Author Topic: Border defense is like network defense  (Read 618 times)

TheDrake

  • All Members
    • View Profile
Border defense is like network defense
« on: January 02, 2019, 12:50:10 PM »
What would be a true defense against illegal immigration? I'm most familiar with security from a technical perspective, and there are interesting analogies.

Big beautiful barrier - This is like having a firewall. You try to block dangerous traffic at your entry points from the outside.

Ports of entry - like having login pages and other allowed access. This is more dangerous, because you can't seal things off and still function. Inspections of vehicles are like deep packet inspection, and passports are like passwords.

Privileges - once in the network, a user only has certain privileges. Illegals typically can't receive educational loans, for instance. There are additional queries that are done.

Logging of activity - when a breach is suspected, user actions can be examined to determine if they have been trying to get access

Phishing - identity theft

Crackers - falsified documents


Network security relies on defense in depth. No network experts currently believe that border security is sufficient.

To do this in immigration, we have one big thing working against us - privacy. Once we enter the network, much of what we do can be considered anonymous.

Imagine if the government developed a giant spying campaign (done). Now imagine that based on deep learning, they determine that illegals follow a certain pattern of travel, internet use, etc. They dispatch people to go investigate. Most people find that abhorrent.

But it is what works to maintain the integrity of a network and defend against unauthorized users.

A visa overstay, is like someone using phished credentials. They got into the network legally, and now they are roaming around.

Aren't we fooling ourselves that any amount of security at the border is going to solve things?

rightleft22

  • Member
  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #1 on: January 02, 2019, 01:14:29 PM »
Quote
Aren't we fooling ourselves that any amount of security at the border is going to solve things?

I think so. Its all about appearances and making people believe it.  I don't see how the issue is solved by a wall when the problem is in the laws.

Fenring

  • Member
  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #2 on: January 02, 2019, 01:17:48 PM »
I tend to agree that massively curtailing the hiring of illegals would probably serve better than to set up a wall, if one of the two had to be chosen. However that then begs the question of whether there would *still* be incentive for people to try to break into the U.S., even if jobs weren't waiting for them there. Would the simple lack of literal danger in the environment be enough to cause many people to rush to the U.S.? Or maybe there's a PR issue embedded: even if the illegal jobs dry up, will people abroad believe that and stop coming, or will they assume it's BS and come anyhow, only to find out once illegally in that it was actually true, now that it's too late?

NobleHunter

  • Member
  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #3 on: January 02, 2019, 01:28:49 PM »
Illegal immigration does vary with the economy so eliminating the jobs would reduce undocumented immigrants. The people who are coming to the US for safety are probably more likely to apply for asylum, which is a completely different issue than illegal immigration for work.

I assume if people came here looking for a job and didn't get one they'd find it easy to leave again.

ETA: rightleft, it's not necessarily the laws in most cases but the will and resources to enforce them.

TheDrake

  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #4 on: January 02, 2019, 01:37:39 PM »
There's a lot of under the table work, for illegals or for Americans. You can probably solve larger employers from doing this like construction companies or farms. That's still going to leave:

Nannies
Day laborers
Landscapers
Housekeepers
etc.

I'm not sure how you crack down on those professions without resorting to stop-and-frisk tactics for people who you suspect of being illegal because they have dark skin and are waiting for work at a home depot. Those tactics would be acceptable in the network security world, you can always query a user.

You could theoretically add draconian penalties for the people doing the hiring, but most people who hire household staff may be too rich or powerful for such a tactic to stand up or ever get started.

Fenring

  • Member
  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #5 on: January 02, 2019, 01:51:48 PM »
It would seem that cracking down on labor being done by people without a work permit might end up having to be the same procedure as cracking down on under the table labor by people trying to avoid taxes. Basically if you hire someone and don't submit tax papers for the employment there's no substantive difference as to whether the avoidance was due to the employee having no papers versus the employee not wanting to pay taxes. For a day job I'm not even sure what could be done about this, as paying someone cash for a small job seems like something that shouldn't be forbidden. But maybe if the total amount of one-off day jobs isn't that substantial then it doesn't matter that much anyhow? The bigger issue is full-time under the table labor, like restaurant work, field work, and other areas where it would be extremely easy to do a raid and ask for everyone's employment records. To avoid having to profile based on skin color everyone present could be checked, but the profiling could be done at the level of choosing types of workplaces. Or maybe my guess is wrong and there's an enormous black market in one-day labor jobs.

But then again, if one-day jobs were left on the table, perhaps that would be enough to incentivize the illegal immigration anyhow.

NobleHunter

  • Member
  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #6 on: January 02, 2019, 02:00:16 PM »
It would be an incentive but may not amount to much in the face of the obstacles to immigration and factors driving people to leave where they are. A lot of the current "news" isn't about illegal immigrants crossing undetected and finding work but people looking to apply for asylum.

Fenring

  • Member
  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #7 on: January 02, 2019, 02:28:35 PM »
A lot of the current "news" isn't about illegal immigrants crossing undetected and finding work but people looking to apply for asylum.

Is that because they know that "asylum" is a magic word, code for "we wanted to enter illegally to work, but when caught and asked we say we're here for asylum", or are you talking about people who officially show up at the border to register lawfully for asylum?

yossarian22c

  • Member
  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #8 on: January 02, 2019, 02:33:57 PM »
A lot of the current "news" isn't about illegal immigrants crossing undetected and finding work but people looking to apply for asylum.

Is that because they know that "asylum" is a magic word, code for "we wanted to enter illegally to work, but when caught and asked we say we're here for asylum", or are you talking about people who officially show up at the border to register lawfully for asylum?

I'm guessing the later since all the caravan and recent news involves people waiting for months in Mexico at ports of entry in order to apply for asylum. It seems like the Trump administration is doing everything they can in order to prevent them from being able to do so in a timely manner.

Fenring

  • Member
  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #9 on: January 02, 2019, 02:39:37 PM »
I'm guessing the later since all the caravan and recent news involves people waiting for months in Mexico at ports of entry in order to apply for asylum. It seems like the Trump administration is doing everything they can in order to prevent them from being able to do so in a timely manner.

Do we have any stats on what percentage of illegal people might be looking for jobs, versus just asylum? In other words, to disentangle which moves would de-incentivize what, we'd need to know whether the majority come into America looking for work or not. If not, then cracking down on employment would solve only part of the problem, even if it were feasible to do.

Or rephrased, are the people who officially show up at the border seeking asylum the majority of asylum seekers? Or is there a significant amount of 'illegal asylum'? And if those who show up at the border officially are the majority of those with that motive, then why is that relevant to the discussion about how to prevent people illegally entering?

TheDrake

  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #10 on: January 02, 2019, 02:41:15 PM »
That's a lot of the current news, but not a lot of the illegal immigration. The current hysteria is about terror threats and criminals. So the asylum seekers are demonized because they slip away, and they are probably all people just masquerading as asylum seekers when really they are MS-13. You can sprinkle on top of that "they're coming to steal our elections".

None of the people in those groups are going to be worried about picking up shifts at a restaurant. I don't see any physical barrier being an issue there, because criminals and terrorists are perfectly capable of managing to cross through a port of entry. They aren't the ones slogging it through the desert or joining a Honduran caravan, IMO.

It does bring up a question of a different threat and management of the threat. What is the defense in depth for a gang member who slips across the border - either across the Rio Grande, in the belly of an empty tanker truck, with false credentials, or any other method?

It kind of looks a lot like defending against MS-13 members who are US citizens, doesn't it? Standard law enforcement techniques. Same with terrorists, clearly people who are US citizens can be recruited.

NobleHunter

  • Member
  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #11 on: January 02, 2019, 03:00:38 PM »
Do we have any stats on what percentage of illegal people might be looking for jobs, versus just asylum? In other words, to disentangle which moves would de-incentivize what, we'd need to know whether the majority come into America looking for work or not. If not, then cracking down on employment would solve only part of the problem, even if it were feasible to do.

Or rephrased, are the people who officially show up at the border seeking asylum the majority of asylum seekers? Or is there a significant amount of 'illegal asylum'? And if those who show up at the border officially are the majority of those with that motive, then why is that relevant to the discussion about how to prevent people illegally entering?

Another question to ask is how many people are crossing the un-walled portions of the border. There are no hard barriers for a lot of the border because it's very inaccessible to start with. It could be that people find it easier to under/over the barriers than to go around them.

rightleft22

  • Member
  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #12 on: January 02, 2019, 03:05:39 PM »
Is spending 5 billion going to be worth it? Is that the best way to spend that money for boarder security.

Fenring

  • Member
  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #13 on: January 02, 2019, 03:15:24 PM »
Is spending 5 billion going to be worth it? Is that the best way to spend that money for boarder security.

