Investigators get access with fake IDs, credential acquired through fraudulent means
A review of the the Transportation Worker Identification Credential (TWIC) program by the U.S. Government Accountability Office (GAO) has revealed “internal control weaknesses” regarding the enrollment, background checking and use of the program.
Administered by the Transportation Security Administration (TSA) and the U.S. Coast Guard under the Dept. of Homeland Security (DHS), TWIC requires maritime workers to complete background checks and obtain biometric ID cards to gain unescorted access to secure areas of regulated maritime facilities.
GAO was charged determining the extent to which TWIC’s processes for enrollment, background checking, and use are effective in providing secure access control.
After reviewing program documentation, touring four TWIC centers and conducting interviews as well as covert tests at several U.S. ports, GAO has identified several vulnerabilities related to preventing and detecting identity fraud, assessing the security threat that individuals with extensive criminal histories pose prior to issuing a TWIC, and ensuring that TWIC holders continue to meet program eligibility requirements.
Problems the GAO found include:
- The TSA’s internal controls in the enrollment and background checking processes do not ensure that only qualified individuals can acquire TWIC
- That adjudicators follow a process with clear criteria for applying discretionary authority when applicants are found to have extensive criminal convictions
- TWIC-holders don’t maintain their eligibility once issued a TWIC.
During covert tests, GAO’s investigators were successful in accessing ports using counterfeit TWICs, authentic TWICs acquired through fraudulent means, and false business cases (i.e., reasons for requesting access).
GAO is now advising the Dept. of Homeland Security to conduct a control assessment of the TWIC program’s processes to address the existing problems. The program, expected to cost billions, is currently reaching full implementation.