Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Border Officials Haven't Properly Verified Visitor Passports For More Than a Decade Due To Improper Software (zdnet.com)

Posted by BeauHD on from the update-required dept.

An anonymous reader quotes a report from ZDNet: U.S. border officials have failed to cryptographically verify the passports of visitors to the U.S. for more than a decade -- because the government didn't have the proper software. The revelation comes from a letter by Sens. Ron Wyden (D-OR) and Claire McCaskill (D-MO), who wrote to U.S. Customs and Border Protection (CPB) acting commissioner Kevin K. McAleenan to demand answers. E-passports have an electronic chip containing cryptographic information and machine-readable text, making it easy to verify a passport's authenticity and integrity. That cryptographic information makes it almost impossible to forge a passport, and it helps to protect against identity theft. Introduced in 2007, all newly issued passports are now e-passports. Citizens of the 38 countries on the visa waiver list must have an e-passport in order to be admitted to the U.S. But according to the senators' letter, sent Thursday, border staff "lacks the technical capabilities to verify e-passport chips." Although border staff have deployed e-passport readers at most ports of entry, "CBP does not have the software necessary to authenticate the information stored on the e-passport chips." "Specifically, CBP cannot verify the digital signatures stored on the e-passport, which means that CBP is unable to determine if the data stored on the smart chips has been tampered with or forged," the letter stated. Wyden and McCaskill said in the letter that Customs and Border Protection has "been aware of this security lapse since at least 2010."

72 of 141 comments (clear)

  1. Bet they were able to get it budgeted though by grasshoppa · · Score: 5, Insightful

    How much do you want to bet that they were able to get a "solution" budgeted every year?

    --
    Mod me down with all of your hatred and your journey towards the dark side will be complete!
    1. Re:Bet they were able to get it budgeted though by jrumney · · Score: 2

      Meanwhile, I have a free app on my phone that is able to verify the signatures on any ICAO compliant NFC passport or identity card.

    2. Re:Bet they were able to get it budgeted though by Hal_Porter · · Score: 5, Insightful

      Isn't that a bit of a security risk?

      E.g. this app requires you enter a bunch of data. And then it scans your passport

      https://play.google.com/store/...

      At which point it knows everything about you. What's to stop is sending the data off to someone who sells it on the internet to identity thieves?

      If it was some pure open source thing I might trust it. However even though this library is open source

      http://jmrtd.org/ ... The ReadID app is not. So you don't know what they do with the data they collect.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    3. Re:Bet they were able to get it budgeted though by Narcocide · · Score: 1

      Yea too bad they couldn't just fucking use Linux.

    4. Re:Bet they were able to get it budgeted though by BlueUnderwear · · Score: 1

      What's to stop is sending the data off to someone who sells it on the internet to identity thieves?

      The same thing that's stopping Microsoft from harvesting e-mail passwords via its Outlook Ios/Android app...: Reputation

      --
      Say no to software patents.
    5. Re: Bet they were able to get it budgeted though by Type44Q · · Score: 2

      So pretty much the same way that a large truck would be stopped by a sheet of newspaper blowing in the wind?

    6. Re:Bet they were able to get it budgeted though by AuMatar · · Score: 2

      The reputation of a random company nobody has ever heard of before? Yeah, not downloading that shit.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    7. Re:Bet they were able to get it budgeted though by rhyous · · Score: 1

      I think you underestimate the reputation of Microsoft to the eyes of the general public.

  2. We all know it's security theatre by Anonymous Coward · · Score: 5, Insightful

    This episode of security theatre is brought to you by CBP (Customs and Border Patrol) part of the larger circus called the DHS (Department of Homeland Security) which is now the largest federal law enforcement agency. We can't figure out if your passport is legit but take off your shoes and don't even think of taking those nail-clippers or toothpaste on that airplane. Someone should start a Dilbert-like DHS comic strip and make T-Shirts we people can wear when going through security.

