TSA advances TWIC program

Transportation Security Administration officials have entered a new phase of the Transportation Worker Identity Credential (TWIC) program, with testing under way at the Port of Long Beach Container Terminal in California.

TWIC cards will soon be released at three other sites, including the Philadelphia Maritime Exchange, and the Port of Pensacola and Port Canaveral in Florida.

Workers at maritime, rail, aviation and ground transportation facilities are expected to participate.

"Anyone who needs unescorted access to secure areas of the facility would need a TWIC card," said Deirdre O'Sullivan, a TSA spokeswoman.

Many transportation workers now carry a different identification card for each facility they enter.

A TWIC card would improve the flow of commerce by eliminating the need for redundant credentials. But privacy experts maintain that the program could erode privacy by making it easier to track people to a degree that is unnecessary for security.

TWIC cards are tamper-resistant credentials that contain several types of biometric information, including a fingerprint, iris scan and hand geometry, a snapshot of a hand on a flat surface.

By combining biometric and other data, transportation facility officials can identify workers and help prevent unauthorized people from gaining access to secure areas.

Each TWIC card contains a 64K contact integrated circuit chip, a magnetic strip, a bar code and a unique serial number. Its security features include Guilloche patterns that are used to prevent counterfeiting, micro text, ultraviolet printing techniques and holographic overlays.

Privacy experts are wary of the program, as they were of TSA's earlier Computer Assisted Passenger Prescreening System (CAPPS) II, which has since been revamped and renamed Secure Flight.

"One of the things we're always looking out for is mission creep," said Marcia Hofmann, staff counsel at the Electronic Privacy Information Center, a privacy advocacy group. "TSA has fallen afoul of that before with CAPPS II."

TWIC collects substantial information, Hofmann said, making it "something certainly to be aware of and keep an eye on."

Other privacy advocates have similar concerns. Lee Tien, senior staff attorney at the Electronic Frontier Foundation, said TWIC cards could be misused in the same way as Social Security numbers.

Citing a problem he called Social Security number mission creep, he said the number "wasn't created with the intent that it become a widely used index or identifier, but it became that way anyway."

When nations have a widely used, government-certified identity credential, strong economic and social incentives exist for using it elsewhere, Tien added.

He also expressed concern about technology creep, or the tendency to use technology for dangerous purposes. Even if no national ID system results from TWIC, it is likely to promote the spread of biometrics and smart cards, which he views as threats to privacy, Tien said.

The TWIC program, which has four phases, is now in its third, or prototype, phase, O'Sullivan said. The planning phase was followed by the technical phase, in which 4,000 cards were issued.

About 200,000 people are participating in the prototype phase. The phase will be expanded to 34 sites in six states during the next seven months. The final phase is implementation, O'Sullivan said.