Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

Most popular web browsers among Fedora users

Google Chrome is the most popular browser in the world. It is so popular that some call it a new Internet Explorer. But that’s based on global stats. In Red Hat, I’m responsible for web browsers, so I wondered what are the most popular web browsers among Fedora users. So I asked through Fedora accounts on Facebook and Google+: “Which browser do you use the most in Fedora?” Read more

Life in a Post-Container World and Why Linux Will Play a Diminished Role

Containers have actually been with us since the late 1990s, but they are not the end of the story. The real transformation will come with a “serverless” future that will completely overturn the ops ecosystem. Companies will go out of business, new ones will spring to life, and thousands of people will have fundamental changes to their jobs. The shift to a serverless future is much bigger than your normal hype cycle — I believe the current container hoopla is a foreshock preceding a 9.0 quake. Read more

FFmpeg's Leader Resigns, Hopes To Make Libav Developers Come Back

Michael Niedermayer, the leader of the FFmpeg project for the past eleven years, has made a surprise announcement today: he's resigning as its leader. Niedermayer is resigning as he no longer feels he's the best leader for FFmpeg, given the current Libav fork still persisting even after Debian dropped Libav and is returning to FFmpeg. Read more

30 Sys Admins to Follow on SysAdmin Day

Systems administrators: They keep our high-tech world up and running. From capacity planning, to 3 a.m. phone calls, to retiring that 10-year-old server that uses more power than your whole house, sys admins do it all. Open source communities would not be able to thrive without the networks, services, and tools that allow for communication and collaboration, and sys admins are the ones who work thanklessly year-round to keep them going. July 31 is System Administrator Appreciation Day, a day for all of us to express our undying gratitude for sys admins. Sure, you could buy your favorite sys admin cake and ice cream, or perhaps a nice gift card. You could even go as far as not breaking the server for just one day. You also can follow these 30 sys admins. Read more