FBI uses metadata and online services to solve 13,000+ cases

For years, the FBI has warned that "warrant-proof encryption" represents an existential threat to law enforcement's ability to protect Americans from terrorists, child predators, and organized criminals. In September 2024, agency officials revealed that nearly 17,000 active cases were stalled or missing key evidence due to encrypted devices and communications they could not access. This figure became a cornerstone of renewed calls for legislation mandating encryption backdoors. Yet a remarkable development in October 2025 has fundamentally undermined this narrative: 78% of those cases—approximately 13,000 investigations—have now been resolved through alternative investigative methods including metadata analysis, lawful subpoenas, digital forensics, and location tracking services. This outcome does not merely weaken the case for encryption backdoors; it demolishes the foundational premise upon which backdoor proposals rest. If the overwhelming majority of "encryption-blocked" cases can be solved without compromising the security architecture protecting billions of users, the argument for mandating systemic vulnerabilities collapses entirely.

The FBI's "Going Dark" Campaign

The FBI's campaign against strong encryption spans more than two decades, reaching its most visible inflection point during the 2016 legal battle with Apple over an iPhone belonging to one of the San Bernardino terrorists. Then-Director James Comey warned that encryption would lead law enforcement "to a very dark place" where criminals and terrorists operate with impunity [1]. The agency's position has remained consistent: without mandated access mechanisms, investigators cannot obtain evidence necessary to prosecute dangerous offenders and rescue victims. The September 2024 summit at UC Berkeley, hosted in partnership with former Secretary of Homeland Security Janet Napolitano's Center for Security in Politics, represented the latest escalation of this campaign. FBI officials presented the 17,000-case figure as irrefutable evidence that encryption was crippling investigations, with Deputy Director Paul Abbate telling lawmakers that even the investigation into the attempted assassination of former President Trump was hampered by encrypted applications [2]. The implicit message was clear: Congress must act to mandate backdoor access before more cases go unsolved and more victims go unprotected.

The October 2025 revelation that 13,000 of these cases have been resolved fundamentally reframes the encryption debate. Rather than representing an insurmountable barrier, encryption appears to be one obstacle among many that skilled investigators routinely overcome through established methodologies. Metadata analysis—examining patterns of communication, connection times, and network relationships without accessing content—has proven remarkably effective for building cases and establishing probable cause [3]. Digital forensics capabilities continue to advance, allowing investigators to extract evidence from devices through targeted techniques rather than systemic backdoors. Location tracking services provide crucial investigative leads. And traditional subpoena power compels service providers to produce substantial categories of information that remain accessible despite end-to-end encryption. The 78% resolution rate suggests that the FBI's "going dark" rhetoric dramatically overstates encryption's actual impact on investigative outcomes. While some cases undoubtedly remain genuinely stymied by encryption, the data indicates these represent exceptions rather than the norm the FBI's public messaging implies.

Alternative Methods are Effective Without Systemic Risk

The investigative techniques that resolved these 13,000 cases share a critical characteristic: they are targeted rather than systemic. When law enforcement exploits a vulnerability in a specific device or deploys malware against a particular target, only that individual's security is compromised. When investigators analyze metadata or obtain records through subpoenas, they work within existing legal frameworks without requiring fundamental changes to security architecture. This targeted approach stands in stark contrast to mandated encryption backdoors, which by definition create systemic vulnerabilities affecting every user of a platform or device. The landmark "Keys Under Doormats" report by fifteen leading cryptographers concluded that exceptional access requirements are "unworkable in practice" because they require reversing security best practices—storing encryption keys that should be deleted, maintaining centralized credentials that create concentrated attack targets, and introducing architectural complexity that provides multiple exploitation vectors [4]. The success of alternative methods demonstrates that effective law enforcement does not require accepting these catastrophic tradeoffs.

The Backdoor Track Record: A History of Exploitation

Historical evidence definitively establishes that government-mandated access mechanisms become exploited vulnerabilities. The Communications Assistance for Law Enforcement Act of 1994 required telecommunications carriers to build "lawful intercept" capabilities directly into network infrastructure [5]. Three decades later, the consequences are undeniable. In the 2004 "Athens Affair," unknown attackers compromised Vodafone Greece's CALEA-mandated lawful intercept systems and wiretapped the cellphones of the Greek Prime Minister, Minister of Defense, and numerous other officials for months [6]. The attackers did not need sophisticated zero-day exploits—they simply used the backdoor system that regulations required Vodafone to build. The pattern repeated with devastating effect in 2024 when Chinese intelligence operatives conducted the Salt Typhoon operation, exploiting CALEA backdoors in AT&T, Verizon, and T-Mobile networks to access call metadata, text messages, and audio recordings from over one million users, including government officials and political campaigns [7]. These incidents confirm an uncomfortable truth: mandated backdoors do not remain exclusively available to authorized law enforcement. They become permanent vulnerabilities that sophisticated adversaries discover and exploit.

