Schneier on Security
A blog covering security and security technology.
« A Taxonomy of Privacy |
| Lighters Banned on Airplanes »
April 20, 2005
Processing Exit Visas
From Federal Computer Week:
The Homeland Security Department will choose in the next 60 days which of three procedures it will use to track international visitors leaving the United States, department officials said today.
A report evaluating the three methods under consideration is due in the next few weeks, said Anna Hinken, spokeswoman for US-VISIT, the program that screens foreign nationals entering and exiting the country to weed out potential terrorists.
The first process uses kiosks located throughout an airport or seaport. An "exit attendant" -- who would be a contract worker, Hinken said -- checks the traveler's documents. The traveler then steps to the station, scans both index fingers and has a digital photo taken. The station prints out a receipt that verifies the passenger has checked out.
The second method requires the passenger to present the receipt when reaching the departure gate. An exit attendant will scan the receipt and one of the passenger's index fingers using a wireless handheld device. If the passenger's fingerprint matches the identity on the receipt, the attendant returns the receipt and the passenger can board.
The third procedure uses just the wireless device at the gate. The screening officer scans the traveler's fingerprints and takes a picture with the device, which is similar in size to tools that car-rental companies use, Hinken said. The device wirelessly checks the US-VISIT database. Once the traveler's identity is confirmed as safe, the officer prints out a receipt and the visitor can pass.
Properly evaluating this trade-off would look at the relative ease of attacking the three systems, the relative costs of the three systems, and the relative speed and convenience -- to the traveller -- of the three systems. My guess is that the system that requires the least amount of interaction with a person when boarding the plane is best.
Posted on April 20, 2005 at 8:16 AM
• 28 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
More significant delays for non US people, does the US want any visitors ?
The rate the US balance of payments is going down the tube, I would think that every tourist dollar would be wanted.
There should really be a type of verification that "international visitors" actually land at their destination. What good is tracking if you only track partial trails? In fact it could cause a false sense of security and cause investigators to overlook a suspect because they had been "tracked" as exiting the country.
This remember me the story of a friend who was blocked at the border since she supposedly stay more than 3 months in the States. (she was trying to go back to canada after a week-end break)
She spent 3+ hours in the border control between
the states and canada with her 3 years old son.
However, she did have a stamp from her entrance
on her passport which was ... 6 days old.
The border officer was refusing to take it as a proof that she entered only 6 days ago..
(and therefore has to exit first !)
since the computer remembered only her former visit ... 4 months ago indeed ...
it was becoming even more complicated when they discovered that, back in 68, one of her late uncle was involved in some trouble around a US embassy in a remote african country...
a proof that she was a terrorist ... no matter that she barely met him and was not born in 68 !
She finally decided to walk out of the control
(anyway she was exiting the country) which decided the 'so called' officer to refer to his boss which obviously understood the evidence !
Hope the new 'exit' system will be more accurate ... and the 'stupid white men' smarter !
All this is irrelevant as it only looks at non US Citizens doing international travel. What about the terrorist who has been here and may be a citizen. I mean come on, how many terrorists fly in just to "do the job". Many have been here planning for a while, and though many may not be citizens they can still legally fly domestically without needing a passport (many have driver's licenses as illegal aliens).
How much will this really nab terrorists, rather than just be a hassle for regular travelers? I mean the only way I can see someone getting caught using this method is if they're already on a watch list to be picked up and they happen to decide to leave the country legally. Granted people could be tracked and patterns of the few bad guys (might??) be established, but is it worth the resources and invasion of privacy for all visiting the US? Comments?
Great, so there will be another pointless system that performs ritual humiliation on foreigners, and that will be people's final impression of America.
Following Mr. Torres' advice, maybe escort them onto the plane and handcuff them to their seats until after the plane has taken off?
I doubt that'll be any better.
The last two times I came to the states (before they decided fingerprinting everybody, thanks, but no thanks) they didn't even know what to do with my green stub (from the Visa Waiver program).
I was arguing with the person at the gate that they have to get it back to INS (at this point), she later said: "Oh, okay" but I have the strong feeling the piece of paper never really made it to the INS but rather ended up in the garbage.
I wonder though, can I actually request information from the DHS in regards to what kind of information they have on me?
What is the purpose of this system? What is the nature of the threat that it mitigates? The costs are clear--many of them, anyway, are immediately obvious--but how does it increase security?
I'm waiting for your usual analysis. :-)
You may be able to file a FOIA request for information that DHS, CIA, and the FBI have on you, though I'm not sure if you'll get the same level of reply since you're not a US citizen. In addition, anything related to ongoing investigations and much that is related to national security would be at best redacted, at worst outright blocked.
This program isn't so much to grab terrorists as they move about, but rather to ensure that those that enter the US on visas of a certain length also leave within that period of time. Immigration officials have never done a particularly good job of handling this critical role.
"My guess is that the system that requires the least amount of interaction with a person when boarding the plane is best."
I'm certain that the system that involves the greatest amount interaction with a person when boarding the plane will be procured.
It's the "new toilet" syndrome. Just like geeks that get new toys with blinking lights, this is where politicians and bureaucrats get excited.
How is this program actually going to help ensure that people leave before their visas expire? Seriously, at best it is going to give you a list of the people who have left. You still need to track the rest of them down and somehow force them to leave. All it takes is a simple computer error and "X didn't leave" or "Y left already, you can't be Y then"... Do you want to be the one explaining to the nice officer why you have already left the country?
"All it takes is a simple computer error and "X didn't leave" or "Y left already, you can't be Y then"... Do you want to be the one explaining to the nice officer why you have already left the country?"
We experience this everyday with examples such as credit companies claiming that we have expired 10 years ago. Fixing those reports are always fun.
Exactly my thought.
This is all a matter of perception. If there was a secure system but with minimal human interaction it will not be chosen because there is nothing to be "seen." To create the "perception" of security, politicians/people feel the need to "show" it being implemented. What better way than to halt a foreigner for a few minutes and interrogate them? Makes the non foreigners feel a lot more "secure" and the politicians seem more productive.
The flip side of this is singling out the foreigners as they pass by. The non foreigners will observe them and if they share a flight would probably scrutinize their every move. This might lead to many more false alarms (like Bruce's report on someone writing BOB on a vomit bag...)
And I don't think the US will suffer any less tourists/visitors because of this. It's annoying, sure, but not much more than that. I try to look the worst for my picture :) It's usually not a problem after a transatlantic flight.
This is not to catch terrorists, but to catch people who want to stay ilegally in the USA. Check in when you arrive if you stay more time then your visa permits it raise a red flag. With fingerprints and other data it should be easier to persecute the now ilegal person.
And the way we can all be sure that this simple system will work is the current ironclad status of our international borders. Since nobody ever enters the US without DHS taking note of it, the simple "X didn't leave" routines will give us a list of all the all the people in the country without permission at any given moment. Then, with a bit of license plate tracking from helicopters, we can track them down, because we are so good at finding fugitives.
Seriously, the number of recently proposed solutions which clearly do absolutely nothing to address the stated problem has grown to such a level that one has to ask if there is a different, unstated problem that is actually being addressed, and the stated reasons are nothing but smoke. I am not a great believer in conspiracy theories, but...
The US really does a great job of appearing to the foreign visitor as one of the most restrictive and Big Brother places in the world.
I'd never been fingerprinted in my life before, and the US immigration, customs, and security people are pretty rude. Doesn't live up to 'Land of the Free'.
They hate us for our freedoms, that's why we're so busy taking them away.
The Bush Administration has actually made the US the "land of irony":
I could give a dozen obvious examples (the UN, the World Bank, Iraq, Afghanistan, etc.) but most recently I noted that Bush appointed a lobbyist from a trophy hunter group, Safari Club International, to run the Fish and Game (charged with protecting endangered species):
The world understands freedom, but it has a hard time with those who confuse it with greed. I believe that's the treatment that sIMON has picked up on.
Tracking visitors sounds very similar to tracking consumers without consent and building data warehouses to sell information for profit, ala ChoicePoint.
In fact, the business of visitor tracking might be sold to a company that ponied up the most money to the Republican party. That's been the trend so far...and don't forget the CEO of ChoicePoint said he was selling identities to the US government (for $65million) to help preserve freedom at the same time they sold identities to criminals. I think time will show that unregulated private companies in the US (and now Iraq) can do more damage to American freedoms than any visitor or foreigner could possibly imagine.
Anyway, back to the point of this log entry, I wonder why the 60 days? Have they narrowed the selection down to three best-of-breed solutions, or is there a company waiting in the wings for a big contract to land in their lap?
I am interested to know what the receipts will look like. There must be some sort of tamper-proof one-way hash so people don't simply reproduce the (portable and light) mechanism to print their own copies.
