Schneier on Security
A blog covering security and security technology.
« German Minister's Fingerprint Published |
| Australia May Outlaw Laser Pointers »
April 2, 2008
The U.S. is outsourcing the manufacture of its RFID passports to some questionable companies.
This is a great illustration of the maxim "security trade-offs are often made for non-security reasons." I can imagine the manager in charge: "Yes, it's insecure. But think of the savings!"
The Government Printing Office's decision to export the work has proved lucrative, allowing the agency to book more than $100 million in recent profits by charging the State Department more money for blank passports than it actually costs to make them, according to interviews with federal officials and documents obtained by The Times.
Posted on April 2, 2008 at 6:08 AM
• 40 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Geesh, some things just "should not be outsourced."
--at least that's my gut feeling.
No, this is a great way to promote entrepreneurship in other countries as they start selling genuine fake passports. And it will take the pressure off american travelers as now no one will want to buy or steal theirs with better ones available freely on the black market.
I think they should also have US currency printed overseas to save money as well. After all if it only costs $.02 to make a $100 bill we wont mind so much if someone prints a couple trillion extra.
More proof the lunatics have taken over the asylum. With a third party printing passports, how long before a third party is printing the money? Oh, wait, that's already happening...
I agree that it is not a good idea, but with critical parts for military equipment being made overseas, why is anyone surprised?
I expect the manager in charge did not mention security at all.
So now that Smartrac admits that China has stolen its patented technology for e-passport chips, how can the Government still claim that these passports are secure (like they ever really were).
I didn't realize the government was supposed to be earning a profit.
Hmm, the two sources cited here are the Washington Times and United Press International, which are both part of News World Communications, the media arm of Sun Myung Moon's Unification Church.
Maybe this is one of those jobs that "Americans don't want to do." Making passports, picking cabbages, digging ditches, manufacturing products, ....
"Maybe this is one of those jobs that "Americans don't want to do." Making passports, picking cabbages, digging ditches, manufacturing products, ...."
A machine makes the things. Enter data, push button and bang passport come out of a machine. If you want a ditch, get a ditch witch
Nothing can stop it.
A lighter is more complex to make than a passport and we make them http://www.zippo.com/
This is good.
"no domestic company produced those parts" There must of been no market to begin with, all of which tells you what those parts are worth.
"After the computer chips are inserted into the back cover of the
passports in Europe, the blank covers are shipped to a factory in
Ayutthaya, Thailand, north of Bangkok, to be fitted with a wire Radio
Frequency Identification, or RFID, antenna. The blank passports
eventually are transported to Washington for final binding, according to the documents and interviews."
I'll bet dependability is low. It's like a tool. Imported tools are junk. It's cheap to buy, but you pay later when the thing breaks.
Should any function of the US government be allowed to be outsourced? Shouldn't the government be required to live under its own bloated rules, laws, taxes, and red tape?
Rob Funk wrote:
"Hmm, the two sources cited here are the Washington Times and United Press International, which are both part of News World Communications, the media arm of Sun Myung Moon's Unification Church."
Hmmm...from the WT article,
"But GPO Inspector General J. Anthony Ogden, the agency's internal watchdog, doesn't share that confidence. He warned in an internal Oct. 12 report that there are "significant deficiencies with the manufacturing of blank passports, security of components, and the internal controls for the process.""
Unless the Moonies are ghost writing for the GPO as well, I'm not sure what your point is.
In regards to Rob's comment questioning the validity of this article, a quick check of the GPO's inspector general page reveals that they did do an investigation of various pieces of the passport process and found deficiencies.... in 2004.
We here in Germany have a company called Bundesdruckerei (printing house, see http://www.bundesdruckerei.de/en/index.html), which is actually still owned by the government. This company manufactures our RFID-equipped travellers passports with digital picture and fingerprint. But there are serious plans to sell that company to (maybe foreign) investors to make 1 Billion EUR profit. Great outlook, yeah !
BTW, this printing house company has been saved from getting bankrupt by introducing the new biometric passports, decided by government members, which are employeed by the security lobby industry.
Cool. Now I can get the fake RFID from the same place I get my fake passports. At least I'll be safer knowing all my real identity and information won't be in one government controlled place.
It seems there is no end to this. Is there any record of any other country trying this and having it work?
For decades the USA (before that many States and banks) outsourced money production to companies in Massachusetts, and I think _all_ the paper for federal has been made by Crane.
Note that most countries outsource their currency production. I believe the big countries for export currency printing are UK, Netherlands, France, and Australia (because of the relatively recent plastic banknote technology).
Anyway, back to the US: My understanding is that US law requires that that paper be made in the USA. Then again the security of the currency really is a critical matter of state security while passport production may not really be so.
