Port worker ID card criticized as wasteful and ineffective.

[ILLUSTRATION OMITTED]

The Transportation Security Administration and Coast Guard in October began enrolling port workers in a long delayed identity card program even though the technology to read the cards may be years away.

Without machines that can read the cards--and the technology backbone that connects them to a database--identity management experts contend that the $90 million program has produced little more than a glorified photo ID.

Six years after Congress mandated the creation of the transportation worker identity credential, longshoremen, truckers, office workers and others requiring unescorted access to port facilities began enrolling in the program Oct. 16 at Wilmington, Del. Other major ports will follow.

The $132 fee the workers must pay allows the Department of Homeland Security to verify that the workers do not appear on terrorist, FBI or immigration watch lists. A photo and 10 fingerprints are digitally scanned with two prints stored on the card.

What port facilities, owners and operators of ships and businesses do with the cards is out of TSA's hands, said Manrine Fanguy, TWIC program director.

"It's really up to them to determine who has access to their facilities," she said at the Biometrics Consortium conference in Baltimore.

The program is providing a credential that will give employers or business owners a basis in which to make the judgment of whether a worker is a security risk, she said.

"It's no longer really a government responsibility," she added.

The intent is to verify a cardholder's identity through biometric measurements and to be able to revoke cards if they are lost, stolen, or if the worker is no longer qualified to enter a facility or ship.

Until the readers are fully developed and networked, none of this will be possible, experts noted.

Fanguy was vague on how TSA will ensure that the 3,200 facilities and 10,000 vessels are actually using the cards. She didn't think there would be on-site checks, but the agencies would require "performance standards they must abide by."

The card is machine readable, but when these machines will appear at the roughly 13,000 sites is unknown. The Coast Guard is working on proposed rules, she said. After technology standards are established, facilities will have to purchase the readers from vendors. Some may already have readers that can scan the cards, she added.

"You actually have to get the cards in the hands of the workers before you can actually turn on all the readers," Fanguy noted. Murkier still is when these machines will be linked to databases that can tell facilities that a card is invalid or when a worker's status has changed.

"First of all, [the Coast Guard] must demonstrate that readers can be used successfully in ports. That's the overall goal," Fanguy said.

Stephen Caldwell, director of homeland security and justice issues at the Government Accountability Office, told the Senate Committee on Homeland Security and Governmental Affairs that "TSA will have to address access control technologies to ensure that the program is implemented effectively." The program will have to ensure these readers work in the maritime environment before facilities and vessels are required to install them, he added.

Stewart Baker, DHS assistant secretary for policy, told the committee that the "TWIC program is moving towards its objectives, making decisions focused on enhancing port security through a reasoned, phased-in approach."

He also touted the program as "one of the world's most advanced, interoperable biometric credentialing programs."

Ranking member Sen. Susan Collins, R-Maine, said she doubted the program would meet the September 2008 deadline for enrolling approximately 750,000 port workers.

"We do believe we can get everyone enrolled by September," Baker countered, while noting that "TWIC is a very complex undertaking."

"We still have work to do to get the readers up and running," he added, and identified six sites where prototypes will be tested.

Stephen Flynn, a former Coast Guard officer and port security expert at the Council of Foreign Relations, said TSA is just issuing photo cards. "In terms of it being a real access control system, it won't be able to play that role."

The system won't be able to capture whether workers have entered or departed. Or "verify outside of the picture that the person says who they say they are," he told National Defense.

William Gravell, president of Digenes Group LLC and an identity management consultant to the military, declined at the conference to specifically criticize the TWIC program. However, he was generally critical of programs that simply provide identity cards, or what he called "tokens," without the technology backbone that can provide "identity management."

"We don't think that works. We think that exacerbates privacy concerns. It exacerbates program costs. We think that is the wrong track in most cases."

When asked specifically about TWIC, he would only say that pushing federally mandated tokens on a reluctant population will garner "problems."

The value in the system is in the applications, he said. "Basic identity enrollment never pays off. Period," he added.

Flynn said the port community certainly is reluctant, especially since the workers are paying for the cards and facilities and businesses will have to eventually pay for the readers and the network to tap into the TWIC database.

Fees and taxes collected at airports are allocated to fund that enhance air travel and security, he noted. Taxes and fees collected at ports go the U.S. Treasury. Little of this money comes back to them. The port industry sees the federal government as "parasitic," he added.

"It is a community that is particularly resistant to embracing new requirements with costs," Flynn said.

TWIC, like virtually every DHS program, Flynn said, "does not come with adequate resources." He placed the blame on Congress as well as DHS.

"The federal government basically said this is important. The rhetoric says it is. The reality is obviously that it is not. They issued the mandate without identifying resources to make it happen," he added. It took six years to start issuing the cards, and Flynn said that was the easy part. "They haven't worked out the more difficult problem ... the readers and then the database."

Shortly after the 9/11 attacks, Congress mandated that DHS issue a transportation worker card. The plan called for port workers to receive the cards first. Surface and airport workers would follow. The Government Accountability Office said the program got off to a bad start when an understaffed TSA office under deadline pressure awarded the contract before it identified the requirements necessary to conduct tests. It also failed to adequately oversee the first contract awards. The agency has missed every major deadline in the program since then, and according to industry sources, there has been little movement to expand the program to airport workers and truckers.

Peter Higgins, principal consultant of the Higgins-Hermansen Group LLC and a biometrics expert, said at the conference that the United Kingdom can provide a lesson on how to manage an ID card program. When the country decided to move forward with a national identification card, it spent seven years studying the problem, looking at every contingency and examining the social issues. Only after this process was completed did Parliament begin writing legislation.

While not commenting specifically on the TWIC program, he criticized governments who rush ID cards out so "people will feel safer," he said. "But the reality is, they really haven't thought it through."