passports – Techdirt (original) (raw)

UK Once Again Denies A Passport Over Applicant’s Name Due To Intellectual Property Concerns

from the papers-please dept

I can’t believe this, but it happened again. Almost exactly a decade ago, Tim Cushing wrote about a bonkers story out of the UK in which a passport applicant who’s middle name was “Skywalker” was denied the passport due to purported trademark or copyright concerns. The question that ought to immediately leap to mind should be: wait, nothing about a name or its appearance on a passport amounts to either creative expression being copied, nor use in commerce, meaning that neither copyright nor trademark law ought to apply in the slightest.

And you would have thought that coming out of that whole episode, proper guidance would have been given to the UK’s passport office so that this kind of stupidity doesn’t happen again. Unfortunately, it did happen again. A UK woman attempted to get a passport for her daughter, who she named Khaleesi, only to have it refused over the trademark for the Game of Thrones character that held the same fictional title.

Lucy, 39, from Swindon in Wiltshire, said the Passport Office initially refused the application for Khaleesi, six.

Officials said they were unable to issue a passport unless Warner Brothers gave permission because it owned the name’s trademark. But the authority has since apologised for the error.

“I was absolutely devastated, we were so looking forward to our first holiday together,” Lucy said.

While any intellectual property concerns over a passport are absolutely silly, I would argue that trademark law makes even less sense here than copyright would. Again, trademark law is designed specifically to protect the public from being confused as to the source of a good or service in commerce. There is no good or service nor commerce here. Lucy would simply like to take her own child across national borders. That’s it. Lucy had to consult with an attorney due to this insanity, which didn’t initially yield the proper result.

After seeking legal advice, her solicitors discovered that while there is a trademark for Game of Thrones, it is for goods and services – but not for a person’s name.

“That information was sent to the Passport Office who said I would need a letter from Warner Brothers to confirm my daughter is able to use that name,” she said.

This amounts to a restriction on the rights and freedoms of a child in a free country as a result of the choice their parent’s made about their name. Whatever your thoughts on IP laws in general, that simply cannot be the aim of literally any of them.

Now, once the media got a hold of all of this, the Passport Office eventually relented, said it made an error in denying the passport, and has put the application through. But even the government’s explanation doesn’t fully make sense.

Official explained there had been a misunderstanding and the guidance staff had originally given applies only to people changing their names.

“He advised me that they should be able to process my daughter’s passport now, ” she said.

Why would the changing of a name be any different? My name is my name, not a creative expression, nor a use in commerce. If I elect to change my name from “Timothy Geigner” to “Timothy Mickey Mouse Geigner”, none of that equates to an infringement of Disney’s rights, copyright nor trademark. It’s just my name. It would only be if I attempted to use my new name in commerce or as part of an expression that I might run afoul of either trademark or copyright law.

What this really is is the pervasive cancer that is ownership culture. It’s only with ownership culture that you get a passport official somehow thinking that Warner Bros. production of a fantasy show means a six year old can’t get a passport.

Filed Under: khaleesi, names, passport office, passports, trademark, uk
Companies: warner bros.

Senator Wyden Asks State Dept. To Explain Why It’s Handing Out ‘Unfettered’ Access To Americans’ Passport Data

from the having-fucked-around,-State-Dept.-now-in-process-of-finding-out dept

There are supposed to be limits on what the federal government can do with all the data it forces people to hand over in exchange for government services. But much of the limiting appears to be left up to the discretion of federal agencies. Discretion is the better part of valor, as they say. If these agencies are ever going to become valorous, they’re probably going to have to steal it.

Customs and Border Protection (CBP) has never exhibited much discretion when it comes to respecting rights. Whatever rights haven’t been waived into irrelevance by the “Constitution-free zone” have been routed around by asking third parties for data the CBP can’t legally obtain directly.

In 2018, a blockbuster report detailed the actions of CBP agent Jeffrey Rambo. Rambo apparently took it upon himself to track down whistleblowers and leakers. To do this, he cozied up to a journalist and leveraged the wealth of data on travelers collected by federal agencies in hopes of sniffing out sources.

