Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

New Cortex-M chips add ARMv8 and TrustZone

ARM launched its first Cortex-M MCUs with ARMv8-M and TrustZone security: the tiny, low-power Cortex-M23 and faster Cortex-M33. At the ARM TechCon show in Santa Clara, ARM unveiled two new Cortex-M microprocessors that will likely emerge as major Internet of Things workhorses over the coming decade, supplanting most existing Cortex-M designs. The Cortex-M23 and Cortex-M33 are also the first Cortex-M processors with ARMv8-M technology, enabling ARM TrustZone security, among other benefits. The TrustZone support is enabled via a new IoT-oriented CoreLink SIE-200 network-on-chip, which adds IP blocks on top of the AMBA 5 AHB5 interface. ARM also announced a TrustZone CryptoCell-312 technology for creating secure SoCs based on ARMv8-M. Read more

OpenStack in the Headlines

  • From OpenStack Summit, Red Hat Reports That the Deployment Era is Here
    As noted here yesterday, OpenStack is here to stay in enterprises. A new study by 451 Research analysts shows that about 72 percent of OpenStack-based clouds are between 1,000 and 10,000 cores and three fourths choose OpenStack to increase operational efficiency and app deployment speed. Meanwhile, in conjunction with OpenStack Summit in Barcelona, Red Hat is out with very notable results from its polling of its OpenStack user base. Its study found that production deployments increased hugely in the last year, according to a survey of 150 information technology decision makers and professionals carried out by Red Hat.
  • You can run the same programs on 16 different OpenStack clouds
    Cloud companies like to talk about about how you can avoid vendor lock-in. And OpenStack just showed how to make it happen. Sixteen different vendors did a live demo at OpenStack Summit showing that you could run the same software stack on 16 separate OpenStack platforms.
  • ​Where OpenStack cloud is today and where it's going tomorrow
    The future looks bright for OpenStack -- according to 451 Research, OpenStack is growing rapidly to become a $5-billion-a-year cloud business. But obstacles still remain.
  • ​Mirantis OpenStack: The good news and the bad news
    Mirantis recently signed a major deal with NTT, but the company is also laying off some of its employees.
  • The World Runs on OpenStack
    The OpenStack Summit keynotes got underway the morning of October 25, with Mark Collier, Chief Operating Officer of the OpenStack Foundation, declaring that the world runs on OpenStack.
  • Study: OpenStack is Marching Forward in Enterprises
    How fast is the OpenStack global cloud services market growing? Research and Markets analysts came out with a new report recently that forecasts the global OpenStack cloud market to grow at a CAGR of 30.49% during the period 2016-2020. Many enterprises now have large scale OpenStack deployments, and in conjunction with this week's OpenStack Summit in Barcelona, new study results are shedding light on exactly how entrenched this open cloud platform is in enteprises. The bottom line is: OpenStack is here to stay in enterprises. OpenStack deployments are getting bigger. Users are diversifying across industries. Enterprises report using the open source cloud software to support workloads that are critical to their businesses. These are among the findings in a recent study by 451 Research regarding OpenStack adoption among enterprise private cloud users. About 72 percent of OpenStack-based clouds are between 1,000 and 10,000 cores and three fourths choose OpenStack to increase operational efficiency and app deployment speed. The study was commissioned by the OpenStack Foundation. Here are some of the companies discussing their OpenStack deployments in Barcelona: Banco Santander, BBVA, CERN, China Mobile, Comcast, Constant Contact, Crowdstar, Deutsche Telekom, Folksam, Sky UK, Snapdeal, Swisscom, Telefonica, Verizon, Volkswagen, and Walmart. You can find some of the specific deployment stories from the companies at the OpenStack User Stories page.

Alpine Linux 3.4.5 released

The Alpine Linux project is pleased to announce the immediate availability of version 3.4.5 of its Alpine Linux operating system. This is a bugfix release of the v3.4 musl based branch, based on linux-4.4.27 kernels and it contains important security fixes for the kernel and for musl libc. Read more

Linux Graphics