Data collected by the Transportation Security Administration (TSA) during a pilot for readers of transportation worker identification cards is so bad that Congress should ignore it and order a new security assessment of the project, congressional investigators have reported.
The TSA point man for the biometric identification for port workers disagreed and defended his agency’s efforts to get the program off the ground on May 9 after the Government Accountability Office (GAO) panned the agency’s initiative.
In a combative hearing of the House Oversight and Government Reform government operations subcommittee, Stephen Sadler, TSA assistant administrator Office of Intelligence and Analysis, said the Transportation Worker Identification Credential (TWIC) added security value to port facilities despite a slow startup period.
A pilot program to test TWIC readers conducted several years ago provided valuable information to guide the US Coast Guard (USCG) in its efforts to introduce readers to ports over the next few years, Sadler said.
"TWIC readers determine whether a card is authentic, valid and issued by TSA," Sadler testified. "The readers also check that the card has not expired and, by accessing the cancelled card list, can determine if the card has been revoked or reported lost or stolen. When used in the biometric mode, readers confirm through a biometric fingerprint match that the person using the card is the rightful owner of the card. The TWIC card and reader system can perform these checks virtually anywhere with portable or fixed readers because connectivity to an external database is not required."
But a GAO report issued May 8 called the TWIC reader pilot program too flawed to rely upon.
Congress should repeal requirements that direct the Department of Homeland Security (DHS) to establish TWIC readers consistent with the findings of the pilot program and instead explore alternatives to the TWIC program, Stephen Lord, GAO director of forensic audits and investigations, told the panel.
Lord repeated a GAO recommendation that TSA should conduct a security assessment of the TWIC program, including an assessment of alternative credentialing approaches.
DHS did not address planning shortfalls identified by GAO in a November 2009 report, Lord said.
"We determined that these weaknesses presented a challenge in ensuring that the pilot would yield information needed to inform Congress and the card reader rule and recommended that DHS components implementing the pilot — TSA and USCG — develop an evaluation plan to guide the remainder of the pilot and identify how it would compensate for areas where the TWIC reader pilot would not provide the information needed," Lord said.
Despite agreeing with the recommendations, TSA did not make use of a data analysis plan it developed in response to them, Lord said. The TSA TWIC reader pilot therefore suffered from shortcomings in data collection and data analysis, according to GAO’s audit report, Homeland Security: DHS and TSA Continue to Face Challenges Developing and Acquiring Screening Technologies.
GAO documented challenges in data collection; Lord highlighted three of them. TSA did not record clear baseline data so it lacked a basis for comparison, Lord said. It also did not collect complete data due to discrepancies and anomalies due in part to card failures. Finally, the pilot did not document the affect of TWIC readers onthe business operations of the private sector — part of the stated intended objective of the pilot.
Sadler contended, however, that TSA collected a sufficient quantity of data in sufficient quality to guide acquisition of TWIC readers.
TSA encountered challenges that prevented a flawless test project, Sadler conceded, including voluntary participation in it, the lack of TWIC readers at all entry points for participating ports due to business operations, and the rugged operating conditions found in maritime environments.
Still, Sadler called the TWIC reader pilot "successful in what it set out to do." When a reader is installed properly and used by a trained worker, it performs its job, allowing or barring access to specific individuals.
The TWIC reader is "not a silver bullet" but rather "provides value when installed properly and used properly" as one layer of security, Sadler said.
Separately, Rep. Bennie Thompson (D-Miss.) raised concerns about TWIC readers in reaction to the GAO report.
"I am greatly concerned that despite DHS investing $544 million and 11 years in the TWIC program, the program continues to suffer from fundamental problems that undermine its ability to provide the security benefits Congress intended," Thompson said in a statement on May 8.
"Meanwhile, port workers and industry stakeholders have invested their time, effort and money into this troubled program, holding up their end of the bargain," Thompson said. "Indeed, DHS has failed to implement GAO’s prior recommendations that would have strengthened the TWIC program and ultimately enhanced maritime security. After years of oversight of the TWIC program, I concur with GAO’s recommendation that an effectiveness assessment of the security benefits of TWICs and the use of biometric readers must occur before the American people are expected to invest additional money in this program. We cannot continue to throw good money after bad with this program."
Despite the concerns raised by GAO, the Coast Guard has been moving forward with the TWIC reader project. It issued a proposed rule for TWIC readers on March 22.
Follow me on Twitter at www.twitter.com/mickeymccarter