[Senate Hearing 109-1112] [From the U.S. Government Publishing Office] S. Hrg. 109-1112 TRANSPORTATION SECURITY ADMINISTRATION'S TRANSPORTATION WORKER IDENTIFICATION CREDENTIAL (TWIC) PROGRAM ======================================================================= HEARING before the COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION UNITED STATES SENATE ONE HUNDRED NINTH CONGRESS SECOND SESSION __________ MAY 16, 2006 __________ Printed for the use of the Committee on Commerce, Science, and Transportation ---------- U.S. GOVERNMENT PRINTING OFFICE 64-227 PDF WASHINGTON : 2011 For sale by the Superintendent of Documents, U.S. Government Printing Office, Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDDC, Washington, DC 20402-0001 SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION ONE HUNDRED NINTH CONGRESS SECOND SESSION TED STEVENS, Alaska, Chairman JOHN McCAIN, Arizona DANIEL K. INOUYE, Hawaii, Co- CONRAD BURNS, Montana Chairman TRENT LOTT, Mississippi JOHN D. ROCKEFELLER IV, West KAY BAILEY HUTCHISON, Texas Virginia OLYMPIA J. SNOWE, Maine JOHN F. KERRY, Massachusetts GORDON H. SMITH, Oregon BYRON L. DORGAN, North Dakota JOHN ENSIGN, Nevada BARBARA BOXER, California GEORGE ALLEN, Virginia BILL NELSON, Florida JOHN E. SUNUNU, New Hampshire MARIA CANTWELL, Washington JIM DeMINT, South Carolina FRANK R. LAUTENBERG, New Jersey DAVID VITTER, Louisiana E. BENJAMIN NELSON, Nebraska MARK PRYOR, Arkansas Lisa J. Sutherland, Republican Staff Director Christine Drager Kurth, Republican Deputy Staff Director Kenneth R. Nahigian, Republican Chief Counsel Margaret L. Cummisky, Democratic Staff Director and Chief Counsel Samuel E. Whitehorn, Democratic Deputy Staff Director and General Counsel Lila Harper Helms, Democratic Policy Director C O N T E N T S ---------- Page Hearing held on May 16, 2006..................................... 1 Statement of Senator Inouye...................................... 2 Prepared statement........................................... 2 Statement of Senator Pryor....................................... 14 Statement of Senator Stevens..................................... 1 Witnesses Cummings, George P., Director of Homeland Security, Port of Los Angeles, City of Los Angeles Harbor Department................. 17 Prepared statement........................................... 19 Himber, Lisa B., Vice President, Maritime Exchange for the Delaware River and Bay; Vice-Chair, National Maritime Security Advisory Committee (NMSAC)..................................... 20 Prepared statement........................................... 22 Jackson, Hon. Michael P., Deputy Secretary, Department of Homeland Security.............................................. 3 Prepared statement........................................... 5 Willis, Larry I., General Counsel, Transportation Trades Department, AFL-CIO............................................ 27 Prepared statement........................................... 28 Appendix American Trucking Associations, Inc. (ATA), prepared statement... 41 Kneeland, James, Director, Project Management Office, Florida Department of Highway Safety and Motor Vehicles; and Florida Highway Patrol Colonel Billy Dickson (Retired), Florida UPAC TSA Liaison, joint prepared statement.......................... 43 Response to written questions submitted by Hon. Daniel K. Inouye to Hon. Michael P. Jackson........................................ 49 Response to written questions submitted by Hon. Ted Stevens to: George P. Cummings........................................... 55 Lisa B. Himber............................................... 52 Hon. Michael P. Jackson...................................... 49 TRANSPORTATION SECURITY ADMINISTRATION'S TRANSPORTATION WORKER IDENTIFICATION CREDENTIAL (TWIC) PROGRAM ---------- TUESDAY, MAY 16, 2006 U.S. Senate, Committee on Commerce, Science, and Transportation, Washington, DC. The Committee met, pursuant to notice, at 10:40 a.m. in room SD-562, Dirksen Senate Office Building, Hon. Ted Stevens, Chairman of the Committee, presiding. OPENING STATEMENT OF HON. TED STEVENS, U.S. SENATOR FROM ALASKA The Chairman. Well, we apologize. It's hard to set the time for commencing a hearing now, with the process we're going through on the immigration bill. We do thank you very much. We want to welcome the witnesses who will appear before the Committee, and thank them for their willingness to participate in this hearing. The purpose of our hearing is to examine the status of TSA's Transportation Worker Identification Credential, commonly known as the TWIC program. The emphasis of our discussion will be to review policy and management issues that have prevented TSA from fully launching this program. The Commerce Committee first authorized the Transportation Worker Credential in the Aviation Transportation Security Act of 2001, then again in 2002 and 2004, when the Committee developed and reauthorized the Maritime Transportation Security Act. These laws authorized the development and issuance of biometric security cards to transportation workers who satisfied background checks for entry to secure areas in the maritime as well as secure transportation facilities. In authorizing the TWIC program in each of these measures, this committee recognized that our ability to secure the Nation's ports hinges upon our ability to verify, in a timely manner, the identity of port workers and prevent unauthorized access to secure maritime areas when necessary. The current inability of port operators to identify who's on their property at any given time should be considered a significant security vulnerability that must be addressed immediately. Evidence of the need to verify the identities of workers at our ports occurred in my home state in 2003 during the 2-day lockdown of the Alyeska Pipeline terminal at the Port of Valdez during a heightened terrorism alert. Terminal officials spent hours sifting through the employee documentation databases in an effort to determine who was on the port premises. Had the TWIC program been in place, officials would have been able to quickly determine which employees were authorized to be in secure areas of the terminal, which would have allowed officials to focus on the threat situation. Despite a stipulation among stakeholders that interoperable TWIC programs would significantly enhance security at the Nation's ports, the program has experienced internal and external challenges. While TSA has struggled with timely decisionmaking, vendors, port authorities, states, and other stakeholders have complained about the lack of communication. Secretary Chertoff announced, on April 25, that DHS would begin conducting name-based background checks on the initial group of 400,000 maritime workers throughout the U.S. This is an encouraging step toward full realization of the program, but it has been over three and a half years since Congress first authorized the Transportation Workers Credential. Therefore, Senator Inouye and I have introduced, along with 40 other cosponsors, a bill that would set a hard deadline for TSA to launch the program. We believe the program is too vital to port security to risk more delays. We look forward to seeking answers in questions today. We thank you very much for coming. I want to state that I have examined both the Los Angeles Port and the Seattle Port, and had a full briefing in Seattle of their security measures. They're very costly security measures, I might add. And so, we can understand some of the delay. Senator Inouye? STATEMENT OF HON. DANIEL K. INOUYE, U.S. SENATOR FROM HAWAII Senator Inouye. Well, I thank you very much. As you've indicated, Mr. Chairman, this program has been plagued by cost overruns and missed deadlines, and has produced few positive results. A background check program, for example, of truck drivers driving hazardous materials has been criticized for its poor conception and high cost. The program for the maritime sector, by most accounts, is still at least 2 years away. And I join the Chairman in offering our assistance in bringing this matter to some resolution. There are many people who are nervous about this, and I commend you for what you're doing, but I think you need some of our help. Thank you very much. May I have the whole statement made part of the record? The Chairman. Without objection, yes, sir. [The prepared statement of Senator Inouye follows:] Prepared Statement of Hon. Daniel K. Inouye, U.S. Senator from Hawaii Following the attacks on September 11, 2001, the Congress recognized that it not only had to improve the security of the Nation's transportation infrastructure, it had to improve the security of its transportation workforce as well. The Transportation Workers Identification Credential (TWIC) program was specifically created to provide thorough and efficient background checks of all transportation workers, yet 5 years later, the program has made very little progress. As required by the Aviation and Transportation Security Act (ATSA), the Administration was able to conduct hundreds of thousands of background checks on airline employees in a relatively short time period. This speedy effort to evaluate aviation workers helped restore the traveling public's confidence in commercial air service and helped minimize the economic damage. As a result, air travel continues to expand and is now in greater demand than at any previous point in aviation history. Because of the Congress's direction and the tragedy's impact on the economy, the Administration acted with an extreme sense of urgency in the immediate, post-September 11 environment when it came to aviation. That sense of urgency has all but disappeared for other modes, and the Administration's work on TWIC proves it. The program has been plagued by cost overruns and missed deadlines and has produced few positive results. The background check program for truck drivers driving hazardous materials has been criticized for its poor conception, redundancies, and high costs. The program for the maritime sector, by most accounts, is still at least 2 years away from being deployed. There have been no successful attacks on our transportation systems since September 11, and while that is obviously laudable, it is no guarantee of future success. The TWIC program is an important component of our transportation security system, and it must move forward. It has remarkable potential to eliminate key vulnerabilities and improve operational efficiency. This potential can only be achieved if the requisite sense of urgency is restored. If the Transportation Security Administration (TSA) cannot motivate itself to turn TWIC around, then it will be up to Congress, through far more vigilant oversight, to provide the motivation. Too much time and money have been wasted already. The Chairman. And your statement will appear in the record in full, Mr. Jackson. We thank you very much. We're going to hear first from Michael P. Jackson, the Deputy Secretary of the Department of Homeland Security. Thank you, sir. STATEMENT OF HON. MICHAEL P. JACKSON, DEPUTY SECRETARY, DEPARTMENT OF HOMELAND SECURITY Mr. Jackson. Mr. Chairman, thank you very much for having me here today. And, Senator Inouye, thank you for your support, as well as that of the Chairman, for this important program. I know of the work of this Committee from my time as Deputy Secretary of Transportation, and I know of the founding-father role that was played in this Committee to help make TWIC an important priority for this Nation. I will tell you that Secretary Chertoff, myself, the TSA share this commitment. The Coast Guard has to participate; it shares this commitment. CBP is in a supporting role; and they share this commitment. We did a review, when Secretary Chertoff came onboard, of things that needed doing that were taking too long. This was definitely on the list of those topics. We have done a thorough scrub of the pilot phase of this. I will say that it was harder than perhaps was anticipated at first, and more complex. We have integrated the work that's being done here to other Federal programs and other standard-setting activities so that we have a solid base technologically and operationally by consulting with our stakeholders in this. But I will tell you today that this has the highest priority commitment of the Department for a deployment that we will say will begin this year in issuance of TWIC cards for maritime workers. So, Mr. Chairman, I'll