Committee: TWIC encryption ill-advised

The Homeland Security Department should reverse course and not encrypt the Transportation Workers Identification Credential computer chip and reader, a federally chartered maritime advisory group recommended on Thursday.

The National Maritime Security Advisory Committee, which was charged by the department in November 2006 to propose technology specifications for TWIC readers, recommended readers without encryption in its final recommendations published on Feb. 28. The committee acknowledged that its recommendation departs from DHS' guidance on the subject.

The maritime committee asserted that the encryption would create additional processing time, more processing failures and higher costs. The committee said TWIC should be deployed with an unencrypted fingerprint template, which is a digitized version of a fingerprint, which would be adequately protective of privacy.

"Encryption would not be acceptable at this point," Lisa Himber, co-chair of the committee's TWIC working group and vice president of the Maritime Exchange for the Delaware River and Bay, told Washington Technology. "Encryption would create more problems than the extra protection it would afford."

The committee recognized that its recommendation does not follow DHS' guidance to include encryption in the readers, Himber said. However, the committee did not receive that guidance from the department until Jan. 30, 2007, just four weeks before its Feb. 28 deadline to complete its work, she said.

"With that recommendation coming in at the 11th hour, (the working group) had already finished our work with no opportunity to reconvene," Himber said.

However, to respond to DHS' guidance, the committee also adopted a version of a reader that does include encryption. Furthermore, a technical panel of its TWIC working group submitted a third alternative version intended as a compromise, which would use encryption through the use of a magnetic strip attached to the TWIC card.

Even though it presented several alternative specifications, the committee chose the unencrypted version as its preferred choice, Himber said. The committee's opinion reflected the findings of its TWIC working group.

"Given the limited amount of information transmitted between the TWIC and the reader, the working group does not believe encryption will provide any additional security benefit, but it will increase both cost and processing time," the committee states in its recommendations. "In short, there is no empirical evidence that encrypting the fingerprint template affords any additional protection of personal privacy."

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

I agree to this site's Privacy Policy.