One Small Step for the TWIC Program?

Sep 30, 2010 12:00 AM Last week the Transportation Security Administration (TSA) updated its list of TWIC Readers that have successfully completed the Initial Capability Evaluation (ICE) to include an additional hand-held reader. This brings the total of portable readers that have passed the ICE to 17 (from nine suppliers). Eleven fixed readers (from four suppliers) are also on the ICE List. Both of these sets of TWIC readers support the TWIC Privacy Key (TPK) and enciphered biometrics (i.e., the card holder's fingerprints) during both registration and subsequent operations. Additionally, two other readers (from two suppliers) that use the TPK and TWIC biometrics only during registration, while using some other biometric during operations, have also passed the evaluation.

Some of the suppliers of TWIC readers are hyping "early adoption" of TWIC readers to allow customers to familiarize their access control personnel and TWIC holders on the equipment in advance of the final TWIC Reader Rule. Operators of MTSA-regulated facilities and vessels would be well advised to wait a while longer before investing in the technology, however. In the first place, the US Coast Guard has only put out an Advanced Notice of Proposed Rulemaking (ANPRM) on TWIC Reader Requirements. It will not issue a Notice of Proposed Rulemaking (NPRM) until after TSA completes its ongoing Pilot Test of TWIC readers in the maritime environment. The ANPRM, issued in March 2009, billed itself as the USCG's "preliminary thoughts" on the subject. It remains to be seen how much of the ANPRM will be included as part of the NPRM, currently projected for issuance in August 2011. The NPRM will be subject to public comments, which the Coast Guard is required to consider prior to issuing a Final Rule—possbily leading to further changes in the requirements. Secondly, TSA has included a prominent disclaimer in the ICE List stating that the list "serves no other purpose other than to identify readers that have demonstrated their ability to complete the ICE satisfactorily." At the July meeting of the National Maritime Security Advisory Committee, the presenter of the TWIC Update referred to the "risk" of "expectations of grandfathering" on the part of early adopters. Both the USCG and the TSA seem to be discouraging such expectations.
As for the ICE itself, its purpose is "to evaluate if a given TWIC Reader has implemented an identified set of functionality specified in the TWIC Reader Hardware and Card Application Specification Version 1.1, Amendment 1 allowing said TWIC Reader to operate in a variety of expected normal situations as well as a few anticipated exception cases." Essentially this means that the Reader should accept valid TWICs of registered individuals, reject valid TWICs of unregistered individuals, and reject expired TWICs, all within certain timeframes. The specific scenarios are spelled out in Attachment 2 to the Broad Agency Announcement for TWIC Readers.

TIP OF THE HAT: I originally learned of an earlier (9/13/10) update to the ICE List from Eric Holdeman's Disaster Zone, an emergency management blog.

NOTE: This post may be copied, distributed, and displayed and derivative works may be based on it, provided it is attributed to Maritime Transportation Security News and Views by John C. W. Bennett, Edit Module