Information Security:
Key Considerations Related to Federal Implementation of Radio Frequency Identification Technology
GAO-05-849T: Published: Jun 22, 2005. Publicly Released: Jun 22, 2005.
Additional Materials:
- Highlights Page:
- Full Report:
- Accessible Text:
Contact:
(202) 512-6244
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Radio frequency identification (RFID) is an automated data-capture technology that can be used to electronically identify, track, and store information contained on a tag that is attached to or embedded in an object, such as a product, case, or pallet. Federal agencies have begun implementation of RFID technology, which can offer them new capabilities and efficiencies in operations. For example, the State Department has reported plans to use RFID technology in its electronic passports. The reduced cost of the technology has made the wide-scale use of it a real possibility for government and industry organizations. As requested, this testimony will provide an overview of the technology and discuss key security, privacy, and other considerations surrounding implementation of the technology in the federal government. It is based on our recently issued report (GAO-05-551).
The main technology components of an RFID system are a tag, reader, and database. A reader scans the tag for data and sends the information to a database, which stores the data contained on the tag. The use of tags and databases raises important security considerations related to the confidentiality, integrity, and availability of the data on the tags, in the databases, and in how this information is being protected. Tools and practices such as implementing the risk-based framework mandated by the Federal Information Security Management Act of 2002 and employing encryption and authentication technologies can help mitigate these security considerations. Key privacy concerns include notifying individuals of the existence or use of the technology; tracking an individual's movements; profiling an individual's habits, tastes, or predilections; and allowing for secondary uses of the information. Tools and practices can help mitigate these considerations, including existing requirements contained in legislation and proposed measures such as a deactivation mechanism on the tag, among others. In addition to security and privacy, there are other areas of consideration related to the adoption of the technology. These areas include the reliability of the tags and readers; placement and orientation of the tag; costs and benefits associated with implementation; availability of tags; and environmental issues, such as the reuse and recycling of tags.
Jul 26, 2019
Federal Information Security:
Agencies and OMB Need to Strengthen Policies and PracticesGAO-19-545: Published: Jul 26, 2019. Publicly Released: Jul 26, 2019.
Jul 25, 2019
-
Cybersecurity:
Agencies Need to Fully Establish Risk Management Programs and Address ChallengesGAO-19-384: Published: Jul 25, 2019. Publicly Released: Jul 25, 2019.
Jul 18, 2019
-
Management Report:
Improvements Are Needed to Enhance the Internal Revenue Service's Information System Security ControlsGAO-19-474R: Published: Jul 18, 2019. Publicly Released: Jul 18, 2019.
Jun 14, 2019
-
Data Protection:
Federal Agencies Need to Strengthen Online Identity Verification ProcessesGAO-19-288: Published: May 17, 2019. Publicly Released: Jun 14, 2019.
Mar 27, 2019
-
Data Breaches:
Range of Consumer Risks Highlights Limitations of Identity Theft ServicesGAO-19-230: Published: Mar 27, 2019. Publicly Released: Mar 27, 2019.
Dec 20, 2018
-
Information Security:
Significant Progress Made, but CDC Needs to Take Further Action to Resolve Control Deficiencies and Improve Its ProgramGAO-19-70: Published: Dec 20, 2018. Publicly Released: Dec 20, 2018.
Dec 18, 2018
-
Information Security:
Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against IntrusionsGAO-19-105: Published: Dec 18, 2018. Publicly Released: Dec 18, 2018.
Dec 6, 2018
-
Cybersecurity:
Federal Agencies Met Legislative Requirements for Protecting Privacy When Sharing Threat InformationGAO-19-114R: Published: Dec 6, 2018. Publicly Released: Dec 6, 2018.
Nov 13, 2018
-
Information Security:
OPM Has Implemented Many of GAO's 80 Recommendations, but Over One-Third Remain OpenGAO-19-143R: Published: Nov 13, 2018. Publicly Released: Nov 13, 2018.
Sep 17, 2018
-
Cybersecurity:
Office of Federal Student Aid Should Take Additional Steps to Oversee Non-School Partners' Protection of Borrower InformationGAO-18-518: Published: Sep 17, 2018. Publicly Released: Sep 17, 2018.
Looking for more? Browse all our products here
Explore our Key Issues on Information Security
Explore our other Key Issues here
