Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

Locally Integrated Menus Can Be Set to Always Show in Ubuntu 15.04

The development cycle for Ubuntu 15.04 still have a couple of months left and the guys and gals from Canonical are making good progress. An important improvement regarding the use of menus in the title bar has been implemented and it will be part of the stable edition that will launch in April. Read more

Build Your Own Open-Source SmartWatch

If you’re not up for spending your money on one of the less advanced smart watch models, you may want to check out maker Jonathan Cook’s DIY Open-Source SmartWatch, part of which is 3D printed, something the prognosticators of future tech surely didn’t forecast. Cook shared instructions for making his SmartWatch on the webzine “Make:” and also on his own website, DoNothingBox. You can download the STL files on the DNB site, too. For around $125 or less you can make your own smart phone and you can customize it, something that you wouldn’t be able to do with a store-bought version. Read more

LibreOffice 4.4 Is Coming Soon With New Features

The release plan puts the LibreOffice 4.4.0 as being just days away, but what features are in store for this open-source office suite? Let's take a brief look. Read more

Completely open source, high-end laptop gets closer to reality

If you've wanted a laptop where all the software is free and open source (FOSS), you've usually had to settle for mediocre hardware. Even FOSS champion Richard Stallman is making do with a ThinkPad that's several years old. At last, though, it looks like you won't have to compromise your ideology for the sake of keeping up with the Joneses. Purism has successfully crowdfunded the Librem 15, a portable PC that combines modern parts (such as a 3.4GHz Core i7 and an optional 4K display) with software that's accessible from head to toe. The operating system (a variant of Trisquel GNU/Linux), hardware drivers and included apps are all free and open -- Purism is even trying to loosen up the BIOS and firmware. Read more