just be very brief in providing a top-line overview, and then be happy to answer questions about how we'll make good on that commitment. What I would tell you is just a brief word about the context for this. The legislation that you're working on in the maritime world, and our discussions of maritime security, have this placed into a context. We're worried about--four things that we're worried about: ships, workers, cargo, and facilities. And we're worried about having to find good tools to use--or we're focused on finding good tools to use in those four categories at home and abroad. So, ships, cargo, people, facilities. This discussion of bringing greater clarity to who is having unescorted access to our port facilities is an absolutely crucial component of that overall mix of the layered system of systems that we need to bring to the maritime domain. I would just say that the way to get this out on the street and operating begins with a rulemaking process and a procurement process. It is leveraging the significant work that we've done as a pilot with three state areas and multiple facilities within those areas. We will start with a procurement that's--I mean, a piece of regulatory work that's on the table right now at the Federal Register. This lays the framework for how we integrate the Coast Guard programs, and they're responsible, under the maritime security regime, MTSA, and how this TWIC process fits into it. That's a NPRM that will have a relatively quick turnaround. We hope that will allow us, this summer, to get a final rule out on the street and have the architectural framework of how we will implement this, clear and certain, for all of our constituents in the private sector. Second, we will undertake a procurement which we have launched. Today we will put out a solicitation for qualified candidates to allow us to narrow the field of candidates that will be capable of helping us manage some of the core work of the TWIC deployment. So, the combination of rules and the procurement to get the private-sector partner necessary to help us integrate this will give us the core elements of moving forward. What that procurement does is allow us to have a single integrator that will help work issues, from the capture of biometric identifiers and the data that's needed for enrollment through the process of managing the vetting and integration of the data management to check for the various areas of security clearance, which are criminal history record checks, terrorist watch-list checks, legal immigration status, outstanding wants and warrants. So, we will have that integration. We will pass off the decisions to TSA to approve or disapprove any questionable cases, and we will then manage a card production and distribution cycle. So, these are the core moving parts of what we need as tools to get this done, and we're committed to moving these at the very fastest pace consistent with discipline, economic and effective procurement, and regulatory work. So, perhaps, sir, that--I would just stop with that brief overview of the moving parts. My written testimony describes this in more detail. And I'd be grateful, honestly, to help you unpack this in any way that would be useful. I would just say, in conclusion, that we do very much appreciate the focus that this Committee brings to pressing on the urgency of TWIC. I will tell you the leadership team, again, shares that very much. [The prepared statement of Mr. Jackson follows:] Prepared Statement of Hon. Michael P. Jackson, Deputy Secretary, Department of Homeland Security Good morning Chairman Stevens, Co-Chairman Inouye, and distinguished members of the Committee. Thank you for this opportunity to speak with you about the Transportation Worker Identification Credential (TWIC) program. The good news is that we are finally rolling this program out: two rulemakings and a procurement are now under way. I am particularly grateful to this committee for its leadership in defining a vision and requirements for TWIC. In my previous position as Deputy Secretary of the Department of Transportation, I saw firsthand the commitment of the members of this committee to TWIC. I think what DHS has done with our TWIC pilot test has produced real value--added by helping us create a program that will achieve our security goals, while also making good business sense. As we begin deployment, DHS will be building essential tools that we can use to streamline and coordinate credentialing and screening programs throughout the Department. The two rulemakings that we have just initiated will align our current maritime security regulations with the framework of the TWIC program and credential. The procurement that we have announced seeks a single integrator to perform both the intake function of processing applicants for cards and also managing important parts of the data integration system. This system will connect each step in the credentialing process from intake, to background check, to card issuance. These rulemakings and procurement are the key steps to launching the TWIC program as a lynchpin of port security. We must know who has access to our ports and must have the ability to deny access to those who pose a security threat. Fundamental to our approach as we implement these steps to improve port security, is our commitment to do so without adversely affecting, either economically or logistically, our international trading system. My testimony today will cover the following points:The Coast Guard's recent rule change on biographic background checks--we are not waiting for the full TWIC roll- out but intend to get initial security benefits immediately; The rulemakings and their alignment with both the Maritime Transportation Security Act (MTSA) and the Merchant Mariner Credential; and The TWIC program framework, business model and implementation plans. Background Maritime security is an important part of our overall homeland security. TWIC will be a key component in a layered security system. It will complement our efforts both at home and abroad including cargo security tools, radiological and nuclear detection, the Customs-Trade Partnership Against Terrorism, the Container Security Initiative, and MTSA port facility programs. Security cannot be delivered via a single, silver bullet solution. This is particularly true with regard to the maritime sector. There, a layered system of security is needed to deal with the vast scale of the global system in which security responsibility is shared, where there is a multiplicity of private- sector actors that have primary responsibility for implementing and performing most of the frontline security duties, and where the interests of numerous foreign governments must be addressed. Domestically, an estimated 750,000 workers currently have unescorted access to our ports. To secure the 361 domestic port facilities, the Coast Guard, working with port operators, has approved the designation of certain ``secure areas'' within each maritime facility and vessel to which longshoremen, truckers and vessel crews would need a secure biometric identification credential in order to be granted unescorted access. The TWIC deployment includes accelerated and parallel rulemakings by both TSA and Coast Guard. It also includes a much needed procurement to help launch the operational program. Secretary Chertoff has given his team instructions to get this done as quickly as possible. This tool will add another valuable layer of security to domestic port operations and will strengthen overall supply chain security. Coast Guard Requires Interim Step of Biographic Background Checks As a significant prelude to the final rollout of TWIC, the Coast Guard has exercised its legal authority to publish a notice requiring approved identification credentials for access to MTSA-regulated facilities. For certain credentials, this involves a preliminary biographic background check. The Coast Guard and TSA consulted with our industry partners to develop a process that compares a worker's biographical information against our terrorist watch lists and immigration databases. TSA has already begun to conduct these background checks, and any workers who pose a security risk will be denied access to these facilities. The process is straightforward. Facility owners, facility operators and unions seeking a background check will submit an individual's name, date of birth, and, as appropriate, alien identification number to the Coast Guard. To speed up the review process, an individual's Social Security number may be submitted, but is not required. This information will allow TSA to vet workers against terrorist watch-lists through the Terrorist Screening Center. Moreover, these checks also include a review of a worker's immigration status, conducted by the U.S. Citizenship and Immigration Service using its Central Index System. As with other sectors of our economy, we will not tolerate the employment of illegal workers at our Nation's ports or within any part of the maritime infrastructure. This initial round of background checks, for which we have already begun to receive names, will cover an estimated 400,000 port workers and will focus first on employees and longshoremen who have daily access to the secure areas of port facilities. Aligning Current Maritime Security Requirements With TWIC Following enactment of MTSA in November 2002, the Coast Guard issued a series of general regulations for maritime security. Those regulations set out specific requirements for owners and operators of vessels, facilities, and Outer Continental Shelf facilities that had been identified by the Secretary as posing a high risk of being involved in a transportation security incident. Accordingly, owners and operators of these vessels and facilities were required to conduct security assessments, create security plans specific to their needs, and submit the plans for approval to the Coast Guard by December 31, 2003. All affected vessels and facilities are required to have been operating in accordance with their respective plans since July 1, 2004, and are required to resubmit plans every 5 years. Each plan requires owners or operators to address specific vulnerabilities identified pursuant to their individual security assessments, including controlling access to their respective vessels and facilities. Most significantly, MTSA regulations require owners/ operators to implement security measures to ensure that an identification system is established for checking the identification of vessel and facility personnel or other persons seeking access to the vessel or facility. In establishing this initial identification system, owners/ operators were directed to accept identification only if it: (1) was laminated or otherwise secure against tampering; (2) contained the individual's full name; (3) contained a photo that accurately depicted the individual's current facial appearance; and (4) bore the name of the issuing authority. The issuing authority had to be a government authority or organization authorized to act on behalf of a government authority, or the individual's employer, union or trade association. There was no requirement that the identification be issued pursuant to a security threat assessment because there was no existing credential and supporting structure that could fulfill the needs specific to the maritime environment at the time those regulations were created. Now that the credential and supporting structure for TWIC has been developed, it must be integrated into this pre-existing security program though amendments to the current regulations. While not prejudging the rulemaking process, I can state that we generally expect to adhere to the procedures that TSA has used to regulate the licensing of drivers who transport hazardous materials. The Merchant Mariner Credential. Because MTSA in essence requires the TWIC for all U.S. merchant mariners, the Coast Guard took this opportunity to revise its merchant mariner credentialing system to streamline the process and remove any duplicative requirements that would exist as a result of the TWIC rulemaking. This was done through a separate rulemaking that will publish simultaneously with the TWIC rulemaking. Under the current regulatory scheme, the Coast Guard may issue a mariner any combination of 4 credentials: (1) Merchant Mariner Document (MMD); (2) License; (3) Certificate of Registry (COR); or (4) Standards of