• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • COMTECH banner

BATTLESPACE Updates

   +44 (0)77689 54766
   

  • Home
  • Features
  • News Updates
  • Defence Engage
  • Company Directory
  • About
  • Subscribe
  • Contact
  • Media Pack 2023

GAO STUDY ON RFID TECHNOLOGY FLAWED

June 4, 2005 by

31 May 05. Wilson P. Dizard III of GCN wrote that arecently released Government Accountability Office study of radio frequency identity device security is flawed because it omits discussion of technologies and federal policies in the arena, according to smart-card industry executives.

GAO defended the report, saying it relied on information provided by other federal agencies and did not delve deep into individual RFID programs that the agencies are implementing.

The GAO report, titled Information Security: Radio Frequency Identification Technology in the Federal Government, discusses privacy and security aspects of RFID tags used for inventory control as well as contactless smart cards used to make personnel credentials. GAO issued the report May 27.

The report cites several privacy and security issues that RFID units can pose, such as “tracking an individual’s movements, profiling an individual’s habits, tastes or predilections and allowing for secondary uses of information.” According to GAO, “While measures to mitigate these issues are under discussion, they remain largely prospective.”

But as Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., stated, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.

“The security measures—encryption and authentication—listed [by GAO as ‘prospective’] all exist today and are incorporated into programs such as the State Department’s e-passport program,” Hearn wrote in an e-mail comment on the GAO report.

Report author Gregory C. Wilshusen, director of information security issues for GAO, rejected Hearn’s view that full RFID privacy and security technology already exists. In an e-mail response, he cited the report’s statement that some RFID privacy and security methods, such as deactivation mechanisms on tags, blocking technology to disrupt transmissions and an opt-in/opt-out framework for consumers have not been fully developed.

Hearn also cited the existence of the Federal Information Processing Standard 140-2, which applies to contactless smart cards issued to federal employees and contractors, as well as privacy and security rules mandated in the Federal Identity Management Handbook.

Hearn noted that the standards that apply to federal use of contactless smart cards mandate compliance with the Privacy Act of 1974, the e-Government Act of 2002, Office of Management and Budget memorandums relevant to the topic and National Institute of Standards and Technology standards for smart-card security and privacy.

The governmentwide identity credentialing program for federal employees and contractors relies on standards such as the FIPS-201 that covers information security and privacy, among other topics [see GCN story].

Other industry sources, speaking on condition of anonymity, echoed Hearn’s view that the GAO report omitted key information about the security of RFID units used for credentialing purposes in federal programs.

Wilshusen said the document “was a general overview of RFID technology in federal government.” GAO produced the report at the request of four members of the House Homeland Security Committee, including the panel’s chairman, Rep. Christopher Cox (R-Calif.).

Wilshusen said GAO had sent surveys to 23 of the 24 agencies covered by the Chief Financial Officers Act, omitting the Defense Department, from which it already had information. The Pentagon is the largest government user of RFID systems.

As for the federal ID credentialing program, Wilshusen said, “The General Services Administration did not identify that as one of their programs using RFID technology.” Wilshusen added, “In terms of the actual implementation [of RFID technology] we did not look at applications. It was a broader view of how agencies are using the technologies.”

He also said, “We don’t come out and say this technology is

Primary Sidebar

Advertisers

  • qioptiq.com
  • Exensor
  • TCI
  • Visit the Oxley website
  • Visit the Viasat website
  • Blighter
  • SPECTRA
  • Britbots logo
  • Faun Trackway
  • Systematic
  • CISION logo
  • ProTEK logo
  • businesswire logo
  • ProTEK logo
  • ssafa logo
  • Atkins
  • IEE
  • EXFOR logo
  • sibylline logo
  • Team Thunder logo
  • Commando Spirit - Blended Scoth Whisy
  • Comtech logo
  • GoExporting logo
  • ECHODYNE logo
  • Supercat logo
  • Galvion logo
  • Leonardo DRS logo
  • MTC logo
  • IDC logo
  • IDC logo
Hilux Military Raceday Novemeber 2023 Chepstow

Contact Us

BATTLESPACE Publications
Old Charlock
Abthorpe Road
Silverstone
Towcester NN12 8TW

+44 (0)77689 54766

BATTLESPACE Technologies

An international defence electronics news service providing our readers with up to date developments in the defence electronics industry.

Recent News

  • EXHIBITIONS AND CONFERENCES

    September 21, 2023
    Read more
  • MANAGEMENT ON THE MOVE

    September 21, 2023
    Read more
  • CONTRACT NEWS IN BRIEF

    September 21, 2023
    Read more

Copyright BATTLESPACE Publications © 2002–2023.

This website uses cookies to improve your experience. If you continue to use the website, we'll assume you're ok with this.   Read More  Accept
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT