Hacker News new | past | comments | ask | show | jobs | submit login
Virtual passport app presents real data risk, experts warn (cbc.ca)
118 points by pseudolus 12 days ago | hide | past | favorite | 97 comments





> IBM Canada has won $1.5M contract to develop new platform for IRCC

This will buy what? A team of 4 interns and new grads for 6 months. At the end they'll have a slide deck with too much wordart in ith containing some half-baked ideas, and a few lines of code that don't do anything useful at all and are further from production readiness than starting from scratch.


I wish I was being facetious, but I really don't think I am. IBM hired extensively from my university, I know people who worked there or adjacent to IBM in industry.

They hired the bottom of the cohort (computer science/software engineering) at university and didn't hire anyone who could code. They emphasised communication over technical ability (fine, ok), but their style of communication is business buzzwords in slide decks, not substance. They are keen on business understanding, but that's not product thinking, understanding systems, or the limitations of solutions or anything like that, it's marketing, it's how can we look good.

A friend of mine worked for a company who regularly tidied up IBM messes. He was brought on to a project that had been run by a 5 person IBM team for a year. After a year they had detailed requirements for a system that no one wanted. His team of 3 spent 2-3 weeks building a boring CMS on top of Postgres and S3 and the client were ecstatic because it solved the problem they'd had for years.

The tech talent at IBM still exists, but it's doing the quantum computing research, or developing their mainframe or server business. The rest is a below average consultancy company.


Came here to post pretty much the same.

I got a message from IBM CIC (customer innovation center). The HR lady was very rude, was looking for somebody with 6 more years than me and was disappointed by the fact that my yearly salary of the time was waay out of budget.

After that experience:

- a guy came for an interview, had been working in such place (IBM CIC). that guy had been studying agriculture (with a degree) but pivoted to computer science. he was okay-ish, but had limited experience outside of the power-point level competencies (some-times you have to come up with creative ideas)

- a colleague had worked in CIC. they really hire pretty much anyone and throw them at the customer. which basically means that it's a good place to get your foot into the industry, but you should be aiming at leaving as soon as you get any hands-on experience

Apaprently unless you work for the real IBM (doing research, ideally, or research-related stuff) you're working in a glorified sweat-shop.


In defense of IBM you don't need to be a researcher in quantum computing to build a CRUD app.

I totally believe you. Here in nl IBM recently f'd up a storage layer beyond recovery in a series of really dumb moves going from 'minor problem' to 'extensive, unrecoverable dataloss for large number of customers'.

After messing it up someone thought that maybe they should call in people who actually know this stuff but by then it was way too late. Highly annoying, that a brand that used to be associated with reliability is now pretty much a guarantee for pretty marketing, expensive suits and some disaster in your future.


Which University?

University of Southampton/ECS, in the UK. It's understandable as IBM have a large campus about 30 minutes away in Hursley near Winchester. I know 2 people who interned there and whos fathers also worked there, 3 who were hired (plus more from my course).

They would run tours for undergrad CS students where we'd get on a coach to Hursley, tour around some flashy mainframes behind big windows, have a talk from someone senior, and then hear about their hiring/internship processes.


And there's a number of students who graduate from there without being able to code? Having completed an Computer/Software Engineering degree?

The course is what you make of it. It's possible to scrape through the compulsory programming modules in the first 2 years with poor programming skills, and then by careful choice of modules and leaving the coding to others in group work, get by without really being able to code. They will have needed to code during the first few years to some extent, but can mostly get away with not coding in later years if they go for modules that skew towards maths or academic research.

When I say "unable to code" here I mean unable to produce working solutions to problems in a professional environment. I'm sure these people can get a few ifs/loops together in Java.

Because the course is what you make of it, there are plenty of excellent programmers by the end, and the department has a good relationship with some great grad programmes at companies like ARM, Google, Microfocus, the finance industry, etc. IBM just look for a different kind of student.


Like all IBM projects, it'll go from a small amount to hundreds of millions, and result in still a fancy powerpoint and broken system.

