Investigators get access with fake IDs, credential acquired through fraudulent means
A review of the the Transportation Worker Identification Credential (TWIC) program by the U.S. Government Accountability Office (GAO) has revealed “internal control weaknesses” regarding the enrollment, background checking and use of the program.
Administered by the Transportation Security Administration (TSA) and the U.S. Coast Guard under the Dept. of Homeland Security (DHS), TWIC requires maritime workers to complete background checks and obtain biometric ID cards to gain unescorted access to secure areas of regulated maritime facilities.
GAO was charged determining the extent to which TWIC’s processes for enrollment, background checking, and use are effective in providing secure access control.
After reviewing program documentation, touring four TWIC centers and conducting interviews as well as covert tests at several U.S. ports, GAO has identified several vulnerabilities related to preventing and detecting identity fraud, assessing the security threat that individuals with extensive criminal histories pose prior to issuing a TWIC, and ensuring that TWIC holders continue to meet program eligibility requirements.
Problems the GAO found include:
- The TSA’s internal controls in the enrollment and background checking processes do not ensure that only qualified individuals can acquire TWIC
- That adjudicators follow a process with clear criteria for applying discretionary authority when applicants are found to have extensive criminal convictions
- TWIC-holders don’t maintain their eligibility once issued a TWIC.
During covert tests, GAO’s investigators were successful in accessing ports using counterfeit TWICs, authentic TWICs acquired through fraudulent means, and false business cases (i.e., reasons for requesting access).
GAO is now advising the Dept. of Homeland Security to conduct a control assessment of the TWIC program’s processes to address the existing problems. The program, expected to cost billions, is currently reaching full implementation. ![[end]](/resources/bullet/secureidnews-4.gif)
This is the specific reason that we have strongly recommended to Administrator [TSA] John Pistole the use of the State Department Passport Cards. These documents are more tamper resistant and can be up dated with bio, finger prints, iris scan for positive identification of transportation workers, and trusted travelers also. The best security is to have the data entered in the computer, then the individual slides the card and both information appear for comparison and positive identification.
These Passpoirt Cards are already in use for border identification in North and Central America by the U. S. CBP and ICE. It will eliminate identity theft also by having a secret password made by the individual card holders.
On international travel having a passport and the Passport Card will prevent passport forgeries.
You think EPC Gen 2 chips, which are insecure and capable of being read from a great distance, are a better solution than 13.56 contactless smart cards that have microprocessors and encryption?
The Passport card has already been criticized for using a weak security technology. Don't get me wrong, the Passport card is fine for what it does, act as a marker for demographic data stored in a database, but I would not want any personal information stored on that chip.
The problems with TWIC can be fixed and they're are millions of cards already out there so it would be silly to scrap it and have everyone get another ID. Also, the State Department has the same problems. There was a GAO study a couple of years ago where investigators went undercover and received passports with fake documents, pretty much the same thing they did in this TWIC investigation.