US-VISIT ‘full of tech problems’
p2pnet.net News:- The US-VISIT border security program is full of problems and its fingerprint identification system has, “resulted in many cases of mistaken identity,” says EPIC.
Moreover, “The program will soon test using Radio Frequency Identification (RFID) technology to transmit identifiers to agents,” it says in Spotlight on Surveillance
The program is being touted as a time-saver but, “the small amount of time saved by using RFID is outweighed by the significant security risk of unauthorized parties accessing the data when it is transmitted wirelessly,” states EPIC (Electronic Privacy Information Center).
Thirty-two air crew members, “experienced fingerprint scanning mismatches that caused them to be improperly flagged by government watch lists,” although half of them had already had undergone background checks, says EPIC.
And, “Visitors reported missing their connecting flights due to errors in the database system, and airline crewmembers reported being delayed up to ninety minutes after a long international flight,” the report goes on.
“Some travelers reported that the operator collecting fingerscans at a port had erroneously reversed their left and right index fingerprints, labeled a husband’s fingerprints as his wife’s, failed to collect the data required under US-VISIT, or collected data from travelers exempt from the program, such as holders of a G-4 visa.
“Passengers’ numerous requests to the DHS for correction of erroneous personal information suggest that the rush to implement US-VISIT has come at the expense of data accuracy and passenger privacy.”
On the plan to use RFID (Radio Frency Identification) spy chips, “The technical specifications of the test RFID tags have not been released to the public, so it is unknown if the information is encrypted or not,” EPIC continues.
If data are unencrypted, they can “easily be accessed by unauthorized users with RFID readers” and even when data on RFID tags are encrypted, security risks remain, states EPIC.
“It has been well documented that criminals are able to use readers to break the encryption systems in RFID tags. One experiment is relevant to the proposed US-VISIT RFID program. In January, researchers at Johns Hopkins University and RSA Laboratories discovered serious security flaws in the RFID chips that are used to protect cars from theft and prevent fraudulent use of SpeedPass keys.
“The researchers easily were able to extract individual SpeedPass secret keys, and used them in another device that allowed for fraudulent charges to the SpeedPass accounts.”
US-VISIT, estimated to cost $7.2 billion by 2014, “is rife with technology problems and errors in its databases,” adds the report.
“It is far from achieving its goals.”
Something you think we should know? tips[at]p2pnet.net
See:-
Spotlight on Surveillance – US-VISIT Rolls Out the Unwelcome Mat, July, 2005
serious security flaws – Vehicle security chips cracked, p2pnet, January 31, 2005
July 10th, 2005 at 7:32 pm
Typical activity from the PSA! Put all your eggs in a basket, and when they get broken, you can blame the basket weaver for screwing the pooch, instead of doing it the way it should have been done in the first place. All the technology in the world won’t protect you from a determined adversary who KNOWS what the state of the art is. These stupid tricks are too easy to bypass right now, and even the X-Ray looking into your baggage is pretty easy to fool. Ain’t no such thing as secure travel yet, just a lucky bunch of dummies who haven’t met a determined terrorist who wanted to get into the PSA, and when it happens the Shrubbery will be cut down to size.
July 11th, 2005 at 4:24 am
All of this expensive taxpayer-financed technology is near worthless because it is operated by agencies that are run by many who do not have everyday common sense.
It is like all the court houses around the world that rquire people entering to go through metal detectors. A person can bring in a machine gun easily in most of these buildings. I leave it to the so called “security experts” to figure out how to do so.
July 12th, 2005 at 7:11 pm
You are getting a glimse of the future here. I don’t mean the identifing part. I mean the part of it not working. With the ridculous copyright and patent lengths now in effect, anything that shows promise will have to be shelved until the potential inventor is dead and another takes his place sometime in the future. Sadly, (or maybe you should hoohrah that depending on the develop in question) worldwide spread of these same sort of protectionisms will only tend to slow down technology developments around the world. So how well do you like smog and greenhouse effects?
At one time Ford had a promo that they could build a smog reducing raditator that drew in the smog and converted it to less harmful substances while you drove. I never saw it implimented nor did I ever hear anymore about it. Maybe it was a pipedream but what if it wasn’t? What if they decided the materials required to make the product add-on were to expensive and the consumer would not go for it? What if it was one of those silly surveys we hear of all the time that lead to this decision? Truth is I don’t know, do you? It would have seemed a timely idea. Reduce local pollution while you drive. Maybe they want to use it in an industrial application that can be sold to businesses. Greed is certainly a driver over the good for all.
This is but a small example of what could be or might be. I suspect that more and more we will see less and less development. That development we do see will most likely be fringe stuff like an extra button or whatever and advertised to death beyond all real value of what the small incremental addition actually is.
Many will think they have some new product developed until a patent owner thinks they are big enough to milk with a lawsuit. Others will think they have something that is on the verge of working but will need something else to complete. That “something else” is very likely to be an infringement case to finish the job.
Welcome to the third world future that the corporations have finally locked the world into.
July 13th, 2005 at 12:36 pm
Nothing has been learned.
If an entry point, such as an airport, becomes risky for a criminal (drugs/terrorism/smuggler/etc) the criminal will use one of the many alternatives available. Hire a willing insider, use the internet, use the banks, use the phones, create a corporation, land in a boat or private airplane, etc.
Security is a business. Its purpose is to sell products. It does not matter that the products do not work. Even products that work to perfection, such as a gun, in the end are useless because the criminals obtain machine guns.
The purpose of government is to get re-elected by talking about what they are doing, no matter that what they are doing does not work.
It is like religion: When money is spent to buy security from God but that does not work. God is smarter than people think.
So what will work? Start by eliminating corruption. Here is my start list of needed actions:
1. Ban the advertisements of goods. This will reduce the pressure to own things that are beyond the means.
2. For all elected government employees and judges, open all tax and bank information to the public, on a continuous basis.
3. Select judges from the population, not the local bar. Let teachers, engineers, plumbers, become judges too and end the lawyer monopoly.
4. Eliminate all business lobbying and donations at legislatures and at governments. Allow only lobbying by voter organizations.
5. Eliminate permanent political parties.
6. Prohibit the reelection of incumbents.
The next step would be to reduce the rampant and unjust inequalities of society.
To resume, as government corruption and inequalities are reduced, so is the breeding of crime and the need to spend on securty to fight the crime.
Rafael Venegas
http://www.gvenegas.com
October 12th, 2005 at 6:58 pm
There is no attempt made in the article to substantiate anything EPIC says or to even give DHS a chance to respond. EPIC is supposed to be focused on “privacy” but sites flaws in VISIT that slow up people entering or exiting the country. What does that have to do with privacy? How do we know that slower entry/exit isn’t a boon for privacy? Can you name any form of technology or government implementation of technology that EPIC has ever approved? Is EPIC in favor of ANY use of technology by government anywhere? Can EPIC site any “violation” of privacy via federal use of technology that rises to the level of threat that a suicide hijacker can bring to an office worker on the 82nd floor minding his own business as the hijacked airliner approaches? What is privacy? How many times is “privacy” mentioned in the founding documents of the U.S., and particularly in relationship to life, liberty or the pursuit of happiness? US-Visit isn’t “full of tech problems.” This article about US-Visit is full of agenda-driven problems.
It is also mind-numbingly hypocritical of p2p to code an unlogged comment as coming from “Anonymous Coward” as regards a story about PRIVACY when it put NO BYLINE on the story in the first place. Who is the anonymous coward? But I guess “privacy” is the province of some, not all.