That's exactly how it's supposed to work, providing a list of people who have left the country. If they are in the list as having not left when they have, then their destination or home country's customs services can be checked in case something was missed. If they are listed as gone, then the same thing can be done, and it may indicate a case of stolen identity or that they have slipped back into the country illegally.
It is a fine line, I will admit, but there are many people who come to the US on tourist visas and stick around to work, a plan they embarked on from the beginning. Part of the job of Immigration is to help reduce that (though they usually don't). Information on those who have not left (after verification with home country) could be made available to certain groups, such as flight schools, hazardous materials transporters, etc. I also think the information should be available to the police, but I seem to be in the minority viewpoint on that when I discuss it with others.
I'd say that this policy would keep me from visiting the USA, but I already decided that after the Sklyarov incident...
Still, even before that, the US entry process made me feel distinctly unsafe and uncomfortable. I expect it's much worse now, and I wonder why people put up with it at all -- at least, after experiencing it once.
By comparison, entering and leaving the PRC (Hong Kong) seemed much easier.
I'm not so sure that this is unusual; Japan has stamped passports on exit for many years.
This sort of measure is of limited use against those overstaying for the first time, but it is quite useful for detecting overstays, and preventing those people from entering the country again at a later time.
Stamping passports is a very different thing from pictures and prints, which assumes that every foreigner is a criminal holding fake travel documents.
Another problem: visa holders in the US currently have no easy way of "ending" their visa when they leave. I still have a valid US working visa, even though I no longer live there. I suppose I could go to a local consulate, hand it in and officially renounce the visa, but it seems silly to take a day or two off work to do what should be handled as routine on leaving the country.
Now the next time I go to the US I'll have to explain to the guy in the booth that yes, there's a visa in my passport, but no, I'm not using it, I'm just here on visa waiver for business. If there was a proper exit process, they would have noted non-intent to return, and stamped my visa as "used" when I left, to make things clear.
This proposed process doesn't seem to address this problem.
Another reason not to be in a hurry to go for a holiday to the States.
'An "exit attendant" -- who would be a contract worker, Hinken said...'.
IMHO that's your single point of failure in each system. It does not matter which tech is being used, so long as the ultimate authority on each system is human.
I have found that the the US immigration, customs, and security people to be OK in quite a few places and like the exit gaurd from hell at others.
Other friends of mine have likewise found this, and a look at the good/bad places has a corelation with the way people tended to vote recently. There is also North South Trend, with a more human response from the north.
It may be that places like Seattle have so many non US people comming through their gates that they get treated as the norm not the exception. Also a lot of the people are visiting places like Microsoft, Cisco, AT&T Cingular and other high tech companies so may appear less like terorists to them.
"Also a lot of the people are visiting places like Microsoft, Cisco, AT&T Cingular and other high tech companies so may appear less like terorists to them."
Microsoft doesn't bring in many terrorists. It seems they don't like competion, no matter what the market.
It's hard to understand what this fuss is about. Why don't they simply stamp the passport on exit and collect the green visa? That would be much less intrusive. By the way, the article says nothing about visitors leavin through the land border.
Last time I visited the states I didn't return the green stub at the border because I expected to return within the 3 months period. This is perfectly legal. But finally I didn't go and I wondered how to get rid of the visa. So I went to a US consulate and they took it without even looking at it.
Hassling exiting foreigners is fine by me. "Boo hoo, America was mean to me, I shall stay home." I sure wouldn't be saddened by your not coming back. Get a spine people.
When I went on a business trip to Singapore and Malaysia a few years ago, both of them collected forms at entry and exit, and were obviously making sure that people did leave as expected. The point is, unless you record who left and match it up to the records of people who entered, you won't be able to go looking for those who overstayed their visa because you don't even know who they are. Of course, they aren't going to be able to find all the overstayers, but if they aren't even looking for them they won't catch any...
It doesn't take long. It took more time and paperwork for me to re-enter my own country than to pass the checkpoints in and out of Singapore, twice.
As for database errors, the key is to give the database the degree of respect it deserves, no more, and to use it properly. In JC's story, the INS screwed up on both counts - trusting the database over documentary evidence in front of it, and in using the database to check on whether someone now leaving had overstayed rather than on the more important task of looking for those who weren't leaving at all.
Everything I hear about the INS makes me think we've got an agency here that's so fouled up, you could abolish it and start an all-new agency faster and cheaper than fixing the present one.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.