The FBI’s surprising inability to bypass basic security measures on mobile devices was thrust into the spotlight nearly two years ago following the San Bernardino terrorist attack of December 2015. If you remember, the FBI was unable to access the contents of a locked iPhone 5c which belonged to one of the shooters. In turn, the FBI asked Apple to develop a customized version of iOS which would have enabled the bureau to perpetually guess the device’s passcode without having the device wipe itself.
Though the FBI eventually managed to access the iPhone 5c without any assistance from Apple, the broader takeaway from the whole saga was the revelation that the FBI lacked the requisite tools and expertise to bypass even outdated lock screens on mobile devices. More importantly, the brief legal battle between Apple and the FBI sparked a national debate regarding the balance of individual privacy and the ability of law enforcement agencies to carry out thorough investigations.
The San Bernardino legal saga is ancient history at this point, but the FBI is still struggling to adjust to a world where it remains unable to access a host of locked mobile devices. Speaking to this point, FBI director Christopher Wray recently said that the FBI has been unable to access data from more than half of all the confiscated mobile devices in its possession.
“To put it mildly, this is a huge, huge problem,” Wray said in remarks originally published by The Associated Press. “It impacts investigations across the board — narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation.”
Over the span of 11 months, Wray said that the FBI took hold of 6,900 mobile devices yet was unable to access most of them. Notably, there was no indication as to what percentage of those mobile devices were iPhones or iPads.
“I get it,” Wray later added, “there’s a balance that needs to be struck between encryption and the importance of giving us the tools we need to keep the public safe.” All the same, Wray opined that if something isn’t done, law enforcement agencies will be operating with a “blind spot.”
The underlying problem, though, is that there’s no guarantee that software backdoors or similar FBI-friendly workarounds will remain in the right hands. As we saw earlier this year with the WannaCry ransomware, even highly classified NSA-developed exploits can become public and used for malicious means.