Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

Collaboration Events: Pakistan Open Source Summit, GNOME+Rust Hackfest, DataworksSummit Berlin

  • Pakistan Open Source Summit 2018 concludes [Ed: Not about software]
    A large number of attendees from industry, academia, government, and students participated in the summit. Portuguese Ambassador to Pakistan Dr Joao Sabido Costa was the chief guest at the opening ceremony while former Naval Chief Admiral (r) Asif Sandila graced the occasion as the chief guest at the closing ceremony.
  • ‘Open Summit key to create industry-academy linkages’
    Ambassador of Portugal to Pakistan Dr Joao Sabido Costa has said that events such as the Open Source Summit are excellent for spreading awareness and for creating industry-academia linkages and enhancement of the information technology. He stated this while addressing a concluding ceremony of the two-day informative ‘Pakistan Open Source Summit 2018’ attended by large number of people from industry, academia, government and students. Former naval chief Admiral (R) Asif Sandila co-chaired the concluding session. Dr Joao Sabido Costa said that the organisations should utilise open source platforms to build their IT infrastructures in future. To build open source culture in Pakistan, he recommended roadmap with future activities and timelines for spreading open source.
  • Madrid GNOME+Rust Hackfest, part 2
    Yesterday we went to the Madrid Rust Meetup, a regular meeting of rustaceans here. Martin talked about WebRender; I talked about refactoring C to port it to Rust, and then Alex talked about Rust's plans for 2018. Fun times.
  • DataworksSummit Berlin - Wednesday morning
    Data strategy - cloud strategy - business strategy: Aligning the three was one of the main themes (initially put forward in his opening keynote by CTO of Hortonworks Scott Gnau) thoughout this weeks Dataworks Summit Berlin kindly organised and hosted by Hortonworks. The event was attended by over 1000 attendees joining from 51 countries. The inspiration hat was put forward in the first keynote by Scott was to take a closer look at the data lifecycle - including the fact that a lot of data is being created (and made available) outside the control of those using it: Smart farming users are using a combination of weather data, information on soil conditions gathered through sensors out in the field in order to inform daily decisions. Manufacturing is moving towards closer monitoring of production lines to spot inefficiencies. Cities are starting to deploy systems that allow for better integration of public services. UX is being optimized through extensive automation.

Today in Techrights

today's howtos

10 Great Linux GTK Themes For 2018

Customization is a big part of the Linux experience, and your desktop theme is no exception. The world of Linux desktop themes is an ever-evolving one, with new ones replacing old favorites all the time. Of course, the desktop environments and GTK itself are always changing, so that adds another dynamic element to consider. That said, some of the best desktop customization happens on the simplest desktop environments, like XFCE. As of now, in early 2018, there are some really excellent GTK themes available. These themes aren’t ranked in any particular order. That comes down to a matter or preference. Any one of them can add a whole new look to your GTK-based desktop. Read more