Training, Certification, and Watchkeeping (STCW) Endorsement. The License, COR and STCW Endorsements are qualification credentials only. Only the MMD is an identity document, and none of the current mariner credentials contain the biometric information required under MTSA. Because of this, the Coast Guard has drafted a proposed rule that would combine the elements of these 4 credentials into one certificate called the Merchant Mariner Credential (MMC). The MMC would serve as the mariner's qualification credential, while the TWIC would serve as the mariner's identification credential. Mariners would have to have a TWIC before they could be issued an MMC. To further ease the burden on mariners who now must appear at one of 17 Coast Guard Regional Examination Centers (RECs) at least once in the application process, the Coast Guard and TSA have come to an agreement to share information submitted in the TWIC application process. As proposed in this MMC rulemaking, TSA would provide the Coast Guard with electronic copies of the applicant's fingerprints, proof of identification, proof of citizenship, photograph, and if applicable the individual's criminal record, FBI number and alien registration number. This information would then be used in reviewing the applicant's safety and suitability for the credential and the Coast Guard would not conduct an additional security threat assessment. Applicants would no longer be required to visit an REC unless they had to take an examination. This proposed change is expected to result in cost savings to the public as much of the inland population currently must travel great distances to reach an REC. The consolidation of qualifications credentials and a further streamlining of other mariner regulations is a positive and meaningful development that will ensure that no mariner is required to undergo more than one security threat assessment or criminal background history check. The TWIC Program National security interests require that individuals seeking unescorted access to MTSA regulated vessels and facilities be properly identified and undergo appropriate security vetting. Furthermore, facilities and vessels need a reliable tool for identifying those individuals who have been granted such access. For that reason, TSA has been developing the TWIC, which is a 21st century identification card for transportation workers. The TWIC card will include biometric technology that is intended to make it virtually impossible for the card to be used by anyone other than the person to whom the card was issued. Although implemented only in the maritime sector now, in time TWIC is expected to streamline the background check procedure across our Nation's transportation system. The TWIC maritime program has been designed to satisfy the following mission goals: Identify authorized individuals who require unescorted access to secure areas of MTSA-regulated facilities and vessels; Determine the eligibility of an individual for access through a security threat assessment; Ensure unauthorized individuals are denied access through biometric confirmation of the credential holder; Revoke immediately access for individuals who fail to maintain their eligibility; Apply privacy and security controls to protect TWIC information; and Fund the program entirely by user-fees. To achieve these goals, TSA and the Coast Guard promulgated a joint TWIC notice of proposed rulemaking (NPRM) for the maritime sector. Under Secretary Chertoff's direction, the joint rulemaking process between the Coast Guard and TSA has been accelerated. Both the NPRM as well as the Coast Guard's rule on the Merchant Mariner Card were sent to the Federal Register on May 10 and it has been posted on TSA's web page. Under the joint rule, the DHS, through the Coast Guard and TSA, formally proposes to require that all U.S. merchant mariners and all persons who need unescorted access to secure areas of a regulated facility or vessel must obtain a TWIC. In order to obtain a TWIC, individuals will be required to undergo a security threat assessment conducted by TSA. TSA, in conducting those security threat assessments, will use the procedures and standards similar to those that apply to commercial motor vehicle drivers licensed to transport hazardous materials within the United States. It is anticipated that program implementation will begin at the end of 2006. TSA has already tested the technology and the business process required to implement the TWIC. During the testing phase, which ended in June of 2005, more than 4,000 of these credentials were issued to transportation workers at 26 locations in six states. We have proven that this technology can work in the field. Scope. We expect these cards will eventually be issued to about 750,000 workers who have unescorted access to secure areas of MTSA- regulated maritime port facilities and vessels. TWIC cards will be required not only for port facility workers, but for anyone who seeks unescorted access to secure areas of a MTSA regulated facility or vessel, regardless of frequency, such as certain crew members, truck drivers, security guards, and rail employees, as well as all U.S. merchant mariners who hold an active U.S. Merchant Mariner's License (License), Merchant Mariner's Document (MMD), Certificate of Registry (COR), or STCW Endorsement. Future rules would be required to incorporate additional sectors (modes) of the transportation population such as air and rail. Security Threat Assessment. The security threat assessment for TWIC will include a review of criminal, immigration, and pertinent intelligence records to determine whether the individual poses a threat to transportation security. As previously noted, the TWIC process will mirror that of the Hazardous Materials Endorsement (HME) regulations and will integrate with them. TSA first issued regulations to implement security threat assessment standards for HME applicants--TSA's hazmat rules--in May 2003 and subsequently amended those regulations based on comments received from the states, employers and affected drivers. TSA's hazmat rules establish standards concerning criminal history, terrorist activity, mental capacity, and immigration status to determine whether a driver poses a security threat and is qualified to hold an HME. Drivers who have been convicted or found not guilty by reason of insanity for certain crimes in the preceding 7 years, or have been released from incarceration for those crimes in the preceding 5 years, are deemed to pose a security threat and are not authorized to hold an HME. Drivers convicted of certain particularly heinous crimes, such as espionage, treason, terrorist-related offenses or severe transportation security incidents, are permanently banned from holding an HME. In addition, drivers who have been involuntarily committed to a mental institution or adjudicated as mentally incapacitated are considered to pose a security threat that warrants disqualification from holding an HME. Aliens are not prohibited from obtaining an HME. The hazmat rule permits individuals who are in the United States lawfully and are authorized under applicable immigration laws to work in the United States to hold an HME upon completion of a satisfactory TSA security threat assessment. As set forth in the hazmat rules, an applicant's immigration status is reviewed and TSA conducts a security check of international databases through Interpol or other appropriate means. Right of Appeal. TSA will establish a comprehensive TWIC redress process under which individuals will have the opportunity to appeal an adverse determination or apply for a waiver of the standards. TSA's current hazmat rules include appeal and waiver procedures to ensure that no driver is wrongfully determined to pose a threat, and to provide individuals who are disqualified from holding an HME the opportunity to show rehabilitation, where applicable. Similar procedures are proposed for TWIC. Technical Standard. The TWIC technical architecture does not conflict with HSPD-12 and FIPS-201 requirements and will provide an open standard that will ensure interoperability and real-time exchange for supply chain security cooperation between the Department and the private sector. Funding. Initial costs of implementing TWIC will be borne by the Department's budget as we bring the outside integrator on board and transition current DHS system to the contractor. After that initial, transition stage, all costs of the program will be borne by TWIC applicants. TSA will take into account the fees paid by HME holders and merchant mariner applicants to ensure that duplicate threat assessments are not performed and duplicate fees are not collected. Nevertheless, there will be some additional fees associated with the cost of actually issuing and activating a TWIC to this subset of applicants that they will have to bear. Rulemaking Outreach. We know it is of vital importance to reach out to stakeholders and use their input to shape this program and rulemaking. Informal discussions have taken place already as we completed the TWIC pilot phase. Going forward, TSA and the Coast Guard will hold public meetings over the next few months in Newark, NJ; Tampa, FL; St. Louis, MO; and Long Beach, CA. Interested individuals will be invited to attend, provide comments and ask questions about the proposed rule. TSA and Coast Guard will provide exact locations and other additional information about the meetings in another Notice to be published in the Federal Register. Integrator Procurement. The Department will conduct a full and open competition for one integrated solution for the TWIC implementation. TSA intends to issue a new solicitation for TWIC enrollment services and the operations of the integrated data management system, including system maintenance. This will streamline the contracting and implementation process by identifying one party to fit all the pieces together into an effective, integrated security process. TSA has assessed alternative business models for TWIC implementation, and based on a full review of the total system time, risk, and cost of other options, has decided to go forward with a single integrator model. Timing. Under the current time-frame, it is anticipated that DHS will begin to issue TWIC cards to workers at the first group of ports before the end of this year. We will work with the enrollment vendor and our port industry partners to select appropriate enrollment locations to serve all U.S. ports. We will rate each location against a variety of factors to assess criticality, population, and infrastructure to determine the best priority for enrollment, taking into account the cost and potential efficiency of conducting enrollments in several ports in the same region of the country at the same time. The steps we are taking will be yet another boost to the security of our port facilities and vessels. It's an effort which, when completed, will assure our citizens that those people who have unescorted access to secure areas of these port facilities and vessels have been screened to make sure that they are not a security threat. I appreciate the keen interest that this Committee has in an effective implementation of TWIC, and I thank you for your support. Mr. Chairman, this concludes my testimony and I'm pleased to answer any questions that you may have. The Chairman. That's very fair. Thank you very much for making it short. We have, already, a system in place for the Hazmat clearances through FBI, which the truckers pay for. Now, will this be a redundant fee they have to pay to get the TWIC screening process? Mr. Jackson. No. In fact, if you have a Hazmat certificate that has already allowed us to do the background investigation components, then you would be able to achieve a TWIC at a reduced rate. The Chairman. So, if the hazardous material handlers have that Hazmat certificate by the FBI, they will be all right. Mr. Jackson. They would still have to get a card, so they would pay a fee for the card and would go through the enrollment process, but the card would be less expensive to them, because we would not need to replicate those portions of the background work that have already been done in order to give them the Hazmat license. So, we're handing out a new identifier, which wasn't done with the Hazmat review. The Chairman. Are there any restrictions for the TWIC that will not be required for Hazmat? Mr. Jackson. On the criminal history background