Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

Nextbit’s Robin Is An Android Smartphone That Taps The Cloud For Bonus Smarts

After weeks of teasing out little details on Twitter, Nextbit has finally spilled the beans on what they’ve been working: Robin, a “cloud-first” Android smartphone. So what does “cloud-first” mean? At least initially (the company suggests that the cloud integration will only get deeper in time), it means smart, automated offloading of your photos, videos, and apps to free up the local storage space on your device. Robin has 32GB of storage built in. As you fill this, it’ll automatically back up your photos and apps to a private 100GB box on their cloud server. Read more

Xiaomi said to release notebook in 2016 with help from Inventec and Foxconn

The sources believe Xiaomi will likely release a 15-inch notebook as it is the mainstream size in China and will adopt Linux operating system. The notebook is estimated to be priced at CNY2,999 (US$471) and will heap pressure on competitors' simliar products priced between CNY4,000-6,000. Read more Also: Xiaomi GNU/Linux Notebook In 2016

First RC Build of Tiny Core Linux 6.4 Adds a New ASCII Penguin in MOTD

Robert Shingledecker, the creator, maintainer, and lead developer of the Tiny Core project announced earlier today, September 1, the immediate availability for download and testing of the first Release Candidate (RC) build of Tiny Core Linux 6.4. Read more

Linux 4.3 Scheduler Change "Potentially Affects Every SMP Workload In Existence"

Aside from Ingo Molnar's x86 boot changes he sent in to Linus Torvalds for the Linux 4.3 merge window, he also sent in the scheduler changes for this next version of the Linux kernel. With Linux 4.3 for those running any sort of SMP (Symmetric Multi-Processing) workloads, the performance could sway one way or another, but hopefully it's for the better. Read more Also: Better crypto, white-box switch support in Linux 4.2