The FBI is Secretly Breaking Into Encrypted Devices. We鈥檙e Suing.
The FBI is secretly breaking the encryption that secures our cell phones and laptops from identity thieves, hackers, and abusive governments, and it refuses to even acknowledge that it has information about these efforts 鈥 even though some details have been filed publicly in federal court. We鈥檙e suing to get some answers.
Between our emails, text messages, location information, social media activity, and more, our cell phones hold almost our entire lives. In recent years, governments have stepped up efforts to gain access to the information on our cell phones and personal computers. The federal government has been pressuring companies to build encryption backdoors that would severely undermine our digital privacy and security, and both federal and state governments have regularly paid third-party vendors to break into people鈥檚 encrypted devices.
Now, it appears the FBI has built an in-house capability to break into these devices. Publicly available information indicates that the Electronic Device Analysis Unit (EDAU), a team within the FBI, has acquired or is in the process of acquiring software that allows the government to unlock and decrypt information that is otherwise securely stored on cell phones. Public court records also describe instances where the EDAU appeared capable of accessing encrypted information off of a locked iPhone. And beyond that, the EDAU even sought to hire an electronics engineer whose major responsibilities would include 鈥減erform[ing] forensic extractions and advanced data recovery on locked and damaged devices.鈥
To learn more about the EDAU and its capabilities, we filed a request under the Freedom of Information Act asking that the Department of Justice and the FBI disclose records relating to the EDAU and its technological capabilities for retrieving information from locked electronic devices. The FBI responded in part by issuing what鈥檚 known as 鈥淕lomar鈥 responses to two of our requests 鈥 which means that the agency refuses to even confirm or deny the existence of any records pertaining to the EDAU.
A valid Glomar response is rare, as there are only extremely limited instances where its invocation is appropriate 鈥 that is, only where the existence or nonexistence of records is itself exempt under FOIA. The problem with the FBI鈥檚 Glomar response is that, as detailed above, we already know records pertaining to the EDAU exist because information about the unit is already public. The fact that all of this information is already publicly known deeply undercuts the FBI鈥檚 Glomar theory. The FBI itself has made clear that it is attempting to access and decrypt personal electronic devices, so the claim that it can鈥檛 even acknowledge whether these records exist is implausible.
Seeking some much-needed transparency, today we asked a federal court to intervene and order the DOJ and the FBI to turn over all responsive documents pertaining to the EDAU. We鈥檙e demanding the government release records concerning any policies applicable to the EDAU, its technological capabilities to unlock or access electronic devices, and its requests for, purchases of, or uses of software that could enable it to bypass encryption.
By invoking the Glomar response, the federal government is sending a clear message: It aims to keep the American public in the dark about its ability to gain access to information stored on our personal mobile devices. But it鈥檚 not that the FBI has just shut the door on this information 鈥 they鈥檝e shut the door, closed the windows, drawn the shades, and refused to acknowledge whether the house that we鈥檙e looking at even exists. It鈥檚 imperative that the public gets meaningful access to these records regarding the federal government鈥檚 capabilities to access our phones and computers. Our privacy and security are at stake.