    1. Re:We all know it's security theatre by AvitarX · · Score: 2

      But but, let's replace the private companies that didn't let anything in appropriate through.

      Bush oversaw the largest socialization of private industry in the history of the US, and yet nobody calls him a socialist.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    2. Re:We all know it's security theatre by jrumney · · Score: 5, Interesting

      That's not a security hole, it is published in the ISO standard that the passports are based on. The data that you get access to by using the key derived from info from the details page is the same info that is on the details page. If you can see the details page to get the key, you can see all that info anyway (except in my case they printed the photo on my passport in black and white, but have the color version on the chip). To verify that information is not forged, it is signed by a certificate of the government that produces it, and it is this that the US system is apparently failing to verify, and this is not something you can forge simply by knowing how to derive the symmetric encryption key that hides your data from people scanning your closed passport as you walk past in the airport.

    3. Re:We all know it's security theatre by ClickOnThis · · Score: 1

      Bush oversaw the largest socialization of private industry in the history of the US, and yet nobody calls him a socialist.

      Must ... resist ... oh damn, here I go.

      First of all, which Bush?

      Second, exactly what "private" (in your view) industry did he "socialize?"

      Third, are you seriously claiming that Bush (41 or 43) is a socialist?? Dude, your tinfoil hat is on too tight.

      --
      If it weren't for deadlines, nothing would be late.
    4. Re:We all know it's security theatre by Anonymous Coward · · Score: 1

      This groping brought to you by the makers of Rapescan. I mean Rapiscan.

    5. Re:We all know it's security theatre by AvitarX · · Score: 1

      Bush, 43, did actually, in reality socialize airport security

      Before Bush, it was private security meeting standards (that were never missed on record), within his terms it became government that failed to meet standards.

      150k or so private jobs became government jobs. The largest socialization in US history. And it happened fast.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    6. Re:We all know it's security theatre by _Sharp'r_ · · Score: 5, Informative

      I recall (living in the DC area at the time of 9/11 and working next to Dulles, so it wasn't exactly a distant concern at the time) that Bush and the Republicans in Congress wanted enhanced private security, but the Democrats would only join them in voting for it if it used government workers, so to get it at all (which I wouldn't have voted for, but that's another discussion) they caved to the Democrats on the issue.

      So while Bush was the President at the time, it's not like he was a dictator. To say it was Bush's idea to use government employees for security isn't accurate. At most, he went along with the Democrats on it.

      --
      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
    7. Re:We all know it's security theatre by PolygamousRanchKid+ · · Score: 2

      We can't figure out if your passport is legit but take off your shoes and don't even think of taking those nail-clippers or toothpaste on that airplane.

      The entire DHS airport security checks could be replaced with cocktail wieners.

      Just have a tray of them at every airport gate. Passengers wishing to fly would be required to eat a cocktail wiener before boarding the plane. Islamic terrorist would refuse to eat the cocktail wiener, and could thus be filtered out easily and efficiently.

      But no, the DHS folks are only interested in building an empire for themselves by wasting mountains of taxpayer money.

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    8. Re:We all know it's security theatre by Anonymous Coward · · Score: 1, Funny

      Also an effective countermeasure against the scourge of international vegan terrorism. Brilliant!

    9. Re:We all know it's security theatre by Anonymous Coward · · Score: 4, Interesting

      And?

      Of course you can clone them, cryptographically signed data is still nothing more than data.
      Signatures only serve to prove the plain-text data is bit-for-bit identical when verified using the public key, compared to when it was signed with the private key.
      Nothing more.

      If you have a forged passport with unsigned data, you can clone that and end up with another forged passport with unsigned data.

      If you have a valid passport with signed data, you can clone that and end up with another valid passport with signed data.

      All the signature does is prove if the governments private key signed the data and that the data hasn't been modified.
      Cloning doesn't modify the data so of course cloning won't break the signature.

      You still need a legit passport with signed data to clone in the first place.
      The signature prevents you from putting your own newly made data on the thing and being able to claim it is valid.

