Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

KDE and GNOME: Kubuntu, Krita, GNOME Development

  • Kubuntu 18.04 LTS Could Switch to Breeze-Dark Plasma Theme by Default, Test Now
    The latest daily build live ISO images that landed earlier today for Kubuntu 18.04 LTS (Bionic Beaver) apparently uses the Breeze-Dark Plasma theme for the KDE Plasma 5.11 desktop environment by default. However, we've been told that it's currently an experiment to get the pulse of the community. "Users running [Kubuntu] 18.04 development version who have not deliberately opted to use Breeze/Breeze-Light in their System Settings will also see the change after upgrading packages," said the devs. "Users can easily revert back to the Breeze/Breeze-Light Plasma themes by changing this in System Settings."
  • Interview with Rytelier
    The amount of convenience is very high compared to other programs. The amount of “this one should be designed in a better way, it annoys me” things is the smallest of all the programs I use, and if something is broken, then most of these functions are announced to improve in 4.0.
  • Grow your skills with GNOME
    For the past 3 years I’ve been working very hard because I fulfill a number of these roles for Builder. It’s exhausting and unsustainable. It contributes to burnout and hostile communication by putting too much responsibility on too few people’s shoulders.
  • GTK4, GNOME's Wayland Support & Vulkan Renderer Topped GNOME In 2017
  • A Lot Of Improvements Are Building Up For GIMP 2.9.8, Including Better Wayland Support
    It's been four months since the release of GIMP 2.9.6 and while GIMP 2.9 developments are sadly not too frequent, the next GIMP 2.9.8 release is preparing a host of changes. Of excitement to those trying to use GIMP in a Wayland-based Linux desktop environment, GIMP's color picker has just picked up support for working on KDE/Wayland as well as some other Color Picker improvements to help GNOME/Wayland too. GIMP's Screenshot plugin also now has support for taking screenshots on KDE/Wayland either as a full-screen or individual windows. Granted, GIMP won't be all nice and dandy on Wayland itself until seeing the long-awaited GTK3 (or straight to GTK4) port.

Red Hat and Fedora

OSS Leftovers

  • How Open Source Databases Unlock Faster Computing
  • The art of the usability interview
    During a usability test, it's important to understand what the tester is thinking. What were they looking for when they couldn't find a button or menu item? During the usability test, I recommend that you try to observe, take notes, capture as much data as you can about what the tester is doing. Only after the tester is finished with a scenario or set of scenarios should you ask questions.
  • This open-source interview approach will help you avoid unconscious bias
    The lack of diversity in tech has been front and center this past year. Large tech companies have publicly vowed to fix the problem. But how? One answer is recognizing, acknowledging, and eliminating unconscious bias from the hiring process.
  • Microsoft Goes All In With Kubernetes
  • OpenBSD Now Officially Supports 64-bit ARM
    OpenBSD has graduated its 64-bit ARM (ARM64) architecture to being officially supported. As outlined in the OpenBSD Journal with a change made this week by lead OpenBSD developer Theo de Raadt, OpenBSD's ARM64 support is now considered officially supported.
  • LLVM Clang 6.0 Now Defaults To C++14
    Up to now LLVM's Clang C/C++ compiler has defaulted to using C++98/GNU++98 as its default C++ standard, but fortunately that's no more. Clang's default C++ dialect is now GNU++14 version of C++14 rather than GNU++98 (C++98). The older versions of the C++ standard remain available and can be set via the -std= argument, just as those previously could have specified C++11 / C++14 / C++17, but now in cases where not specified, GNU++14/C++14 is the default.
  • Tor Browser 7.0.11 is released
    Tor Browser 7.0.11 is now available from the Tor Browser Project page [1] and also from our distribution directory [2].

Android Leftovers