As the Coast Guard nears the end of its final rulemaking process for the deployment of biometric-enabled smart card readers to strengthen port security nationwide, a new government watchdog report says that a $23 million pilot testing program of the readers fell short and that data provided to Congress to justify the use of the reader technology was unreliable and incomplete.
For example, the Government Accountability Office (GAO) says in its report that data the Department of Homeland Security supplied Congress last year included data from laboratory tests on how fast the electronic readers determined the validity of Transportation Worker Identification Credentials (TWIC), not field tests.
The lab testing “is not representative of the technology challenges sites may face in practice, such as time lags due to the distance between a reader and supporting computing system, types of infrastructure available to implement the TWIC system, or the various variables that could delay actual transaction times,” GAO says in its report, Transportation Worker Identification Credential: Card Reader Pilot Results are Unreliable; Security Benefits Need to Be Reassessed. (GAO-13-198). The report was released on Wednesday and a subcommittee of the House Oversight and Government Reform committee hosted a hearing on it yesterday.
In March 2012 the DHS reported that the TWIC readers are viable for use in ports to verify the authenticity of the transportation worker credentials and that the use of the smart cards does not “significantly” increase throughput times for workers passing through access points on ports (Defense Daily, March 1, 2012). Congress mandated the TWIC program and its reader component so that certain port workers could have unescorted access to certain facilities and vessels depending on security levels.
This March the Coast Guard issued a Notice of Proposed Rulemaking to allow public comments before the final rule is published for TWIC reader deployments (Defense Daily, March 27). Comments are due by mid-June.
Among the other shortcomings the GAO cites in its report on the TWIC reader testing are that the Transportation Security Administration and its independent test agent, the Navy, did not collect consistent data on the operational impact of using the cards with readers, that the agencies did not collect complete data on malfunctioning TWIC cards, and that the documentation collected during the pilot did not contain complete reader and access control system characteristics.
TSA told the GAO that among the challenges if faced during the pilot tests were the fact that participation by the ports was voluntary, which meant they did not always adhered to established test protocols, that the Navy didn’t collect test data properly, and that they didn’t expect to have problems with TWIC cards that didn’t work properly.
Stephen Lord, director of Homeland Security and Justice Issues with GAO, told the House panel that based on the audit into the card reader pilot, they advised the DHS not to use data from the tests in the rulemaking. However, the rulemaking, which was released after the GAO provided a draft of its finding to DHS, included the card reader pilot data.
Based on its reporting that the pilot program doesn’t reliably inform the card reader rule issued in March, GAO is recommending that Congress direct DHS not to issue final regulations requiring the deployment of the card readers “that are consistent with the findings of the pilot program,” Lord stated. He recommended that Congress have DHS reassess the effectiveness of using the TWIC cards with the electronic readers.