Alliance: TWIC proposal increases risk
27 June, 2013
category: Biometrics, Government, Smart Cards
The U.S. Coast Guard is proposing to limit the electronic reading of Transportation Worker Identification Credentials (TWIC) and instead rely on visual inspection.
The Transportation Worker Identification Credential Reader Requirements Notice of Proposed Rulemaking would limit the use of the biometric smart cards and readers and use visual inspection of TWIC cards as the primary security protocol for 95% of the maritime user population. The Smart Card Alliance disagrees with this proposal and has submitted comments and recommendations.
More than 2.4 million cleared maritime workers have a TWIC, which was issued in response to the Maritime Transportation Security Act of 2002. When used in conjunction with an electronic reader, the smart card can establish: that it is a valid card issued by TSA and not a forgery; that the card has not expired; that the card has not been revoked by TSA for cause; and that the person presenting the card is the same person to whom the card was issued.
The Smart Card Alliance Access Control Council makes the following recommendations to the Coast Guard:
- Expand the scope of the proposed regulation to make the use of TWIC card readers mandatory for a majority of the facilities and vessels currently identified in different risk groups.
- Require transaction logs when visual inspection is used and when any non-automated exception situation is encountered.
- Conduct a new reader cost analysis using more current information that is representative of today’s TWIC reader products.
- Require maritime operators to download the latest version of the certificate revocation list every 12 hours regardless of maritime security level.
- Correct the statement on in the notice: “TWIC readers will not help identify valid cards that were obtained via fraudulent means, e.g., through unreported theft or the use of fraudulent IDs.” TWIC readers can identify cards that were obtained through unreported theft of the TWIC card by performing biometric verification of the cardholder.
- Require the use of readers at large general cargo container terminals in risk groups or re-classify them.
- Require vessels at sea to update the revocation lists under certain circumstances for security.