Full internet access on US Immigration Computers
 

I was rather surprised this morning as I came through immigration at EWR to notice that the computers the agents work on appear to have access to the Internet. As I was leaving after I had my stamp I walked behind one of the agents who appeared to be off duty but still sitting in one of the stations. She was shopping online, buying some flowers for someone. That seems like a pretty big risk/hole in the system.

Oh, and the airport employees were pretty upset that they were forced to wait in the employee line but that it was not staffed. A FA who was there when I got in line was still in line when I left the immigration hall. And the "handler" who was pointing people to specific lanes wouldn't let the crew switch to one of the open lines.

so does that mean we can inspect and search their computers 'n hard drives for porn? ;)

Am I missing something? What's the big deal?

Suppose a tourist tells the inspector he works for Company X in Country Y, wouldn't internet access possibly provide a means for the inspector to verify this information and speed the clearance process?

There are a lot of free online translation services that are quite useful too. The fact that she can also use this access to purchase flowers is not a security risk.

On the other hand, it is a waste of our taxpayer dollars. Wait, so is the TSA, so what's the difference, I guess... :(

Any internet connected computer is potentially at risk of the user doing something stupid that will compromise it's security. I am sure there is good security in place but the only absolute security against internet based threats is not being connected to the internet. Connecting a secure network to an insecure network invites shenanigans and is a security risk to the secure network.

This was my point. Thanks for stating is so coherently.

If CBP is using the internet to verify information, then this makes it easier for a tourist to tell lies.

I: "Who do you work for?"

T: "FlyByNightWidgets"

I: googles for flybynightswidgets and the top link is a "company" web site the "tourist" set up last month from godaddy. The web site even lists the tourist as a company officer.

I: "Have a nice visit."

Because if it is on the internet is has to be true.

Typical "straw man" argument.

Who said this is the way it would happen? Maybe the CBP officer would look at the online telephone directory for the country in question. Or a business directory. There are lots of possibilities.

The issue here is the inspectors having internet access. I have seen nothing here that makes me believe this is a bad idea.

Who cares? OP says that the agent did not look to be working and appeared "off duty." Am I missiong something? I don't buy the security argument either. If she breaches security, fire her. Until then. Who cares. I have no problem believeing that they have internet access on their computers. Seems useful to me.

Useful for what?

I am not concerned that someone off-duty was browsing the internet. I couldn't care less about what they do on a break.

My concern was with regard to the potential security issues that it raises. Just firing people after the fact for breaching security is a pretty poor plan. It helps to take appropriate preventative actions, too.

Considering they run Win2K or winXP ... it has a lot of potential for a disaster.

Considering that more then likely their internet surfing goes through a proxy... which means they don't have DIRECT internet access... I don't see the issue in this at all...

Their proxy system would have to be compromised, for people to gain internal access to the company... just throwing a trojan or worm on any good secured system won't do much...

Systems with ALL internet headed traffic being sent through a proxy, won't allow a trojan/worm to send things back home... only certain ports are allowed open...

The real issue with this is them googling foreign visitors and finding ridiculous reasons to keep them out. If I remember correctly, it happened to a Canadian psychologist who once did a legal hallucinogenic drug trial in the 1970s.

And there is no way that a trojan could use port 80, right? It isn't like AOL wrote thte AIM application to do exactly that 5+ years ago when it started getting blocked by firewalls. :rolleyes:

Sorry, but even putting a proxy server in place doesn't really protect the systems. Either they are isolated or they are not. That's really the only way computer security works.