check, we have aligned in our NPRM the requirements for the hazardous material and the TWIC for maritime world. So, the same type of offenses that would exclude you from getting a hazardous materials certification would exclude you from the TWIC card. That is a subject of our Notice of Proposed Rulemaking, so we're soliciting comments from the industry about whether, and to what extent, those two should remain in perfect alignment. But we have gathered that data on the TWIC--I mean, on the hazardous material---- The Chairman. Will the cards be valid for the same period of time? Mr. Jackson. Under the--the TWIC card is substituting for the hazardous material, with a new biometric card. And so, it's not a substitute for the hazardous material; it's a--that is, in essence, a--an addition to your commercial driver's license certification. The Chairman. So, the Hazmat endorsement does not require biometric clearance? Mr. Jackson. It does. But--fingerprints, yes, sir. So, for example, that would be another example of: if we've taken your fingerprints for Hazmat, we don't need to take them again for TWIC. The Chairman. We're going to a series of clearances that your Department is going to handle--Secured Flight, Registered Travel, TWIC--and you'll be running into things like Hazmat and other entities. Is there any chance to get them all together so that a person who's going to be in three different zones will be able to have just one card? Mr. Jackson. Yes, sir, and that's an excellent question. We are trying to find an architecture and, where possible, cards that will give us multiple uses. For example, we have the TWIC program, but we also have border-crossing cards: NEXUS, SENTRI, FAST. We have our Western Hemisphere Travel Initiative requirement for a card that would allow for border crossings. We have potential Registered Traveler Programs domestically and internationally. There are a multiplicity of biometrically- enabled cards that are contemplated for the transportation and overall security world, which we hope to be able to bring together. I'll give you just one example of how we do that administratively as we're intending to create a common area for appeals, one common place so that we can have the most efficient and customer-friendly place to go to get problems cleared for these kind of cards if there's a concern, a question, or an issue about background clearance. The Chairman. Well, we've got a little problem at the floor right now with an immigration bill. A lot of the people here, are they going to be involved in immigration issues? Mr. Jackson. The idea is that we would use this same set of tools and capabilities. If, as the President has requested, the Congress approves a temporary worker program, it would require the same type of biometrically-enabled card, so the same essential data architecture that we are using for TWIC will be a precursor for how we could handle what would be a large inflow of background investigation and card issuance that would have to be associated with that program. Yes, sir, we are trying to align this multiplicity of unaligned programs and tools as best we can and as fast as we can. The Chairman. I think we know it's an enormous problem, but there have also been enormous delays. We started this in 2001, as I said in my opening statement. And now we're approaching midpoint in 2006. Are we on top of any of the problems that have caused the delays in the past? Mr. Jackson. I think we are, sir. The--I'm going to say two things. I want to just state up front that I share your frustration, and I may have kicked your frustration up a notch internally inside the Department. I think that we have taken too long to get this done. We're committing to you to make this a priority. We believe we have cut through issues necessary to get there. We have requested a little bit of flexibility recently from our appropriators to do some reprogramming necessary to make this work. But we're going to make this a priority. We share your sense that it's taken too long. I will say, in the defense column, this has been more complex, due to the proliferation of technologies and standard- setting processes that are underway. We have tried to align this with the Federal Information Processing Standard, the so- called FIPS-201. There's a government-wide smart-card standard- setting process which will be completed this year, and which will drive this same type of technology for access to Federal facilities. And what we wanted to do is make sure that, as we created this massive TWIC deployment here, and then subsequently in other modes, that we were aligned with what the Federal Government was doing. We are similarly aligned with a Presidential Directive under HSPD-12, Homeland Security Presidential Directive 12, that sets requirements for biometric and technology standards associated with this world of activity. So, we are trying to get the whole Federal Government's programs that are doing similar things into a technical alignment. That took some not considerable--a considerable amount of work. Then we have tried to work with ports and the industry to make sure that we are not big-sticking them and not understanding their business operational needs in this--and requirements--for making this work well, so that we do not cause their businesses to implode. We are committed, on an ongoing basis, to continuing that dialogue. That has eaten up some time. I'm telling you that, despite those issues, we could have, and should have, moved faster. I will concede that to you. But we are moving at a forced march right now, and we're not going to let up. The Chairman. Well, then, last, let me ask you probably an unfair question. Did you explore the concept of having a private firm take on this whole thing and be an agency to produce the proof that is needed in all these areas, whether it's Hazmat or this TWIC or other areas like the traveler card would be? Mr. Jackson. The---- The Chairman. It does seem to me that each agency is going to be going through this same process, and yet there ought to be some area out there where they have people who have the experience and know-how that could take on the job. It looks like the amount paid for the card would pay for that service. Am I wrong? Mr. Jackson. It is not an unfair question at all, and we have looked very closely at this. And I will tell you, it is around the nexus of the issues you just raised that we have made some fundamental changes under Secretary Chertoff's direction in how we will implement this program. We had, I'm going to say, earlier at the Department, a more government- centric concept of operations of how this would work. In this model that we have published our regulations to implement, and which we will be soliciting outside industry support to help integrate, we have a better partnership that leverages the capabilities. And I might just take 1 minute to walk through what this looks like. We have to go around to 300-plus ports and find locations to set up intake systems. We have to find space. We have to go in and enroll individuals. And, for this purpose, we will have an outsourced contract. We'll be in a partnership to make sure that the firm finds real estate, sets this up. It's-- -- The Chairman. Why don't you just turn it over to a private firm to do it? Mr. Jackson. That's exactly what we're doing, sir. We're contracting that out. The Chairman. But you're saying, ``We've got to find these spaces.'' Mr. Jackson. We don't. We're giving that to the private sector to do that job. So, then we'll work with them to take the data and manage it through the process of approval. Some of that is inherently governmental. Making the nexus between the FBI data, the criminal history record checks, there is an inherently governmental component to this operation. We're going to outsource a substantial amount of this work in close partnership that allows us to protect privacy, to manage the program, and to get the results. The Chairman. Thank you. Senator Inouye? Senator Inouye. Mr. Secretary, if I may, I'd like to follow-up on the questioning by the Chairman. Last evening, the President addressed the Nation on the immigration problem, and he set forth as one of his elements there that he will have a biometric-type identification system which is foolproof to counter the large amount of counterfeit cards that are being produced. And when I read your testimony, I thought, ``I think the President's got troubles here,'' because your agency awarded, to BearingPoint, this contract, and the pilot program contract was set forth to include 75,000 workers at a cost of $12.3 million. However, it ended up with 1,657 cards, costing $22.8 million. That's what we have received from your agency. This project was over-budget, under- subscribed. But you seem to suggest that this was a very successful pilot program, even if only 1,657 cards were used. Can you tell us why? Mr. Jackson. We did issue a larger number than that. The number that I've been told is about 4,000, but it was intended, in Florida, in the Delaware River Basin area, and in the L.A./ Long Beach area, to be a more restricted pilot so that we could get an experience with the technology. We, unlike the deployment, where it will be a fee-based system--in other words, the people who get the cards pay the cost of the cards--this pilot was a totally government-funded exercise to help us understand the problems and complexities of doing this in the field. And it was also an exercise that required building the backroom technical operating platform to manage the distribution of those cards, to pass off the clearances to the multiple Federal agencies that would have to pass on the suitability of a candidate. So, we were building a backbone and a technical architecture to help manage the larger deployment. That was what the BearingPoint contract was, in part, intended to support. Senator Inouye. Was the budget doubled? Mr. Jackson. I'm sorry? Senator Inouye. Was the cost doubled? Mr. Jackson. The cost was--I believe that we have spent about--on--total on this to date, about $61 million through 2005. We have about another, I believe, $4.6 million in the budget this year. So, as we move forward, this becomes a fee- based driven system, and the deployment will be paid for based upon the charge associated with purchasing a TWIC card. Senator Inouye. Under this cost arrangement, what do you think it will cost to produce 2 million biometric identification cards for immigrant workers? Mr. Jackson. We have not done a cost estimate on the immigrant worker program, on the temporary worker program. I can give you a comparison in this area for port workers, and it will be a slightly different type of background investigation, and certainly a different distribution model in how we handle the distribution. But for the TWIC card, there is a preliminary estimate, as part of our regulatory process, that says about $139 for a TWIC card. Senator Inouye. Well, how does it compare with the pilot project? Mr. Jackson. The pilot project, we didn't charge individuals for the card. We covered the whole cost as a start- up program in the Federal Government out of a Federal appropriation. Senator Inouye. That cost about $25 million for 4,000 cards? Mr. Jackson. I can get the--I can get the numbers for you, sir, to be more specific. Senator Inouye. I'm concerned, because eventually this committee will have to come up with numbers that the people of the United States can understand. Mr. Jackson. As we roll-out--if we were to do the temporary worker program, which the Department strongly supports and the President strongly supports, we would have an economy of scale here that would allow us, we think, to drop the cost of the card production part of that equation down. There has been a variety of conversations about fees, fines, registration, others associated with the immigration bill's look at temporary workers that would be funneled into the fee issue, as well as the cost of production. Senator Inouye. The Chairman is from Alaska, and I'm from Hawaii. And so, the Merchant Mariner Document, MMD, is very important to us. Now you have your TWIC program, and the Coast Guard is involved in the Merchant Mariner Document. Right now, we need more seamen. Is there going to be a mix-up or some seamless process whereby we won't have to take 6 weeks or 8 weeks to issue a card? Mr. Jackson. Yes, sir. We will make this a seamless