Committee: TWIC encryption ill-advised

The Homeland Security Department should reverse course and not encrypt the Transportation Workers Identification Credential computer chip and reader, a federally chartered maritime advisory group recommended on Thursday.

The National Maritime Security Advisory Committee, which was charged by the department in November 2006 to propose technology specifications for TWIC readers, recommended readers without encryption in its final recommendations published on Feb. 28. The committee acknowledged that its recommendation departs from DHS' guidance on the subject.

The maritime committee asserted that the encryption would create additional processing time, more processing failures and higher costs. The committee said TWIC should be deployed with an unencrypted fingerprint template, which is a digitized version of a fingerprint, which would be adequately protective of privacy.

"Encryption would not be acceptable at this point," Lisa Himber, co-chair of the committee's TWIC working group and vice president of the Maritime Exchange for the Delaware River and Bay, told Washington Technology. "Encryption would create more problems than the extra protection it would afford."

The committee recognized that its recommendation does not follow DHS' guidance to include encryption in the readers, Himber said. However, the committee did not receive that guidance from the department until Jan. 30, 2007, just four weeks before its Feb. 28 deadline to complete its work, she said.

"With that recommendation coming in at the 11th hour, (the working group) had already finished our work with no opportunity to reconvene," Himber said.

However, to respond to DHS' guidance, the committee also adopted a version of a reader that does include encryption. Furthermore, a technical panel of its TWIC working group submitted a third alternative version intended as a compromise, which would use encryption through the use of a magnetic strip attached to the TWIC card.

Even though it presented several alternative specifications, the committee chose the unencrypted version as its preferred choice, Himber said. The committee's opinion reflected the findings of its TWIC working group.

"Given the limited amount of information transmitted between the TWIC and the reader, the working group does not believe encryption will provide any additional security benefit, but it will increase both cost and processing time," the committee states in its recommendations. "In short, there is no empirical evidence that encrypting the fingerprint template affords any additional protection of personal privacy."