Slashdot Mirror
US Blocks Entry For German Black Hat Presenter
bushwhacker2000 alerts us to the dilemma of Thomas Dullien, a prominent security researcher who has been a fixture at the annual Black Hat security conference. Dullien was denied entry into the US on his way to this year's conference. Dullien, a German reverse-engineering expert known in hacker circles as "Halvar Flake," said he was blocked from entering the US on the technicality that he had (years ago) signed a contract with Black Hat as an individual, not as his company. Customs agents said he would need an H1-B visa to perform the contracted two days of training at Black Hat, and put him on the next plane back to Germany.
Halvar's been kicked out of the US?
This is not good. It's my understanding that once you've been kicked out, it's much, much, much harder to get back in.
That leaves me rather scared. I've known Halvar for almost six years; we were in Singapore together at Black Hat Asia. He's a very intelligent engineer, doing very good research, and has done more than almost anyone to make people realize that obfuscation is not security. We, as an industry, need his voice. (A bit cynical, but seriously, we as an American industry want his talents put to work here, rather than overseas.)
Simple arguments like -- nobody could figure out how this works, they'd have to be able to read code -- have been destroyed because of Halvar's work. You may not realize it, but without concrete examples of attacks, software developers simply cannot comprehend attacks against their code that they can't do themselves. Halvar is a critical innoculation against technically inept but vaguely plausable excuses why something must be impossible.
Halvar does the impossible regularly. Seriously, he's an artist, and the American security industry is directly harmed by not being able to learn from him. What's the story going to be? That Halvar can only do training in India, and China, and in Europe? Yes, that sounds like a wonderful idea. Everyone else's code gets more secure while ours rots on the vine.
The only thing more embarrassing than this was when Xioyun Wang, the Chinese professor who cracked MD5, was denied entry to the US. Oh well, Halvar, I guess you're in good company...
--Dan Kaminsky
A few years back I was contracted to run 2 x 1 week 'train the trainer' technical courses in the USA based on a training course I had developed. Being an upstanding UK citizen, I applied to the US embassy in London for a H1-B visa and the application was refused for (something like) 'insufficient details of nature of visit'. When I rang the visa enquiries line, I was connected to a call centre in Scotland that said they could provide no assistance as they were not embassy staff and all they could do was send me another form - and, no, they could not put me through the the embassy.
Armed with absolutely no knowledge of what information was missing from my application, I approached American Express who have a visa checking service - I took my application to their office in London (a 1.5 hour train ride), paid £70 extra for a 'personal service' and they checked over my application, gave it their 'OK' and submitted it to the Embassy by courier for same day processing. Guess what - same rejection.
In desperation, I approached a relative who worked in a different embassy in London and explained my dilemma - they rang a contact in the US embassy who put me in touch with someone in the visa department who agreed to look at my documents and call me back. After several hours, they called and said I would need a signed letter from the US training company confirming that they needed me to run the courses as there was no-one suitable in the USA who could do it. I arranged this by fax and then was later invited to the US embassy to get my visa - by now, this was the day before I was due to fly out!
But that's not the end of it - now when visiting the USA on holiday and filling in the visa waiver form on the plane, I have to answer 'yes' to the question asking whether I have ever been refused a US visa; this now guarantees me a near 100% chance of being stopped at US immigration for an interview, which generally goes like this:
* Sit in a waiting room for an hour
* Get called into interview room
* Asked why a visa was refused
* Explain the fax I had to arrange
* Asked 'is that all'?
* Told I am free to go
And this was all well before 9/11 etc.
AT&ROFLMAO
Absolutely right! Halvar is extraordinarily talented and it will be a terrible shame if his class is canceled. But it starts on Monday, so unless they do it by video conference I can't see him making it. I still hope to see him when I fly to Vegas on Thursday, but the odds aren't good :(.
I'd like to know just what the immigration department expects US conferences to do when bringing in foreign speakers. Halvar says they wanted to treat him like an "employee" of BlackHat and get an H1-B visa. But that is a ridiculous as it is a multi-year process. Halvar thinks coming as a representative of his own German company will help, but we shouldn't have to require that foreigners incorporate just to give a simple presentation or training class here.
I'm an American who has been paid to give presentations and training in many countries, including Germany. And I've never been hassled by their immigration dept. or received any special visas. So its embarrassing and harmful that the US subjects visitors to our country to all of this crap (including the fingerprinting and pushing other countries toward RFID passports). Its no wonder that many conference producers, including BlackHat, have been increasing the number of cons held offshore. The US just isn't seen as a welcoming place.
Pardon the long rant, but I hate seeing my friends put through this. And I'm sure similar things happen to thousands of people we don't know every day. Also, if those of us in the US don't fix our system, other countries might copy it and then we'll have to deal with this shit when we travel.
-Fyodor
Insecure.Org