The FBI's Mistake on Encryption

By David Kris
Thursday, May 24, 2018, 8:32 AM

Over the course of the last several months, FBI Director Christopher Wray has sought to draw public attention to the problem posed to law enforcement by encrypted devices the Bureau is unable to unlock. Now, however, the Washington Post reports that the FBI has repeatedly overstated the number of devices whose data it can’t access. Instead of 7,800 phones, as Wray has asserted in at least two speeches (in January and March) and in congressional testimony, the number is somewhere between 1,000 and 2,000. As the Post points out, this comes on the heels of the Inspector General’s special report documenting internal coordination problems in the FBI’s assertions in the San Bernardino iPhone case: according to the report, the Bureau had not confirmed that it was unable to access the data on shooter Syed Rizwan Farook’s phone before seeking a court order to unlock it.

This is a pretty bad mistake. The FBI and Justice Department are under a lot of pressure right now, but they need to make some improvements.

My consulting firm, Culper Partners, provides counsel to technology companies, so readers should feel free to factor that in to their assessments. But one possibility that I think might be worthwhile is more centralized review and approval for efforts to seek directives for assistance from private parties, at least in non-routine cases—whether under the All Writs Act (the provision at issue in San Bernardino) or any of the dozen statutory “technical assistance” provisions, such as the one in the Wiretap Act. It’s a modest step, but it might go a long way to helping the Department of Justice get its ducks in a row in this important area of ongoing national debate.