FBI director says agency couldn’t hack into nearly 7,000 encrypted devices
The FBI was unable to retrieve content from more than 6,900 mobile devices, agency director Christopher Wray said on Monday at the International Association of Chiefs of Police conference in Philadelphia. This is more than half of the mobile devices the FBI tried to access in less than a year.
“To put it mildly, this is a huge, huge problem,” Wray said. “It impacts investigations across the board — narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation.”
Many smartphones and mobile applications encrypt content by default – one of the latest features used to ensure the devices’ manufacturers cannot access user data. Some applications, such as WhatsApp, use end-to-end encryption, which prevents private communications from being intercepted.
Wray’s remarks follow the controversial iPhone hacking in 2016, when the FBI demanded that Apple hack into a device used by San Bernardino gunman Syed Rizwan Farook. Apple refused to do so, citing the inability to unlock iPhones protected by encryption features.
Fueling the nationwide controversy, the FBI later admitted that a contracted firm had found a way to break into Farook’s iPhone. Earlier this year, a federal court ruled that the FBI does not have to disclose details of the firm or contract price the government paid to hack into Farook’s smartphone, according to ZDNet.
At the conference on Monday, Wray also spoke of a potential “blind spot” for intelligence gathering which may come into being if Congress does not reauthorize the Foreign Intelligence Surveillance Act (FISA).
“If it doesn’t get renewed or reauthorized, essentially in the form that it already is, we’re about to get another blind spot,” Wray said.
FISA allows the US secret services to wiretap internet and telephone communications of people both in the US and abroad so long as a “significant” purpose of the surveillance is to gather “foreign intelligence information.” The law, criticized by rights groups, emanated from post-9/11 era secret surveillance program that monitored private international communications in the US.
The law covers two of the most sweeping NSA surveillance programs focused on retrieving content from Internet-connected devices both in the US and around the world. One, revealed by whistleblower Edward Snowden, is PRISM, which enables the NSA to tap into user data stored by online platforms such as Google, Apple, Microsoft, and Facebook.
The second program is ‘upstream’ scanning, which apparently involves automatic government searches of virtually all communications being transmitted through critical elements of internet infrastructure that connect the US to the rest of the world.