$1.5M goes a long way if the work is outsourced. Generally bigger orgs will have internal contracts. For instance IBM Canada outsources to IBM India at internal discounted rates. When I used to work for TCS, a budget of $80k was good enough for team of 4 for 6 months. I can only imagine that at $1.5M, it is definitely going to get them a few teams.

What’s the quality of that Indian team like, though? You’re adding multiple layers of overhead before anything gets to the actual workers and in my experience once you got under, say, 70% of U.S. rates the quality plummeted because people capable of doing solid technical work are also capable of researching rates and jumping to a better job.

To be honest it really depends. It is a mixed bag when it comes to quality. I have seen some of the smartest people in those organizations. It is truly about how well you can manage the people working on your project.

It can be very high if there is excellent continuity of communication (for asynchronous work matters), the right tools are being used (for asynchronous work), and the workers have the right qualifications and experience.

Oh, definitely: I just haven’t found it to be anywhere near as cheap as the money guys tell people – you can certainly save some money, possibly even enough to make up for the communication delays, but I’ve never heard of it being anywhere near the wild claims, and sometimes it’s even a net loss.

I cannot reply to your lower post, as the post tree has been expanded too far.

I just want to say that Americans, and certain other westerners have no right to talk badly about teams from places like India.

These teams often have some of the hardest working people in the world. They often have amazing academic credentials too, along with work credentials.

People who shortchange and underpay these extremely hardworking, gracious, and devoted people are scum. The same goes with talking negatively about people from diverse places. They are not all that different from you!

With the "globalization" that is occurring via the internet, which is being accelerated unbelievably fast by the pandemic, Americans are likely going to be in for an unbelievably ugly surprise in the next 10-20 years.

I am American and I do not want my fellow Americans to suffer, but lifestyle, even in STEM fields is going to decline hardcore. If I am correct on my bets, it will no longer be as remotely comfortable as it was in STEM for Americans.


I completely agree - and it’s not like there aren’t plenty of Americans who coasted in a boom market or relying on things like nepotism, too.

The main thing I see impacting offshoring is communications: it’s hard to build custom software for a business you don’t understand and most companies haven’t been willing to invest in effective mitigation strategies. I’m expecting one outcome of this to be Indian companies pivoting towards SaaS, realizing that many businesses increasingly see in-house software development as a riskier choice.


I agree.

This issue really annoys me because some people start claiming that Indian developers aren’t good when it’s basically as simple as getting what you pay for.

This only works if the internal client doesn't take the savings as margin, _and_ the communication and project management is good enough to overcome the issues that come with outsourcing.

In this case you've now got 3 levels of project management (Canadian govt, IBM CA, IBM India), 2 countries, 2+ languages, and 2 layers of a company who are banned from government contracts in parts of the world for over spending and under delivering.


IBM Formula For Pricing:

Initial Price = Estimated_Cost / 1000

"Oops, we need more money" = (Estimated_Exec_Bonus + Estimated_Corp_Greed) + Worker_Cost + Extra_Corp_Greed


It might not be organized that way. For instance, it could be that IBM canada basically sold the project and IBM India are the people who would be implementing it. I don't enough about IBM's organization structure to comment on this topic.

Historically, IBM has held a bad reputation for how it has treated his older workers (ageism and also disability discrimination). Back in the day, they intentionally changed the demographics of their workers, intentionally, through mass termination layoffs.

So, a situation like OP described, is very likely to happen. This industry is "gone wild" anyways.


It's probably a frontend project to put up a mobile app or something similar, integrating with an existing backend.

If they outsource it they can hire lots of mid and senior level engineers using my country's salaries as a reference. Paying 34K a year salary (which is a top 0.1% salary in the Dominican Republic) they can hire up to 35 senior engineers.

Of course, outsourcing is in the vast majority of cases a complete disaster.

And they'll blame the workers rather than the management.

That's how outsourcing works -- who cares if management made promises they could never keep up with, right?

Just outsource it to EE and you'll have team made of 10 very good engineers for 22 months in very simplified version where whole cash goes on salaries.

