A programming error caused top law enforcement officials to overstate how many locked smartphones it was unable to search, including in congressional testimony.
WASHINGTON — The F. B. I. came under fire from electronic privacy and security advocates on Wednesday after acknowledging that it has repeatedly exaggerated the number of locked smartphones and other mobile electronic devices it has been unable to access because of encryption, including in congressional testimony and public speeches.
The miscount, which the bureau said was because of an inadvertent programming error in a system that gathered statistics from F. B. I. databases, was a significant embarrassment at a time when the bureau has been pushing for a legal mandate that tech companies build unlocking tools into such devices for law-enforcement access to potential evidence.
Electronic privacy and security activists have opposed the F. B. I.’s push to mandate an unlocking mechanism — which the government calls “extraordinary access” and critics call “back doors” — saying it would make devices too vulnerable to hacking. Among those who seized on the disclosure to rain criticism down upon the bureau was Greg Nojeim, director of the Center for Democracy and Technology’s Freedom, Security, and Technology Project.
“The factual basis of the F. B. I.’s arguments to weaken encryption has been called into doubt,” Mr. Nojeim said, calling for an investigation by the Justice Department’s internal watchdog.
Kevin Bankston, director of New America’s Open Technology Institute, questioned the F. B. I.’s competence and trustworthiness on encryption. He, too, called for an inspector general investigation to determine “just how the F. B. I. could have made such a massive mistake on such an important issue, and repeatedly given false information in sworn testimony for Congress.”
The F. B. I. said it was conducting its own “in-depth review of how this overcounting previously occurred, and how the methodology can be corrected to capture future data accurately.”
Specifically, top law enforcement officials — including the F. B. I. director, Christopher A. Wray, and the deputy attorney general, Rod J. Rosenstein — have touted a talking point that in the fiscal year that ended in September, encryption prevented the F. B. I. from unlocking about 7,800 smartphones and other devices despite having legal authority to access them for evidence.
“This figure represents slightly over half of all the mobile devices the FBI attempted to access in that time frame,” Mr. Wray told the House Judiciary Committee in December.
But that number is wrong, the F. B. I. said in a statement late on Tuesday. The bureau said that it had discovered in late April that the system it was using to gather such statistics from its databases was flawed. It appeared that inadvertent “programming errors resulted in significant overcounting” of how many mobile devices it had been thwarted from accessing, it said.
F. B. I. officials refused to provide an estimate for the real number of such devices, saying it was still conducting a review to both figure that out and determine what methodology to use in the future. The Washington Post, which first disclosed the miscount, cited unnamed officials as saying the real number was probably between 1,000 and 2,000.
The F. B. I. has been pushing, in fits and starts, since 2010 for legal changes that would require tech companies to help it gain access to secured data, saying the ability of law-enforcement officials to carry out court-approved wiretaps and searches is “going dark” because of the spreading use of encryption. That fight last peaked in 2016, when the Justice Department obtained a court order requiring Apple to design a specialized operating system that would help the F. B. I. unlock an iPhone recovered after the mass shooting in San Bernardino, Calif.
Apple fought the order, and the case launched a debate over tech freedom, security and encryption. The issue was eventually defused when prosecutors disclosed that the F. B. I. had unlocked the phone using a method developed by another company. (No significant evidence was found on the phone.)
In March, the Justice Department’s inspector general issued a report finding that the F. B. I. had not searched for all possible solutions to unlock the phone before seeking the court order, raising suspicions among the privacy and technology community about whether the bureau tried to use the San Bernardino case to create a precedent for weakening encryption.
In recent months, the Justice Department and the F. B. I. under the Trump administration have revived its push for a solution, leading to the speeches and congressional testimony that invoked the inaccurately large number of devices that the bureau purportedly was stymied from accessing.
“The report is a clear reminder that policymakers should take the F. B. I.’s claims of going dark with a big grain of salt,” Mr. Nojeim said .
But the F. B. I. also insisted that its growing inability to access devices that are encrypted remains a significant challenge, whatever the correct number turns out to be, vowing to keep pushing for changes.
“Going Dark remains a serious problem for the F. B. I., as well as other federal, state, local, and international law enforcement partners, all of whom face similar challenges in maintaining access to electronic evidence despite having legal authorization to do so,” it said. “The F. B. I. will continue pursuing a solution that ensures law enforcement can access evidence of criminal activity with appropriate legal authority.”
