By Alice Lipowicz
Use of radio frequency identification tags within the U.S. Visitor and
Immigrant Status Indicator Technology program has been applied with
privacy protections but has not been adequately configured and tested to
ensure that those protections are effective, according to a new report 
from the Homeland Security Department inspector general.
The RFID tags currently are being used on Form I-94 documents issued to
foreign visitors at several U.S. land ports of entry. As of December 31,
2005, US Visit had issued 149,414 RFID-enabled Form-I-94s to travelers,
DHS Inspector General Richard Skinner said.
The RFID on the Form I-94s was designed with privacy protections, the
inspector general said. Specifically, the RFID tag, which is a small
computer chip, contains only a number. This number must be viewed within
US Visits secure database to obtain personal information on the visitor.
Overall, the inspector general judged these privacy protections to be
effective, and to present no high or medium information security
However, the report identified vulnerabilities in US Visits password
management and user access system that allows US Visit employees to access
the personal information contained in the database.
U.S. Visit has not properly configured its Automated Identification
Management System database to ensure that data captured and stored is
properly protected, the inspector general wrote.
Furthermore, US Visit has not prepared and tested contingency plans to
make sure that the database can be restored following a disruption, the
Alice Lipowicz is a staff writer for Government Computer News sister
publication, Washington Technology.
1996-2006 Post-Newsweek Media, Inc. All Rights Reserved
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.