10 * 6750 USD * 22


then they'll spin off the division, add it to a SPAC and go public as another $1bn unicorn.

Yup. I'm in disbelief after seeing that number. Digital government IDs of any kind are something that no government on Earth can securely provide. We're all too immature and stunted with software design still.

In Ukraine, there is a DIYA (Дія) app developed by the government, which holds electronic national passport, passport for traveling abroad, driving license, car registration documents (including car insurance information), child birth certificate (in parents app) and tax payer information. The app generates temporarily barcodes which can be scanned by another DIYA app to verify somebody's identity or presented documents. The national electronic passport can already be used in some companies, like post offices (state and private), banks, etc. Driving license and car registration can be presented to patrol police when requested. Very handy in general, especially if one forgets his wallet. I have a general concerns about privacy and security of this service, but I can also imagine that all the individual databases, which are accessed by this service, may have their own security issues, so having a single entry point is somewhat reducing the attack surface, which may actually be an advantage.

It's so convenient that you could even download similar databases from internet :)

Database of passports and TIN of Ukraine (7 500 000 rows)

https://raidforums.com/Thread-SELLING-Ukraine-Passports-INN-...


The implementation of Diya has probably nothing to do with that, as it was a pretty common PR topic for the police to find and seize stolen passport / tax data for at least the last decade. With so many government agencies having their own low security databases and employees paid $300/mo there's nothing surprising when dumps are so easy to obtain.

wait what? i can't believe what I'm seeing ... where's the catch?

You can find much more dumps there of all kinds. I know about this site, because recently DB from main car sharing company in Lithuania was published here, and it was big news in LT. But this is public forum accessible without registration. You can imagine what's available behind closed doors.

That sounds super convenient. Wish we would have something similar in the EU.

Edi: yes, I know Ukraine is in Europe, I meant EU


I wish we will never have something similar in the EU. That kind of system is asking for abuse. Please no, let's keep the passports, driver licenses and birth certificates on old fashioned reasonably hard to forge paper with holograms and securely printed (and perforated, check your EU passport hard page against the light).

>hard to forge paper

Except that history has proven the plenty of crime organizations can fake those really well and pass undetected and maybe you missed it, but the authenticity of your passport or any ID document is proven and validated by the secure cryptographic element in the chip within it, not the fancy features in the plastic/paper of the document, that's why chipped passports are now the norm. Fancy physical documents without security chips are inherently less secure, not more.

If that same security chip, that passes government security certifications, think Common Criteria level EAL 6, is in a piece of paper and plastic called "passport" or a piece of metal and glass called "smart-phone", what's the difference?


> Except that history has proven the plenty of crime organizations can fake those really well and pass undetected and maybe you missed it, but the authenticity of your passport or any ID document is proven and validated by the secure cryptographic element in the chip within it, not the fancy features in the plastic/paper of the document, that's why chipped passports are now the norm.

In any case, the forging scales much worse than just getting your hands on a database when you have to forge a physics document with decent security features. It’ll never be 100% secure, but then neither will be a virtual passport.

> Fancy physical documents without security chips are inherently less secure, not more.

All new and future identification documents will have a chip anyway. The baseline is not just a piece of paper.

You start from the premise that a physical document is trivial to forge, therefore it is not an improvement over a purely numerical one. But that’s circular logic. In reality, it is more difficult to steal, copy and re-sell a physical passport than a cryptographic key.


>In reality, it is more difficult to steal, copy and re-sell a physical passport than a cryptographic key.

Just, how? A pickpocket can steal your passport and anyone, even a police officer on the street could have a hard time figuring out if it's actually you or not if your photo looks remotely like the thief. How is it easier to steal passport crypto keys (not the passport number) from a secure government database than someone's passport off the street?

Also, the authorities can cancel your stolen passport, but the pickpocket will still own it physically and can use it to enter places like nightclubs or worse (other than airports and hard borders, nobody checks the passport electronically vs the government database, they all just glance at it and call it a day).