The Scale of Potential Harm

The asymmetry between backdoor benefits and risks is staggering. Even accepting the FBI's original framing, 17,000 cases represents a tiny fraction of the billions of users whose security would be compromised by mandated access mechanisms. Analysis of 2024 breach data reveals that approximately 18-45 million individuals annually experience data exposures attributable to mandated backdoors and weakened encryption systems, with direct economic costs reaching $1.8-4.5 billion annually in incident response, notification, legal fees, and regulatory penalties [8]. Indirect costs from identity theft remediation potentially exceed $20 billion when calculated at scale. The Salt Typhoon breach specifically targeted government officials and political campaigns, potentially exposing classified information and intelligence operations in ways impossible to quantify but clearly devastating to national interests [9]. Against this backdrop of massive, documented harm, the argument that backdoors are necessary to solve cases that investigators are already solving through other means appears not merely weak but reckless.

Backdoor proponents sometimes propose theoretical safeguards like "split-key" systems, where encryption keys are divided between multiple parties, ostensibly preventing abuse while enabling lawful surveillance. This reasoning fundamentally misunderstands both the technical realities of key escrow systems and actual implementation methods. A 1997 technical report examining key recovery systems noted that while split-key approaches "can decrease these risks," they "do so with a marked increase in cost" requiring "multiple agents, costly additional coordination mechanisms, and faster response times necessary to assemble split keys" [10]. More critically, the report identified fatal flaws: regardless of how keys are divided, law enforcement demands for timely access require fast assembly systems, and "both the systems for key part assembly, and the ultimate whole key assembled for law enforcement, will present new points of vulnerability" [10]. The fundamental problem remains: splitting a key merely multiplies the attack surface without eliminating the core vulnerability. Once a reconstruction mechanism exists, that mechanism becomes the exploitable target. The Center for Democracy and Technology concluded there is "no provable secure way to communicate using split key key escrow systems" [11].

The Operational Reality: Backdoors Would Not Be Implemented Safely

Even if split-key systems were technically viable, governments would not implement them because they contradict law enforcement operational requirements. The purpose of encryption backdoors is to provide rapid access during active investigations—kidnappings, terrorism plots, organized crime operations where delays prove critical. Split-key systems requiring coordination between multiple agencies, judicial approvals, and complex key assembly procedures directly undermine this objective. Historical evidence confirms this: when the FBI claimed inability to access the San Bernardino shooter's iPhone, they did not request a split-key system—they demanded Apple create custom firmware to disable security features [12]. Law enforcement consistently advocates for direct access mechanisms, not elaborate multi-party control systems. Any mandated backdoor would follow the CALEA model: surveillance capabilities built into infrastructure, accessible through standard legal process, with minimal procedural barriers. This is precisely the model that Chinese hackers exploited in Salt Typhoon.

The Incentive Structure Argument Fails

Proponents claim that lawful access requirements will "incentivize government reliance on judicial authorization" and subject surveillance to Fourth Amendment standards. This argument contradicts both historical evidence and basic institutional analysis. The existence of accessible surveillance infrastructure does not incentivize restraint—it incentivizes use. From 2004 to 2007, wiretaps performed under CALEA grew 62 percent, while interception of internet data increased over 3,000 percent [5]. By 2007, the FBI had invested $39 million in its Digital Collection System Network specifically to collect, store, and analyze communications data obtained through CALEA backdoors [5]. When surveillance capabilities exist, agencies expand their use. The October 2025 data suggests a more productive path: rather than demanding architectural vulnerabilities, agencies should invest in the alternative investigative techniques that have proven capable of resolving the vast majority of encryption-related challenges.

