program to tally the number of encrypted devices law enforcement couldn’t unlock. But the software apparently counted certain devices several times. It’s not news that the FBI has been having trouble with computer software. But given the importance the FBI has given to this issue, making an error of this magnitude is really hard to fathom. The Post reported that the FBI ultimately expects to find only one to two thousand locked devices it can’t open — rather than the 7,800 FBI Director Christopher Wray had repeatedly spoken of.

HF: Your book describes how the FBI and other law enforcement agencies claim that surely “smart people” can figure out some way to meet the demands of law enforcement while allowing people to use strong encryption to maintain their security and privacy. You and most other technical experts on cryptography are skeptical. Why?

SL: It’s flattering to be told you’re smart, but flattery doesn’t suddenly make an insoluble problem solvable. Law enforcement wants Silicon Valley to design encryption systems so that, when legally authorized, they can access encrypted communications and locked devices. That sounds reasonable until you look at the details of how an exceptional access system would work. My colleague Matt Blaze has likened this to arguing that if you can land a person on the moon, then you can land someone on the sun — and bring them back safely.

Read the full piece at The Washington Post