More woes for TWIC

Error rates could stall rollout of transportation ID program

Contractors such as Jon Rambeau of Lockheed Martin Corp. are taking the TWIC controversies in stride. "We have flexibility on how to do this," he said.

Rick Steele

New concerns about error rates inherent in government biometric identification cards are the latest problem to plague the long-delayed Transportation Workers Identification Credential program.

Homeland Security Department officials earlier this year said TWIC would conform to the Federal Information Processing Standard 201, which defines technology standards for federal personal identification cards. But concerns have arisen, and DHS officials now find themselves grappling with technical and operational issues regarding FIPS 201.

Although the program, which would have millions of port, airline, truck and transport workers carrying the credential known TWIC, has lingered in development since 2003, Secretary Michael Chertoff put it on the fast track in early 2006.

Two problems are paramount. First, there are worries that TWIC smart cards, which use a personal identification number and must be inserted into a reader, won't work properly in the harsh, salty air of marine environments. DHS officials, in response, withdrew the card readers from the initial TWIC deployment. They now are working with industry and port authority officials to develop standards for contactless TWIC readers to avoid the problems of corrosion from salt air and water.

Second, serious concerns are surfacing about the 1 percent system error rate inherent in FIPS 201. That figure reflects a 1 in 100 false acceptance rate, and 1 in 100 false rejection rate. Those rates are published in the National Institute of Standards and Technology's Special Publication 800-76, incorporated in the FIPS 201 standard.

NIST established those error rates in its test of the FIPS 201 requirement for interoperability among cards produced by different vendors. To meet that requirement, NIST tested fingerprint minutiae templates, which are digitized versions of fingerprints showing features such as ridges and whorls.

Based on the published error rates, for every 100 people presenting the TWIC card to enter a facility, the system is nearly certain to make at least one false reading. At a busy port welcoming 300 trucks an hour, that would be at least three false reads per hour.

Would such an error rate significantly slow commerce? "Absolutely, it would," said Lisa Himber, vice president for the Maritime Exchange for the Delaware River and Bay, a nonprofit trade association that participated in TWIC prototype testing.

"We've got vehicles backed up five to seven deep, so you'd have to pull someone out of line and let them through, because you cannot back out. And some of the ports have only one lane," Himber told Washington Technology. "We'd certainly be concerned about the potential for a lot of false reads, and one in 100 is a pretty large number."

"The error rate would cause concern, especially at the busier ports and facilities where they have to be very careful to avoid congestion at the gates," said Joe Bouchard, senior program executive for homeland and maritime security with Zel Technologies LLC, a professional services company in Hampton, Va. "The card has to be very, very reliable, have a very low error rate and very low downtime."

Transportation Security Administration officials said they are aware of the challenges with the error rate and are addressing them. At the same time, the agency is "moving forward aggressively to implement the TWIC program," said Darrin Kayser, a TSA spokesman. TSA is expected shortly to issue a final rule detailing enrollment and issuance of the credential.

"As we move forward with enrollment, we will work closely with interested parties to address the technologic and logistic issues for access control," Kayser said. The false reject rate is one of them, he said.

TSA intends early next year to deploy the biometric ID cards, albeit without readers, for about 750,000 maritime employees. To compete for enrollment and help-desk services, the agency in September selected eight vendors: BearingPoint Inc., Computer Sciences Corp., EDS Corp., IBM Corp., Integrated Biometric Technology Inc., Lockheed Martin Corp., Maximus Inc. and Motorola Inc.

TSA could, on its own, mandate a higher level of accuracy for the ID card, NIST officials said.

"NIST indicates in SP 800-76 that agencies are free to establish their own performance thresholds and to conduct operational tests to confirm them," NIST spokeswoman Jan Kosko wrote in an e-mail to Washington Technology. "The 1-in-100 error rate specification in SP 800-76 applies only to a test designed to find interoperable products. It is not intended to regulate agencies' security requirements."

If TSA adopts its own standard for an ID card, however, additional testing likely would take significant time. NIST's interoperability testing took about 18 months. In addition, TSA presumably would not conform to the spirit of Homeland Security Presidential Directive-12 if it departs from the governmentwide standard.

TSA is consulting with the National Maritime Security Advisory Committee to develop a TWIC contactless reader. Himber, co-chair of a task force that the committee set up to lead that effort, said she believes the task force will examine other operational concerns as well, including error rates.

