Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

Getting Started in Open Source Software

Open source software is everywhere, and chances are high that you’ll be writing, deploying, or administering it when you enter the workforce. Hiring managers are looking for candidates with experience in open source. Employers will often ask you for your GitHub username along with - or instead of - your resume. So, if you’re all new to open source, where should you get started? If you’re feeling a bit intimated about the wide world of open source software, it’s totally understandable. There’s thousands of projects, and it’s hard to know which one will give you the best experience you can use to build your skill set. And it can be even harder to know which one will give you the best experience as a contributor and human being. Read more

Canonical to Support Two Ubuntu Versions, One Based on Deb and One on Snappy

Canonical is bringing some very significant changes to Ubuntu and that includes a new way of packaging and maintaining the system. That being said, the company will continue to provide support for both the .deb based and .snap based Ubuntu systems for a long time. Read more

Ubuntu 15.04 (Vivid Vervet) Gets Its First Linux Kernel Update

The first kernel update for the Ubuntu 15.04 (Vivid Vervet) operating system arrived on May 5 and it patched a very important vulnerability in the upstream Linux kernel 3.19. As such, all Ubuntu 15.04 users are urged to update their systems as soon as possible. Read more

5 Best Android Phones [May, 2015]

Those looking for a new Android phone in the month of May are going to find themselves staring at a number of solid options. With that in mind, we want to help narrow things down for those that are need of some assistance. Here, we take a look at the device’s we think represent the best Android phones for May, 2015. Last month, Samsung and HTC released their new 2015 flagships into the wild. The Samsung Galaxy S6 Edge, Samsung Galaxy S6, and HTC One M9 join a crowded field of competitors tempting those looking for a new Android phone this month. They will soon be joined by an LG G4, a device that’s set to replace the popular LG G3 in June. Read more