RFID Security Forum

Friday, November 03, 2006

Fair and Balanced?

Contributed by Louis Parks:

The Smartcard Alliance issued a press release this week in attempt to clarify the pitfalls of relying on RFID technology to secure our borders. Unfortunately, its partial views, questionable reference to unrelated events, and failing to address the actual performance needs of the Passport card weaken their argument.

First, it is unclear how much more secure smartcard technology is versus some of the recent developments in RFID. The NY Times lead business article last week pointed out the ease at which some students could gather your identification and credit card number from “smartcard-secure” credit cards. Earlier this year it took a group in Holland just 2 hours to crack the “secure data” gathered off an electronic passport using smart card technology.

The Smartcard Alliance have also missed the mark in questioning our government’s ability to protect our data (part of the proposed border solution). The press release sited the recent data breach at the Department of Veteran Affairs. In fact, this was a case where a Unisys PC went missing that contained some VA billing records. Unisys was a subcontractor and likely under some very strict guidelines for data security that they obviously failed to meet. I don’t think this totally absolves the government from some responsibility but this incident was not a direct failing of a government agency. I could not find a recent failing of this nature so maybe the fix is to simply not contract out the work (sorry for the subliminal pitch for bigger government)?

Finally, the press release failed to mention that Passport Card needs to be read from up to 20 feet away to support the proposed streamlining functions at the border. Smartcard technology can only be read over a few inches. I don’t see how you substitute one function for another without affecting the proposed process.

We don’t have all the answers yet on how Homeland Security and the State Department will secure the Passport Card but we will need factual critical review of any technology presented to decide if it is secure – hopefully it will come from a fair and balanced view.

Labels: , , , , , ,


Post a Comment

Links to this post:

Create a Link

<< Home