I don't think that's a lot of money if it actually works. It's a lot if it's another government boondoggle.

yossarian22c

  • Member
  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #14 on: January 02, 2019, 03:25:37 PM »
Is spending 5 billion going to be worth it? Is that the best way to spend that money for boarder security.

I don't think that's a lot of money if it actually works. It's a lot if it's another government boondoggle.

Given most of the terrain that the wall would be covering is remote with rough terrain clearing an 8 foot wall isn't the hard part about walking 200 miles through the desert or mountains. But it would be expensive to build and maintain. IMO walls are pretty worthless unless someone is defending them. Walls/fencing at the places where there is heavy crossing makes sense, a wall in the middle of the Sonoran Desert isn't really much of an additional deterrent.

Seriati

  • Member
  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #15 on: January 02, 2019, 03:29:34 PM »
To do this in immigration, we have one big thing working against us - privacy. Once we enter the network, much of what we do can be considered anonymous.

This is where there's a derail.  We don't have a problem because of anonymity.  There are plenty of non-anonymous contacts with government, where could rationally and easily "catch" illegals.  Think of the logic break in issuing drivers' licenses to illegal aliens against that back drop.  That's literally the government verifying the person is not a permitted user and deliberately choosing to credential them instead of dealing with the infection.  Is there any Computer analogy, where the system identifies an invader and chooses to permission them rather than respond to them?  It's like identifying a virus, but saying "not my problem," hope our virus software catches it - meanwhile, I'll just delete the information from the file the virus software checks.

Our system is designed specifically to allow the breach and to protect it unless it triggers specific flags, and even there some jurisdictions deliberately frustrate the system by refusing to turn over even people that it has identified as law breakers to the virus software.

It's not anonymity that's our problem, it's deliberate choices to frustrate the law rather than enforce it or even to fix it.

Seriati

  • Member
  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #16 on: January 02, 2019, 03:36:12 PM »
That's a lot of the current news, but not a lot of the illegal immigration. The current hysteria is about terror threats and criminals. So the asylum seekers are demonized because they slip away....

In my view asylum seekers are "demonized" because activists have actively trained illegal immigrants to make false asylum claims.  It's not rocket science to understand that if you don't claim asylum your deportation is largely automatic, and that if you do, the most likely result is that you will be released into the US pending "resolution" of your claim.  And that if you skip out on the hearing, most likely you will never be deported.  Activist lawyers teaching the elements to state the claim have led to a proliferation of false claims.

Quote
They aren't the ones slogging it through the desert or joining a Honduran caravan, IMO.

Drug mules are often otherwise innocent people forced to carry drugs across the border.  And even if they weren't illegal immigrants can easily spread communicable diseases that otherwise would have been wiped out.

TheDrake

  • All Members
    • View Profile
Re: Border defense is like network defense
« Reply #17 on: January 02, 2019, 06:13:08 PM »
To do this in immigration, we have one big thing working against us - privacy. Once we enter the network, much of what we do can be considered anonymous.

This is where there's a derail.  We don't have a problem because of anonymity.  There are plenty of non-anonymous contacts with government, where could rationally and easily "catch" illegals.

I'm not going to go into the practical consideration of where there are opportunities missed. I think we've covered it quite a bit previously. A lot of it has to do with local politics and local resources.

I would say the analogy here is when Information Security asks functional department heads to help enforce security. Department heads have a different agenda. They want to meet deadlines and be productive. So they plug their own personal devices into the secure network, they upload information to dropbox, they take pictures of the whiteboard with their cellphones which automatically gets broadcast to google, the provider backup, and Picasa. They install random plugins that they downloaded from pleasehackme.com

Asylum seekers are like outside contractors, they should be allowed on to the guest network with limited privileges. They typically are not denied entry. Instead, they are stripped of any computing devices, they may be searched, they may work in a separate area from employees, and any computing they are allowed to do may be fully air-gapped. There are lots of ways to deal with asylum seekers that make more sense than either instant denial or full unsupervised access.

Some aspects of our immigration system are like a cranky sysadmin who loathes users of all kinds and wishes everyone would leave her alone. Current, and some proposals would be even worse.

Sorry, your family can't come see your cubicle where you work.
Did you ask permission to install firefox? You'll be waiting 3 weeks before we do it.
Change your password every 30 days, even though every study says it won't increase security.
Take a company policy review every 6 months, no matter how long you've been here.

Sometimes I get the sense that Information Security would just as soon disconnect the whole company from the internet...