The following comments on agency/​docket # OMB Number 1110–0NEW, FBI Lawful Access Data Collection, are offered in my individual capacity as a Senior Fellow at the Cato Institute and do not necessarily reflect the views of the Institute, its management, or its board of directors.

According to the FBI abstract for this data collection as printed in the April 24, 2023, edition of the Federal Register, the alleged purpose of this collection is to “collect data on the volume of law enforcement investigations that are negatively impacted by device and software encryption.”

OMB Circular A‑130, “Managing Information as a Strategic Resource” (7/28/2016) states on p. 84 as follows:

“The Nation relies on the flow of credible statistics to support the decisions of individuals, households, governments, businesses, and other organizations. Any loss of trust in the relevance, accuracy, objectivity, or integrity of the Federal statistical system and its products can foster uncertainty about the validity of measures our Nation uses to monitor and assess performance, progress, and needs.” (Emphasis added.)

Indeed, Section 515 of Public Law 106–554 explicitly states as follows:

“Sec. 515. (a) In General.–The Director of the Office of Management and Budget shall, by not later than September 30, 2001, and with public and Federal agency involvement, issue guidelines under sections 3504(d)(1) and 3516 of title 44, United States Code, that provide policy and procedural guidance to Federal agencies for ensuring and maximizing the quality, objectivity, utility, and integrity of information (including statistical information) disseminated by Federal agencies in fulfillment of the purposes and provisions of chapter 35 of title 44, United States Code, commonly referred to as the Paperwork Reduction Act.” (emphasis added)

The FBI’s proposed data collection process could in no way be considered an effort to obtain accurate, objective information about the actual impact of encryption on properly predicated criminal investigations because it only seeks information regarding investigations in which seized cellphones or other electronic devices were “negatively impacted by device and software encryption.” Further, nowhere in the proposed data collection process does the FBI define what the phrase “negatively impacted” means.

The FBI is not seeking information on the number of cases in which captured electronic devices employing encryption were penetrable by federal, state, or local law enforcement agencies, either with their own resources or help from another governmental or private sector entity. They are also not seeking to find whether the wrong phones were seized during the course of an investigation or whether investigations involving seized devices employing encryption were able to move forward despite an inability to access one or more seized electronic devices.

Indeed, At a public meeting held in 2016 at the National Academy of Sciences, then-FBI General Counsel James Baker acknowledged that the Bureau was able to get into locked mobile devices in its possession 87 percent of the time. That fact, combined with the clearly skewed nature of this data collection proposal, raises serious questions about the process by which this data collection was initiated, reviewed, approved, and promulgated.

The FBI’s data collection proposal as written is clearly in violation of the intent, if not the letter, of Public Law 106–554 and should be immediately withdrawn.