Language Selection

English French German Italian Portuguese Spanish

GAO study of RFID technology, policy seen flawed

Filed under
Security

A recently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as "tracking an individual's movements, profiling an individual's habits, tastes or predilections and allowing for secondary uses of information." According to GAO, "While measures to mitigate these issues are under discussion, they remain largely prospective."

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

"The security measures-encryption and authentication-listed [by GAO as 'prospective'] all exist today and are incorporated into programs such as the State Department's e-passport program," Hearn wrote in an e-mail comment on the GAO report.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

Full Article.

More in Tux Machines

SMPlayer 14.9 Review – One of the Best Movie Players for Linux

In this article I will overview the main things that make SMPlayer stand out of the crowd, putting it on the top of the video playback applications list. SMPlayer is written in Qt 4.8 and uses MPlayer2 for video playback. Personally I have only words of praise for this player, which is why I decided to write this review. So let’s proceed and see what the most important features of SMPlayer are. Read more

Kano Ships Its First 18,000 Learn-To-Code Computer Kits, Fueled By $1.5M Kickstarter

Kano Computing, a startup that plays in the learn to code space by adding a step-by-step hand-holding layer atop the Raspberry Pi single-board microcomputer to make hacking around with code and learning about computational thinking child’s play, has shipped all the hardware kits in its first batch of crowdfunded orders and pre-orders. Read more

elementary OS: Don't Hate Me Because I'm Beautiful

Ubuntu is a very popular base and it's used by too many systems to count. Ubuntu itself is based on Debian, but for now we’ll stick with Ubuntu. elementary was not supposed to be an operating system, and in fact it started its life just as a collection of themes and a few other packages that allowed users to make Ubuntu look different. The developers soon realized that they could do better than this and made their own operating system. Only two versions of it have been released until now, Jupiter and Luna. They are now working on a third one called Freya, which is in the Beta stages. What is happening with this incredible rate of adoption for this OS and why is it so popular? Read more

Honda Connect in-vehicle infotainment system has Tegra inside and runs Android

The 2015 model of Honda Civic, Civic Tourer and CR-V will be the first vehicle to ship with Honda Connect, and that will be on the European models. Honda Connect looks nice, but a standalone infotainment system that can be used on any car is a much better idea. Read more