May 24, 2018

How the FBI's numbers fumble moves the encryption debate

Photo: Pau Barrena AFP via Getty Images

The FBI has long made the case that it needs access to encrypted cell phones to stop crime. But one of the key statistics the agency has recently cited to support that case was grossly inflated thanks to a programming goof, the Washington Post reported Tuesday.

Why it matters: Supporters of strong encryption will likely see this screw-up — the second of its kind that we’ve learned of in two months — as a problem of honesty. But there's a chance there may be a more material effect on the encryption debate in changing how risk gets balanced with safety.

The bottom line: The deeply entrenched sides of the public debate will continue their standoff, but behind closed doors, where real compromise is being discussed, the calculations may shift.

By the (wrong) numbers: FBI director Christopher Wray has claimed there were around 7,800 phones related to crimes being investigated that the bureau could not access due to unbreakable security measures. It turns out that, while an exact tally is still being calculated, the accurate figure is somewhere between 1,000 and 2,000.

"This is a pretty bad mistake," said David Kris, former assistant attorney general for national security and founder of Culper Partners.

The debate:

  • Law enforcement authorities seek legislation mandating “backdoors” in phones and other devices letting them access even encrypted contents in extraordinary circumstances.
  • Experts believe nearly unanimously that weakening encryption with backdoors would catastrophically reduce global cybersecurity.
  • The public debate on this issue centers around whether it’s possible to find a technological solution that would give law enforcement access to encrypted data without everyone else suffering those catastrophic consequences.
  • That technological solution likely doesn’t exist, meaning that the more nuanced debate that proceeds behind closed doors is about risk management. Participants in that debate are wrestling with how to limit the use of back doors by finding a risk/reward balance. The risk to be contained is the impact of a future Wannacry type of event; the reward is the crime-fighting value of accessing a certain number of phones.

But, but, but: You can’t do good risk management with bad data.

  • With numbers overinflated between 4 and 8-fold, the FBI was arguing backdoors were 4 to 8 times more important than they actually are.
  • Balancing the risk/reward equation, that meant the FBI was giving itself license to justify 4 to 8 times as much risk.

Flashback: Two months ago, an FBI inspector general report found that the FBI had incorrectly testified before Congress about the encryption issue during the San Bernardino terrorism case in 2016. Then-director James Comey claimed to have exhausted all avenues to break into a cell phone belonging to a suspected terrorist and used that issue to make the case for backdoors. One problem: The FBI had not, in fact, exhausted its resources.

Reality check: Though stakeholders may make try to make this about the FBI's honesty, even staunch supporters of strong encryption generally agree these repeated misstatements haven't been intentional. "The fact the FBI came forward with these errors — let’s see where that goes before seeking out an investigation," said backdoor opponent Rep. Will Hurd (R-Texas) at a Wednesday panel discussion at the Aspen Institute in Washington, D.C.

FBI will keep making the same case: At the Aspen event, FBI associate deputy director Paul Abbate argued that even 1000 phones are more than enough to be concerned about: "Each one of those numbers represents a terrorist attack that could have been prevented or a child that could have been protected."

So will the opposition: The way proponents of strong encryption see it, the FBI’s flubs might weaken the agency’s hand but don't change the fundamentals of their case at all.

"When the denominator is the 350 million Americans whose cell phones might become vulnerable if you introduced backdoors," said McAfee chief technology officer Steve Grobman, "it doesn't matter if the numerator is 1,000 or 7,000."

Go deeper

Trump acknowledges lists of disloyal government officials to oust

Photo: Mandel Ngan/AFP via Getty Images

President Trump on Monday acknowledged the existence of assembled lists of government officials that his administration plans to oust and replace with trusted pro-Trump people, which were first reported by Axios' Jonathan Swan.

What he's saying: “I don’t think it's a big problem. I don’t think it's very many people,” Trump said during a press conference in India, adding he wants “people who are good for the country, loyal to the country.”

Coronavirus only part of the story behind the Dow’s drop

Photo: Andrew Burton/Getty Images

As someone has certainly told you by now, the Dow fell by more than 1,000 points yesterday, its worst day in more than two years, erasing all of 2020's gains. Most news headlines assert that the stock market's momentum was finally broken by "coronavirus fears," but that's not the full story.

What's happening: The novel coronavirus has been infecting and killing scores of people for close to a month and, depending on the day, the market has sold off or risen to record highs.

Bernie's historic Jewish fight

Illustration: Sarah Grillo/Axios

Sen. Bernie Sanders would be the first Jewish presidential nominee of a major American political party — but that history-making possibility is being overshadowed by his conflicts with America's Jewish leaders and Israel's leadership.

The big picture: That's partly because we're all focusing on the implications of Democrats nominating a self-described democratic socialist. It's also because a candidate's religion no longer seems to matter as much to voters or the media, making the potential milestone of a Jewish nominee more of a non-event.