TOPICS
TOPICS
DHS moves to deploy transportation ID cards
Under mounting congressional pressure, the Homeland Security Department has announced a timetable for issuing tamper-resistant, biometric-based identification cards to millions of workers at U.S. transportation facilities.
The Transportation Security Administration plans to request proposals for the program in early May, according to an announcement Thursday on the FedBizOpps.gov Web site.
Known as TWIC, which is short for transportation worker identification credential, the program will issue cards with information such as fingerprints and iris scans so transportation facilities can verify worker identities and help prevent unauthorized access to secure areas. CNN cited Homeland Security Secretary Michael Chertoff as saying the department will put the cards in the hands of every approved U.S. seaport worker by the end of the year.
Critics, including a growing number of lawmakers, say the program has languished far too long inside the department. The program was started after the Sept. 11, 2001, terrorist attacks, but to date, only a prototype card has been given to some airport and seaport workers in California, Delaware, Florida and Pennsylvania.
Congress has scrutinized the department's timetable for the program in response to concerns over vulnerabilities at U.S. seaports, especially after a Dubai-owned company recently attempted to take over terminal operations at several major ports. Ten House Republicans sent Chertoff a letter Wednesday urging the department "to immediately accelerate implementation" of TWIC.
"The TWIC program went through four specific development phases, and the final prototype testing phase was completed in the summer of 2005," the lawmakers wrote. "Unfortunately, bureaucratic slowdowns and unforeseen obstacles have put this program over two years behind schedule."
"Without a uniform system," they added, "we are concerned that ports and other vulnerable locations will be forced to implement their own secure identification programs, which likely will not be interoperable with the final federal TWIC program."
Members of the House Homeland Security Committee also want a concrete timetable for issuing cards. Under an amendment to the committee's port security bill, TSA would have to issue final regulations for TWIC by this June and begin issuing cards no later than June 2007.
Senate Homeland Security and Governmental Affairs Committee Chairman Susan Collins, R-Maine, asked the Government Accountability Office last year to investigate TWIC delays.
Industry officials say getting cards to all seaport workers by December is doable, but only if TSA moves quickly to award a contract. "I would say it's a very aggressive schedule," said Steve Lunceford, a spokesman for BearingPoint, which was contracted to develop the prototype TWIC card. He said the company was able to develop and deploy the prototype in less than 100 days.
TSA said in its FedBizOpps announcement that it will use a two-step process for awarding a TWIC deployment contract. The first step is asking companies to submit information on why they are qualified to be the contractor; the second step will consist of requesting proposals to only qualified venders by May 8. The agency did not say when a contract would be awarded.
COMMENTS
- The RFID used in smart cards can be intercepted from distances ranging from 15’ to 70’, depending on whether an altered standard flash camera, smart card reader or homemade device is used. The data is easily cloned to a new card and its chip using a smart card reader or homemade device. Most math and computer sciences majors learn how to load and unload data and software/firmware programs using a “tool” from a semiconductor chip. Hence, a large portion of the population knows using any home lab how to leave intact the original credential holder’s demographic information while swapping the biometric images of an imposter with that of the original credential holder to the cloned card’s chip. When presenting identification at port security checkpoints, an imposter/identity thief will be able to present their own biometric images real-time to match the images stored to the cloned card’s chip. They will ride on the original credential holder’s sound reputation by using the original credential holder’s demographic information, and give no reason for security personnel and law enforcement to become suspicious since there will be a biometric image match! The addition of biometrics does not overcome the true vulnerability inherent to the 50 year-old smart card platform: RFID! The addition of biometric images creates a false sense of security when the platform is nothing more than a piece of garbage! The biometric smart card platform defeats the entire purpose for which it has been intended, because it makes the United States less secure than was September 10, 2001 when cloning at remote distances -- possibly where the thief is behind obstacles so completely obscured from the original credential holder’s vision, wasn’t possible! Congress has wasted enough tax payer dollars going backwards! It is time to move into the 21st century and adopt the next generation of credentialing technologies as proof Congress is serious about the combating of terrorism! Dawn Posted April 2, 2006 12:02 AM
- All ports are landfills. Landfills commonly develop sunken surfaces prone to puddles. Biometric smart cards can’t meet the challenges common to wet maritime environments. When submerged in water smart cards short circuit, and become rendered useless. Furthermore, software updates for biometric smart cards require a replacement of the card, so the smart card platform is high maintenance, while most likely to need regular replacement in maritime environments. In the UK real-life trials of smart cards in national ID applications, the Sunday Mirror reported mid last August there was a 30 percent error rate on the inkless fingerprinting technology. Error rate is another way to describe false positive rate. For every lost or stolen port biometric smart card, 90 million Americans (30 percent of the 300 million population) will be able to find at least one finger capable of matching the fingerprint image stored to lost or stolen card. When two fingerprints are stored to the biometric smart card, 9 percent of the American population … 27 million Americans will be able to make two of their fingerprints match the fingerprint images stored to a lost or stolen port ID biometric smart card. In summary, every time a port ID will be presented at a port security checkpoint, there will be a 30 percent chance the presenter will be an identity thief. Taking into consideration RFID is easily cloned, there is 0 percent certainty a person presenting ID at a port security checkpoint is who they claim to be. Iris scans use infrared. Infrared is laser. Americans generally have eye corrective laser surgery no more than once in a lifetime. It is common sense repeated and daily use of iris scans will strain, then damage optical nerves and render the population blind. Of the two dozen or so tests the DHS ordered on iris scans, none of them were safety tests. The US Congress and Bush Administration were bribed by lobbyists and campaign contributors to turn a “blind eye” to the dangers of iris scans. It’s time Americans stand-up for themselves, and stop the corruption, before the corruption has made us too blind to see it. Dawn Posted April 2, 2006 12:35 AM
