January 17, 2013 -
The International Biometrics & Identification Association (IBIA) has announced that it strongly disagrees with recent media reports that suggest the Transportation Worker Identification Credential (TWIC) doesn’t work.
The IBIA is reacting to media reports which have cited a public notice by the U.S. Department of the Army — a military department within the Department of Defense (DOD) — in which it states “TWIC does not meet DOD security standards and cannot be used as of January 29, 2013” and that “The DoD PKI office has determined that the Transportation Workers Identification Card (TWIC) PKI certificate cannot be used to authenticate users for access to DoD systems.”
The TWIC program is a maritime security program that is jointly managed by the TSA and the U.S. Coast Guard and the TWIC card itself is a smartcard which includes biometric details of the cardholder. The TWIC provides a credential to maritime workers that need unescorted access to secure areas of port facilities and ships. According to the IBIA, the TWIC card was mandated by Congress through the Maritime Transportation Security Act of 2002 and these cards were never intended to be used for online access.
The IBIA is a trade association that promotes the effective and appropriate use of technology to determine personal identity and enhance security, privacy, productivity and convenience for individuals, organizations and governments, according to its mission.
According to the TWIC website, cards contain fingerprint records, as well as a digital photograph of the card holder.
“What appears to have happened is that people who are not familiar with the intricacies of the TWIC program or have not thoroughly investigated the subject matter have taken a simple DOD announcement out of context, thereby undermining a valuable, successful, and important national security program,” Tovah LaDier, IBIA’s Managing Director said. “Several analysts interpret the DOD policy statement to mean that TWIC cards are not secure and have painted TWIC as a ‘failed’ program. This could not be further from the truth.”
The IBIA suggests it is not clear why DOD allowed access a computer system in the first place and that the DOD policy change came as a result of the department realizing the TWIC card was not cross-certified with the Federal Public Key Infrastructure as required by DOD policy.
As reported previously in BiometricUpdate.com, atsec information security, a global and independent standards-based information technology security services company is now an accredited testing lab for TWIC card reader, to test them against the requirements in the TWIC Reader Evaluation Program.