IoT Security Blog

Articles and Posts on IoT Security, Embedded Systems, and the Internet of Things

Fair and Balanced?

Contributed by Louis Parks

The Smart Card Alliance issued a press release this week (link no longer available) in attempt to clarify the pitfalls of relying on RFID technology to secure our borders. Unfortunately, its partial views, questionable reference to unrelated events, and failing to address the actual performance needs of the Passport card weaken their argument.

First, it is unclear how much more secure smart card technology is versus some of the recent developments in RFID. The NY Times lead business article last week pointed out the ease at which some students could gather your identification and credit card number from smart card-secure credit cards. Earlier this year it took a group in Holland just 2 hours to crack the secure data gathered off an electronic passport using smart card technology.

The Smart Card Alliance have also missed the mark in questioning our government’s ability to protect our data (part of the proposed border solution). The press release sited the recent data breach at the Department of Veteran Affairs. In fact, this was a case where a Unisys PC went missing that contained some VA billing records. Unisys was a subcontractor and likely under some very strict guidelines for data security that they obviously failed to meet. I don’t think this totally absolves the government from some responsibility but this incident was not a direct failing of a government agency. I could not find a recent failing of this nature so maybe the fix is to simply not contract out the work (sorry for the subliminal pitch for bigger government)?

Finally, the press release failed to mention that Passport Card needs to be read from up to 20 feet away to support the proposed streamlining functions at the border. Smart card technology can only be read over a few inches. I don’t see how you substitute one function for another without affecting the proposed process.

We don’t have all the answers yet on how Homeland Security and the State Department will secure the Passport Card but we will need factual critical review of any technology presented to decide if it is secure hopefully it will come from a fair and balanced view.