FBI dramatically overstates how many phones they can't get into
The FBI, in reporting about how badly they need to get into encrypted communications, has cited almost 8,000 cases where they need access. This reporting is actually much higher than the real figure, which is less than 2,000, according to a report.
Once again, I am unsurprised. I was around for the first "crypto wars," and the rather hysterical exhortations that drug dealers and child pornographers (back then it was drug dealers and child pornographers rather than terrorists) would take over the country if the keys were not handed over to the FBI and CIA. (No, back in those days, they were only just getting used to the idea that they could admit that there actually was an NSA.)
I recall one security maven who actually sided with "the feds." But, good scientist that she was, she asked law enforcement people to get her some data showing that LE activities were, in fact, being prevented by encrypted communications of making cases where they knew illegal activities were being performed. Nobody could give her any. In every case where the cops were blocked by encrypted traffic, they found some other way to get the evidence they needed.
There was also a book, called "The Electronic Privacy Papers" that compiled government documents, accessed via Freedom of Information Requests, relating to digital privacy issues. One example is a sheet listing wiretap information, with issues related to encryption and problems accessing the plaintext. Other than the lines of the table itself, and the column headings, absolutely every item on the page is blacked out.
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of http://www.noticebored.com/html/cisspforumfaq.html#Friday or https://blogs.securiteam.com/index.php/archives/1468
Re: FBI dramatically overstates how many phones they can't get into
Based on the description of the activities in the article, I could totally imagine something happening the way it was described. For example, a phone comes in and needs processing but Person A wasn’t able to do it. So, they mark it as a failure to decrypt and send it to their “guy” (Person B), but Person B wasn’t able to do it either. So Person B marks it as a failure, and sends it to a central site where Person C may or may not be able to get in.
I could see something along the lines of a mass email going out, “Tell us how many phones you weren’t able to get into last year” or something. Everyone sends in their list. If you didn’t deconflict these records, you could have miscounts galore.