rss feed link header graphic

  July 31, 2007 - The Halvar Conundrum

by Darington Forbes

Thomas Dullien, known in security circles as Halvar Flake, was scheduled to conduct a training class and a briefing at this year's Black Hat USA. Both were highly anticipated, both because Halvar is one of the foremost reverse engineers in the world and because he's been a popular speaker at the conference for the past seven years.

testIf you follow security-related news at all, you have probably heard that he was detained by immigration officials upon entry to the US, interviewed by said officials for 4.5 hours, and finally denied entry into the US and returned to Germany. His detention and deportation have generated a lot of speculative conversation, but the facts are relatively simple.

In the process of checking his luggage, some portion of his printed materials for his training were discovered. This triggered a series of questions about his business and his immigration status, with the US officials finally settling on the position that if he was going to profit as an individual speaker at Black Hat, he was a de facto employee of the conference and could not enter the States without qualifying for and obtaining an H1B visa.

It isn't easy to know what's changed, as the circumstances of his previous engagements with Black Hat were quite similar. As Thomas says in his blog, "Each time came to the US, I told immigration that I was coming to the US to present at a conference and hold a trainings class. I was never stopped before."


At Black Hat we believe strongly that the sharing of leading-edge ideas and specialized knowledge is crucial to the future of all nations, and that we are all impoverished when that sharing is unnecessarily constrained."

It appears that this could have been avoided if Halvar had been engaged to come to Black Hat as a representative of his company instead of as an individual, but this knowledge came too late. It also came at a steep price—the visa waiver program Thomas has used in the past to visit and teach in the US is now denied to him forever. He will have to meet in person with the US Consulate and make other arrangements now, and that will take time, money and effort.

This kind of problem is certainly not unique to Halvar's situation. Consider this comment on Halvar's blog from Danish security researcher Thor Larholm:

"I feel sorry for you and can echo the sentiment about needless bureaucracy

I experienced almost the exact same thing two years ago when I went for a working trip to PivX Solutions in California. My prior arrangement had not been changed from a personal connection to a connection with my Danish company where I was also CEO. As such, I was put on the next flight back to Denmark and had a tremendous difficulty in getting a business visa, as the embassy was firmly convinced I was visiting for employment to take away the job from an American.

The end result is that I had to conduct my security research remotely from Denmark and PivX eventually faded away into obscurity (9 hours of time zone difference does present a hurdle). I have not been able to visit the USA since then, but my research has resulted in the creation of several Danish companies instead of American companies. In short, a personal setback for me and an economic setback for USA."

It is a disappointment, to his prospective students, to his briefings audience and to his friends in the Black Hat community that he won't be attending this year. It is also a matter of serious concern whenever rules and standards appear to change without corresponding changes in the relevant law. It's our hope that the situation represents nothing more than an inconvenience created by clashing interpretations of policy, and that we will have Halvar back in time for the next Black Hat conference.

At Black Hat we believe strongly that the sharing of leading-edge ideas and specialized knowledge is crucial to the future of all nations, and that we are all impoverished when that sharing is unnecessarily constrained.


Until early this week, security experts Nitin and Vipin Kumar of NV Labs were scheduled to present a briefing entitled "TPMkit: Breaking the Legend of Trusted Computing (TC [TPM]) and Vista (BitLocker)" more


A lot of work has been done in the areas of reverse-engineering, exploitation and code review of applications written in C. However, a majority of application development is done in C++ and has been for many years. Over the past five years a few researchers have looked at C++ specific issues, like Halvar Flake, but there has not been a lot of focus on security-related aspects of C++ in the public arena. more

The Black Page is always looking for concise and interesting comments from researchers and experts about issues that affect the security community. Contact us here to learn more about submission rules

Black Pages Archives

1997-2008 Black Hat ™