integration. And this is part of what the aligned rulemaking of the Coast Guard and the TSA seeks to accomplish. Right now, there are several credentials--the Merchant Marine Document, the license, the Certificate of Registry, and the Standards Training Certification for Watchkeeping--everything has an acronym, the so-called STCW endorsement. These are credentials. And what the Coast Guard has proposed is one Maritime Mariner Document which would allow us to take the work that we've done to issue these certifications and issue an actual biometric identifier. And the TWIC is that identifier. So, the Coast Guard, right now, has, I'm going to say, a little bit more burdensome process. They have, I believe, 17 processing centers that mariners have to go to. What we would be able to do is allow mariners to go to a broader swath of intake facilities that will be operating on a permanent basis as TWIC continues and to complete their enrollment in an integrated fashion. This would give them unescorted access to port facilities, and it would allow the Coast Guard to add those certifications, qualifications, and standards proof that they need to that document. Senator Inouye. You've indicated that it is very difficult to have a name-based background check. And how much easier is fingerprint background checks? Mr. Jackson. What we're doing is, we're combining both name and fingerprint-based background checks. What we have done to begin to get a start on the ramping-up of security in ports is to work through a process of managing name-based record checks prior to the actual distribution of TWIC cards in ports around the country. This, we estimate, is--some 400,000 individuals would go through this process. We've got a notice on the table, and the industry is required, by early next month, to have the names back. We're already receiving names. We've done a pilot program of testing names for this. And what this allows us, basically, to do is check citizenship status and whether or not the individual is on the terrorist watch list or on a terrorist list that we're concerned about. So, that is a--I'm going to say, a--an early installment on trying to improve the security associated with individuals moving in and out of port facilities. And that's underway. And we expect that to be completed for that first population pool this summer. Senator Inouye. Well, I wish you the very best, sir. Mr. Jackson. Sir, it's a complex task, but we're committed to making it work, and we appreciate the support that you've given us to keep our feet to the fire. The Chairman. Senator Pryor? STATEMENT OF HON. MARK PRYOR, U.S. SENATOR FROM ARKANSAS Senator Pryor. Thank you, Mr. Chairman. Let me, if I may, Secretary Jackson, follow up on what Senator Stevens, and Senator Inouye have been asking about, and that is, I'm a little confused, I guess, on why it looks like we're heading down the path of having both the TWIC program and also the HME, the Hazmat program. It seems that both have identical security assessment and disqualifying offenses. Why have both? Mr. Jackson. The hazard materials certificate requirement compels individuals who drive trucks with hazardous materials to go through this background review. But not all people who enter a port drive hazardous materials and, therefore, have that certification. Senator Pryor. But don't they have the identical factors that you look at for both? Mr. Jackson. We are substantially aligning these two. And, in fact, you're absolutely on point, sir, we are actually going to give a discount to people who have a current hazardous material certification so that we will not have to repeat the work that we've done to check their background, to check the watch list. The work that's been done for them will be retained, leveraged, and integrated to this program so that if you've been through that process, you have a lower cost. But, in this case, we're actually giving you a credential, rather than a certification for your driver's license, that you're-- that you have a hazardous material certification. So, you now have this card, biometrically-enabled, capturing your fingerprints, that would allow you to enter a port. It's also the case that many truckers who do access work in and out of ports on an unescorted basis will need these, in addition to truck drivers who have had the hazardous materials. So, we have some hazardous material drivers who never go in a port, they need this program of their own; others who are entering into the port terminal who don't drive Hazmat, will need the TWIC, as well. Senator Pryor. To me, it just seems duplicative to do it that way, because when you have a--you know, these truck drivers, they get certified on a lot of different things that they don't really use, and it seems to me it would be better to streamline and have one, but we can talk about that---- Mr. Jackson. I think, sir, you're right. And the answer is, we're streamlining it into TWIC. TWIC is the card---- Senator Pryor. All right. That's---- Mr. Jackson.--and---- Senator Pryor.--what I was asking. Mr. Jackson.--Hazmat was a precursor to having a fully functioning Transportation Worker Identification Card that can be multimodal in its nature. Senator Pryor. At one point, I think we were told that TSA wasn't keeping fingerprints. Now I think you're saying that they are keeping fingerprints. Is that right? Mr. Jackson. Yes, sir. Senator Pryor. And, here again, is this something that is used in both credentials, for the HME and the TWIC, right now? Mr. Jackson. At the intake part for both processes, we capture fingerprints. Senator Pryor. And so, I think what you said a few moments ago is, it makes sense that if you capture it once, you don't have to do it again. Mr. Jackson. Precisely. Senator Pryor. Right. Mr. Jackson. Yes, sir. Senator Pryor. OK. And what about--I know what we're focused on, obviously, U.S. drivers, U.S. ports, et cetera, transportation workers--what about--do we--are we doing anything internationally to look at what they're doing around the world to see if we're close to having the same standards? Mr. Jackson. We are talking--I was at a European Union meeting last week, and this topic came up as a topic of discussion for exchange. We, as a matter of fact, have a visiting official from the EU at DHS today to continue to look at some of our issues associated with the documentation requirements and security requirements for cross-border travel. So, we do talk a lot with other nations about their best practices. On this score, in particular, we will be very engaged with both Canada and Mexico about the prospect, for example, that a Canadian truck driver may wish to come and access a U.S. port. And so, we're very much open to having a TWIC card that could accommodate that reality, and we want to work our way through comparable security processes to make it work. Senator Pryor. All right. Let me ask one more question about the expense of this. And I do have some questions that I'll submit for the record, with the Chairman's permission. But let me ask about the expense of this. Right now, the trucking company--or maybe technically the driver--but the trucking company bears the cost of getting these certifications, et cetera. I have a concern that that may hurt the smaller trucking companies. It probably won't hurt the big guys, but it may hurt the smaller trucking companies. Just as a matter of policy, is it better to put the burden, the cost, on the trucking companies and drivers, or is it better for the government to pay for this? And the reason I say that, we're talking about general public safety, and--why are we having those people, who are hauling materials, picking up, dropping off materials--why are we having them pay for it? Why not the taxpayer, at large? Mr. Jackson. It's a cost of doing business, and we believe it's appropriately placed on the business community to do this. It's also been authorized by Congress for us to collect the fees. It would be a very large sum of money for us to set out as a government subsidy to pay for this. And we believe that this is a--an equitable way to get a security enhancement in the port environment, and the fastest way to get it done. Senator Pryor. That's fair enough. The Chairman. Just one last question. I'm not sure about the fee that you've proposed in this proposed rulemaking. Does the fee that you've indicated there cover the complete cost of enrollment, the threat assessment credential production and delivery? For instance, does it cover the cost of the card readers and the other things that each port will have to have? Mr. Jackson. No, sir, it does not cover the cost of the port-centric infrastructure. I will tell you that that will be a subject of a subsequent rulemaking, to walk through the technologies that would be needed to do fingerprint capture upon presentation of credentials at a gate or at a facility. So, we are working this in a two-step process. First we're going to get the cards issued. It'll be a biometric photo and have biometric capabilities. But we will not immediately, in a given port, impose a requirement that there be readers in every private terminal and at every gate to manage this. That will be a process that the Captain of the Port, with the Coast Guard's strong engagement here with the industry, will work through, a plan and a time-table, which will be done on a port-by-port basis, is the current thinking. And that will follow in the relatively near-term, after the issuance of cards at each of these facilities. So, it's a two-step process. The Chairman. Well, back in the days when it was proposed that every gun owner have identification in order to purchase ammunition, et cetera, we went through this process and determined, at the time, that the least expensive process would be to issue a card with a number on it, and that would be presented like a credit card to a dealer, and they'd just run it through the card reader, and the FBI system would respond with a photo, et cetera, of the person who had that card. Now, that whole idea was rejected, but that was one of the things we looked into. Why haven't we looked at the idea that everyone gets a card, and there's a central identification system that you access, just like a credit card? Mr. Jackson. Well, there's a combination of central and distributed systems in this TWIC model that is centralized in the approval and the continuous checking against updated terrorist watch lists. So, you get approved, it goes through a central switch. It's a governmental--inherently governmental function to look at some of these lists. You are issued a card. The sheer volume of in-and-out transactions would mitigate against having a real-time check each time you did this. So, what we do is, we take an authorize list of TWIC participants and download that to the facilities that need the access. It also allows us to be able to authorize, ultimately, access to multiple port facilities in multiple ports for a single TWIC card. So, it's a combination of centralized function and speed. The speed of actually being able to read one of these cards and move in and out is something on the order of a third of a second in our field tests. So, we need that high throughput, high volume. We're talking about roughly 750,000 TWIC cards in the maritime world that would go out and be used on a daily basis in a high volume. The Chairman. Thank you very much. Any further questions, gentlemen? [No response.] The Chairman. We very much appreciate your appearance here today and look forward to working with you on the overall problem. Mr. Jackson. My pleasure. Thank you, Mr. Chairman. The Chairman. Our next panel is Mr. George Cummings, the Director of Homeland Security at the Port of Los Angeles; Ms. Lisa Himber, Vice President of the Maritime Exchange for the Delaware River and Bay; and Mr. Larry Willis, General Counsel of Transportation Trades Department of AFL-CIO. [Pause.] The Chairman. Good morning. We thank you very much for coming. If it's agreeable, we'll just call on the witnesses in the order that I've introduced them. Mr. Cummings, I appreciate your being here and look forward to your testimony. All of your statements will be printed in the record in full. We'd appreciate it, if you could, to summarize them, to some extent. We will have another vote here on the floor of the Senate in 40 minutes. Thank you very much. STATEMENT OF GEORGE P. CUMMINGS, DIRECTOR OF HOMELAND SECURITY, PORT