William Jackson | CBP: Protecting our borders against knowledge
Cybereye | Commentary
- By William Jackson
- Aug 13, 2007
The Homeland Security Department's Customs and Border Protection division recently struck a blow to protect our nation, stopping and turning back at the border a researcher who was trying to enter the country for the blatant dissemination of information.
Halvar Flake (real name: Thomas Dullien, founder of the German company Sabre Security GmbH), was coming to the United States to give a presentation at the Black Hat Briefings in Las Vegas, as he has for the past seven years. According to Flake's blog, customs agents stopped him when they discovered his presentation materials in his luggage, questioned him for more than four hours then put him on a plane back to Europe. It seems they felt that he did not qualify this year for the Visa Waiver program.
Rules put in place ostensibly to protect this country and its citizens from abuse by foreign workers succeeded in preventing the attendees of one of the country's premiere cyber security conferences from hearing about advances in detecting vulnerabilities and flaws in software.
Science always has depended on the free flow of information, and in today's global economy, founded on a borderless infrastructure that can instantly deliver either value or vulnerability almost anywhere on the globe, that flow is more important than ever. Some 20 percent of the Black Hat USA attendees this year were foreigners, from 50 countries stretching from Russia to Gibraltar to the Netherland Antilles, as well as from Asia, Africa and South America. Both the U.S. security community as well as our foreign visitors benefit from the exchange of information at venues such as this, and Flake, an acknowledged leader in the area of reverse engineering, is a valuable contributor to that exchange.
'He's not the kind of person you want to keep out of your country,' said Black Hat founder Jeff Moss.
The free flow of information at Black Hat has been threatened before this. Two years ago Cisco threatened to file suit over a presentation on vulnerabilities in the company's operating system, and the FBI became involved when the presentation eventually was given in defiance of the company. This year, a presentation on the Microsoft Vista BitLocker was unexpectedly dropped from the schedule. Brothers Nitin and Vipin Kumar of NV Labs decided to pull the presentation for undisclosed reasons. But Moss said he fears that arbitrary border crackdowns would become an even bigger threat to the conference than frivolous lawsuits.
Flake's border problem appears to have stemmed from a question of his employment. If he was traveling as an employee of Sabre he could come in without a visa. If he was working for Black Hat, he needed a visa to ensure that he was not taking a job away from some needy American speaker. The border agents, in their wisdom, classified him as a Black Hat employee and sent him on his way.
DHS doubtless would argue that rules are rules and must be enforced. That is a shallow argument often relied upon by those who do not understand the rules they enforce. Rules are merely tools used to achieve some end; in this case, to make the country more secure. If they are being arbitrarily applied without serving that end there is no point in enforcing them. For seven years there had been no problems with Flake's employment status when he gave talks in this country. Denying him entry on the eighth year certainly seems arbitrary when the application of a little common sense could have resolved the issue to everyone's advantage.
I am of the Emil Faber school of thought: Knowledge is good. In the long run this country will benefit from the open sharing of information. Unfortunately, with an administration that has shown itself to be xenophobic as well as anti science, that long run may be longer off than it needs to be.