Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

Your Beard Doesn’t Intimidate Me Anymore!

Linux is a community environment. Whether it’s the professionals over at RedHat, Canonical, and Suse or the guys who got together and decided to create Hannah Montana Linux, behind every project there’s usually a community. My first attempt at Linux came in the desert in Iraq. We were building a router lab and I had a couple of blade servers lying around but couldn’t get the Microsoft 2003 server key from our IT guys. So the other resident nerd on site and I started downloading Linux Distros to check them out. OpenSuse was awesome, Ubuntu was in its infancy, and I had no idea what I was doing. At night I’d trudge through forum after forum trying to figure out how the OS could help solve the problems I was creating and experiencing. There were a lot of posts for post-windows users and not all of them were kind. Many of them were written with a rather mocking or haughty tone. There was almost a standard litmus tests on posts where the person would casually mention how long they’ve been running Linux. Anything less than five years was a noob and others on the forum would point it out. There were a lot of good, kind voices, but they were often drowned out by those with a chip on their shoulder. (Read the rest)

Red Hat News

  • Red Hat Data Science talks at Apache Big Data 2016
    Unfortunately, my talk is at the same time as Suneel’s, so I won’t be able to attend his, but these are all great talks and you should be sure to put as many as possible on your schedule if you’ll be in Vancouver!
  • Red Hat Platform Selected As Reference Platform For Telefonica Operators
    Red Hat, Inc. (RHT) and Telefonica Business Solutions, a provider of a wide range of integrated communication solutions for the B2B market, announced an agreement establishing Red Hat Mobile Application Platform as the global reference platform for operators within the Telefonica Group to mobilize the business processes of its customers on their path to digital transformation.
  • Telefonica and Red Hat Sign a Global Agreement to Help Companies Mobilize Business Processes
    Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, and Telefonica Business Solutions, a leading provider of a wide range of integrated communication solutions for the B2B market, today announced an agreement establishing Red Hat Mobile Application Platform as the global reference platform for operators within the Telefonica Group to mobilize the business processes of its customers on their path to digital transformation.
  • Fedora “update testing” with Bodhi
    Before and after Fedora releases, there are updates that keep coming in to fix bugs or add minor features to packages included in Fedora. To ensure that these are stable and don’t affect the performance of the existing system, we do “update testing”. Once testing is complete, we share our results and make sure that the developer is aware about the bugs and the success rate of the package. This article will explain how to participate in update testing and contribute to a high quality Fedora release!

Android Leftovers

This Is How the New Linux Mint 18 Cinnamon Theme Looks Like

Linux Mint project leader and maintainer Clement Lefebvre dropped some exciting news today about what users should expect from the upcoming Linux Mint 18 "Sarah" operating system. Read more