OF LOS ANGELES, CITY OF LOS ANGELES HARBOR DEPARTMENT Mr. Cummings. Good morning, Mr. Chairman and members of the Committee, and thank you for inviting the Port of Los Angeles to testify before you today to share the port's perspective on the National Transportation Worker Identification Credential Program and to convey our experience in our participation in the test and prototype phases of the program. I'm George Cummings. I'm the Director of Homeland Security for the Port of Los Angeles, which is the Harbor Department of the City of Los Angeles. Port security is a top priority for the Port of Los Angeles. The port is not only responsible for the security and well-being of our tenants, workers, visitors, and the surrounding communities, we must also maintain the free flow of commerce that moves through our port and is vital to the Nation's economy. As you're aware, Mr. Chairman, more than 95 percent of the U.S. overseas trade moves through the Nation's seaports. The Port of Los Angeles, combined with the Port of Long Beach, handle more than 43 percent of the Nation's containerized commerce. In addition to containerized freight, these ports also handle millions of cruise and ferry passengers, automobiles, and we handle over 50 percent of California's oil. Following the tragic events of September 11, 2001, Congress enacted the Maritime Transportation Security Act. The U.S. Coast Guard rapidly developed regulations to establish security standards for port facilities. All 50 of the maritime facilities within the Los Angeles/Long Beach Port complex were in compliance with these regulations by the July 1, 2004, deadline. Full compliance with these new security standards achieved an important milestone; however, comprehensive credentialing programs, such as the TWIC program, are an essential part of security for our Nation's seaports and has not yet been fully realized. The Los Angeles/Long Beach Port complex, along with Delaware River and the State of Florida, participated in the two developmental phases of the TWIC program. Our experience during the phases of the--of this--development of this program taught us several lessons. We would like to share a few of these with you today. First, Mr. Chairman, the card-reader systems must be based on the best available technology and must use a biometric to-- the biometric capability to prevent unauthorized access to terminals. The issuance of the credential must be based on a background check that will effectively eliminate individuals that could pose a security risk. The program needs to include fair and accessible appeal and waiver processes available to individuals who are initially found ineligible for the card. The regulated facilities must maintain the authority to grant access only to those individuals that they determine require unescorted access to their individual facilities. The regulated facilities must be afforded flexibility on how they set up the systems on their individual terminals. Last, costs associated with the program must be reasonable, both costs to individuals that require a card, as well as costs associated with system installation and maintenance on the facilities. As you're aware, Mr. Chairman, the TWIC program has been in development for several years, and implementation of this program remains a critical element of security for our Nation's seaports. The Port of Los Angeles is encouraged with the recent Federal notice of proposed rulemaking regarding the TWIC program. We look forward to participating in an expedient regulatory development process. In closing, Mr. Chairman and members of the Committee, we thank you for your leadership in calling attention to the most critical parts of port security, and one that has not yet been fully accomplished. Thank you, again, for the opportunity to participate in this hearing. I look forward to any questions you may have. [The prepared statement of Mr. Cummings follows:] Prepared Statement of George P. Cummings, Director of Homeland Security, Port of Los Angeles, City of Los Angeles Harbor Department Good morning, Mr. Chairman, and members of the Committee. Thank you for inviting the Port of Los Angeles to testify before you today to share the port's perspective on the national Transportation Worker Identification Credential (TWIC) program, and to convey our experience as a participating Port during the test and prototype phases of the TWIC program. I'm George Cummings, Director of Homeland Security, for the Port of Los Angeles. I'm responsible for coordination of the Port's homeland security and maritime security programs at the national, state, and local levels. Port security is the top priority for the Port of Los Angeles. The Port is not only responsible for the security and well-being of our tenants, workers, visitors, and the surrounding communities; but we must also maintain the free flow of commerce through our Port which is so vital to this Nation's economy. The Importance of Maritime Trade and Ports As you are aware, Mr. Chairman, more than 95 percent of U.S. overseas trade moves through our seaports. As a premiere port of entry for cargo on the West Coast, the Port of Los Angeles occupies 7,500 acres of land and water along 43 miles of waterfront. Together with our San Pedro Bay neighbor, the Port of Long Beach, we handle more than 43 percent of the Nation's containerized commerce. That translates to 7.5 million twenty-foot equivalent units of containers that entered the Port of Los Angeles in 2005. With the Port of Long Beach, a total of 14.3 million twenty-foot equivalent units of containers entered the San Pedro Bay Port complex. Together, we rank the fifth busiest port complex in the world. Alone, the Port of Los Angeles is the eighth largest container port in the world, and number one in the United States. In addition to containerized freight, the Los Angeles/Long Beach Port complex handles over one million cruise passengers, half a million autos, and over 50 percent of California's oil. Trade through the Port of Los Angeles has grown steadily by an estimated 20 percent each year over the last 5 years, and we expect this trend to continue. Likewise, the industry expects national maritime trade volumes to double by the year 2020, although some economists have predicted that such doubling may occur as early as 2014 due to the demands of the American marketplace. In the event of an unforeseeable incident, whether caused by intentional acts or natural disaster, it is the Port's responsibility to resume cargo operations as quickly as possible in order to minimize any impact to the Nation's economy that is dependant on trade and the movement of goods. A recent example of the effects of a major port shutdown occurred in the Fall of 2002 when a labor disruption caused a 10-day shutdown of the West Coast ports that brought cargo movement to an immediate halt. This action cost the Nation's economy an estimated $1.5 billion a day (valued in 2002 dollars), disrupting the availability of goods and products that Americans rely upon daily. A healthy U.S. economy relies heavily on secure, functioning ports throughout the United States. Maritime Transportation Security Act Regulations Following the tragic events of September 11, 2001, Congress enacted the Maritime Transportation Security Act (MTSA) of 2002. Section 102 requires background checks and the issuance of biometric transportation security cards for all maritime personnel who need access to secured areas of ships and port facilities. As such, the U.S. Coast Guard rapidly developed regulations to establish security standards for port facilities. The MTSA regulations required terminal operators to submit their facility security plans by December 31, 2003, and the deadline for implementation was July 1, 2004. All 50 of the maritime facilities within the Los Angeles/Long Beach Port complex--cargo terminals, liquid bulk and dry bulk terminals, and the World Cruise Center were in compliance by the July 1, 2004, deadline. Full compliance with the new security standards achieved an important milestone; however, complete implementation of the TWIC program is essential for the security of the Nation's seaports. The Importance of Access Control and Credentialing Access control at ports and port facilities is a critical component of port security, and access control will require a comprehensive credentialing program. The Los Angeles/Long Beach Port complex, along with the Delaware River and the State of Florida, participated in the two developmental phases of the TWIC program. We consider a Federal credentialing program, such as TWIC, to be the solution to this major security challenge. We fully support the TWIC program and look forward to its full implementation. Ports throughout the Nation are waiting for the TWIC program guidance before they can fully complete their access control systems. Critical Elements of the TWIC Program The Port's experience during the TWIC test and prototype phases showed us several critical elements of the program that we believe must be addressed in the fully implemented program. The Port recommends that the following elements be incorporated into the TWIC program: 1. The card and reader systems must be based on the best available technology using biometrics to prevent unauthorized access; 2. The issuance of a credential must be based on a background check that will effectively eliminate individuals that would pose a security risk; 3. The program needs to include a fair and accessible appeal and waiver process for individuals who are initially found ineligible for a TWIC card; 4. The regulated facilities must maintain the authority to grant access only to those TWIC holders that require access to that facility; 5. The regulated facilities must be provided with an electronic connection to the Federal agency operating the national database to readily verify the validity of TWIC cards presented at their facilities; 6. The regulated facilities must be afforded flexibility on how to set up the TWIC access control systems for their facilities; and 7. Costs associated with the program must be reasonable, including costs to the individuals who require TWIC cards, as well as costs associated with card reader system installation and maintenance. The Need for Expediency As you are aware, Mr. Chairman, the TWIC program has been in development for several years, and implementation of a robust credentialing program at maritime facilities remains critical to securing our Nation's ports. The recent Federal Notice of Proposed Rulemaking encourages the Port of Los Angeles that there will be an expeditious regulation and implementation process for TWIC, and we look forward to participating in that process. Closing In closing, we thank you for your leadership in calling attention to one of the most critical elements of port security, and one that has not yet been fully accomplished--the TWIC program. Also, we appreciate the opportunity to share the Port of Los Angeles's experience with the TWIC test and prototype phases. The Port is confident that the Federal regulatory development process will occur as quickly as possible leading to the full implementation of the TWIC program. Thank you again for the opportunity to participate in this important hearing, and I look forward to answering any questions you may have. The Chairman. Thank you very much, Mr. Cummings. Ms. Himber? STATEMENT OF LISA B. HIMBER, VICE PRESIDENT, MARITIME EXCHANGE FOR THE DELAWARE RIVER AND BAY; VICE-CHAIR, NATIONAL MARITIME SECURITY ADVISORY COMMITTEE (NMSAC) Ms. Himber. Good morning, Mr. Chairman and members of the Committee. My name is Lisa Himber, and I am Vice President of the Maritime Exchange for the Delaware River and Bay. I also serve as Vice-Chair of the National Maritime Security Advisory Committee. Today I was specifically asked to talk about any delays that I think might have prevented TSA from launching this program. But before I get into that, let me start by saying that despite the ongoing delays, we continue to strongly support the TWIC program. By way of background, the Maritime Exchange was asked to be TSA's partner on the East Coast pilot project, given the work that we had previously accomplished in integrating what we were calling a Regional Delaware River ID System into our existing Maritime Online Ship, Cargo, and Crew Manifesting System. In the planning phase of the TWIC pilot program, we found TSA was very effective. They