    10. Re:We all know it's security theatre by rickb928 · · Score: 1

      "Islamic terrorist would refuse to eat the cocktail wiener,"

      There is much about Islamic terrorists you do not know or understand. But I know you were engaging in theatre, so I'm not really concerned you are that stupid or naive. At least not about that...

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    11. Re:We all know it's security theatre by Somebody+Is+Using+My · · Score: 3, Insightful

      Before Bush, it was private security meeting standards (that were never missed on record), within his terms it became government that failed to meet standards.

      How do we know they never missed on record? Is it because they told us they never missed? It seems like this might be similar to the difference between open-source and closed-source code; the former might seem less secure because there are lots of bug reports and patches, but that doesn't really tells us anything about the state of the latter. Similarly, it might very well be that the private security was just as much theater as the government's attempts, but a lack of transparency made it easier for them to hide their failings.

      Honestly, I don't know either way. I am just hesitant to believe that the private industry's record was really any better. I'd be curious if there was any information on the topic.

    12. Re:We all know it's security theatre by Darinbob · · Score: 2

      There aren't "passwords" here. This is a signed data. There is a public and a private key, the private key must be kept secret but the public key is intended to be shared and available. By using the public key anyone can verify that the data was properly signed by the holder of the secret private key. Ie, encrypt using the private key, but decrypt using the public key.

      The data itself need not necessarily be encrypted, because it merely shows what is visible on the passport. But the signing process uses cryptography as a means of tamper protection (change one byte and the signature fails to validate), and that authentication must be done because otherwise it is a very simple matter to rewrite or replace that chip.

      The general public should be able to do the same thing, ie, verify that the data on your passport is correct and properly signed.

    13. Re:We all know it's security theatre by Darinbob · · Score: 1

      The digital signing is to prove that the printed data (and photo?) has not been modified. You can clone the chip that says "Anne Onny Mouse" from your passport and put it onto thousands of passports. However those chips will say "this passport is for Anne Onny Mouse", and the border official will then note the name does not match "Robert J Hacker" which is printed on the passport.

      Of course, if you're forging passports, you can easily clone the chip but it's not useful unless the printed data also has the same data as the chip. Ie, you can duplicate a passport so that there are thousands of "Anne Onny Mouse" passports. That's not a good thing but you still need a very good forger and lots of people with very similar faces. And once discovered all the passports can be revoked.

      Assuming of course, that the border security actually checks the authentication.

    14. Re:We all know it's security theatre by Darinbob · · Score: 1

      Let's say you have an army of clones intent on overthrowing the Empire, you could give them all duplicated passports that verifies their names and the photo matches their faces. Oh no! But as soon as one of them slips up all of those passports can be revoked at once.

      Assuming of course a competent Empire. In real life, as we see here, governments are full of bumbling oafs.

    15. Re:We all know it's security theatre by DNS-and-BIND · · Score: 1

      Then just have everyone doodle a picture of Mohammed. If you refuse, you don't get on the plane. In fact, we put you on the next plane back to Shitholestan. We don't need those kind of people in our nice country.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    16. Re:We all know it's security theatre by Darinbob · · Score: 1

      Private contractors for prisons in California are a major failure. But they're entrenched and they have much more powerful unions than the government unions. Private contractors in the Iraq war were also a failure. All paid for out of taxpayer dollars, given to "for profit" companies, and we did not save money or get a better outcomes as a result.

      Even the most die hard anti-government tea party follower still agrees that government has a vital role in national security, and there are loud cries about beefing up the border security. We don't want private contractors doing the one job that almost everyone agrees the government should do. We can have private contractors coming up with methods and procedures and devices of course.

    17. Re:We all know it's security theatre by Darinbob · · Score: 1

      The new line from the remake of Airplane: "We need somebody who can not only fly this plane, but who didn’t have the cocktail wieners!"