I have the feeling you have no idea how secure passport crypto chips and NFC chips are and you assume all passport crypto keys are some databases sitting randomly on the internet.

Or are you simply assuming that something physically printed must be inherently safer than "some bits"?


> Just, how? A pickpocket can steal your passport and anyone, even a police officer on the street could have a hard time figuring out if it's actually you or not if your photo looks remotely like the thief.

A pickpocket needs to come close enough and risk being caught. It does not scale very much. Falsifying them, whilst not impossible, is also risky and also does not scale. Particularly if the thief needs to look like the person on the photograph.

> How is it easier to steal passport crypto keys (not the passport number) from a secure government database than someone's passport off the street?

That is not the problem (although it is a problem: secure government systems are breached with some unfortunate regularity these days). But for it to be practical, people need to have the keys with them, i.e. on their phones or computers, where protection is much harder to guarantee. Putting them in an air gapped unique device is much better, whether it is something like a Yubi Key, a chip in a passport, or a chip card.

> Also, the authorities can cancel your stolen passport, but the pickpocket will still own it physically and can use it to enter places like nightclubs or worse (other than airports and hard borders, nobody checks the passport electronically vs the government database, they all just glance at it and call it a day).

I don't think anyone seriously cares about night clubs. Most of them accept non-chipped drivers licenses or old fashioned paper ID cards anyway, which is practically no security at all. The point is that the hurdle is high enough to avoid teenagers going in.

> I have the feeling you have no idea how secure passport crypto chips and NFC chips are and you assume all passport crypto keys are some databases sitting randomly on the internet.

Which random smartphone maker would you trust for this? Do you trust all the links in the chain? Something does not need to be "sitting randomly on the Internet" to be breached.

Besides, I am not sure what you assume about my assumptions. Cryptography is fine. Cryptography on everybody's phone for this application is a terrible idea. Your passport does not need to be on an Internet-facing device.



As a security engineer, nothing civillian-facing is ever 100% secure, it all depends how much resources your attackers have. When modelling your security profile, it's always a matter of "when", not "if" your widget can get hacked.

Most you can do is deter black-hats, but not much you can do against well funded state actors.


I'm fine with the 'well funded state actors' being able to do this, I'm not fine with every two bit hacker having access to all that data.

That’s why the only solution is to not digitize.

Except that most governments have migrated to digitalization of many services. Do you do your tax return in your browser or would you prefer to file endless paper forms and go in person and wait in lines?

As a general rule, I found that when institutions make it more easier for you to give them money, they don't do it for your benefit :)

True, but you have to pay your taxes anyway. Would you like to do it from the comfort of your home in whatever time you like or would you rather do it in person, standing in line for maybe hours and dealing with sour clerks?

I know which option I would go for.


Germany has this for ID cards and passports, albeit via NFC, it's just not very widely used yet.

I actually thought that this is an European standard as I seem to remember seeing it used in other airports in Europe, but it's been a while since I last went to fly anywhere.

Here's quite a bit of official technical info about it: https://www.bsi.bund.de/EN/Topics/ElectrIDDocuments/German-e...


Did you mean EU? Ukraine is on the European continent.

Ukraine is in Europe.

Denmark has a narrower version of that for driving licences and national ID cards. The rest of the information, the police would have access to anyway.

https://en.digst.dk/news/news-archive/2020/december/denmark-...


This title is very misleading. The app is just for applying to a passport.

People here will criticize this, but then turn around and put the same information through Binance or other crypto exchanges.

In the UK, you can renew your passport online too. I don't really see the risks: they check that your picture matches the old one and you still have to send your old passport for them to issue you the new one..

Yeah, it's very convenient. If you've already sent them a photo for a driving license (for example) the system can just use that photo on your passport, or if your passport expires before your license, vice versa.

The part that I find extraordinary is the authentication process for the first UK passport (like after acquiring a citizenship). They don't have an old photo to compare to, they won't look at a foreign ID either. So the authentication process consists in asking me a series of personal questions (that I know they don't know the answer to because I never gave it to them at any point in the process) and look at me in the eye to assess whether I am truthful.