The 13,000 resolved cases demand a fundamental reframing of the encryption policy debate. The question is not whether law enforcement faces legitimate challenges from encryption—they do. The question is whether those challenges justify mandating systemic vulnerabilities that sophisticated adversaries will exploit at massive scale. The evidence now answers decisively: they do not. Alternative investigative methods resolved 78% of the cases the FBI cited as justification for backdoor mandates. The remaining cases, while genuinely difficult, do not constitute grounds for compromising the security infrastructure protecting billions of users, critical infrastructure, government systems, and national security communications. Sound policy must recognize that in the digital realm, security is not divisible. Weakening systems to enable government access necessarily weakens those same systems against all threats—including the foreign intelligence services and criminal organizations that have repeatedly demonstrated their ability to exploit mandated backdoors.

Recommendations for Policymakers and Technology Companies

Policymakers must reject encryption backdoor mandates regardless of terminology or proposed safeguards. The October 2025 data demonstrates that effective law enforcement does not require accepting catastrophic security tradeoffs. Resources should instead flow toward proven alternatives: enhanced digital forensics training, metadata analysis capabilities, targeted device exploitation under judicial authorization, and international cooperation. A Department of Justice Inspector General report found that law enforcement agencies often lack basic technical skills to request available data from technology companies, suggesting training gaps rather than encryption pose significant barriers [13]. Technology companies should resist government pressure to weaken encryption systems. The security they provide protects not only individual privacy but national security, economic infrastructure, and democratic institutions. The historical record—from Clipper Chip to Athens to Salt Typhoon—proves that mandated access mechanisms become attack vectors exploited by adversaries.

The FBI's "going dark" campaign has always rested on a premise: that encryption creates an unacceptable barrier to effective law enforcement. The October 2025 revelation that 78% of the agency's encryption-stalled cases have been resolved through alternative methods exposes this premise as fundamentally flawed. Encryption presents challenges, but challenges that skilled investigators routinely overcome without requiring systemic vulnerabilities that endanger millions. The choice facing policymakers is now starkly clear: accept that some investigations face legitimate encryption barriers while maintaining security architecture that protects billions of users, or mandate backdoors that sophisticated adversaries will exploit at massive scale while providing marginal investigative benefits. The evidence compels only one responsible conclusion: strong encryption without backdoors is essential for national security, economic prosperity, and public safety. The 13,000 resolved cases prove that this position is not anti-law enforcement—it is pro-security, grounded in empirical reality rather than rhetoric.

References

References

[1] Comey, J. (2014). "Going Dark: Are Technology, Privacy, and Public Safety on a Collision Course?" Speech at Brookings Institution, Washington, D.C.

[2] ABC News. (2024). "FBI turns to Berkeley for help solving one of its biggest challenges." https://abcnews.go.com/US/fbi-turns-berkeley-solving-biggest-challenges/story

[3] CSO Online. (2022). "4 alternatives to encryption backdoors, but no silver bullet." https://www.csoonline.com/article/572027/alternatives-to-encryption-backdoors.html

[4] Abelson, H., Anderson, R., Bellovin, S.M., et al. (2015). "Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications." MIT Computer Science and Artificial Intelligence Laboratory. https://dspace.mit.edu/handle/1721.1/97690

[5] Communications Assistance for Law Enforcement Act, Pub. L. No. 103-414 (1994). https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act

[6] Weaver, N. (2023). "A Tale of Three Backdoors." Lawfare. https://www.lawfaremedia.org/article/tale-three-backdoors

[7] Wikipedia. (2025). "Salt Typhoon." https://en.wikipedia.org/wiki/Salt_Typhoon

[8] Analysis synthesizing HIPAA Journal data on 2024 breaches, Varonis breach statistics, and estimated attribution rates for backdoor-related vulnerabilities.

[9] Nextgov/FCW. (2024). "Hundreds of organizations were notified of potential Salt Typhoon compromise." https://www.nextgov.com/cybersecurity/2024/12/hundreds-organizations-were-notified-potential-salt-typhoon-compromise/401843/

[10] Abelson, H., et al. (1997). "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption." MIT Computer Science and Artificial Intelligence Laboratory. https://groups.csail.mit.edu/mac/classes/6.805/articles/crypto/key-study-report.html

[11] Center for Democracy and Technology. (2015). "The NSA's Split-Key Encryption Proposal is Not Serious." https://cdt.org/insights/the-nsas-split-key-encryption-proposal-is-not-serious/

[12] U.S. DOJ Office of Inspector General. (2018). Report on FBI's handling of San Bernardino iPhone case.

[13] DOJ Office of Inspector General. (2018). Reports on law enforcement digital forensics capabilities.