The german government has also outsourced it passports (and a bunch of other ID documents). Although the producer is called "Bundesdruckerei", it is a private company since it was sold for a billion euro to the private equity fond Apax. (more than 50% of that sum were credits from public authorities!)
Since 2001 it belongs to the authentos GmbH (which belongs to Apax). authentos GmbH owns the Bundesdruckerei GmbH, the Bundesdruckerei International Services GmbH, the D-TRUST GmbH and the Inco SP. z.o.o.
In 2002 authentos nearly went bancrupt, but the loan creditors and the federal government abated some of the debts. The authentos group was then sold to the "JVVG Neununddreißigste Vermögensverwaltungsgesellschaft" (94 %) and the "Dinos Vermögensverwaltung" (6%) for a symbolical sum of 1 Euro.
"I can imagine the manager in charge: "Yes, it's insecure. But think of the savings!" "
I couldn't agree more! How dare a government employee try to find cost savings or ways to do things more efficiently. It's not his money, why should he care?! The man should be flogged.
Settling for less than perfect security--the nerve! Get this man out of the government and consign him to the ranks of the other evil businessmen, where he belongs.
"the federal government's official printer explicitly requires the agency to break even by charging only enough to recover its costs."
The incentive is obvious. Send a clear message to this capitalist dog: if you're foolish enough to cause efficiency gains, and then expect to be REWARDED, you will be fired! Fill his post with someone who understands that the job is to *waste* money, not to *make* it.
"How dare a government employee try to find cost savings or ways to do things more efficiently. It's not his money, why should he care?! The man should be flogged."
Karl, don't be stupid. The decision is to spend $100 for absolutely no security (at the lowest levels), or spend $1000 for something that is possibly secure.
Which do you do?
"... for absolutely no security (at the lowest levels)"
Says who? Not the article.
"outsourced the manufacturing of its electronic passports to overseas companies — including one in Thailand that was victimized by Chinese espionage"
One company. What about the other 9 companies used that have reported no security problems, 3 of which have better security records than any U.S. competitor? You know that those companies are providing "absolutely no security" ? How?
You have inside knowledge of the situation? Please do tell.
Did you see the side bar link in the Washington Times story entitled 'GPO profits go to bonuses and trips'? It's the Part II to the story. The Part III can be reached from there and is entitled 'GPO's backup plant on storm-prone Gulf'
So they spent the money they 'saved' on bonuses and junkets, and also built a backup GPO printing plant in hurricane prone Mississippi. Yep, real incentive thinking.
I think I'll be able to buy all my fake passports online without ever having to leave my laptop.
I wonder what the black market business model will be. Like, will I get a price break for large quantities if they're all in the name of George W Bush?
"So they spent the money they 'saved' on bonuses and junkets...real incentive thinking."
I agree. Better that the "profits" just get wasted up front, by overpaying some American contractor. At least that way, we can keep the good guys ("Who cares? It's not my money" government bureaucrats) straight from the bad guys (money-grubbing, profiteering businessmen and entrepreneurs.)
Hey, wait a minute. What if the money were never wasted at all, by letting the price be set by the open market? Hmmmm.....
Karl, they didn't make the profits by greater efficiencies, which would be admirable, but by overcharging the state department. Something they are not allowed to do by their very own rules, as all they are allowed to do is charge whichever government department they are producing or sourcing items for the exact cost to them. I.e. any cost savings they may have made, whether through greater efficiencies or any other means, should then be passed on to the government department using them.
@ John Phillips
"they didn't make the profits by greater efficiencies, ... but by overcharging"
Well, we don't know that, do we. If the price of the product was agreed upon before the product was manufactured, based on what the GPO "manager" believed to be the cost of production, and efficiencies were subsequently implemented, then the profits were indeed made by greater efficiencies.
If the price of the product was to be agreed upon AFTER it was manufactured (when actual manufacturing costs would be more fully known), and the manager lied by saying the costs were more than what they acutally were, then he violated the law.
So the law institutes a perverse incentive. If any "manager" can discover better, more efficient ways of doing things, he has less than no incentive to improve the processes which he controls: at best he'll have to do the extra work required to change the procedures and subseqently change the cost structure of the contract, which will involve a bunch of paperwork and footdragging by those who will be made to look bad when the inefficiences are pointed out, and will provide no benefit to him nor to those he supervises, and at worst he stands to run afoul of federal law.
Since when do we encourage government agencies to penalize increased efficiency and reward "keeping the price high" ? Oh, I guess I know: February 3rd, 1913, anyone?
"any cost savings they may have made, whether through greater efficiencies or any other means, should then be passed on to the government department using them."
What a wonderful formula for encouraging the worst elements of bureacracy. But heh, worked for the U.S.S.R.
What about the energy used to ship the blanks around the world?
Karl, let's just cut to the chase: you are an idiot.
