FBI failed to access 7,000 encrypted mobile devices

  • Published
FBI director Christopher WrayImage source, AFP
Image caption,

Christopher Wray said more than half of the devices the FBI had tried to access in 11 months had been impenetrable

Agents at the US Federal Bureau of Investigation (FBI) have been unable to extract data from nearly 7,000 mobile devices they have tried to access, the agency's director has said.

Christopher Wray said encryption on devices was "a huge, huge problem" for FBI investigations.

The agency had failed to access more than half of the devices it targeted in an 11-month period, he said.

One cyber-security expert said such encryption was now a "fact of life".

Many smartphones encrypt their contents when locked, as standard - a security feature that often prevents even the phones' manufacturers from accessing data.

Such encryption is different to end-to-end encryption, which prevents interception of communications on a large scale.

Cyber-security expert Prof Alan Woodward at the University of Surrey said device encryption was clearly frustrating criminal investigations but it would be impractical and insecure to develop "back doors" or weakened security.

Trade-off

"Encryption that frustrates forensic investigations will be a fact of life from now on for law enforcement agencies," he said.

"Even if the equipment manufacturers didn't build in such encryption it would be possible to obtain software that encrypted data in the same way."

Referring to the trade-off between cyber-security and investigative hacking, the FBI director said: "I get it, there's a balance that needs to be struck between encryption and the importance of giving us the tools we need to keep the public safe."

Mr Wray was speaking at the International Association of Chiefs of Police conference in Philadelphia on Sunday.

In 2016, the FBI asked Apple to unlock an iPhone used by San Bernardino killer Syed Rizwan Farook.

Apple refused, explaining that its phones had been designed so that even their manufacturer could not access them once encrypted.

The FBI later said a third party firm had discovered a way of breaking into Farook's device.

Earlier this month, a federal judge ruled that the FBI did not have to reveal the identity of the firm or how much the agency paid for its services.

The ruling followed freedom of information requests filed by journalists.