TSA smart card program makes headway

Agency to analyze potential costs

The Transportation Security Administration's plan to provide employees with smart cards for accessing facilities is gaining

momentum.

Last week, TSA officials posted an announcement in the Federal Register that they would survey transportation facilities nationwide to find out what technology infrastructure is in place. The goal is to measure how much effort and funding the Transportation Worker Identification Credential (TWIC) will require.

TWIC is intended to provide a standard

credential for transportation workers, supported by a single, integrated, secure network of databases. The credential would allow all airport, rail station, energy pipeline and seaport employees access to secure facilities.

Some agencies issuing high-tech access cards have only a few buildings to worry about. But TSA could face a Herculean task of establishing an adequate infrastructure at scores of transportation facilities around the country.

The goal of the survey is to get more information about each facility, such as the number of access points, the number of credentialed employees and ways to access the facility's technology infrastructure.

A 2002 assessment by the American Association of Airport Executives warned that the cost of supporting a sufficiently secure infrastructure would be substantial. For example, to ensure the security of the cards, TWIC would require all facilities to connect to a massive virtual private network, which would be expensive, the group said.

Carter Morris, vice president of transportation security policy at AAAE, said the feasibility of putting TWIC into place would vary according to the particular capacities of each transportation facility. "The devil's in the details," he said. "In working with TSA and [the Homeland Security Department], what we're urging in aviation is to leverage existing infrastructure and local expertise."

Carter noted that many local security officers know members of their facility's staff. "There's no better security than knowing Fred for 20 years," he said. "If you add biometrics to that, that's a good thing."

Randy Vanderhoof, executive director of the Smart Card Alliance Inc., said the challenge will be acceptance, rather than technology.

In its current form, TWIC has drawn relatively mild criticism from privacy advocates, mainly because the program has yet to expand to nongovernment workers.

"As with much of what TSA does, there is so much secrecy surrounding" TWIC, said David Sobel, general counsel for the Electronic Privacy Information Center (EPIC). "It's very difficult to get a clear picture of what this program really involves."

Congress, too, appears to regard TWIC with a level of caution that differs from some members' emphatic disapproval of the Computer Assisted Passenger Prescreening System (CAPPS) II contract.

Meanwhile, in the prototype phase set to begin later this spring, TSA officials will tackle business processes. Those include verifying identification, collecting biometrics, conducting background checks, assessing threats and enrolling applicants into the system.

The previous phase, which focused on technology, explored six card options. TSA spokesman Darrin Kayser said that the integrated circuit chip emerged as the winner. Other cards options tested were linear bar codes, digital photography, magnetic strips, optical memory stripes and 2-D bar codes.

"The program is not only going to be a giant leap forward in security, but it will balance needs of commerce and individual privacy by having one universally recognized credential to limit redundancy of cards," Kayser said.

NEXT STORY: EDS gets infosec approval