Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

Smartphone Waste and Tizen News

15 Things To Do After Installing Ubuntu 17.10 "Artful Aardvark"

​The New Ubuntu 17.10 "Artful Aardvark" launch with GNOME3 has brought a big change and got a lot of people excited to try it as soon as they can. If you don't know yet the new stuff in Ubuntu 17.10, read the article we published today. Read
more

Anarchy Linux Dispels Fear of Arch

Arch-Anywhere/Anarchy Linux is one of the nicest Arch-based distributions I have encountered. However, Anarchy Linux still requires familiarity with terminology and processes that usually are not needed to install Linux distros from a fully-functioning live session installation disk. Not having a demo mode to preview how the OS runs on your particular hardware can be a time-consuming setback. However, once you have Anarchy Linux up and running, it will give you a very pleasing computing experience. Much of what happens after installation depends on the desktop environment you selected. If you have a desktop preference or prefer one of the included window manager environments instead, you can forget about the sullied reputation that comes with Arch Linux distros. For many reasons, Anarchy Linux is a winning choice. Read more

Intel Graphics Performance: Ubuntu 17.04 vs. 17.10

Given the Ubuntu 17.10 release this week and its massive desktop changes from GNOME Wayland to Mesa/kernel upgrades, we've been busy benchmarking this new Ubuntu OS release. Complementing the Radeon Ubuntu 17.04 vs. 17.10 gaming comparison are now some OpenGL/Vulkan benchmarks when using Intel Kabylake graphics hardware on Ubuntu 17.04, 17.10 with X.Org and Wayland, and the performance if upgrading against Linux/Mesa Git. Read more