Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

Ubuntu GNOME 15.04 Alpha 1 Prepares for GNOME 3.14, Go Forth and Test

The Ubuntu GNOME developers have released the first version of the 15.04 branch for their Linux distribution and it looks like this operating system is also going through some interesting changes, just like Ubuntu, although not on the same scale. Read more

FSF's High Priority Project List Now Has A Committee

The Free Software Foundation has now built up a committee to review their "High Priority Projects" list and they're looking for more feedback from the community. Nearly ten years ago is when the Free Software Foundation began listing what they viewed as the High Priority Free Software Projects in a list. This list has over time contained some definite high-priority projects related to freeing Java and Adobe PDF support and open graphics drivers to some more obscure projects of high priority like a free version of Oracle Forms, a replacement to OpenDWG libraries for CAD files, automatic transcription software, etc. I've personally called out many of the FSF HPP for what they're worth with my thoughts over the years. Read more

Latest Calibre eBook Reader and Converter Now Support Latest Kobo Firmware

The Calibre eBook reader, editor, and library management software has just reached version 2.13 and the developer has added an important driver and made quite a few fixes and improvements. Read more

Lubuntu 15.04 Alpha 1 Is Out and Still Uses LXDE – Gallery

Lubuntu 15.04 Alpha 1 (Vivid Vervet) has been officially released and it follows its Kubuntu and Ubuntu GNOME brethren. Users can now download and test this latest installment. Read more