To Whom it May Concern,
I am a published and respected forensics expert who pioneered the very first forensic techniques to extract data from the iPhone as early as 2008.. Since then, I have spend several years, and much of my time, assisting numerous law enforcement and military agencies around the world, including our own. I’ve trained government agencies in the US, Canada, and UK, and trained law enforcement from dozens of our allies here at home in the US. My work has been validated by the NIJ/NIST. I have invested my time in providing free assistance to many US-based federal and state agencies who have flown personnel into my small town for help in the middle of the night. Because of my research and hard work, I’ve provided the necessary information to the rest of the industry to be able to perform iOS forensics, and a vast majority of today’s forensics solutions are founded upon my techniques.
I did all of this on my own personal time, and in many cases on my own dime. The tools and techniques I have developed are by no means “intrusion” tools, however due to the excessively broad nature of the Wassenaar proposal, would fall under its regulations as they bypass security mechanisms of devices and collect information from them. As all of my research is done personally, I have no large company with lawyers to address the impossible spider web of export regulations that would be introduced by Wassenaar. The current proposal as is would harm far more than simply the information security industry, but would also greatly damage the forensics industry and ultimately limit the quality of tools available to law enforcement agencies for conducting lawful forensics. My tools, as well as many commercial solutions, employ the use of exploits to collect information from devices for purposes that serve law enforcement and the greater good. I sometimes only privately release the source code to my own tools, as many commercial forensics manufacturers have stolen it in the past, yet I continue to help the law enforcement community. Wassenaar will do little to accomplish the goals it set out to, and instead make it impossible for security researchers like myself to further expand the base of knowledge by contributing openly to the community – which goes far beyond this country’s borders.