Welcome to the world where your government does not actually have a proper, audited, secure and centralized database of all its citizens. Even third-world countries have it better.

https://en.wikipedia.org/wiki/Identity_Cards_Act_2006#Object...

Reasons for disbanding it:

1. Costs

2. "Effectiveness"

3. "Racism"

4. "Privacy Concerns"


I think the risk is now all the data in your passport app is online?

The old one for Canada was a fillable pdf, which seems more secure?

But then again, I assume they just optically scan it and it sits in a database anyways? Maybe it doesn’t matter. I just talked myself out of any concern.



You still have to send your old passport in. Somebody who has stolen your passport can renew it. That's a fairly minimal consequence for all the trouble.

So what does the app do?

In the UK, you upload a photo from your phone of yourself (that it checks to make sure is valid), you put in your old passport number, and you send your old passport by post to the office. Then in a few days you get your new passport with the photo from your phone.

Valid here means, the app tries to determine if you did any of the things the rules tell you not to do, like, wearing sunglasses, or using the photo of you with your best friend, or taking a full body photo when they want a face. Later a human will check, and also compare the photo to your last one. Maybe you dyed your hair blond... and grew a different moustache... But how did your missing eye grow back? And why is your nose now further up your face?

So the app catches a lot of dumb mistakes that you could make, before a human had to waste their time, but it isn't the only validation.


Okay. Does the UK not have the requirement of carrying your ID at all times? Or does everyone have multiple forms?

The UK doesn't have a requirement for anyone to carry ID. I've never carried ID.

Most young people will carry photo ID because it's needed to get into a night club, to buy booze and so on. There are policies like "Check 25" enforced in some places which tell staff they ought to refuse to serve people who seem under-25 unless they can prove they're legal to drink (18 in the UK) but (a) I don't drink and (b) I haven't looked young enough for many years now. For this purpose they can use a driving license if they have one, and there are several other acceptable forms of photo ID including some non-government ID.

If you're driving a motor vehicle police can require you to provide proof that you (and thus you'll need ID) are entitled to be driving this vehicle but it's not instant, so if it happened to me I'd put a note in my diary to take my driving license to the police when it's convenient.

Historically German occupied countries in the war had mandatory ID and so there's an association in British minds (largely false) between winning WWII and not needing to carry ID. Government has tried various strategies to try to change this but they haven't been successful.

Certain non-citizens have to physically attend somewhere at intervals so that government can keep track of them, a Russian colleague of mine would sometimes be late because she'd spend the morning waiting for her local police to confirm that yup, she was still here, still had a visa authorising her to work here, hadn't gone anywhere else. But since citizens do not carry ID the non-citizens don't need ID the rest of the time anyway although I expect many do carry some out of habit.

Many older British people won't own any photo ID. If you can't or don't drive, and never travel abroad you'd have no practical use for it. I suspect my grandmother (who hadn't driven since WWII) didn't have any ID more recent than a war-era government ID with no photograph.


As a Canadian, I will provide some context around our application for passport process. I went through it a year ago (got my passport 2 days before lockdown), so it's still fresh in my head.

To get a passport, you have to go to the post office, get the paper forms (and a spare or two in case you mess up), and fill them out. They need info about where you were born, the doctor who delivered you, your current address and previous addresses, your employer, and your family.

Then, you need to go get your photo taken. With a (provincial) drivers license, you just go to the license office and they take your picture. For (federal) passports, you're kind of on your own. You have to go to _a guy_ and get the photo taken that conforms to their specs. If it's not correct, they make you do the whole process again. Most pharmacies and photo stores have gear on hand to make these, but not all do it correctly.

Finally, you need a public servant of some sort who has known you for at least two years to sign the back of one of the photos and fill out the back page of the application. They also need to be available to be interviewed about you to verify your identity during the approval process.