    18. Re:We all know it's security theatre by nobuddy · · Score: 1

      FAA was the oversight for airport screening before TSA took it over. They tested and reviewed all airport screening.

  3. I should be shocked and alarmed by smylingsam · · Score: 1

    but all I feel is sadly unsurprised. After a while some people just cant live up to your expectations or their own.

    1. Re:I should be shocked and alarmed by smylingsam · · Score: 1

      I am afraid it sound like you have been thinking critically ago. Further that kind of proactive can do disruptive thinking clearly shows a lack of team sprit. We should have a meeting about this

  4. Re: Shhhh! Don't talk about this security lapse by guruevi · · Score: 1, Insightful

    Forgers have known about this just as long. And even if you get it to work eventually, the encryption on the chips themselves have been proven easy to crack for many years.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  5. The passport checkers may as well have stayed home by kriston · · Score: 2

    All of those passport checkers may as well have stayed home for the past ten years.

    --

    Kriston

  6. Also easily replicated by Antique+Geekmeister · · Score: 5, Informative

    There was an interesting e-passport replication technology reported at the "Black Hat" security conference in 2006 So far as I know, this replication approach has never been disabled

    https://www.theregister.co.uk/...

      RFID chips are, by their nature, kept very inexpensive and easy to read. Unless the USA and other nations are prepared to invest in more powerful and secure standards for what is supposed to be a very easily scanned and robust technology, I'm afraid that I don't see how they can be made more secure.

    1. Re:Also easily replicated by 93+Escort+Wagon · · Score: 4, Insightful

      Unless the USA and other nations are prepared to invest in more powerful and secure standards for what is supposed to be a very easily scanned and robust technology, I'm afraid that I don't see how they can be made more secure.

      The point isn’t to make passports truly secure in the eyes of a technically literate person - the point is to make them “secure” within the level of understanding posessed by the average politician.

      You know - the men and women who believe we can have “secure” smartphones which are completely and readily accessible to law enforcement personnel but no one else.

      --
      #DeleteChrome
    2. Re:Also easily replicated by jrumney · · Score: 5, Informative

      Sure, its easily replicated, but the data has your photo, among other things which are easily verified by the border agent against the person standing in front of them. So replicating it isn't all that useful if you are trying to produce a passport that someone not authorized to have that passport can use. You need to modify the data on it, which breaks the digital signature. Only if border security is not properly verifying the signatures does this become useful for nefarious purposes.

    3. Re:Also easily replicated by Anonymous Coward · · Score: 1

      You know - the men and women who believe we can have “secure” smartphones which are completely and readily accessible to law enforcement personnel but no one else.

      Or believe that a "background check" will prevent anyone who ever might do something evil from getting a gun.

    4. Re:Also easily replicated by SirSlud · · Score: 2

      Replicating a passport is far less of an issue than writing a new one whole cloth.

      --
      "Old man yells at systemd"
    5. Re:Also easily replicated by cliffjumper222 · · Score: 2

      Cloning is possible. However, in this case, the digital signature is not even being checked of the data. So, right now, you can create complete forgeries without the private key (or certificate) required. If they actually started to check signatures, which let's face it, software should be able to do easily today (I wonder why it's never been implemented), then you would have to match the details on the written passport exactly and you'd have to be a clone of another passport holder. That is a far higher bar to get over.

    6. Re:Also easily replicated by Anonymous Coward · · Score: 1

      bloccckkkkkchhhhaaaiiiinnnn

    7. Re:Also easily replicated by DarkOx · · Score: 1

      That's the point. If the digital signature is not checked its possible to create altered data. You create a password with your picture, so it look like you standing in front of the agent with the information belonging to some other person who would be admitted at the border.

      Obviously its still a challenge, you need to create convincing physical forger or alter an existing document; which does have physical tamper controls in place. You will also need to be able to program the thing correctly save for needing to produce a valid cryptography signature - that can probably be just something with the right leading magic numbers followed by any old string of junk.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    8. Re:Also easily replicated by Antique+Geekmeister · · Score: 1

      I agree. But if they're not verifying the recorded data, as seems to be the case, than replicating even one such RFID chip en masse helps enable wholesale forgery.

