Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

Rugged mini-PC runs Android on Via’s Cortex-A9 SoC

Via debuted a rugged fanless low-power Android mini-PC based on Via’s dual-core Cortex-A9 Elite E1000 SoC, and offering mini-PCIe, mSATA, HDMI, and GbE I/O. Via designed the “Artigo A900″ mini-PC for use in Android-based interactive kiosks, home automation devices, signage, and other HMI solutions. The 125 x 125 x 30mm mini-PC can be configured to “blend locally-captured real-time video streams with cloud-delivered content to create visually-compelling interactive displays for retail, banking, museums, and other environments,” says Via Technologies. The device can integrate peripherals including sensors, cameras, ticket printers, and barcode and fingerprint scanners, adds the company. Read more

Newest Androids will join iPhones in offering default encryption, blocking police

The next generation of Google’s Android operating system, due for release next month, will encrypt data by default for the first time, the company said Thursday, raising yet another barrier to police gaining access to the troves of personal data typically kept on smartphones. Android has offered optional encryption on some devices since 2011, but security experts say few users have known how to turn on the feature. Now Google is designing the activation procedures for new Android devices so that encryption happens automatically; only somebody who enters a device's password will be able to see the pictures, videos and communications stored on those smartphones. Read more

X.Org Server Shatter Project Fails

Earlier this summer was the start of an X.Org-funded project to develop Shatter. Shatter has long been talked about as a new feature for the X.Org Server to replace Xinerama. Shatter comes down to allowing the X.Org Server to split the rendering between multiple GPUs with each GPU covering different areas of a larger desktop. A student from Cameroon hoped to develop the Shatter support after such feature was talked about for years. The student, Nyah Check, was being funded by the X.Org Foundation through the foundation's Endless Vacation of Code project that's similar in nature to Google's GSoC but runs year-round and is much more loose about requirements. Read more

today's howtos