http://www.gcn.com/online/vol1_no1/41273-1.html By Alice Lipowicz Contributing Writer 07/10/06 Use of radio frequency identification tags within the U.S. Visitor and Immigrant Status Indicator Technology program has been applied with privacy protections but has not been adequately configured and tested to ensure that those protections are effective, according to a new report [1] from the Homeland Security Department inspector general. The RFID tags currently are being used on Form I-94 documents issued to foreign visitors at several U.S. land ports of entry. As of December 31, 2005, US Visit had issued 149,414 RFID-enabled Form-I-94s to travelers, DHS Inspector General Richard Skinner said. The RFID on the Form I-94s was designed with privacy protections, the inspector general said. Specifically, the RFID tag, which is a small computer chip, contains only a number. This number must be viewed within US Visits secure database to obtain personal information on the visitor. Overall, the inspector general judged these privacy protections to be effective, and to present no high or medium information security vulnerabilities. However, the report identified vulnerabilities in US Visits password management and user access system that allows US Visit employees to access the personal information contained in the database. U.S. Visit has not properly configured its Automated Identification Management System database to ensure that data captured and stored is properly protected, the inspector general wrote. Furthermore, US Visit has not prepared and tested contingency plans to make sure that the database can be restored following a disruption, the report said. -=- Alice Lipowicz is a staff writer for Government Computer News sister publication, Washington Technology. 1996-2006 Post-Newsweek Media, Inc. All Rights Reserved [1] http://www.dhs.gov/interweb/assetlibrary/OIG_06-39_Jun06.pdf _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jul 11 2006 - 01:23:40 PDT