GAO Exposes Security Lapses of TWIC Program at Ports
This story appears in the May 16 print edition of Transport Topics.
Investigators with the Government Accountability Office said they were able to gain unescorted access to several U.S. ports using fake biometric Transportation Worker Identification Credential cards.
“During covert tests of TWIC use at several selected ports, GAO’s investigators were successful in accessing ports using counterfeit TWICs, authentic TWICs acquired through fraudulent means, and false business cases [i.e., reasons for requesting access],” said the GAO study, which was released last week.
The TWIC program is meant to ensure unauthorized dock workers and truck drivers don’t gain unauthorized access to seaports. GAO, the federal government’s watchdog agency, suggested that weaknesses with internal enrollment controls and background checks could have contributed to the security breaches.
At the request of the Transportation Security Administration, the GAO did not disclose where investigators conducted their covert testing, but said the ports collectively accounted for 54% of maritime container trade in the United States in 2009. The visits were made from November 2009 through March 2011.
GAO investigators said they also conducted covert tests using fraudulent information at enrollment centers to help test the rigor of the TWIC enrollment and background-checking processes.
“The investigators fully complied with the enrollment application process,” the study said. “They were photographed and fingerprinted, and asserted themselves to be U.S.-born citizens. The investigators were successful in obtaining authentic TWIC cards despite going through the background-checking process.”
Greg Soule, a TSA spokesman, said the agency and the U.S. Coast Guard, which is responsible for enforcing security at U.S. ports, are evaluating and implementing new internal controls as requested by GAO.
“The Department of Homeland Security concurs with GAO’s recommendations and is taking steps to address them,” Soule told Transport Topics.
GAO’s study noted that if a TWIC applicant claims to be a non-U.S. citizen or non-U.S.-born citizen, TSA staff members are required to positively identify the individual by confirming aspects of the individual’s biographic information, inclusive of their alien registration number and other physical descriptors, against available databases.
However, the TWIC program does not require that applicants claiming to be U.S.-born citizens or nationals provide identity documents that demonstrate proof of citizenship or lawful status in the United States.
As of September 2010, the TWIC program’s background-checking process identified only 18 instances of potential fraud out of the approximately 1.6 million TWIC enrollments, GAO said.
The public version of the study omitted sensitive information about the TWIC program, including techniques used to enroll and conduct a background check on individuals and assess an individual’s eligibility for a TWIC and the technologies that support TWIC security threat assessment determinations and Coast Guard inspections, GAO said.
The government watchdog recommended that TSA assess TWIC program internal controls to identify needed corrective actions, assess TWIC’s effectiveness, and use the information to identify effective and cost-efficient methods for meeting program objectives.
TSA’s Soule said that while the agency recognizes that work remains to be done, he noted that “as a result of DHS’ rigorous vetting process, approximately 35,000 individuals who applied for a TWIC have been denied because of issues that demonstrate the individual could pose a threat to transportation.”
As of March, TSA has enrolled and vetted more than 1.8 million maritime workers, Soule said.
The GAO report comes only a few weeks after the program was harshly criticized at a hearing by members of the House Transportation Committee for being several years behind schedule in deploying biometric TWIC card readers at seaports (5-2, p. 4).
In a statement last week, House Transportation Committee Chairman, Rep. John Mica (R-Fla.), one of the GAO study requestors, said the TWIC program is “turning into a dangerous and expensive experiment in security.”
“Nearly half a billion dollars has been spent since TSA was directed to issue biometric security cards to transportation workers,” Mica said. “Yet today, 10 years later and with no approved biometric reader, TWICs are at best no more useful than library cards.”
Despite the significant costs, GAO concluded that the TWIC program was poorly tested and evaluated before deployment began, Mica said.