A few years later, another report delved deeper into the CPB and Rambo’s actions. This reporting — referencing a still-redacted DHS Inspector General’s report — showed the CBP routinely tracked journalists (as well as activists and immigration lawyers) via a national counter-terrorism database. This database was apparently routinely queried for reasons unrelated to national security objectives and the information obtained was used to open investigations targeting journalists.

That report remains redacted nearly a year later. But Senator Ron Wyden is demanding answers from the State Department about its far too cozy relationship with other federal agencies, including the CBP.

The State Department is giving law enforcement and intelligence agencies unrestricted access to the personal data of more than 145 million Americans, through information from passport applications that is shared without legal process or any apparent oversight, according to a letter sent from Sen. Ron Wyden to Secretary of State Antony Blinken and obtained by Yahoo News.

The information was uncovered by Wyden during his ongoing probe into reporting by Yahoo News about Operation Whistle Pig, a wide-ranging leak investigation launched by a Border Patrol agent and his supervisors at the U.S. Customs and Border Protection’s National Targeting Center.

On Wednesday, Wyden sent a letter to Blinken requesting detailed information on which federal agencies are provided access to State Department passport information on U.S. citizens.

The letter [PDF] from Wyden points out that the State Department is giving “unfettered” access to at least 25 federal agencies, including DHS components like the CBP. The OIG report into “Operation Whistle Pig” (the one that remains redacted) details Agent Rambo’s actions. Subsequent briefings by State Department officials provided more details that are cited in Wyden’s letter.

More than 25 agencies, but the State Department has, so far refused to identify them.

_Department officials declined to identify the specific agencies, but said that both law enforcement and intelligenc_e agencies can access the [passport application] database. They further stated that, while the Department is not legally required to provide other agencies with such access, the Department has done so without requiring these other agencies to obtain compulsory legal process, such as a subpoena or court order.

Sharing is caring, the State Department believes. However, it cannot explain why it feels this passport application database should be an open book to whatever government agencies seek access to it. This is unacceptable, says Senator Wyden. Citing the “clear abuses” by CBP personnel detailed in the Inspector General’s report, Wyden is demanding details the State Department has so far refused to provide, like which agencies have access and the number of times these agencies have accessed the Department’s database.

Why? Because rights matter, no matter what the State Department and its beneficiaries might think.

The Department’s mission does include providing dozens of other government agencies with self-service access to 145 million American’s personal data. The Department has voluntarily taken on this role, and in doing so, prioritized the interests of other agencies over those of law-abiding Americans

That’s the anger on behalf of millions expressed by Senator Wyden. There are also demands. Wyden not only wants answers, he wants changes. He has instructed the State Department to put policies in place to ensure the abuses seen in “Operation Whistle Pig” do not reoccur. He also says the Department should notify Americans when their passport application info is accessed or handed over to government agencies. Finally, he instructs the Department to provide annual statistics on outside agency access to the database, so Americans can better understand who’s going after their data.

So, answers and changes, things federal agencies rarely enjoy engaging with. The answers are likely to be long in coming. The requested changes, even more so. But at least this drags the State Department’s dirty laundry out into the daylight, which makes it a bit more difficult for the Department to continue to ignore a problem it hasn’t addressed for more than three years.

Filed Under: cbp, data protection, operation whistle pig, passports, privacy, ron wyden, state department

US Border Officials Have Never Verified Chipped Passports, Despite Demanding Their Usage

from the total-failures dept

Ron Wyden is at it again. Sending pesky letters to government officials who appear to be completely falling down on the job. The latest is asking Customs and Border Patrol why it’s still not verifying the e-passport chips that have been in all US passports — and in all countries on the visa waiver list — since 2007 (hat tip to Zach Whittaker). The letter points out that the US government pushed hard for these chips… and then never bothered to check to make sure no one has tampered with them.

