Thus spake "Bill Stewart" <nonobvious@gmail.com>
While the goals of the system, as identified by the GAO, include a brief phrase about "facilitate legitimate travel and trade", the rest of the report appears to entirely ignore it. ... it appears that the designers of both the technical and operational sides are also ignoring the goal of facilitating legitmate travel and trade. ... Certainly the operational side didn't have processes for supporting travellers with reasonable-looking papers in the event of a computer failure.
The problem is that if you have a second path of entry with lesser security protocols, attackers will find a way to get themselves onto that path. For instance, imagine the terrorists have papers that look legit but they know won't pass computer cross-references; any time they want to come in, they would just disrupt the computer network and force the agents to rely on the papers alone. That's why people get stuck on the runways waiting for the computers to come back up. Such secondary procedures are okay in the banking world, where you can back out transactions that an audit reveals are fraudulent after the fact. The same does not apply to letting persons across a border where you can't retroactively deny them entry after they've killed a bunch of people (and, most likely, martyred themselves). It's the same problem with voting systems, actually: the anonymity requirements mean all security hinges on making sure only authorized people vote, and only once at that; you can't back out fraudulent votes after they're cast, which is why all of the attacks are on the authorization system and being undetected in an audit doesn't matter. S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking