For want of a single ethernet card, an airport was lost ...

Tue Aug 21 03:11:33 UTC 2007

Thus spake "Bill Stewart" <nonobvious at gmail.com>
> While the goals of the system, as identified by the GAO, include
> a brief phrase about "facilitate legitimate travel and trade", the
> rest of the report appears to entirely ignore it.
> ... it appears that the designers of both the technical and
> operational sides are also ignoring the goal of facilitating
> legitmate travel and trade.
> ... Certainly the operational side didn't have processes for
> supporting travellers with reasonable-looking papers in the
> event of a computer failure.

The problem is that if you have a second path of entry with lesser security 
protocols, attackers will find a way to get themselves onto that path.  For 
instance, imagine the terrorists have papers that look legit but they know 
won't pass computer cross-references; any time they want to come in, they 
would just disrupt the computer network and force the agents to rely on the 
papers alone.  That's why people get stuck on the runways waiting for the 
computers to come back up.

Such secondary procedures are okay in the banking world, where you can back 
out transactions that an audit reveals are fraudulent after the fact.  The 
same does not apply to letting persons across a border where you can't 
retroactively deny them entry after they've killed a bunch of people (and, 
most likely, martyred themselves).  It's the same problem with voting 
systems, actually: the anonymity requirements mean all security hinges on 
making sure only authorized people vote, and only once at that; you can't 
back out fraudulent votes after they're cast, which is why all of the 
attacks are on the authorization system and being undetected in an audit 
doesn't matter.

S

Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking 