FBI says device encryption is ‘evil’ and a threat to public safety

The FBI continues its anti-encryption push. It’s now expanded past Director Christopher Wray to include statements by other FBI personnel. Not that Chris Wray isn’t taking every opportunity he can to portray personal security as a threat to the security of the American public. He still is. But he’s no longer the only FBI employee willing to speak up on the issue.

This post is by Tim Cushing and was originally published on Techdirt.com. See the original article.

Wray expanded his anti-encryption rhetoric last week at a cybersecurity conference in New York. In short, encryption is inherently dangerous. And the FBI boss will apparently continue to complain about encryption without offering any solutions.

The Federal Bureau of Investigation was unable to access data from nearly 7,800 devices in the fiscal year that ended Sept. 30 with technical tools despite possessing proper legal authority to pry them open, a growing figure that impacts every area of the agency’s work, Wray said during a speech at a cyber security conference in New York.

The FBI has been unable to access data in more than half of the devices that it tried to unlock due to encryption, Wray added.

“This is an urgent public safety issue,” Wray added, while saying that a solution is “not so clear cut.”

The solution is clear cut, even if it’s not workable. What Wray wants is breakable encryption. And he wants companies to do the work and shoulder the blame. Wray wants to be able to show up at Apple’s door with a warrant and walk away with the contents of someone’s phone. How that’s accomplished isn’t really his problem. And he’s not intellectually honest enough to own the collateral damage backdoored encryption would cause. But that’s how Wray operates. He disparages companies, claiming encryption is all about profit and the government is all about caring deeply for public safety. Both statements are dishonest.

But Wray isn’t the only FBI employee taking the move to default encryption personally. And the others commenting are taking the rhetoric even further, moving towards personal attacks.

On Wednesday, at the the International Conference on Cyber Security in Manhattan, FBI forensic expert Stephen Flatley lashed out at Apple, calling the company “jerks,” and “evil geniuses” for making his and his colleagues’ investigative work harder. For example, Flatley complained that Apple recently made password guesses slower, changing the hash iterations from 10,000 to 10,000,000.

That means, he explained, that “password attempts speed went from 45 passwords a second to one every 18 seconds,” referring to the difficulty of cracking a password using a “brute force” method in which every possible permutation is tried.


“At what point is it just trying to one up things and at what point is it to thwart law enforcement?” he added. “Apple is pretty good at evil genius stuff.”

This is great. Apple is now an “evil genius” because it made stolen iPhones pretty much useless to thieves. Sure, the device can be sold but no one’s going to be able to drain a bank account or harvest a wealth of personal information. This was arguably in response to law enforcement (like the FBI!) complaining cellphone makers like Apple were assholes because they did so little to protect users from device theft. And why should they, these greedy bastards? Someone’s phone gets stolen and the phone manufacturer now has a repeat customer.

Encryption gets better and better, limiting the usefulness of stolen devices and now Apple is an “evil genius” engaged in little more than playing keepaway with device contents. Go figure.

The FBI’s phone hacker did have some praise for at least one tech company: Cellebrite. The Israeli hackers were rumored to have helped the FBI get into San Bernardino shooter Syed Farook’s phone after a failed courtroom showdown with Apple. The FBI ended up with nothing — no evidence on the phone and no court precedent forcing companies to hack away at their own devices anytime the government cites the 1789 All Writs Act.

Now we’re supposed to believe device makers are the villains and the nation’s top law enforcement agency is filled with unsung heroes just trying to protect the public from greedy phone profiteers. I don’t think anyone believes that narrative, possibly not even those trying to push it.