Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

EU-Fossa project submits results of code audits

The European Commission’s ‘EU Free and Open Source Software Auditing’ project (EU-Fossa) has sent its code review results to the developers of Apache HTTP server target and KeePass. The audit results are not yet made public, however, no critical vulnerabilities were found. Read more

today's leftovers

  • Docker: Making the Internet Programmable
    Docker, and containers in general, are hot technologies that have been getting quite a bit of attention over the past few years. Even Solomon Hykes, Founder, CTO, and Chief Product Officer at Docker started his keynote with the assumption that people attending LinuxCon Europe know that Docker does containers, so instead of focusing on what Docker does, Hykes used his time to talk about Docker’s purpose saying, “It really boils down to one small sentence. We're trying to make the Internet programmable.” Hykes described this idea of making the Internet programmable with three key points. First, they are focused on building “tools of mass innovation” designed to allow people to create and innovate on a very large scale. Second, applications and cloud services are allowing the idea of the Internet as a programmable platform to be realized, and they want to make this accessible to more people. Third, they are accomplishing all of this by building the Docker stack with open standards, open infrastructure, and a development platform with commercial products on top of the stack.
  • How to benchmark your Linux system
    The Software Center list will also include individual tests. These can be fine to use, but they can be tedious to open and configure manually. Keep your eye out for an entry called Phoronix Test Suite, or PTS for short. The Phoronix Test Suite is a powerful program that can run a single test, or an entire battery. PTS offers some built-in suites (collection of tests), or you can design your own suite. When tests are completed, you can choose to upload the test results to, where other users can see your results and even run the exact same tests on their PC.
  • Wunderlist Electron App for Linux
    Missing Wunderlist on Linux? You don’t need to thanks to Wunderlistux, an Electron-based desktop app. It doesn’t claim to be anything more than a wrapper around the official Wunderlist web app (which, yes, you could just open in a new browser tab).
  • Enter the Wasteland: Mad Max now available for Mac and Linux
  • What a lovely day! Mad Max releases for Mac and Linux
  • Mad Max Comes to Linux and Mac
  • GNOME at Linux Install Fest
    It’s an event organized in order to help first year students install a Linux distro on their laptops (here at our uni, we work almost entirely on Linux, so we need to help those that have never used it and set up their distros

today's howtos

Red Hat News