All in all, it took us about two weeks to get the details together, than another six weeks to get the paperwork processed. It's not a very easy process, and it's a huge bar against people who have never applied before. Having the system more user-friendly would be a massive help to the under-serviced in our country, so something like this is greatly needed. Of course, this solution is awful, but it's certainly worth the effort in my opinion.


I'm also a Canadian and my experience has been much different.

I've done the process many times, and it takes a couple hours max to gather everything you need.

You can download the forms from the Government of Canada website and complete them using the free version of Adobe Reader, or you can print them out and do them by hand.

Probably the most annoying part is getting the photos, but nearly every pharmacy can take the passport photos for you, and they all know how to do it because it's very common. I've never had a photo rejected by the passport office.

You don't need to know who the doctor who delivered you was.

You don't need a "public servant of some sort". The passport application clearly says they just need to have known you for 2 years and have a Canadian passport already.

It's also rare that they ever call the guarantor, or the references. I've never heard of it happening to any of my family or friends.

It's a pretty simple process and you only have to do it every 10 years.

Source: https://www.canada.ca/content/dam/ircc/migration/ircc/englis...


For someone who "just went through this" your memory is off. As a Canadian the process is far easier than for a refuge or landed immigrant.

* You don't need to go to the post office and get multiple copies of the form, it's available online.

* You don't need to know the doctor who delivered you. That would be pretty tough based on many people not being delivered by a doctor, or born in a hospital.

* Driver's licenses are issued by either provincial agencies or registries; passport photos and application are reviewed & issued by federal agencies.

* You do not need a public servant (they qualified but you never needed them) as your reference, or even a registered professional - these rules changed several years ago. They need to be available to be contacted but not "interviewed" beyond a phone call.

* You need 2 references and a guarantor; the qualification are very modest.

* If it took 2 weeks for you to prepare you were not in much of a hurry, and 6 weeks for processing and approval seems reasonable (even fast) based on historical wait times. Regardless I can't see the approval time being improved as it will still be done by hand.

* If you need your passport quickly you can pay extra for priority rush and get the entire process done within a week.

Getting a Canadian passport quickly and easily should not be a measure of success of this system as far as I'm concerned. Keeping the process analog with intentional slower, manual steps is a security feature.


Canada seems to have more requirements than the US does. In the US, you just fill out a form that's available for download, attach a photo that you can have taken in lots of places, write a check, put it all in an envelope with your old passport, send it off, and get it back in a month or two. (There are expediting services you can use if you're on a tight schedule though they're fairly expensive.)

Not that different but no requirements for references or a guarantor.


In the UK, there are many photo booths, which also give you a reference number along the prints, which you can provide to the home office as part of the passport application so they get the digital copy from the photo booth company.

Though I am sure there must be hundreds of photo booth apps already.


My wife just went through this (first time passport after she became a citizen) a few months ago and the process is largely unchanged from when I did it like 15 years ago.

If I'm being polite I'd call your representation here "intentionally misleading".

You can print the forms at home or anywhere else (https://www.canada.ca/content/dam/ircc/migration/ircc/englis...). If you're unable to print a copy yourself at home or work, print them at your library, get a friend to print them, get a copy shop to print them, or figure out literally any possible way to turn a PDF into paper then yes, you can get a copy of the application from the post office or Service Canada.

There was no information requested about "the doctor who delivered you".

Your guarantor does _not_ need to be a public servant. It's literally anyone with a Canadian passport that has known you for two years, including family. Public servants (doctors, judges, lawyers, police officers, dean of a university, signing officer of a financial institution, etc) are an _alternative_ if you cannot find literally a single person in your life that has known you for two years with a passport and have no relatives with a passport. And if that fails, you can just fill out a form saying you literally know nobody.

As to the rest, the actual requirements[0] are:

You need to provide:

  - Proof of Canadian citizenship (birth certificate, certificate of citizenship, etc)
  - A piece of photo ID from any local or foreign government entity. You can submit a photocopy if a guarantor signs it.
  - Two passport photos but they're really not as difficult to obtain as you're trying to imply. Walmart does them for like $8. Pretty much any drug store will do them. Costco does them. You need to get one of them signed by your guarantor.
  - Two references: Literally any two adults that have known you for at least two years that aren't related to you. They do not need to be citizens. They don't need to sign anything. Just write down two people you've known for two years.
Then you mail it in.

