RFID NEWS
Text size:
T
T
T
US-VISIT RFID Trial Shows Security Holes
During the audit, the team was not allowed to use unauthorized interrogators to "communicate or read the Form I-94s at ports of entry." However, it was able to pull the record indicator (the unique ID encoded to each form's RFID inlay) from sample forms in a laboratory setting, using what the report deems a "more sophisticated reader," though the redacted report does not detail what type of interrogator was used in the lab. Today, rather than any personally identifiable information, only a record indicator is encoded to the RFID inlays embedded in the forms. The report further recommends that US-VISIT strengthen the data security of its RFID layer if personal data is ever encoded to the form.
The audit team provided US-VISIT personnel with the technical reports detailing the database and technical vulnerabilities it found in the RFID program. It also recommended the US-VISIT program "develop and implement a policy that addresses security controls over all components of an RFID system and ensure that policies and procedures are being followed at all affected ports of entry."
In responding to the report and its recommendations, US-VISIT personnel say they concur with some of the findings and have already acted on strengthening security measures around account management in the AIDMS database. Regarding the establishment of RIFD policy and procedures, however, James Williams, director of US-VISIT, disagrees. In a written response to the inspector general, Richard Skinner, Williams replies that while the program has already completed its own data security and privacy impact assessments, it lacks the authority to enact policy regarding RFID, and that such policy needs to be established by the DHS. The department has completed a draft Applications Implementation Guide for RFID, which US-VISIT staff is reviewing and will comment on to the DHS. Implementations of all procedures at ports of entry, Williams notes, is "under the purview of CBP."
Implementation of another DHS initiative that could include use of RFID technology will be delayed if any of a number of pending bills passes through Congress. Last week, the Senate Appropriations Committee approved an amendment calling for a delay to the Jan. 1, 2007, implementation deadline for the Western Hemisphere Travel Initiative, which mandates that anyone crossing a land border with the United States, including U.S. citizens, must present secure travel documents denoting citizenship and serving as proof of identity. Sponsors of the legislature feel the DHS is not yet prepared to implement the program properly.
In January, Homeland Security Secretary Michael Chertoff and Secretary of State Condoleeza Rice announced plans to introduce the PASS, an RFID-enabled ID card that U.S. citizens would use to comply with the Western Hemisphere Travel Initiative. The card is expected to be ready for use late this year.
The audit team provided US-VISIT personnel with the technical reports detailing the database and technical vulnerabilities it found in the RFID program. It also recommended the US-VISIT program "develop and implement a policy that addresses security controls over all components of an RFID system and ensure that policies and procedures are being followed at all affected ports of entry."
In responding to the report and its recommendations, US-VISIT personnel say they concur with some of the findings and have already acted on strengthening security measures around account management in the AIDMS database. Regarding the establishment of RIFD policy and procedures, however, James Williams, director of US-VISIT, disagrees. In a written response to the inspector general, Richard Skinner, Williams replies that while the program has already completed its own data security and privacy impact assessments, it lacks the authority to enact policy regarding RFID, and that such policy needs to be established by the DHS. The department has completed a draft Applications Implementation Guide for RFID, which US-VISIT staff is reviewing and will comment on to the DHS. Implementations of all procedures at ports of entry, Williams notes, is "under the purview of CBP."
Implementation of another DHS initiative that could include use of RFID technology will be delayed if any of a number of pending bills passes through Congress. Last week, the Senate Appropriations Committee approved an amendment calling for a delay to the Jan. 1, 2007, implementation deadline for the Western Hemisphere Travel Initiative, which mandates that anyone crossing a land border with the United States, including U.S. citizens, must present secure travel documents denoting citizenship and serving as proof of identity. Sponsors of the legislature feel the DHS is not yet prepared to implement the program properly.
In January, Homeland Security Secretary Michael Chertoff and Secretary of State Condoleeza Rice announced plans to introduce the PASS, an RFID-enabled ID card that U.S. citizens would use to comply with the Western Hemisphere Travel Initiative. The card is expected to be ready for use late this year.
