Vendors question TSA's TWIC selections

Vendors competing for the Transportation Security Administration's worker identification program allege that the agency is favoring an inadequate solution.

The vendors contend that the company that reviewed the potential technologies for the Transportation Worker Identification Card (TWIC) program did not conduct an objective review. The issue, however, has raised larger questions about how agencies assess technology.

The TWIC project is intended to provide a standard credential to allow all airport, energy pipeline, rail station and seaport employees to access secure facilities.

TSA officials hired Maximus Inc., a smart card technology integration company, late last year to conduct an evaluation to assess the best possible technology for the TWIC program.

TSA tested other card options, including linear bar codes, digital photography, magnetic strips, optical memory stripes and 2-D bar codes. Results from the review determined that smart cards with integrated circuit chips (ICC) were the best option for the TWIC program.

Since that decision, however, a fracas has erupted about whether TSA officials adequately reviewed all available options. Those on each side of the debate vigorously defended their technologies. Each vendor claims that cost, security, capacity and potential uses work to their technology's


Randy Vanderhoof, executive director of the Smart Card Alliance, said vendor complaints represent the disappointment of company officials. "ICC is definitely the standard for secure identity credentials," he said.

TSA's evaluation confirmed what the agency and card suppliers already knew: "The ICC technology was going to come out ahead," Vanderhoof said.

ICC can have multiple technologies such as bar codes or embedded magnetic stripes such as radio frequency identification devices. "Those are either hybrid cards or multitech cards," he said.

Optical stripe technology would surpass ICC if the program called for massive amounts of data storage, such as medical records, Vanderhoof said. But TWIC does not demand that.

Others, including Douglas Morris, vice president of Federal Systems for Laser Data Command Inc. (LDC), assailed TSA's


"The determination of appropriateness [of ICC] is relative," Morris said. "Appropriate to whom? The taxpayer? No. The TWIC user? No. [The Homeland Security Department] and TSA? No. The providers and integrators of expensive, proprietary, foreign-owned, stovepipe, smart card technologies?"

LDC protested the award initially but

relented after meeting with the agency's

inspector general.

Morris is not alone in questioning the integrity of the review.

Consultant Keith Edwards said ICC "is being ramrodded through the acceptance system without having to face the real competition that should have occurred."

"I have no stake in this," said Edwards, who has worked on hybrid cards of ICC and optical stripe.

He pointed to an evaluation conducted in March by Joseph Anlage of American Laser Drives Corporation. Anlage criticized the selection of ICC, but he defended the motives of Maximus.

"I believe it would be impossible to do this without an incestuous relationship somewhere," Edwards said. "I don't think Maximus did anything nefarious."

But vendors of bar code and optical cards have been concerned about the selection of the ICC technology, he said.

Anlage concluded that the Maximus methodology is flawed in three ways.

First, according to Anlage, the Maximus review used "an extremely restrictive definition" of commercial technologies. By its definition, the review restricted consideration to technology from the 1990s. Second, he said, testing conditions were tailored to ICC card technologies. TSA officials measured other card technologies by their ability to emulate the ICC standard, not by their suitability for TWIC. Finally, Anlage charged that the Maximus review did not examine critical card technology capabilities.

"Although TSA's Maximus contract referenced the review of other technologies, no [2-D] bar code technologies were actually evaluated or tested in an operational environment," Morris said.

The discord surrounding TWIC illustrates the challenge government agencies face in assessing the myriad technologies on the market and weighing the pros and cons of each one.

However, according to Rachael Rowland, Maximus' vice president of public relations, "Customers have come to Maximus for years for an unbiased evaluation. The evaluation we did for TSA made no presumption about any of the technologies being tested."

The company used an industry-standard methodology, she said.

"Unfortunately, there are others that would suggest there was a flaw in the methodology," she said. "As you can expect when any technology is compared against others,...there will be those that don't fare so well. We stand behind the results that we delivered to TSA."

TSA officials were not available for comment.

At the American Association of Airport Executives conference in December 2003, TSA and Maximus representatives agreed that they would continue to consider 2-D bar code technologies for TWIC. LDC and other 2-D bar code vendors are continuing to work with TSA and DHS to support contractors, Morris said. They are working to finalize the development of the lowest-cost credentialing mediums for TWIC, Registered Traveler and other DHS credentialing and access-control programs.

"There seems to be a romance with the chip cards, and they can do a lot of good things," Anlage said. "But for secure identification and biometrics, the optical card is a much better platform, and it doesn't cost nearly as much."

The heated debate about card technology misses the more crucial aspect of credentialing. The real challenge is how to make sure the people providing biometric information are who they claim to be, said Michael Mestrovich, president of Unlimited New Dimensions LLC.

"The process one uses to authenticate identity, prior to the issuance of a card to that individual, is where the emphasis should be," he said. "To me, that's where the issue lies, not on the technology of the card itself." He said he found nothing lacking in smart card technology.

Mestrovich is involved in projects for both the Defense Department and TSA.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.