The task force is likely to convene a group to set operational goals, including acceptable error rates, as well as a technical group to write a new technology specification to include contactless readers and possibly a modified card standard, Himber said. The new standard will be forwarded to NIST and is likely to result in modifications to the FIPS 201 standard, she said.

The goal is to provide a technical specification by Feb. 28, 2007, Himber said.
Biometric and smart-card industry executives generally support efforts to modify FIPS 201 to support contactless readers.

On Oct. 30, Randy Vanderhoof, executive director of the Smart Card Alliance, and Walter Hamilton, chairman of the International Biometric Industry Association, wrote to the Government Smart Card Interagency Advisory Board to ask to collaborate on "urgently needed changes to FIPS 201-1" to enable a contactless interface for the cards.

But there is no such consensus on the issue of error rates. Smart-card executives appear to support the status quo, while optical memory card industry executives are promoting a shift to their technology to get a higher accuracy rate for TWIC.

The smart cards have 64K of memory on a computer chip, compared to nearly 3M for laser strips, also known as optical memory strips.

Because optical strips have enough memory to store full images, rather than templates, of fingerprints, putting optical memory strips on ID cards would make it possible to lower the error rate to close to 1 in 10,000, said Joseph Anlage, president of optical strip reader maker American Laser Drives Corp., Mobile, Ala.

"What is really disturbing is that the government is willing to accept these degraded standards of accuracy," Anlage said. "Imagine going through Dulles International Airport with 1 in 100 people getting kicked out of line."

The government selected optical-strip technology for millions of U.S.-issued border crossing ID cards, and it has performed very well, said James Hesse, former chief intelligence officer for the forensic document lab at DHS' Immigration and Customs Enforcement directorate, and now an optical memory card consultant.

"Optical is more expensive, but from a security standpoint, it has a fantastic track record," Hesse said.

TSA's Kayser said any possibility that TWIC card specifications would be rewritten to include an optical strip "is something we will have to address. We are more focused on technology and logistics issues with the readers."

Concerns about a 1-in-100 false rejection rate may be overblown, some biometric industry executives said. It is comparable to errors in using a personal identification number, which FIPS 201 also requires because people forget their own numbers, Hamilton said.

"You just try again. It's not a big deal," said Hamilton, who also is vice president of business development for identification solutions developer Saflink Corp., Bellevue, Wash. "A 1 percent [error] rate is a standard that has been acceptable for FIPS 201."

TWIC vendors appear to be taking the controversies in stride. Jon Rambeau, director of credentialing solutions for Lockheed Martin, declined to comment on the error rates, but said he believes TWIC is on track for an initial deployment despite uncertainties about the reader technologies.

"We have flexibility on how to do this," Rambeau said. "We can do it with contact readers or contactless readers."

Technical concerns, such as error rates, have become more prominent as the scope of TWIC has expanded in recent months, Bouchard said.

The program now includes facility access control, which is beyond TWIC's initial goal of a standardized ID card, and a process for background checks and threat assessments on transportation workers.

"It is worth pressing on with the TWIC, even without all the technology in place," Bouchard said. "From the transportation industry perspective, the most important part of the process is the vetting of the workers by TSA."

Staff Writer Alice Lipowicz can be reached at

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Fri, Feb 26, 2010 doug hammond

Roger has a point.The system is flawed. I am a taxpaying, law abiding citizen and a veteran. I am having to seek a waiver due to something 12 years outstanding in another state halfway across the country. I have been fighting with TSA for over a year now trying to get this straightened out. Yet, immigrants are receiving twic cards with minimal security checks and can barely speak our language. Not to mention the fact that they could careless about being here except to earn money. This is nothing but a waste of taxpayer dollars in the midst of an economic crisis where jobs are of the utmost importance. It hurts the taxpaying Americans while allowing immigrants to continue to take our jobs and money - only to send it back to family in another country. It is just another political ploy in the world of immigration to keep up with the appearance of tracking "terrorism" while people who are actually placed on an "interest" list can get on a plane and attempt to blow it up. . . I mean really. . .?

Fri, Feb 26, 2010 roger baton rouge

I think the process and who actually should be re thought.Lots of U.S. citizens are being turned down some are veterans who served this country but now aren't able to work whileothers who don't even speak our language are being waived where the justice and why do some need the "twic" an others don't.Seems to me it is about money not security,who is responsible for overseeing home land security or the twic centers

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above.

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.


contracts DB