My wife ran to the Shoppers down the block and got her photos in ten minutes, took us maybe 30 minutes to print and fill out the application and a ninety cent stamp to mail it.

[0] https://www.canada.ca/en/immigration-refugees-citizenship/se...


* passport application app

even * passport application web app

I live in WA state and receive unemployment. I recently had to verify my identity after getting unemployment for 6 months. This required that I send them a color copy of my DL & SS card, and a passport too since I had one. It was announced shortly thereafter that the system they use to process documents was compromised. A virtual passport app may present real data risk, but no more than the government already does in the multitude of breaches that take place every year with no end in sight.

Canadian here, and I'm asking "What's the threat vector they're concerned about?"

I see the following listed in the article:

* Data Residency - Canada and US (CBSA and Homeland) have plenty of data sharing agreements, including exit records being passed between the two (see Entry/Exit initiative - https://www.canada.ca/en/border-services-agency/news/2019/07...). Why are they so focused on 'applicant' data when there is literal tracking of movement going on due to other, existing acts?

* Applications being online might be exploited by criminals - one can already apply to them via mail, so things are already done remotely. The process of validation is no worse digital than by mail (though with the caveat that one executes competently)

* Public vs private tendering - This has nothing to do with privacy or data

All this noise, and the trade-off is to make it harder for individuals to get passports by forcing them to do things in person. Even if there wasn't a pandemic, lineups at Passport offices are frequently 1+ hour and are a burden to those without flex time at their jobs. Alternatively, they could pay to courier their passport in the mail to the Passport Office in Ottawa, which is a cost (on top of the passport fees) that is wholly unnecessary given the Internet.

I see this as those with privileged office jobs attacking a convenience, all the while the Entry/Exit initiative continues without mention.


IBM? Well, I'll never be using that app. To my knowledge, Phoenix Pay System is still in the shambles...

Don't worry, you probably won't have to worry about the choice if they will make it mandatory to confirm your "vaccination status".

That is a nightmare. I'm not as concerned with "vaccination status" (though, I disagree) -- but, at least 50% of my concern is IBM.

Everything IBM touches turns into a hot pile of garbage that needs billions to rewrite and it never gets better. We'd get a better job if we outsourced to another country -- OR -- gave contracts to companies that aren't IBM (& know what they're doing, of course).


i can't help but wonder...

Sometimes I feel like just dropping my phone and never pick it up again. Let it shut off and never turn it on again.

Will it be mandatory in the future to own a mobile phone? What if I don't want to have one?


It becomes harder and harder--and harder still if you also don't want to use email, etc. You're an edge case and institutions tend to forget about edge cases or just don't want to be bothered with them. So, for example, you now need to show up in offices because you can't sufficiently validate your identity otherwise.

I actually know one senior person in Silicon Valley who refused for years to get a cell phone and only relented when his nanny insisted after he and his wife adopted a child. I think he still doesn't have a personal smartphone although his current employer gave him a company phone to carry.


I don't imagine it'll be mandatory in free countries, but it'll be horribly inconvenient without. You didn't have to have a telephone either but by say 1980 if there's an important service and it's only available by telephone the government is likely going to say well, there are public call boxes, good luck with your weird lifestyle choice.

I got vaccinated at the weekend. SMS to my phone, with a personalized URL in it from my doctor's practice. Follow URL, pick time slot, turn up.

No smartphone? Copy the URL by hand to a computer. No Internet? No appointment for you. No SMS? Too bad, you don't get an invite until they're chasing the last people. In July I'm sure anybody with a pulse will get a jab here just by turning up but right now you need an invite.

There was an attempted queue jumper at the site. "I don't know why my name isn't on the list, you called me". "We called you? Nobody got a phone call. We sent texts.". "Yeah that's what I meant, I got a text". Sure you did Pal.


