Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

10 tips for getting the most life out of your Android battery

As Android evolves, so too does the battery life. With every iteration of the platform we enjoy longer time between charges. But that doesn't mean there aren't things you can do to get even more out of that battery. With just a bit of work, you can extend it well beyond what you've been experiencing. Best of all, these tips don't require a degree in Android-ology to put them to work. Read more

Systemd 229 Released With Many Changes, DNS Resolver Now Fully Supported

The last major systemd update was all the way back in November, which is rather strange considering their normal frequent releases, but that changed today with the release of systemd 229. Systemd 229 has been released and given the span since systemd 228, this is a very hearty release. First up, the systemd-resolved DNS resolver is no longer experimental but is now fully-supported and offers a ton of new features, including DNSSEC support. Read more

today's leftovers

  • Free live-booting distro DVD with LU&D #162
    A brand new issue of Linux User & Developer hits the high street and the app stores today – we’ve done something a little different for you this time.
  • Russian government to switch to desktop Linux?
    The Russian government is reported to be contemplating dropping Microsoft Windows and adopting Linux as the operating system for agency PCs according to its internet czar, German Klimenko.
  • The Linux Foundation's big plan to speed up storage, networking
    The Linux Foundation continues to think big. It became a hub for containers by spearheading the Open Container Project and the Cloud Native Computing Foundation, and it has pushed to make APIs self-standardizing. Now, it's kicked off yet another industry-wide open source initiative: the Fast Data Project (Fd.io). The idea of "an I/O services framework for the next wave of network and storage software" (per the Foundation) may not sound as vital as protecting core Internet infrastructure or making it simpler for Web server admins to support HTTPS. But on closer inspection, FD.io is in line with the Foundation's ambitions to nurture the future Web.
  • ownCloud Desktop Client Updated with HiDPI Improvements, Better Syncing
    Today, February 10, 2016, ownCloud Inc. was proud to announce the release and general availability of new versions for its ownCloud Desktop and ownCloud Android clients.
  • LibreOffice 5.1 Released with Boatload of Changes
  • Ubuntu Core Now Supports Intel NUC Mini PC
    Canonical has this week announced that the Ubuntu Core now supports the Intel NUC DE3815TY mini PC after working together with Intel the company has now created a standard platform for developers to test and create x86-based IOT solutions using snappy Ubuntu Core.
  • 6 reasons to blog in Markdown with Jekyll
    GitHub pages is a free offering that can host your Jekyll blog for free. It also takes care of generating static HTML files from your Markdown text files, so there's no need to install anything on your computer. You can also use Jekyll with your own domain name (if you have one).

Education and Open Access

  • UNICEF Seeks World-Changing Open Source Technologies
    United Nations to fund startups to develop open source tech to improve the lives of vulnerable children and civilians
  • UCLA just open-sourced a powerful new image-detection algorithm
    Image recognition has become increasingly critical in applications ranging from smartphones to driverless cars, and on Wednesday UCLA opened up to the public a new algorithm that promises big gains. The Phase Stretch Transform algorithm is a physics-inspired computational approach to processing images and information that can help computers "see" features of objects that aren't visible using standard imaging techniques. It could be used to detect an LED lamp's internal structure, for example -- something that would be obscured to conventional techniques by the brightness of its light. It can also distinguish distant stars that would normally be invisible in astronomical images, UCLA said.
  • Open-source textbooks gain in push for college affordability [Ed: same as below]
  • Open-Source Textbooks Gain in Push for College Affordability
    The standard textbook for Fundamentals of General Chemistry I at the University of Connecticut has a list price of $303. For students who use the version professor Edward Neth is preparing for the fall semester, the cost will be zero. An early adopter of open source textbooks, Neth said he turned to the new technology out of frustration with spiraling prices of commercial textbooks. "It's seeing the costs go up every semester and almost feeling powerless," Neth said.
  • Zika articles made open-source to accelerate research
    Nature, the Lancet and many other medical publishers and researchers have announced that all Zika-related scientific articles will be published freely in the wake of the recent outbreak.