FBI Can Unlock Most Devices That It Receives

FBI Director Comey has talked a lot about the “going dark” problem but we now have some statistics on the problem.

So far this fiscal year, the FBI has received 6,814 devices – phones or computers – to forensically examine.

Of those devices, only 2,095 of them had any form of password on the device.  That means that roughly 70 percent of the devices that bad guys used did not have a password on it.  If you assume that this statistic mirrors the general population – and it may not – then only 30 percent of people protect their devices with a password.

Of the 2.095 devices that were password protected, the Feds were able to get into 1,210 of those.  They do not say what techniques they used to get into those devices.

This means that out of almost 7,000 devices, the cops could not read about 880 of them.  Said differently, the Feds were able to get into 87 percent of the devices that they were presented to evaluate.

These stats don’t include numbers for devices that local police receive and don’t turn over to the Feds.  This means that the 13 percent number – of devices that they cannot get into – may be high because there may be a number of devices that local police receive that they can easily get into and therefore don’t ask the Feds for help.

It also may include devices that are damaged.  For examine, if a device is broken during an arrest,such as a bad guy intentionally throwing a device off a building on onto oncoming traffic – which probably is not that uncommon in a case where the bad guys think the phone contains evidence – those numbers would be included in the “we couldn’t get into that device”,  How many devices fall into that category is unknown.  So while that is part of the going dark problem, it is not because of encryption.

Still, 13 percent is the most definitive number we have seen so far.

What we don’t have any numbers for is how many of those 6,800 devices contained any useful evidence of a crime.

From the Feds perspective, they want to be able to get into every device.  They are used to the days of executing a search warrant where they are looking for papers and where likely, in almost every case, they are able to examine almost 100 percent of the information that they are interested in looking at.

In response, the FBI said that 13 percent is significant and, in their defense, it is likely significant.  But it is far from an epidemic, at least at this point.

What is unclear is whether there was any evidence on those 880 phones or whether the inability to get into those phones made any difference in the prosecution or non-prosecution of those cases.  From a bad guy’s perspective, they likely have little incentive to unlock a phone even if there is nothing on it.  Their attorney would likely tell them that they could be something on the device that could be used against them, so don’t cooperate.  This is the digital equivalent of challenging a search warrant, but in this case, control is in the hands of the bad guy rather than in the hands of a judge and the Feds likely don’t appreciate that fact.

At least, for the first time, we have some information about the problem.

Information for this post came from Motherboard.

by