If you want a "secure" computer, the thing to do is to more or less build it yourself. This doesn't guarentee security, but the lower bound on the probability of failure won't be zero, and makes further defensive options actually worth the time and money to implement.
But if you "outsource" the job -- especially if you are well known and your use of the computer is likely to draw great interest to enemies -- you've effectively lost control of the hardware, even briefly, which means the probability you are secure at that point has a lower bound of exactly zero.
A comparison. Think of the disaster in the 1980's when the USA lost physical control of its embassy in Moscow (http://www.bugsweeps.com/info/hitech_snooping.html) Using your "logic", is it reasonable to conclude that the "managers" at the US Marines Corps got a good deal on those guards? The answer to this question is independent of whatever the guards were being paid. Get it?
The managers of this passport program forgot they were buying security, not just the physical artifacts. Paying real money , any amount of it, for nothing is pretty stupid, as is your defense of this behavior.
Do you work for the government by any chance?
I think (but am no longer sure) that while living in Switzerland someone mentioned that Switzerland prints currency for other countries. I think the company that does the printing is Orell Fuessli and also does the Swiss currency. OTOH, I hardly ever remember using paper money when living there - everything was done via debit card.
---maxim "security trade-offs are often made for non-security reasons." ---
This is a logical fallacy because the 'trade-off' will be for something non-security inherently (e.g. forgo bullet proof vests for comfort: comfort is non-security).
This is pretty dumb but nowhere near as dumb as putting RFID in the passports in the first place. Or keeping the RFID in now that it's become abundantly clear what a bad idea it was.
I recently renewed my passport at the US consulate in Bern. They told me that it now takes twice as long to process it because the state dept. does not allow embassies/consulates to have a stock of blank passports for security reasons. All applications are sent to DC. This article is unbelievable.
Are passports now needed to visit Mexico and Canada?
Unless you have 2 other photo ID, passports are now needed to open bank accounts.
Passports might become required for national park visitors.
Last summer there was a national vacation passport news event.
Moonies are now drawing attention to the problem? During the tail end of a nationalistic orgy of proto-fascism? Such strange times.
Mmm. Taste the ad hominem. Delicious.
Now that you've vented, and hopefully feel better, would you like to try again, this time addressing any of the arguments I made? Namely:
1. How did you come by the knowledge that payment was made by the GPO for "absolutely no security"? No measurement of the security provided in the exchange was mentioned in the article.
2. How do you know how many companies were involved? A breach at one company doesn't mean a breach at another. If Batch of Passports 1 from Company A was breached, that doesn't mean Batch of Passports 2 at Company B was breached.
Your argument here: "If you want a "secure" computer, the thing to do is to more or less build it yourself...But if you "outsource" the job ... you've effectively lost control of the hardware, even briefly, which means the probability you are secure at that point has a lower bound of exactly zero." , is poor, and here's why:
By your measure of "secure", Robert Tapella would have to manufacture each passport by his own hand. As soon as anyone, any employee any where, has a hand in the passports' manufacture, even briefly, Tapella has effectively lost control of the hardware, causing the probability of security to have a lower bound of zero.
Production of goods in today's world involves the input of many hands, in many places. The kind of "build it yourself" control you advocate simply is not practical for anything except "one-off" productions on the scale of your example of a personalized personal computer.
Unless you have some inside knowledge of the situation that you'd like to share, then arguing for a return to production methods of the bronze age is hardly helpful. Such a regression simply won't happen, thankfully.
I am waiting for the $100 bill RFP .. i will be set.
"Northrop Grumman is in "stop mode" on its Airbus-based tanker while the contract is reviewed."
"Americans are outraged by the Air Force's outsourcing of our national security to Europe," said U.S. Rep. Todd Tiahrt, R-Kan.
Northrop-EADS officials have disputed Boeing's claims that they will send jobs to Europe. Boeing might be right!
Just as Sen. Richard Shelby praised the EADS deal because of the potential economic boost for a district he represents, Tiahrt was looking out for the interests of his constituents.
Send Shelby to France.
Even if you have full control, the probability of maintaining security will ALWAYS have a lower bound of exactly zero. It will also have an upper bound of exactly unity. Both statements are a mathematical certainty, because that's how probability is defined.
I'm uncertain whether you understand security, but you certainly don't understand probability.
And if you're going to build that secure, or "secure", computer yourself, make sure you do all the fabrication of the active devices, too, whether semiconductors or tubes/valves. Anything more complex than a single gate would allow for the chip fabricator to corrupt the chip. Gates would, of course, have to be exhaustively tested, because the insertion of a NAND instead of NOR could be disastrous, so trusting the labeling on the chip would be foolhardy in the extreme.
'Was stumbling around looking for this, I deleted by mistake, 'don't get around much online these days. Thanks for the clip. Capitalism for the few. Again. 'Back soon...
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.