The U.S. government played a central role in the global adoption of e-Passports. These high-tech passports have smart chips–which store traveler information–and cryptographic signatures, an important security feature that verifies the validity and legitimacy of the passport and its issuing government agency. For more than a decade, the United States has required that countries on the visa-waiver list issue machine-readable e-Passports. Since 2015, the United States has further required that all visitors from countries on the visa-waiver list enter the United States with an e- Passport. Despite these efforts, CBP lacks the technical capabilities to verify e-Passport chips.

To be clear: it’s not that CBP doesn’t use the chips at all. It does download the info from the chips. But it ignores the cryptographic signatures and doesn’t verify that the information hasn’t been tampered with. Incredibly, the letter notes that CBP was informed of this problem all the way back in 2010 by the GAO, but has still not done anything about it.

CBP has deployed e-Passport readers at many ports of entry, which CBP personnel use to download data from the smart chips in e-Passports. However, CBP does not have the software necessary to authenticate the information stored on the e-Passport chips. Specifically, CBP cannot verify the digital signatures stored on the e-Passport, which means that CBP is unable to determine if the data stored on the smart chips has been tampered with or forged. CBP has been aware of this security lapse since at least 2010, when the Government Accountability Office (GAO) released a report highlighting the gap in technology. Eight years after that publication, CBP still does not possess the technological capability to authenticate the machine-readable data in e-Passports.

As with a number of recent letters that Wyden has been sending that touch on areas around the government falling down when it comes to encryption, I’m assuming that this latest one comes from the work that Chris Soghoian is doing since being hired full time to work for Senator Wyden. Soghoian spent years calling out bad encryption practices of all sorts of organizations in the past, and it’s nice to see that he’s now able to (hopefully) shame the government into doing things better as well.

Filed Under: cbp, e-passports, passports, ron wyden, smart chips, verification

from the transmitting-infringing-names-across-borders-for-personal-gain dept

With all the talk of terrorism keeping government officials firmly focused on travel documents (and electronics), it really comes as no surprise that they’re on top of any passport anomalies. Like a traveler sporting one more “Skywalker” in their name than the other 99.9999% of the population. [via several TD readers, but first from Jon Jones]

Her namesake may be able to travel across galaxies in Star Wars, but Laura Matthews from Southend – whose middle name is Skywalker – isn’t even able to get on a budget airline to the Med.

The 29-year-old added the middle name by deed poll in 2008, “for a bit of a laugh”, and recently tried to renew her passport, complete with her new name and the signature L. Skywalker. Her application was refused, with the Home Office telling her it “will not recognise a change to a name which is subject to copyright or trademark”.

Seeing as copyright and trademark law has nothing to do with security and/or a person’s ability to travel, it’s a bit odd that the passport office would be so concerned about George Lucas’ intellectual property — a stock farmboy character transplanted to a stock good v. evil storyline set in a futuristic past. After all, as Laura Skywalker points out, no other government agency has expressed a concern about her legally-changed name.

A disgruntled Matthews complained: “It’s on my driving licence, my bank cards, everything. Everyone else is happy with that signature apart from passport office.”

In the spirit of compromise hastened by a disgruntled would-be traveler and a bunch of negative press, the passport office is trying to work out a way to let this Skywalker board aircraft. The fix suggested is the most bureaucratic solution, involving Matthews submitting passport paperwork with her old non-Skywalker signature and being allowed to keep the new one featuring the now-famous “L. Skywalker” scrawl, which will result in duplicated paperwork that doesn’t match the current passport and will likely subject Matthews to additional scrutiny from watchful and confused customs officials in the future. Never forget: the government exists mainly to generate paperwork and performing this useless maneuver satisfies that requirement.

Still, it must be asked why customs is so damn adamant that no one violate the sanctity of intellectual property with spur-of-the-moment name changes. Granted, the agency acts as a buffer between nations by vetting travelers (and their counterfeit goods), but its objective should be safety, rather than acting as guardians against the secondary liability caused by the movement of an “infringing” name across borders. Also granted, the most powerful name in intellectual property — Disney — now “owns” Skywalker and other associated Star Wars IP. The mere speculation that the corporation would mobilize its army of IP lawyers has been enough to shut down productions clearly covered by fair use.

