PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Oops! FBI Inflated the Number of Encrypted Devices It Can't Access

The FBI may actually only have 1,200 devices it can't access due to encryption, not 7,800, as previously claimed.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

For the past several months, the FBI has been claiming that encryption has prevented the agency from accessing around 7,000 mobile devices connected to various crimes. But it turns out that number is very wrong.

On Tuesday, the FBI told PCMag that a programming error resulted in a "significant overcounting" of the encrypted devices. "The FBI is currently conducting an in-depth review of how this over-counting previously occurred," the agency said in a statement.

The news was first reported by The Washington Post, which said the correct number is probably between 1,000 and 2,000 devices. One internal estimate from the FBI puts the figure at 1,200, but the agency plans to launch an audit to get the full number, The Post said, citing unnamed sources.

The mistake seriously undercuts one of the FBI's central arguments in the ongoing encryption debate. For years now, the agency has been pushing for what critics call a "backdoor" into smartphone products that'll let federal agents easily unlock mobile devices tied to crimes. Without such access, some investigations may grind to halt, the agency claims.

In October, FBI director Christopher Wray highlighted the problem by claiming encryption had stopped it from accessing close to 7,000 devices. "To put it mildly, this is a huge, huge problem," he reportedly said during a public speech. "It impacts investigations across the board."

In January, he essentially repeated the claim, saying the FBI had failed to access 7,775 devices during the 2017 fiscal year. However, the FBI has now marked that estimate with an asterisk, which notes that the figure is actually incorrect.

How did the FBI make the mistake? According to the agency, starting in April 2016, it began using a new "collection methodology" with how it counted the encrypted devices. But only recently did the FBI become aware of flaws in the methodology, it said, without elaborating.

Despite the mistake, the FBI claims that encryption still poses a serious problem to law enforcement investigations, including those from state and local police. "The FBI will continue pursuing a solution that ensures law enforcement can access evidence of criminal activity with appropriate legal authority," the agency said in its statement.

Some encryption supporters weren't surprised that the 7,000 figure was off. It's also been widely reported that the FBI has been hiring third-party security vendors to help the agency break into smartphones including iPhones.

"Given the availability of these third-party solutions, we've questioned how and why the FBI finds itself thwarted by so many locked phones," the Electronic Frontier Foundation said in a blog post.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio