Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

Android Leftovers

GNU/Linux/FOSS Events

  • PyCon 2016
    I come from a place where everyone worships competitive coding and thus cpp, so the experience of attending my first pycon was much awaited for me. This year’s PyCon India happened in Delhi and i along with a couple of my friends reached on 23rd September, the first day. We were a bit late but it was all right because, we didn’t miss anything.
  • What do you have to say? Share it at LibrePlanet 2017
  • LibrePlanet returns March 25-26, 2017, call for proposals for annual free software conference now open
    LibrePlanet is an annual conference for free software enthusiasts. The conference brings together software developers, policy experts, activists and computer users to learn skills, share accomplishments and face challenges to software freedom. Newcomers are always welcome, and LibrePlanet 2017 will feature programming for all ages and experience levels. This year, the theme of LibrePlanet is "The Roots of Freedom." This encompasses the historical "roots" of the free software movement -- the Four Freedoms, the GNU General Public License and copyleft, and a focus on strong security and privacy protections -- and the concept of roots as a strong foundation from which the movement grows. "LibrePlanet is an impactful, exciting free software conference. Attendance has grown each year, yet the community-minded atmosphere has grown even stronger," said John Sullivan, executive director of the FSF.
  • The Linux Foundation Announces Session Lineup for MesosCon Asia
    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the schedule for MesosCon Asia, taking place November 18-19 in Hangzhou, China.

More on Russia Moving to FOSS

  • Moscow Drops Microsoft on Putin’s Call for Self-Sufficiency
    Moscow city will replace Microsoft Corp. programs with domestic software on thousands of computers in answer to President Vladimir Putin’s call for Russia’s authorities to reduce dependence on foreign technology amid tensions with the U.S. and Europe. The city will initially replace Microsoft’s Exchange Server and Outlook on 6,000 computers with an e-mail system installed by state-run carrier Rostelecom PJSC, Artem Yermolaev, head of information technology for Moscow, told reporters Tuesday. Moscow may expand deployment of the new software, developed by Russia’s New Cloud Technologies, to as many as 600,000 computers and servers, and may also consider replacing Windows and Office, Yermolaev said.
  • Why Microsoft is getting the cold shoulder from Moscow
    Since the German city of Munich decided to ditch Microsoft Windows and Office, a growing number of European agencies have followed suit - from France's national police force to the Italian military. The latest authority to turn its back on Microsoft is reportedly Moscow City Hall, which is transferring employee email from Microsoft Exchange Server and Outlook to the Russian-built MyOffice Mail. About 6,000 Moscow state employees will be switched over, including teachers, doctors and civil servants. If the move is a success, the city will consider shifting 600,000 PCs and servers away from Microsoft, and may also replace Windows and Office, according to Bloomberg.
  • Moscow will replace Microsoft's products with local offerings
    Microsoft might lose a whole city of customers in Russia. According to Bloomberg, Moscow will begin replacing Redmond's products with homegrown software as a result of Vladimir Putin's urging to stop depending on foreign tech. Artem Yermolaev, the city's head of information technology, told reporters that Moscow will begin by dropping Microsoft's Exchange Service and by replacing Outlook on 6,000 computers with state-run carrier Rostelecom PJSC's email system. Authorities are looking to deploy the email software to as many as 600,000 computers in the future. They might even replace Windows and the Office suite entirely, though there seems to be no solid plan for that at the moment.

Sony Xperia X Compact review: Small Android is still good, but not much better

Sony's Xperia X Compact is basically the newest version of the Z5 Compact that hit the US earlier this year. But just because it's a newer version of the (comparatively) tiny handset doesn't mean it's an upgrade in every way. Sony is pushing the camera sensors in the X Compact and the flagship-level XZ, as well as new features like five-axis image stabilization and HDR photo mode. Sony knows cameras, so we know the shooter in the X Compact will at least be competent. However, it has to be good enough to encourage photography buffs to shell out $499 for this unlocked handset while delivering solid performance across the board as well. Read more