We’re often accused of being some sort of IP-obsessives here at Techdirt when calling out others for their inability to tell their patents from their copyrights, but the true obsessives are those who man the borders and look for potentially-infringing names.

Filed Under: laura skywalker matthews, names, passports, skywalker, star wars, uk
Companies: disney

UK Phone Buyers: Must Show Passport & Register In National Database

from the surveillance-state dept

It appears that the UK is really moving towards a total surveillance state. Along with plans that we’ve already discussed to monitor all communications, it appears that you may not be able to buy a mobile phone without a passport and without registering your information in a national database. The reasoning, not surprisingly, is to try to keep tabs on terrorists who have been using prepaid phones that can’t be traced easily back to their owners. Of course, what this really will do is create a much bigger nuisance for most (non-terrorist) residents, opening up potential privacy breaches all while doing almost nothing to slow down terrorist activity. That’s because it won’t be that difficult for terrorists to find other means of communication that don’t require registration. It’s really a shame to see countries give up the freedoms that made them great.

Filed Under: ids, mobile phones, passports, prepaid, surveillance, uk

Security? What Security? Automatic Toll Systems And Passports Found Easily Hackable

from the security-as-an-afterthought dept

At this point it shouldn’t be a surprise that various systems that shouldn’t be are quite easily hacked, but that doesn’t make it any less disturbing. Over at this years Black Hat event there was a demonstration of just how easy it is to hack the automatic toll devices used at most bridges and toll roads throughout the country. The stunning part is that it appears that the folks who created these transponders did almost nothing to keep them secure. They’re constantly broadcasting and they include no encryption. And this is a device that often connects directly to a registered credit card. Sense a potential problem? The researchers who showed this pointed out that it wouldn’t be difficult for someone to clone your transponder and make you start paying for their tolls. Alternatively, it could be used to create an alibi for someone planning to commit a crime — since police have used toll crossing data to establish where someone is.

Meanwhile, over in the UK, an investigation has found that the chips in the supposedly “fakeproof” e-passports are easily cloned, manipulated and passed through the checking machine — which is especially worrisome given that 3,000 blank e-passports were stolen just last week. Of course, people have talked about the possibility of such hacks for years — even before they were put in place — to show how silly it was to think they were secure. And, of course, the best response comes from the UK gov’t. After being presented with the fact that the chips can be changed or modified, the statement from the government was: “No one has yet been able to demonstrate that they are able to modify, change or alter data within the chip. If any data were to be changed, modified or altered it would be immediately obvious to the electronic reader.” If you keep saying it, maybe you can pretend it’s true.

In both cases, though, the striking thing is that these aren’t “surprise” vulnerabilities. They should have been somewhat obvious to those who crafted these systems in the first place. Both are now working on “patches” to deal with the problems, but it’s pretty difficult to completely patch a system that’s so widespread — and either way it will take some time. So why weren’t these systems designed with better security in the first place?

Filed Under: automatic toll, e-passports, ez pass, fastpass, hacking, passports, security

Canadian Passport Website Falls For Oldest Privacy Breach On The Web

from the that-one-again? dept

Back in the early days of the web, there were plenty of stories about a rather simple security breach on various sites. Basically, many sites would simply pass a user’s account number through as a part of the URL. If a user simply changed the URL, her or she could see the account info of that other issue associated with the new number. After a few such cases came to light, most web app designers quickly realized to plug that hole, and it’s been quite some time since we’ve heard of a site with such a security hole. However, it appears that there are still a few. The site for Passport Canada, where people can apply for a Canadian passport apparently had exactly that security vulnerability, allowing the guy who discovered it to see the passport application data of other applicants simply by adjusting the URL. It’s never nice to hear about a security flaw (especially on a gov’t website with all sorts of private info), but it actually induces a bit of nostalgia to hear of such a basic security flaw showing up in the wild yet again.

Filed Under: breach, canada, passports, security, url, websites