Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

Microsoft Lobby Denies the State of Chile Access to Free Software

Fresh on the heels of the entire Munich and Linux debacle, another story involving Microsoft and free software has popped up across the world, in Chile. A prolific magazine from the South American country says that the powerful Microsoft lobby managed to turn around a law that would allow the authorities to use free software. Read more

LaKademy 2014 - KDE Latin America Summit

Two years have passed since the reality of the first Latin American meeting of KDE contributors in 2012 in Porto Alegre, capital of Rio Grande do Sul, Brazil. Now we are proud to announce that the second LaKademy will be held August 27th to 30th in São Paulo, Brazil, at one of the most important and prestigious universities in the world—the University of São Paulo. Read more

Linux Growth Demands Bigger Talent Poo

Today at LinuxCon and CloudOpen we're making an announcement that signifies the natural next step in helping to build a qualified talent pool of Linux professionals worldwide:The Linux Foundation Certification Program. We sought to create a new Linux certification program that is innovative, highly valued among Linux pro’s and employers and advances the state-of the-art of certification exams. We think it's a different approach to testing and can help advance Linux by bringing more Linux talent into the market. The exams are available anytime, anywhere; performance based with testing in the command line; and distribution flexible. Let me tell you a bit more about why we believe this is so important. Linux today powers most of the technology infrastructure that runs our daily lives. It is the fastest growing platform in nearly every sector of technology from embedded systems, mobile devices and consumer electronics to the cloud, enterprise server, high performance computing and more. Read more

Linux Foundation to offer new certification for IT workers

With an eye toward deepening the global Linux talent pool, the Linux Foundation today announced that it will offer two new certifications for engineers and administrators. The Linux Foundation Certified System Administrator, or LFCS, and the Linux Foundation Certified Engineer, or LFCE certificates will be granted to applicants who pass an automated online exam. The cost will be $300, although the foundation will hand out 1,000 free passes to attendees at LinuxCon, where the announcement was made. Read more More: Linux Foundation Debuts Linux Certification Effort