I saw recent article on Wassenaar and it included a link to Adam Back’s website, www.cypherspace.org.

Photo 1: Front (click to enlarge)

Adam developed a Perl script that was at one time considered a munition under ITAR.  Of course, handling a 3-line Perl script like a bomb is ridiculous.  Especially since the encryption algorithms were widely known, even at the time.  To bring public attention to ITAR, the script was printed on a t-shirt making it a non-exportable munition.  The t-shirt was featured by media publishers like Wired Magazine.

 Adam is no longer printing these t-shirts but provides the graphics to the

Photo 2: Back (click to enlarge)

public if you want to print your own.  Designs for the t-shirt if your interested to print one yourself.  I have used CustomInk to print custom t-shirts in the past with good results.  I appreciate clever and thought provoking t-shirts.  I may have to make one of these classics for myself.  Wearing an export controlled munition around the office is extremely cool.

Images and Perl Munitions T-Shirt, Adam Back of www.cyberspace.org

The FBI does not think FBI vs. Apple iPhone security court case sets a precedent – mind blowing.  The problem with posing the dilemma of code vs. free speech is that it forces confrontation between tech industry and government.  Perhaps the question was unavoidable, still posing the dilemma means an answer will be provided.  What will happen in the US and the world if tech industry looses?  Every electronic service and device in the world, your smart phone, computers and printers in your home, the Nest thermostat on your wall, your WIFI enabled car, every and all devices and electronic information sources, actively surveilled by every government in the world without search warrants or limits of any kind.  Companies will be compelled to sign code with their own digital certificates, a demand that completely undermines public trust in X.509 certificates and PKI.  What are we talking about?  That blue/green lock in your web browser means your secure right?  Nope, not if this case looses.  The freedom and privacy decisions at stake would shock even George Orwell.

This is the most interesting court case for security and privacy in my lifetime.

[1] Balkanization of US Products and Services Technology Accelerates, if Apple looses this case this article presents a possible course of action and outcome for US businesses.

*Animated image excerpt from Jet.com commercial.

Apple responds to the courts order on two primary fronts.

First Amendment Violation
Compelled software code and code signing is “…compelled speech…in violation of the First Amendment”.

Fifth Amendment Violation
“…conscripting a private party…to do the government’s bidding…” violates Fifth Amendment rights

Article on Motherboard along with copy of Apple’s Motion to Vacate filing with the court.  I’m not a lawyer but two points I find interesting, 1) software code and signing of software coding is argued as protected speech protected under Constitution, 2) major corporations have constitutional rights just as US citizens do (I didn’t realize this).

Are you confused over the battle between the FBI and Apple over the iPhone?  On the surface it seems un-American that Apple does not wish to provide [2] the FBI information it requires for a terrorism investigation.  A deeper review shows the FBI interests are more broad than a terrorists iPhone.  The FBI and the court[1] are demanding Apple weaken strong iPhone security features used on all iPhones.  Let’s review the court and FBI demands.

“…bypass or disable the auto-erase function…”, this is a security feature on the iPhone that wipes data if there are too many failed password/pin attempts to unlock the phone.  It’s disabled by default and optionally enabled by iPhone owners.

“…enable FBI to submit passcodes to the SUBJECT DEVICE for testing electronically…”, the FBI desires to attempt many passcode/pin’s rapidly to unlock a device.  In security parlance this is known as a Brute-Force Attack.  FBI wants to be able to brute force iPhones.

“…device will not purposefully introduce any additional delay between passcode attempts…”,  this security feature introduces an increasing delay between successive failed passcode attempts which adds a growing penalty to the attacker for bad passcode/pin guesses.  This is another Apple security feature designed to prevent brute force attacks.  The FBI wants this removed.

“…SIF[Software Image File] will load and run from the Random Access Memory (“RAM”) and will not modify the iOS on the actual phone…”, this change helps the FBI avoid detection of it’s iPhone monitoring activities while preventing unintentional tampering of forensic evidence that may be used in a trial.

If the FBI requested the information on the terrorists phone their motives would appear more creditable.  Instead they requested security features, used across all iPhones, purposefully weakened.

The order includes provisions to limit or lock the request to only the SUBJECT DEVICE.  On the surface it appears as though this demand is applicable to only a single named phone used by terrorists.  Weakening security on a single iPhone is the governments method to eat an elephant one piece at a time.  Initially the FBI compels Apple to make code changes supporting their agenda.  As time passes the FBI along with other government agencies will make increasingly more demands that use the previous assistance as a leverage point, opening a pandora’s box.  If the FBI requested the information on the terrorists phone their motives would appear more creditable.  Instead they requested security features, used across all iPhones, purposefully weakened.  The public can only assume this court order is the FBI’s attempt to gauge tech industries reactions for future information requests and continue their crusade on security backdoors.

[1] California District Court Order compelling Apple to assist FBI
[2] A Message to Our Customers, letter from Apple to customers on security