>good luck with your weird lifestyle choice

That's a good way of putting it. Furthermore, while the government is theoretically under some obligation to accommodate weird lifestyle choices and people who otherwise don't have access to modern technology, private companies have no such obligation for the most part. They can just say "Nope, you're too much trouble to do business with."


As someone with inside knowledge,

They have already spent $200MM+ on several failed attempts to develop something like this internally.


Why on earth are we accepting IBM tenders for government software contracts after the Phoenix shitshow?

They gave them this contract even after the whole phoenix pay system debacle?

This is a “what could go wrong?” moment

Why do we still have borders? Is it a form of learned helplessness? As a European travelling freely inside the Schengen zone is one of the most amazing things and you can argue it has stopped war among those countries. What is the problem of not extending it to the entire world? Does anyone know? Also, it seems that tons of resources are wasted maintaining them when they could be used for increasing prosperity for everyone instead.

I am not sure if this is a serious question. Generally the idea of a common travel area makes sense if the countries at a similiar economic development (like the Schengen zone). This also means that the training skills of the people are not too differend; and this prevents all kind of social problem you would get otherwise.

It's an honest question. I just don't see that question ever being asked by anyone, to me they don't make too much sense. I understand there'd be a period where things would get messy but won't we eventually reach an equilibrium where everyone is where they want to be, no resources wasted on borders and immigration and everyone just travels and works freely everywhere?

Well everybody probably agrees it will be messy, and not everyone thinks the equilibrium will be good, so the incentives to try this are low.

If the argument is "everybody thinks that" then that's the form of learned helplessness I talked about, which is why I asked here, to hear some pragmatic reasons. The only argument I hear being repeated is the same vague "otherwise it would be bad" from one side and the "borders are imaginary" from the other side. To me it seems we just keep them because it's been this way since the Roman empire and noone knows really why they're still there.

On the other side of the argument, yeah many things are imaginary but that doesn't invalidate them. A football team is an imaginary group but serves a purpose, to play a game. Country borders as well separate cultures, food, music and people with different languages, that's fine, these make sense, but why isn't free movement allowed? Polish didn't move to Germany en masse nor Germans to Poland while there is no border control and there certainly is economic inequality between these countries.


On the world scale Poland and Germany are in the same economic tier.

The part that it will be messy, was actually what yourself said (so I didn't think you need evidence for that).

Well, one can also look at other models historically, if you think of a border as demarcation of the influence of a state. Historically China didn't have well defined border, the further away civilisations were vassal states which had to pay tribute (but received gift of higher value than the tribute, so the real tribute was acknowledgement of power).

Another example would be afghanistan/Pakistan. The border is very transparent and at least in Afghanistan there is not a functioning government, but war lord tribal areas.

But this is about border of state demarcation. The idea of people moving to other places is generally a new one (apart from earliest pre history or when masses do this, like in the migration period) new in the sense starting with colonization of the US.


I worry that these COVID border closures have fatally weakened Schengen. They may be only temporary public health measures, but the symbolic effect of successfully restoring walls between Europeans could be devastating in the long term. You have national-level health ministers saying that they are not especially concerned about the difficulties of people who live in a community that extends across both sides of the border, or who drive back and forth for (sometimes essential) work every day.

When e.g. Macron has expressed opposition to the survival of Schengen in its current form, then it makes it easy for such leaders to resort to supposedly "short-term" border closures after COVID, having seen that they could easily get away with it during the epidemic.


Wealthy countries would immediately be flooded with all the world’s problems if anyone was allowed to migrate. Since wealthy people draw the world’s borders, they aren’t going away. Global equality would be a terrible thing for most people in NA or Europe.

People like drawing imaginary lines and then segregating themselves between these lines based on their shared delusions. Passports give them a sense of control and security.

I often wonder why I can't just give up my own nationality and have no country. Because why not?

Update: just saw on Wikipedia that statelessness is actually a thing! https://en.m.wikipedia.org/wiki/Statelessness




Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: