Solution
Just print a little green padlock on the front of the passport - then they know everything is safe
That microchipped e-passport you've got? US border cops still can't verify the data in it
Two Democratic US senators have formally asked Uncle Sam's Customs and Border Protection (CBP) agency to get its act together on electronic passports. In 2005, America began issuing passports with implanted machine-readable RFID chips that contain the traveler's personal information. This data is cryptographically signed so …
-
-
-
Thursday 22nd February 2018 22:35 GMT Anonymous Coward
Re: Solution
You joke, but getting people to socially adopt confirmation works for 99% of the time. Doing a ritual sometimes bakes in the obedience to authority. I am not saying I agree, but it seems factual. It's the 1% that were lying that there is usually a problem, or reason they lied.
Of cause those statistics are made up, but illustrative. Look at most school, jobs or social groups. People do things not because it is right, works, or even sane half the time. They do it because everyone else is.
-
-
Friday 23rd February 2018 07:11 GMT Anonymous Coward
Re: Solution
It's the remaining 1%
You just emphasized what is wrong with CBP. Its procedures are aimed at 1%-5% which is in the rabid paranoya zone especially regarding people from other developed country.
The root cause is American exceptionalism. USA thinks that the whole world has nothing better to do than to go and pollute the precious American purity of the nation. The root cause is that the whole nation has the idea that they are the pinnacle of creation drilled into them from the cradle to the grave. They cannot grok the idea that most of us got work to do and joining the ranks of the people eating hormone beef and chlorinated chicken without any medical coverage is the last thing on our minds.
The real number of travelers with "issues" between developed countries is significantly less that 0.1%. Acknowledging this, however means that USA has to acknowledge that their border circus is mostly pointless - something they will never do.
-
Friday 23rd February 2018 10:05 GMT Anonymous Coward
Re: Solution
"Acknowledging this, however means that USA has to acknowledge that their border circus is mostly pointless - something they will never do."
This is a good one. I've seen similar circus several times in border control, in former Soviet Union.
Most other countries don't bother as they know most of the circus is pointless and just wasted money: Security theatre as most of the so-called 'security' nowadays.
Basically a money laundering system for management: Steal from taxpayers, give to my buddies here, working in 'security'. And I get a nice slice, of course.
-
Friday 23rd February 2018 14:09 GMT Anonymous Coward
Re: Solution
Basically a money laundering system for management: Steal from taxpayers, give to my buddies here, working in 'security'.
Slightly more complicated I am afraid. Americans observing this circus every time they travel can get a reinforcement of their sense of exceptionalism. The ability to steal more money from them (in the form of taxes) is only one small facet.
When someone is brainwashed into exceptionalism crashing out into the real world is a very hard experience with unpredictable results. So their sense of exceptionalism should be cherished and supported at every step. Just in case. To make sure that the period when the Americans questioned their ruling class on THINGS THAT MATTERED, like the 60-es and early 70-es never ever happens again. It is bad for business.
-
-
-
Friday 23rd February 2018 09:59 GMT Anonymous Coward
Re: Solution
"If your test can't distinguish them, with reasonable levels of reliability, then it's not contributing anything of value."
This is absolutely true. I can see the idea behind the chips but it's already obsolete: Programming a chip so it has same data as the passport isn't hard. Making forgery a bit harder, but no means impossible so criminals just steal blank passports and chip them with whatever they want.
Whole idea of "security chips" is based on assumption that only authorities have capability to create or use said chips. Which might have been true 20 years ago but hasn't been true for a long time now.
-
Friday 23rd February 2018 11:41 GMT Grooke
Re: Solution
You need to read up on digital signatures. Yes you can copy the data, but you cannot alter it and maintain a valid signature without the private key. You also can't create a new one from scratch, it won't have a proper signature.
The only thing you can do is make an exact copy, which is no more useful than just stealing the physical passport.
-
Saturday 24th February 2018 11:47 GMT John Brown (no body)
Re: Solution
"You need to read up on digital signatures. Yes you can copy the data, but you cannot alter it and maintain a valid signature without the private key. You also can't create a new one from scratch, it won't have a proper signature."
Yeahbut, the point of the story is that 13 years after introducing the system and "ordering" other countries to spend lots of money also introducing RFID passports, they still can't verify the keys. Currently it's not better than a simple printed passport and now the encryption system is 13 years old. That's a long time time in terms of crypto development and cracking. I wonder how good the encryption was then and how good it is now?
-
Monday 26th February 2018 13:40 GMT CrazyOldCatMan
Re: Solution
Yes you can copy the data, but you cannot alter it and maintain a valid signature without the private key. You also can't create a new one from scratch, it won't have a proper signature...
.. which none of the Border cops will pick up becuase they don't have the capability. I suspect that you could use a self-signed cert and get away with it - right up until you try to go into an advanced country that actually has the proper technology..
(A number of years ago I worked for a company that tried to see passport readers that could read the biometrics. None of them had any network access (to the best of my admittedly hazy knowledge) and so wouldn't have been able to check certificates unless against a good-known set. Which would have been out of date very rapidly and therefore been worse than useless.)
-
-
Sunday 25th February 2018 10:46 GMT Anonymous Coward
Re: Solution
@ " It's the 1% that were lying that there is usually a problem"
Ah another "if you have done nothing wrong then you have nothing to fear", how about those people who only want to share their personal information directly with the people they can see?
Not to mention the US agents scaning people when they enter other countries. I can understand the US requiring chipped passports for people entering the US but since they don't bother to verify them and the chip is not turned off elsewhere then non-sheep wonder why.
-
-
-
-
Friday 23rd February 2018 16:31 GMT Eddy Ito
Re: So basically it's just a bluff, and has been for the last 13 years at least
I don't know that it was a bluff but it does show the level of competence. When you have a situation where everyone is screaming that gov't must do something then what you get is gov't usually does something. Is it the right thing, a practical thing, or effective thing to do? Probably not but it tempers the vocal minority and when a plane isn't hijacked in the next year everyone goes back to sitting on their hands.
Oh, the reason no one knows how long it takes is because once the heat is off they go right back to hand sitting or playing minesweeper or surfing pr0n or whatever it is minions do when the
bosstaxpayer isn't looking.-
Saturday 24th February 2018 12:18 GMT handleoclast
Re: So basically it's just a bluff, and has been for the last 13 years at least
Yep. Security through obscurity. Gets the terraists thinking "They have very good passport ID chips so we can't use fake passports any more."
Now the vulnerability has been exposed CBP have a very short period of time to fix it before it starts getting exploited.
Plus ça change, plus c'est foutu. (Blame Google translate, not me).
-
-
-
-
Thursday 22nd February 2018 22:40 GMT Mike 16
But the other function works?
You know, the "Who in this crowd is from the USA?" one, to aid in targeting them.
Or should I say "Who in this crowd is from the USA _and_ dumb enough not to RF shield their passport and credit cards?"
And the digital signatures? I assume the private keys will be from Verisign.
-
-
Thursday 22nd February 2018 22:44 GMT Mark 85
Here we are 13 years later and they still can read and verify the chips? On top of that they haven't even looked for or ordered the software? Yet, these guys claim to be defending the country's borders from the evil (fill in enemy of the day). Not surprising, just unexpected that this sort of crap is happening.
-
-
Friday 23rd February 2018 07:23 GMT Anonymous Coward
If its anything like the UK it will take them ten years and cost several billion dollars
It would cost millions of pounds, the people allocated to the project would sit on their hands for the first month or so before anyone bothers to develop a plan and several millions later they would decide to scrap the plan because by now everyone has their tax payer funded yacht and it's becoming too obvious it was never meant to produce results.
To ensure the NAO gives it a clean bill of health regardless, you "retire" one of your senior people when the project is just underway, and he or she than "happens" to take up a top job at the NAO. Once there, you brief the people in the project before you run the audit, and, of course, you choose the most inexperienced people to perform the audit.
It's really easy if you have the right friends. Surely you don't think certain people have to establish their own private bank just because they are so good at saving, do you?
-
-
Thursday 22nd February 2018 22:56 GMT Terry 6
I don't think it's just America
Creating Information ( read "IT") based projects on the "cheapest and least we can get away with while appearing to be doing something" basis seems endemic. On that background this just seems another example. - though I suspect it's spread to other fields, as in aircraft carriers without aircraft.
Essentially it's about giving the appearance without the substance. Like one of the Hollywood stage sets.
So, for example, get an expensive powerful new Data management system that is expected to run on an old, ageing network and no staff training will be provided.
-
Friday 23rd February 2018 06:36 GMT Anonymous Coward
Re: I don't think it's just America
Terry 6,
You were very close to the truth .....
It is called 'Security Theatre' !!!
You make a very obvious 'Song & Dance' about some aspect of Security to 'Demonstrate' the huge effort being made for your security & safety, only it is more to hide the fact that the system does not work or is incomplete etc.
It has been spoilt by the fact that the lack of s/w to check the validity of the Signatures has now been made known to 'Everyone' !!! :) ;)
Looks like they will have to spend the money to complete the system and make sure it does 'work' or create another piece of 'Security Theatre' to convince the public that there is some 'other' system/process protecting them !!!
Guess which one is *more* likely !!! :)
N.B:
The Gullibility Quotient of the *majority* is already known ..... from events that culminated on November 8, 2016. :) :)
-
-
Friday 23rd February 2018 00:05 GMT DNTP
Just a TSA anecdote
The last time I went through a US airport I decided to re-enact the Ninja's Flute, a story where a pair of ninja infiltrate a guarded palace by arguing about whose flute is of higher quality to distract the guards inspecting them. This is because I am a ninja, even though I mostly use my powers for good. As I handed the TSA agent my legitimate, electronically authoritative American passport, I pulled a water bottle out of my bag, made to hand it to her, and asked her if she thought it was barely small enough to bring on board. Completely distracted by this important security issue requiring discriminating judgement, she closed my passport without even looking at the picture or comparing my name to my boarding pass, handed it back, and took my water bottle for inspection.
So basically... the fact that no one is bothering with working electronic passport authentication is really, really not the important issue here.
-
Friday 23rd February 2018 02:45 GMT Anonymous Coward
Re: Just a TSA anecdote
Clearly, the dihydrogen monoxide you had was an extreme dangerous good. Compare to the passport, they had to dispose the hazardous chemical immediately as its tasteless and odorless properties can be easily inhaled, potentially causing suffocation and deaths.
Those agents are very good at putting their priorities in order to protect the children. Did you know that dihydrogen monoxide is the leading cause of unintentional injury-related death among children ages 14 and under? From 2006 to 2010, there are at least 400 fatalities caused by dihydrogen monoxide.
You should be glad that they didn't force you to inject those substances into your body on the spot after you took it out. Just imagine what it would do to your body afterward!
/s
-
Friday 23rd February 2018 12:13 GMT paulf
Re: Just a TSA anecdote
@DNTP "...she closed my passport without even looking at the picture or comparing my name to my boarding pass,..."
I recall having a Miami Twice* moment when I was checking in at an airport in the Land of the Free. The agent "checked" my fine brown British passport, "Dieu et mon Droit" proudly emblazoned in gold letters across the bottom of the majestic royal coat of arms.
And then proceeded to ask me if I was Australian.
Icon is how I would have responded if I didn't have an aversion to intimate inspections.
*One of the running jokes through this Only Fools and Horses special is everyone thinks these two chancers from South London are from Australia.
-
-
Friday 23rd February 2018 01:16 GMT Anonymous Coward
' taking the "optical" in optical networking a little too far'
Mmmh, if you put these 2 stories together then a bigger picture emerges...
Not dealing with the smartest kid on the block... American Xceptionalism:
.
https://www.theregister.co.uk/2018/02/22/us_customs_optical_networking/
https://www.theregister.co.uk/2018/02/22/us_borders_e_passports/
-
Friday 23rd February 2018 01:43 GMT The Oncoming Scorn
Shiney - Lets Be Bad Guys
Nice new machines at the new YYC terminal building, to read\scan your passports & fingerprints when travelling into the US, the first time I went through seemed to be a lot quicker than the second 7 months later, but then I was traveling with family members.
Coming back into Canada, the spanky new machines doesn't seem to have simplified\accelerated the whole customs experience of coming home.
-
Friday 23rd February 2018 09:50 GMT John Sager
Re: Shiney - Lets Be Bad Guys
Last time I went into the US, last summer at Oakland, they had these ESTA checking machines, which had a long line of people trying to use, and they aren't especially easy if you've never seen one before. Then, of course, we had to join an even longer line to see the regular Immigration guy, with the usual photo and fingerprint dance. Since the desk guy has to scan the passport, why don't they do the ESTA check there?
-
-
Friday 23rd February 2018 02:59 GMT JeffyPoooh
Border crossings, with or without Network access
If one is crossing a border in (for example) the hinterlands of Mongolia, where they utterly fail to have Network access, then the friendly border agents working in the shed are forced to reply on your "Papers Please" hard copy documents.
Everywhere else in the world, where there's electricity and an Ethernet cable, a simple bar code or memorized string should be enough to bring up your file. The agents can review the information on their screen, ask you to remove your hat, look in your left ear for the mole, and generally carry on from there.
If the multi-factor "What You Have" factor is needed, then - based on the electronic information - they can ask to see (for example) your car keys to confirm it's Honda or whatever. If not car keys, then the head from the GI Joe doll that you always carry and have registered as the "Have" factor.
The whole concept of a hard copy Passport is obsolete given that it's mostly used to bring up your online file anyway.
Biting the hand that feeds IT