visited a variety of port stakeholders and were, thus, able to understand a full range of security needs. And, most importantly, TSA communicated openly and frequently with maritime stakeholders during this process. From the initial planning effort, TSA developed what we thought would be an effective blueprint to move the project forward in May of 2003. At that time, the expectation remained that the Technology Evaluation and Prototype phases would follow directly, and the pilot program would be completed by December of 2003. The Technology Evaluation phase ended in October of 2003 only slightly behind schedule. However, for reasons that were never made entirely clear to us, the Prototype phase of the East Coast program did not kick off until November of 2004. Among the reasons we heard included the fact that the Technology Evaluation report took longer to review than expected; thus, delaying the issuance of the request for proposals and contract award for the Prototype phase. There also appeared to have been a lengthy delay in the Fall of 2004 associated with a contract modification. The Maritime Exchange office was the first East Coast site installed, which launched on November 17, 2004. Unfortunately, the enrollment at our site did not go as well as expected. Card issuance was delayed, for a variety of reasons. Data was not correctly entered into the system, data was missing, the system lost communication with the central server, et cetera. Whether these were purely technical issues or less--lack of trusted agent training, at this point, we don't know. Though the pilot program was scheduled to end on June 30, 2005, card production did not begin in earnest until the summer of that year. Some of the technical setbacks that we understand included problems with the employees' sponsor worksheet, the TWIC web portal, and the lengthy delay associated with moving the card production facility in the middle of the program. Other concerns expressed were poor communications between the trusted agents and the pilot site locations. Because of the ongoing delays, we were pleased that TSA continued to support the East Coast locations well beyond the official program conclusion. In addition to the technical problems, we believe there were administrative and operational issues, as well. Foremost among these must be the high turnover at all levels within DHS, TSA, the TWIC program office, and the contractors. We also believe that the discussions which took place during this period about whether TSA should issue a standard or manage the program served to delay the process significantly. In December of 2005, the Maritime Exchange requested a copy of the prototype evaluation report, but this request was declined. Then, in February of this past year--of this year-- TSA informed the National Maritime Security Advisory Committee that the TWIC regulations had been completed and approved by Coast Guard and TSA, and were awaiting final approval. With the release of the draft notice of proposed rulemaking last week, many of the questions surrounding the implementation of TWIC had been answered. The deployment schedule, however, remains the most pressing question. Of equal concern is the ability of DHS to put together a team of individuals who will be able to lead the project through to its completion. And, also, it will only be upon formal publication of the rulemaking that we will be able to engage in the public debate surrounding the background check. There are other questions and concerns, and some of these are listed in my written statement. In closing, let me say that all the preceding notwithstanding, we believe TSA has assembled the basic building blocks of a program which will meet the need to validate individuals seeking access to secure maritime facilities, and we look forward to continuing to work with DHS to ensure that TWIC will be deployed in the safest, most secure, and efficient manner possible. This concludes my remarks, and I thank you for the---- The Chairman. Thank you---- Ms. Himber.--opportunity to speak. The Chairman.--Ms. Himber. [The prepared statement of Ms. Himber follows:] Prepared Statement of Lisa B. Himber, Vice President, Maritime Exchange for the Delaware River and Bay; Vice-Chair, National Maritime Security Advisory Committee (NMSAC) Good morning, Mr. Chairman and members of the Committee, and thank you for the opportunity to present testimony today. My name is Lisa Himber, and I am Vice President of the Maritime Exchange for the Delaware River and Bay. The Maritime Exchange is a nonprofit trade association representing the members of the commercial maritime industry in Southern New Jersey, Southeastern Pennsylvania, and Delaware. Our mission is to promote the safety, security, economic viability and environmental health of the Delaware River Port complex. Included among our 300 members are those companies and individuals on the front lines of the international border of the port--such as port authorities and private terminal operators, tug and barge companies, labor organizations, vessel operators and steamship agents, just to name a few. In addition, I serve as Vice-Chair of the National Maritime Security Advisory Committee (NMSAC), which as you as you are aware was established under the Maritime Transportation Security Act (MTSA) of 2002. I, and my fellow NMSAC members, are charged to provide advice to the Secretary of the Department of Homeland Security on matters such as national security strategy and policy, actions required to meet current and future security threats, international cooperation on security issues, and security concerns of the maritime transportation industry. I appreciate this opportunity to discuss the state of the Transportation Worker Identification Credential (TWIC) program, issues which may have prevented TSA from launching this program from a pilot participant perspective, and its future implementation. The TWIC program has been one of the priority Federal projects for my organization and its members in the Delaware River maritime community since even before its official inception. Background The Exchange role in the port--Like most trade associations, the Maritime Exchange is an advocate on issues of concern to its members. However, what sets the Exchange apart is its day-to-day operating role in the port. The Maritime Exchange operates on a 24/7 basis and one of its key responsibilities is to collect, store and disseminate schedule information on all commercial cargo ships arriving or departing the Delaware River. We also serve as a communication and information hub for the tri-state port, distributing messages between ships and their shoreside service providers as well as distributing Federal safety, security, operational, and procedural bulletins to the maritime businesses operating throughout the region. In addition to our traditional Ship Reporting function, which dates back to 1875, in the mid-1980s the Exchange began the development of what is now known as Maritime On-Line (MOL). This system is a community-based information network which provides a mechanism not only to obtain anticipated, current and historical vessel movement information but also offers a tool for steamship carriers and their agents to submit cargo manifest data to U.S. Customs and Border Protection and advance electronic notice of vessel arrival and departure information to the U.S. Coast Guard. Through MOL, the Exchange provides Delaware River port operators with a cost-effective means to both comply with Federal information reporting requirements as well as to share information, such as manifest data or cargo release status, with local partners in the transportation chain through a central community maritime database system. Development of a regional standard ID--As Maritime On-Line had become a useful tool for doing business at regional ports, and because the Exchange had demonstrated its ability to bring together the various partners in the maritime industry to develop, implement, and use a community information system, several Exchange members approached us in the late 1990s to discuss the feasibility of developing a system under Maritime On-Line which could be used to identify truck drivers accessing the various cargo facilities in the three states. The Exchange organized a working group of system users--terminal operators, truck drivers, brokers and freight forwarders, steamship agents--and identified the requirements of what would be known as the Electronic Driver Identification (EDID) System. By September of 2001, the system design was complete, and the Exchange was working to identify a means of funding the initial program development. The premise behind this system was a centralized database and the issuance of an ID card that would be accepted at all participating Delaware River maritime terminals. Immediately after the events of September 11, 2001, Exchange members asked whether the system we had designed to identify truck drivers could be expanded to include anyone requiring access to maritime facilities. Like truck drivers in the State of Florida, those doing business in the Delaware River were required to obtain multiple identification cards, and the maritime community agreed that development of a single, standard ID card would be a critical program under new heightened security programs at maritime facilities. As a result, by October of 2001, the Exchange had identified funding to develop a pilot program, and in partnership with the Port of Wilmington, Delaware, had successfully programmed and tested what would become the Delaware River ID (DRID) system by January of 2002. We subsequently received a Port Security grant to continue this program. It was because of this effort that the agency which would become the Transportation Security Administration (TSA) selected the Delaware River as one of the TWIC pilot program locations. Among the rationale behind this selection was the fact that if such a system could work effectively at Delaware River ports, with three states and multiple private and public port facilities, it would work at all U.S. ports. TWIC Pilot Program Having been involved in the TWIC program even prior to the establishment of the TSA and the August 2002 launch of the East Coast TWIC pilot project, my organization and its members have been keenly interested in the successful deployment of this program. The importance of TWIC to the maritime industry is underscored by the fact that the full NMSAC membership--which includes a diverse cross-section of maritime stakeholders--unanimously concluded that TWIC is among the most important components of the national maritime security effort. As a result members elected to make TWIC the number one priority on the NMSAC agenda. Last May, the Committee presented DHS with a full set of recommendations for TWIC implementation. We are pleased to see from the draft Notice of Proposed Rulemaking that most of the NMSAC recommendations have been adopted. Despite the many problems with TWIC over the last several years, we continue to support the idea of a standardized credential to be used at U.S. seaports. In the first phase of the TWIC program, the Planning Phase, TSA did everything right. They visited with a variety of operators at differing types of ports and were thus able to understand the full range of security needs. And they talked with the people who require access to multiple facilities--including pilots and other mariners, steamship operators, trucking companies, vendors and labor-- and they met with other local Federal, state and municipal agencies to better understand their needs and concerns. And most importantly, TSA communicated openly and frequently with maritime stakeholders during this process. During the Planning Phase of the program, TWIC program staff kept us apprised not only of their progress, but when there were setbacks, TSA explained the reasons and provided stakeholders with the opportunity to provide input into the program development process and assistance in overcoming obstacles. From that effort, TSA developed what we thought would be an effective plan to move the project forward. That was in May of 2003. At that time, the expectation remained that phases two and three of the program, the Technology Evaluation and Prototype phases, would follow immediately, and the pilot program would be completed by December of 2003. The Technology Evaluation phase ended in October of 