    9. Re:Also easily replicated by EndlessNameless · · Score: 1

      Cloning is not an issue if the signed data includes physical descriptors and photographs. Ultimately, all government ID systems rely on a human matching the person in front of them to the person on the paperwork.

      Preventing forgery is the major concern. And they have zero chance of stopping it if they cannot verify a fucking digital signature. Pathetic.

      Hell, ADOBE has integrated support for digital signatures and document validation---and it actually works. Unless there was a proposal to fix this that couldn't get Congressional funding, someone needs to be shitcanned. This is a serious lapse, and they should have asked for money to buy the hardware/software years ago.

      --

      ---
      According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  7. Re:The passport checkers may as well have stayed h by AHuxley · · Score: 1

    What did the computers say?
    All passports looked at got a correct pass every year?
    Nobody thought to have a failed passport test at random times to see if every computer GUI was working?
    Every passport failed and the GUI was always ignored. Waiting for an update to finally get the functionality?
    An error code did show but it always had to be scrolled past with many other messages?

    --
    Domestic spying is now "Benign Information Gathering"
  8. Re:A decade of the software saying? by nedlohs · · Score: 1

    You could try reading the article?

    It does the obvious thing you would expect from a system using digital signatures that is set to not verify the signature.

  9. Re:And this is Trump's fault how? by upuv · · Score: 1

    It happened during Bush's presidency.

  10. Re: Shhhh! Don't talk about this security lapse by jrumney · · Score: 2

    The encryption is published in an ISO standard, so "cracking" it is the domain of snakeoil salesmen. The issue here is not the encryption, it is the digital signatures, and I can assure you that other countries are not as incompetent as the US's Homeland Security in this respect.

  11. Comment removed by account_deleted · · Score: 2

    Comment removed based on user account deletion

  12. Comment removed by account_deleted · · Score: 2

    Comment removed based on user account deletion

  13. So? by PopeRatzo · · Score: 2, Insightful

    US Border Officials Haven't Properly Verified Visitor Passports For More Than a Decade Due To Improper Software

    And in that time, the number of terrorist attacks by foreigners sneaking into the country is...zero.

    Maybe that "foreign terrorist" threat isn't nearly as bad as we were told? Maybe we have more to worry about from other Americans than we do foreign terrorists?

    --
    You are welcome on my lawn.
    1. Re:So? by Anonymous Coward · · Score: 2, Informative

      And in that time, the number of terrorist attacks by foreigners sneaking into the country is...zero.

      Maybe that "foreign terrorist" threat isn't nearly as bad as we were told? Maybe we have more to worry about from other Americans than we do foreign terrorists?

      It isn't zero... "Six Iranians, six Sudanese, two Somalis, two Iraqis, and one Yemeni have been convicted of attempting or executing terrorist attacks on U.S. soil during that time period"

      According to this article arguing against the travel ban: https://www.theatlantic.com/international/archive/2017/01/trump-immigration-ban-terrorism/514361/

      Also, this issue isn't just about terrorism, but also more likely criminals coming to the US. The numbers of criminals coming to the US is well above 0.

    2. Re:So? by DarkOx · · Score: 1

      Or maybe the other controls are relatively effective. The two most obvious

      1) a robust intelligence gathering effort that feeds
      a number of various "lists"
      2) Physical controls on passport documents. Look at them there are number glossy, hologramed bits. The guy at the corner is going to be hard pressed to make a convincing forgery. You might fool the inattentive clerk at your local motel or gas station attendant ringing up some beer but you won't fool a TSA agent. Without access to a lot of resources most criminals don't have. Well funded terrorist organizations might be a different story.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    3. Re:So? by blindseer · · Score: 2

      And in that time, the number of terrorist attacks by foreigners sneaking into the country is...zero.

