TWIC effectiveness may be compromised
- By Alice Lipowicz
- Aug 16, 2006
The Transportation Security Administration's newly disclosed plan to begin implementation of the Transportation Workers Identification Credential without requiring card readers is running into opposition from a biometric industry representative.
"This is half a TWIC?a glorified Flash Pass," Walter Hamilton, chairman of the International Biometric Industry Association non-profit trade association, said today. "I'm concerned that the TWIC will not be used in the way it was intended."
The credential is a card with a microprocessor that uses radio frequency to convey information wirelessly to a card reader. The communication with the reader enables the card to be read and the information verified.
Hamilton based his comments on a recent e-mail written by Trinity Abbott, legislative analyst for the TSA. In the e-mail, Abbott states that TSA and the Coast Guard have decided that for the first phase of the TWIC, facility and vessel owners and operators will not be required to purchase or install card readers because of numerous concerns about the card technology expressed during the public comment period. TSA will issue an additional rulemaking soon to address the concerns, the e-mail stated.
"The requirement to purchase and install card readers will not be implemented until the public is afforded further opportunity to comment on that aspect of the TWIC program," the TSA e-mail states. Neither Abbott nor the TSA media office responded to requests for comment.
The TWIC card has been in the works since 2003 and earlier this year was put on a fast track by DHS Secretary Michael Chertoff. The initial implementation would cover 750,000 maritime and port workers, though eventually it could expand to about 10 million people.
The technology concerns expressed by Hamilton and other industry executives focus on the TSA's plan?announced this spring?to align the transportation workers credential with Federal Information Processing Standard 201, which is the criteria being used for federal worker identification cards. The FIPS 201 standard describes a card that uses a microprocessor to communicate with a reader and also includes encryption and a personal identification number to secure the information.
The FIPS 201 standard presents difficulties in comparison to the card technologies deployed in the TWIC prototype phases, according to Hamilton and others. For one thing, FIPS 201 does not include software to permit secure contactless reading of the biometric information on the proposed TWIC card, Hamilton said. With contactless interfaces, the card can be read wirelessly at a distance. Contact interfaces, such as those used for most ATM cards, require the cards to be inserted into a reader to be read.
"There is no contactless access to the biometrics on the card," Hamilton said. "Without that, the promise of the TWIC is unfulfilled. You have to be able to bind the person to the credential." Without the biometric verification, there is nothing to stop people from trading and sharing TWIC cards and assuming false identities, he said.
Biometric and maritime industry members have said they would prefer a contactless card readers over contact card readers, because contact readers are too susceptible to erosion when used outdoors in the salty sea air. Also, some industry members object to the use of a PIN because it might be impractical and time-consuming to apply in a busy port environment.
TSA is planning to issue additional rulemaking to address the technology concerns, Hamilton said. But in the meantime, he is worried about the idea of moving forward to implement TWIC without readers while the problems are unresolved. For one thing, it would likely mean that the first group of TWIC recipients would likely need to return for updated versions of the card later, he said.
"TSA is taking biometrics off the table temporarily," Hamilton said. "The implementation is being delayed while they work out the specifications." But, he said, his preference would be to "do it right the first time."
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.