Delay of game

More problems beset DHS' beleaguered TWIC program

Hundreds of thousands of U.S. port workers are supposed to be issued Transportation Workers Identification Credential cards this month. However, a bevy of persistent technical issues may delay the cards.

Richard B. Levine

Four years in the making, the Homeland Security Department's identity card program for transportation workers is facing another delay as it begins a round of late-stage re-engineering to sort out how to protect privacy without substantially raising costs.

Hundreds of thousands of the Transportation Workers Identification Credential cards are supposed to be issued to transportation workers nationwide starting this month. But a Feb. 28 recommendation from a federally chartered maritime advisory board did not identify a technology for the TWIC card readers that would satisfy all DHS and maritime industry requirements. Instead, it presented three options that meet some needs but not others.

Even supporters of the program now say TWIC card production may be delayed until the technical issues with the readers are resolved. Or alternatively, TWIC cards now in use must be reprogrammed with new applications. That will require cardholders to visit enrollment centers a second time.

"They may want to resolve all this before issuing a lot of cards," said Randy Vanderhoof, executive director of the Smart Card Alliance, an industry group involved in talks about the TWIC specifications.

TWIC cards issued now most likely will have to receive software updates to meet the reader requirements, said Walter Hamilton, chairman of the International Biometric Industry Association, which has been involved in the talks with the advisory board.

Although reprogramming won't be costly because it is a memory update that only takes a few minutes, there will be expenses in developing the additional software, training enrollment center employees and travel expenses for cardholders to visit enrollment centers a second time, he said.

"The real costs will be in the travel expenses," Hamilton said. "They are not trivial." At the same time, biometric industry executives are confident that the technology update for TWIC is feasible and enhances privacy by using encryption, he said.

Sharp protests

The TWIC program has encountered technical challenges at several stages. Congress initially established the program in 2002, and it has gone through prototype testing. While prototypes were tested, DHS decided the cards should conform to Federal Information Processing Standard 201 for federal identification cards.

However, the maritime industry protested the applicability of the card readers in the FIPS-201 specification, which requires users to insert cards into a reader, asserting that cards and readers would not function well in the salty sea air. DHS delayed its rulemaking on the TWIC readers and asked the National Maritime Security Advisory Committee in November 2006 to propose specifications.

In its final recommendation Feb. 28, the maritime committee recommended using no encryption but acknowledged that its recommendation departs from DHS' guidance.

Initially, it was not clear whether encryption would be required for the TWIC contactless reader. The FIPS-201 specification requires encryption on the interface between the card and reader. But because the maritime industry desired a contactless interface, that specification was not directly applicable. Instead, DHS offered written guidance stating that the biometric fingerprint template on the card ought to be encrypted, according to the maritime group's report.

Encryption would create additional processing time, more failures and higher costs, said Lisa Himber, co-chairwoman of the committee's TWIC working group and vice president of the Maritime Exchange for the Delaware River and Bay. Encryption glitches are likely to cause failures, leading to delays when truckers and workers can't immediately enter a facility.

With thousands of dock workers wanting to get through the turnstile by 8 a.m., and 5,000 truckers a day at some ports, "you need the technology to work as quickly as possible," Himber said.

Encryption debate

Another major concern is that encryption would require seaport operators to manage and administer encryption keys, which are software applications that enable deciphering of the encrypted information, she said.

"The technology is challenging," Himber said. "How do you manage the keys? Who is liable if a key is compromised? If there is a problem key and the TWIC is compromised, do you have to reissue every TWIC?"

The committee recommended that TWIC should be deployed with an unencrypted fingerprint template. That solution would avoid the encryption problems and would protect privacy.

"Encryption would not be acceptable at this point," Himber said. "Encryption would create more problems than the extra protection it would afford."

The committee noted that its technical specification did not follow DHS' guidance to include encryption, Himber said. However, the committee did not receive that guidance from DHS until Jan. 30, 2007, four weeks before its deadline, she said.

To respond to DHS' instructions, the committee also forwarded specifications for a reader that does include encryption. Furthermore, a technical panel of its TWIC working group presented a third alternative version intended as a compromise, which would use encryption through the use of a magnetic strip attached to the TWIC card.

The magnetic strip would contain the decryption keys, simplifying the handling of the keys, Hamilton said. The magnetic strips also are used in credit card readers posted outdoors at gas stations and convenience stores, he said.

DHS officials have said they intend to issue a final rule on the TWIC readers this year. Meanwhile, they awarded a $70 million contract in January to Lockheed Martin Corp. to begin enrolling maritime workers and issuing the TWIC cards.

Staff writer Alice Lipowicz can be reached at

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Mon, Apr 6, 2009 William Crawford Kona,Hawaii

Honokohau Harbor in Kailua,Kona Hawaii is a Public Harbor with Launch Ramps(5000 Trailer boats use) Restuarants,Sundry Stores,Gas Stations,Boat Yards and Flow Through Traffic.The only ones with TWIC Cards are the Licenced Captains with Million Dollar Insurence on Documented Vessels.Drug Dealers use the Public Telephones and Homeless Sleep in Honokohau Harbor but we have TWIC Cards?Theres a Bare Boat Rental where Anyone with $300.oo or a Credit Card can rent a 20ft Skiff and take Anywhere they want but we have TWIC Cards?These Cards Were NOT For Public or Private Harbors!! Please write your Senators and Help Stop the Madness.S-3377 is the Bill.Thank You Captain Bill Crawford Chiripa Sportfishing,Kailua,Kona Hawaii...

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.