      Why should they have to sneak in when they can walk in the front door?

      The people that planted a bomb at the Boston Marathon were immigrants. They had their "papers in order", and it was their immigration registration records that allowed the police to identify them so quickly.

      The Boston Marathon bombing was a terrorist act on American soil by foreign actors. That is just one of many examples. There have been many acts of terrorism on Americans by immigrants. Some more successful than others. Some using firearms, some with knives, some using vehicles as weapons, some using improvised explosives.

      Now, not all immigrants are terrorists. I should not have to say that as it should be obvious but if we had some better controls on who enters the nation then we'd see less of this. Also, not all terrorists are immigrants. This should also not require being pointed out. What seems clear though is that immigrants are more likely to commit terrorist acts and other crimes than native born Americans.

      Those that did sneak through the borders to get into the USA have broken the law by the very fact of sneaking past the border. Once here they seem to have little respect for other laws. They will drive without a license, insurance, or registering their vehicle. They will work under falsified papers. They will drive while drunk. They will steal, rape, and murder. Assuming it is true that people sneaking across the border have not done anything that may be considered an act of terrorism we do know that they are not saints, they have broken the law by the act of entering the nation without permission, and have a high probability of further breaking the law.

      If we have more to worry about from native born terrorists than foreign born then it is only because In the USA there are far more people native born than those not. Immigrants have a much higher tendency to break the law than native born Americans, whether they came in the front door or not. Knowing that therefore it may be wise to reduce the number of immigrants and demand that the immigrants we do allow in must be of very high moral character.

      --
      I am armed because I am free. I am free because I am armed.
    4. Re:So? by PopeRatzo · · Score: 1

      Now, not all immigrants are terrorists.

      And not all gun owners are school shooters. Stow that bullshit.

      --
      You are welcome on my lawn.
    5. Re:So? by Areyoukiddingme · · Score: 1

      Those that did sneak through the borders to get into the USA have broken the law by the very fact of sneaking past the border. Once here they seem to have little respect for other laws. They will drive without a license, insurance, or registering their vehicle. They will work under falsified papers. They will drive while drunk. They will steal, rape, and murder.

      Right. In record numbers. Fox News should be a controlled substance.

      ...they have broken the law by the act of entering the nation without permission, and have a high probability of further breaking the law.

      No they don't. They have a much lower probability of breaking any further laws that aren't labor laws. Breaking laws attracts the attention of law enforcement. Illegal immigrants go out of their way to avoid the attention of law enforcement. Haven't you seen... basically any procedural cop show in the past 20 years? Every single one of them has multiple episodes of local LEOs having to disclaim their interest in the immigration status of people they're interviewing, or threatening to call Immigration in order to extract information. Illegal immigrants are at pains to avoid having any such conversations.

      Your sourceless assertions are ridiculous on the face of it, and contradicted by FBI statistics.

    6. Re:So? by blindseer · · Score: 1

      You gave a website as a reference where I found no breakdown based on immigration status.

      I've heard the claim that illegal immigrants break the law less often than domestic born people and they get to this through some very interesting statistical analysis. They will take the crime rate of immigrants and then they will make adjustments for age, gender, race, education, income, and employment status. What we find is that illegal immigrants are predominately in the age range of 16 to 40 (or something like that), male, hispanic and black, few have even a high school education and many cannot even read in their native language, they are also largely poor and unemployed. So they compare this to domestically born people within a similar demographic and find they are just as likely to commit crimes.

      So, we've proven illegal immigrants do not pose a problem with crime, right? No, they didn't. This is because to make this claim they had to group the illegal immigrants with the legal immigrants. Even then they still see a higher crime rate as a whole, it's only by "statistical adjustments" that anyone can claim a lower crime rate.

      No they don't. They have a much lower probability of breaking any further laws that aren't labor laws.

