A few weeks ago I flew into Toronto for a presentation on security. The customs officer asked me a series of questions about my work, as was expected. It went something like this:
Here on business? What are you doing?
I will be speaking on Internet security.
Will you be paid?
No, not by the conference.
You work for free?
No, my company pays me a salary.
Aha! So you do get paid. Where are they based?
In the United States.
Thank you, have a nice day.
Unfortunately it sounds like Halvar Flake ran into the same set of questions when entering the US for BlackHat and made a mistake. The Blackpages describe his experience:
In the process of checking his luggage, some portion of his printed materials for his training were discovered. This triggered a series of questions about his business and his immigration status, with the US officials finally settling on the position that if he was going to profit as an individual speaker at Black Hat, he was a de facto employee of the conference and could not enter the States without qualifying for and obtaining an H1B visa.
The “de facto employee” interpretation sounds incorrect to me, but who knows what was said at the time. It is certainly hard to think clearly after flying long distances across time zones and it is not uncommon for officials to ask intentionally misleading and confusing questions to trip people.
I am reminded of a story of Ellis Island where a German immigrant practiced his answers in English over and over to ensure his chances of admitted to America. Upon reaching the station for entry he was asked “Name please?”. In a sudden panic the German blurted out “Ich…Ich…vergessen!” The officer, without batting an eye, wrote down “Mike Ferguson” on the man’s entry card and said “Welcome to America! Next, please.”
Mistakes on the border are common and I don’t have any details on this incident, but I will say that when I had dinner with Halvar at RSA this past year he argued a number of very obtuse angles on some common topics like how to social engineer. Joanna Rutkowska and he teased out questions of human behavior and I only intervened to steer them away from mathematical and scientific expectations and into the realm of what I consider the greater reality of social, cultural and historical factors in security. He is obviously a very smart guy with strong opinions. He may even enjoy taking a contrarian position, which can be great in research but I suspect it might not have been to his benefit when facing an immigration officer.
Perhaps if he had been better prepared by the conference organizers about the state of American employment/visas, or researched the requirements, or if he had just said he was paid by a German firm to speak at a conference in America, he would have been cleared. Now due to a simple misunderstanding about compliance he will have to present remotely or worse, not at all. I hope he is able to clear things up for the future and his story might present a lesson learned in the security community about…security.
