Government Computer News reports on industry criticism of the GAO’s recent report on RFID deployment by Federal agencies.
Patrick Hearn, business development director for Oburthur Card Systems of Chantilly, Va., said, federal law, regulations and policies mandate many privacy and security protections for the use of smart cards in federal credentialing programs.
“The security measures—encryption and authentication—listed [by GAO as ‘prospective’] all exist today and are incorporated into programs such as the State Department’s e-passport program,” Hearn wrote in an e-mail comment on the GAO report.
…
The report’s author, Gregory C. Wilshusen, director of information security issues for GAO, said Hearn’s view that full RFID privacy and security technology already exists is incorrect.
In an e-mail response, he cited the report’s statement that some RFID privacy and security methods, such as deactivation mechanisms on tags, blocking technology to disrupt transmissions, and an opt-in/opt-out framework for consumers have not been fully developed.