      Even if we assume that they break no other laws they are still criminals. They break the law by entering the country illegally. They break the law through fraud by getting a job under falsified papers. They break the law by driving without a license or obtaining a license with false documents. By working in the USA they are breaking the law everyday and I'm supposed to be okay with this? Would violating labor laws be tolerated of people born in the USA? Of course not, and it should not be tolerated of illegal immigrants either.

      Haven't you seen... basically any procedural cop show in the past 20 years? Every single one of them has multiple episodes of local LEOs having to disclaim their interest in the immigration status of people they're interviewing, or threatening to call Immigration in order to extract information.

      The networks can show that on TV but that doesn't make it true. Illegal immigrants are often the victims of crimes by other illegal immigrants. They are always reluctant to go to the police, not just because they might get deported but because it opens them up to retaliation for snitching on others.

      Illegal immigrants are at pains to avoid having any such conversations.

      Which is why a lot of illegal immigrants keep quiet on being victims. Many immigrants will report being a victim, because they are here legally or fear being a victim again more than deportation. Many crimes by illegal immigrants go unpunished, illegal immigrants will often flee the country once they've become known to law enforcement. Just because they weren't caught and sent to jail does not mean they didn't commit a crime.

      Your sourceless assertions are ridiculous on the face of it

      Whatever. I've seen the claims of immigrants being more law abiding than those born here and they all bend the statistics to "adjust" this crime away. Lies, damned lies, and statistics. The numbers will tell you anything you want if you torture them enough.

      Illegal immigrants are, by definition, criminals and this should not be tolerated. Their tendency for committing further crimes, like fraud and drug trafficking, should not be tolerated either.

      --
      I am armed because I am free. I am free because I am armed.
  14. Re:We should put thes same people in charge of our by PopeRatzo · · Score: 1, Funny

    I can't wait until the government takes over our healthcare. They have proven time and time again that they are the best at managing important services.

    I know, right? After that, the government will probably want to take over the military, with enough nuclear weapons to destroy humanity. What could possibly go wrong, amirite? And border security. Thank goodness we live in a free country where the government isn't in charge of something as important as border security or national defense.

    We need to act now to keep the government's hands off our military, don't you agree? Yeah, you. Dummy. I'm talking to you.

    --
    You are welcome on my lawn.
  15. Re: Obama fails again by nonBORG · · Score: 1

    Man this was Obama I or Bush I am sure they both personally oversaw every detail of the implementation here. Also I am absolutely sure it was up to their technical competence and understanding to get this stuff implemented correctly. There is 36 countries involved here and it is all up to one guy, probably the US president don't have anything else to do.

    --
    You can't handle the truth! - Because I don't post left all my comments get modded down, bye bye Karma.
  16. cryptographic information by Hognoxious · · Score: 1

    "Cryptographic information" sounds like information about encryption. Do they mean "encrypted information"?

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    1. Re:cryptographic information by sexconker · · Score: 1

      No, they don't.

      The data isn't meaningfully encrypted. Anyone with physical access to the passport has the key to read it AND the data itself (name, date of birth, country, photo, etc.).
      The data is cryptographically signed by the country issuing the passport.
      That signature is the "cryptographic information" in question.
      The readers are failing to verify the signature.

  17. Voter ID by Anonymous Coward · · Score: 1

    And yet the Democrats keep blocking every attempt to verify a voter's real identity. Heck, these people could just show a (fake) passport everywhere they vote.

  18. I can tell you why this is so by kilodelta · · Score: 1

    It's because congress, and even state legislatures don't have the vision to see that software and training might be necessary. And a bloated enterprise like Homeland Security and TSA - well they can just barely do security theater. So while a legislative body might pass a feel good that the electronic encryption on a passport is secure - they completely forgot about funding to develop the software to read it.

  19. Bush as a socialist? Maybe... by sjbe · · Score: 1

    First of all, which Bush?

    It doesn't matter. Both of them substantially expanded the number of government jobs during their administrations.

    Second, exactly what "private" (in your view) industry did he "socialize?"

    All airport security was private contractors prior to 9/11. Then it became a part of DHS. More generally public sector payroll expanded greatly during their administration - more than most recent presidents except perhaps Clinton. Based on their actions it's not entirely irrational to say they are closeted socialists.

    Third, are you seriously claiming that Bush (41 or 43) is a socialist?

    Oh they try to pretend they aren't but it's actually pretty easy to argue that a lot of republicans are really socialists in denial about it. They want big government and if you mute their rhetoric their actions prove it. They never actually cut military spending, medicare spending, or social security which are the three biggest line items in the federal budget. In fact Bush 43 expanded medicare and every republican administration tries to make the military larger to pander to their base. So yeah, they kind of are a weird sort of socialist.

  20. I find it funny... by Anonymous Coward · · Score: 1

    that these Dems who wrote this letter care. After all, the Dems rely on a stream of illegals coming across the border anyways.

    1. Re:I find it funny... by Locke2005 · · Score: 1

      How is that? Illegals can't vote. Didn't they explain how U.S. elections work when you went to school in Moscow?

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
  21. nobody *wanted* a secure border by cascadingstylesheet · · Score: 1

    Nobody wanted a secure border ... nobody who mattered, anyway. No wonder stuff like this got to slide.

    Until, mysteriously, now. Must be those darn xenophobe rubes who took over ...

  22. Be glad only 7 environmental studies are needed by Impy+the+Impiuos+Imp · · Score: 1

    The wording on the language in the Request For Proposals is nearing completion.

    Relax peoplre, gubberment is on it!

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  23. Re:Wow ... and they wanted a wall? by sexconker · · Score: 1

    The issue is that cryptographic signatures aren't verified for passports with chips.
    This only applies to passports from 38 countries. People coming in from Mexico aren't using passports with chips.
    For the 38 countries it does apply to, border and customs agents still verify a person's identity using the passport, the photo, and and person in front of them.

    This fuck up makes the chip useless as anyone can put any data on there.
    You would still have to be able to make a convincing fake of a physical passport for a country on the list to get expedited entry.

  24. What's next by Locke2005 · · Score: 1

    Cue Trump blaming Obama for the problem in 3... 2... 1...

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  25. Government is best by mi · · Score: 1

    Is not government awesome? Consider:

    Just recall the above (incomplete) list next time someone suggests, yet another industry/market would be better served by the caring and omniscient government employees, than by the greedy KKKorporations.

    --
    In Soviet Washington the swamp drains you.
  26. Re: We should put thes same people in charge of ou by ryanmc1 · · Score: 1

    Really? That's the best comeback you've got? Nuclear weapons? I won't stupe to your level by calling you dirogitory names, but here I am arguing that government should not be in charge of health care because thay take forever to get things done, and health care needs quick reactions, and you try and lump in nuclear weapons into the same category? I for one want them to take a long time to decide to launch nuclear weapons. If you want them to launch them faster then good luck with that. A world where we launch weapons with the speed that we need in healthcare would not be a great place to live in.

  27. Re: We should put thes same people in charge of ou by PopeRatzo · · Score: 1

    I won't stupe to your level by calling you dirogitory names

    The prosecution rests.

    --
    You are welcome on my lawn.
  28. Re:And its cancerous influence is everywhere by nobuddy · · Score: 1

    I bought an RFI shielded passport wallet for $9. Its a full function wallet, with a shielded passport pocket built in. Also shielded slots for RFI ID cards.

    If you can't afford $9, perhaps you should not be traveling abroad.

  29. Re: Shhhh! Don't talk about this security lapse by ezdiy · · Score: 1

    > the encryption on the chips themselves have been proven easy to crack for many years

    Bullshit.

    However you can't just "crack" the signature on the card if the reader actually does verify the signature. This is because there is no private key for PA on the card, thus classic key extraction attacks are useless. You can still clone the card and use somebody's else identity, but the encryption as such is fine (as long RSA-1024 is fine, which it barely is).