Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

Kodi 14.0 Helix Unwinds

Merry Christmas and happy holidays, everyone! We are proud to announce the release of Kodi 14.0, which comes with a new name, a new logo, and a wide variety of new features, but underneath the new coat of paint remains the same software we all love. A detailed changelog for Kodi 14 can be found under milestones on our code repository, should you be interested. With that said, let’s take a look at some of the features that come with Kodi 14.0. Read more

KaOS ISO 2014.12

KaOS is very proud to announce the availability of the December release of a new stable ISO. This ISO marks two major milestones for this distribution. Since it’s inception almost two years ago, a need to be ready for UEFI installs has always been a priority. That was tied though to getting a modern Qt based installer that could handle such UEFI installs. With this ISO, both are implemented. Read more

Old FOSS Friend & Foe Represents Sony in Hack

Boies, along with three attorneys representing the States, brought Microsoft to it’s knees — or so it seemed at the time. On November 5, 1999, Judge Thomas Penfield Jackson found that Windows dominance on the PC made the company a monopoly and that the company had taken illegal actions against Apple, Java, Netscape, Lotus Notes, RealNetworks, Linux, and others in order to maintain that monopoly. He ordered Microsoft broken in two, with one company producing Windows and another handling all other Microsoft software. As we all know, Judge Jackson’s solution was never implemented. Although an appeals court upheld the verdict against Redmond, the breakup of the company was overturned and sent back to the lower court for a review by a new judge. Two years later, in September, 2001, under the Bush Administration, the DOJ announced that it was no longer seeking the breakup of Microsoft, and in November reached a settlement which California, Connecticut, Iowa, Florida, Kansas, Minnesota, Utah, Virginia and Massachusetts opposed. The settlement basically required Microsoft to share its APIs and appoint a three person panel that would have complete access to Microsoft’s systems, records, and source code for five years. The settlement didn’t require Microsoft to change any code or stop the company from tying additional software with Windows. Additionally, the DOJ did not require Microsoft to change any of its code. Read more

Study: ‘European Parliament should use open source’

The European Parliament should use free software and open standards for all of its ICT systems and data, concludes a study by the EP’s Greens/European Free Alliance: “That is the most appropriate way for the Parliament to meet its own standard of ‘utmost transparency’.” Read more