2003, slightly behind schedule, and for the most part, we believe it achieved its goals; that is, TSA could issue cards which could be read by scanners at various facilities. At the end of the evaluation TSA determined that the TWIC would need to utilize a variety of technologies--such as smart chip, magnetic stripe and bar code--in order to meet its key mandates: TWIC must be able to integrate seamlessly with facilities' legacy systems to minimize costs and facilitate rapid program deployment; and it must be interoperable among all private and public port facilities. During the Prototype Phase, TSA and stakeholders were to test the implementation of the technologies identified in phase two, as well as the host of business processes associated with implementing the TWIC program. These included trusted agent training, card application, threat assessment, card production and issuance, revocation, hot- listing, replacement, use of a biometric, and the electronic communications between terminal facilities and the central database. For reasons which were never made entirely clear to pilot program participants, the Prototype Phase of the East Coast pilot program did not officially begin until November of 2004. We know that the Request for Proposals was not released until May of 2004, and the contract was not awarded until October of that year. Some of the reasons cited for the delay included the fact that the Technology Evaluation report took longer to review than expected, thus delaying the development and release of the Request for Proposals. There appeared to have been a lengthy delay in the Fall of 2004 resulting from a subsequent modification to the contract once it had been awarded. Finally, the fact that the contractor selected for phase three was not the same as that used for phase two undoubtedly contributed to the delay. The Maritime Exchange office was the first East Coast site installed for the third phase test. By November 17, 2004, we had pre- enrolled our ten employees, TSA had installed the biometric readers and cameras. Unfortunately, the enrollment at our site did not go as well as expected. Several members of our staff were required to return multiple times to obtain their cards for a variety of reasons--data was not correctly entered into the system, data was missing, the trusted agent lost connection to the central server, the system would not save data after it had been entered, etc. Whether these were purely technical problems or lack of sufficient trusted agent training is unknown. Though we were certainly surprised by the number of problems encountered, the Exchange was pleased to be the first site--better to work through the glitches at an office location rather than at a working maritime facility where moving people quickly through the gates is paramount. Similar delays in completing the enrollment site installations and beginning the processes to register applicants were reported by the other pilot participant sites. Although the pilot program was scheduled to terminate on June 30, 2005, card production did not begin in earnest until well into the summer of that year. Some of the technical setbacks included problems with the employer sponsor spreadsheet (an Excel spreadsheet the employers were to complete and return to TSA to upload into the database in advance of enrollment), problems with the TWIC web portal, system shutdowns for undefined upgrades, and the lengthy delay associated with moving the card production facility from Pennsylvania to Kentucky in the middle of the program. At least one TWIC sponsor was notified that data for several employees was lost during this transition. He was subsequently informed that the data was never lost but rather it had been incorrectly entered. In either event, the individuals were required to re-enroll. Other concerns expressed during the pilot program were poor communications between the trusted agents and the pilot site locations (e.g., schedule of enrollment at the facilities, failure to notify sites of trusted agent employee turnover, no advance notice of installation work, etc.). The TSA and its contractors did not, for example, consult the Delaware River stakeholders in developing the TWIC web portal. As a result, when it was demonstrated at a stakeholder meeting on March of 2004, some key functionality was not included, such as the ability of a sponsor to delete an employee from its roles and request card deactivation. In some cases, cards were not produced until well after the June 30 program termination. As a result, TSA continued to formally sustain the program at the three Delaware River maritime locations through October 31, 2005. We were also pleased that TSA continued to support the Wilmington, Delaware site, albeit on a limited basis, through March 31, 2006. In addition to the delays resulting from the technical problems, we believe there were administrative and operational issues as well. Foremost among these, of course, must be the high employee turnover at all levels--DHS, TSA, the TWIC program office staff, and the contractors. In addition to the multiple individuals who held the TSA Administrator post during this period, the TWIC Program Manager changed three times, and there were four project leads for the East Coast pilot program between August of 2002 the Fall of 2005. At each instance, the incoming individuals had to be brought up to speed on the program and its participants. Needless to say, there was no clear way to circumvent delays of this nature. We also believe that the discussion which took place during this period surrounding the question of whether TSA should issue a standard or guideline rather than manage the program served to delay the program significantly. That being said, in March of 2005, TSA informed the National Maritime Security Advisory Committee that its intentions were to publish a Notice of Proposed Rulemaking by September 2005. During the subsequent months, particularly when it became apparent that the regulation would not be forthcoming in the immediate future, the NMSAC continued to request a response to the recommendations submitted in May of 2005 and to seek an explanation for the ongoing delays. In December of 2005, my organization requested a copy of the Prototype Phase evaluation report; however this request was denied. The TSA and Coast Guard did respond to the NMSAC recommendations on February 23, 2006 via a teleconference, the members were not provided with any explanation for the delay. At that time, we were told the draft regulations had been completed and approved by TSA and the Coast Guard and were awaiting final approval from DHS and the Office of Management and Budget. Moving Forward With the release of the draft Notice of Proposed Rulemaking on May 10, 2006, and under the assumption that the formal Notice will not be altered substantially, many of the questions surrounding the implementation of the TWIC program have been answered. The program schedule, of course, remains the pressing question. When will the regulation be published in the Federal Register, and what is the implementation schedule at the port level? Of equal concern as we move to transition TWIC from a pilot program to full implementation is the ability of DHS to put together a team of individuals who will be able to lead the program through completion. Needless to say, while the high employee turnover in both the DHS leadership and within the TWIC program office itself caused significant delays during the pilot, the ability to keep the TWIC program moving along a predetermined time-table once implementation begins will be paramount to its ultimate success. There were very few surprises in the draft Notice. Most of what TSA had indicated to NMSAC and other stakeholders would be in the final rulemaking is in fact included. From our perspective, the draft rule raises few questions relating to the general program implementation. There are, however, questions and concerns about some of the details not included in the draft and how the answers to those questions will affect deployment. These include: There does not seem to be a provision for casual longshore labor. While we recognize that it is necessary to screen individuals who will require unescorted access to secure areas at maritime facilities, it is equally important that this program does not dramatically and adversely affect commerce. There has been significant debate during the last few years about the effect the criminal history background check would have on transportation workers. While a number of maritime interests agree that the standards for the TWIC should be consistent with those of the Hazardous Material Endorsement, a significant majority believe that security regimes at maritime facilities do not dictate such stringent requirements. It will only be upon publication of the Rulemaking that we will be in the position to publicly dialogue on this critical issue. Since foreign vessels and therefore crewmembers are exempt from the regulation, facilities are concerned about how they will grant access to visitors arriving by water. Under the draft, terminal/vessel operators are required to know who is on board at all times--and to store the information in a database for not less than 2 years--and also that Federal officials and state/ local law enforcement are not included in the TWIC requirement. It appears, therefore, that terminal facilities will be required to manually enter information pertaining to those visitors who are exempt from the TWIC requirement. This may not be practical. In the event of an incident at a facility, is the TWIC program to be deactivated at the affected site to allow access to first responders? Would we want the program deactivated at such a critical time? If not, how would we validate emergency personnel? Who will be eligible to serve as trusted agents? We believe contractors should not only undergo the same screening as applicants, but they should be held to even higher scrutiny, such as a financial background checks as well as criminal history. In addition, these agents should undergo general business and customer service training as well as TWIC-specific training. At both initial implementation and beyond, during the interval between application and response, will applicants be allowed continued unescorted access to facilities/vessels if the operators choose to grant such access? What is the alignment between TWIC and the recently announced Coast Guard screening program for port employees, long-term contractors and longshoremen? Other more technical concerns include implementation of those business processes which were never tested during the pilot program: Communication with the central database. The central database would allow facility operators to provide TSA with the names of individuals to whom they grant access. With this feature, if an individual's card were hot-listed, TSA could proactively notify all facilities where the worker had been granted access. Hotlisting. Since no connection between a central database and the individual facilities was established, the card hotlisting process could not be tested. Interoperability. One of the original components of the TWIC vision included its ability to be used with legacy systems and across modes. This test was not fully completed. Additionally, because of the delays in implementing TWIC, many vessel and facility operators have been compelled to implement their own programs in order to comply with Coast Guard security requirements and address internal needs. TSA needs to include a mechanism to phase in the use of TWIC so as to avoid the significant and redundant expenses associated with full replacement of legacy systems. Similarly, it is necessary that the final deployment schedule not only allow sufficient time for facilities to purchase and install equipment, but also to modify software to integrate the card reader technology with their internal access control systems. Web portal. The web portal was designed and tested using an employer sponsor to input and maintain worker data. Under the draft rule, employer sponsorship is not included and applicants will be required to enter and query data individually. How will TSA establish and validate individual accounts? Use of Biometrics. The prototype did not test use of biometrics with workers at port facilities. This is a significant concern. Also, the draft rule calls for use of an alternate biometric if an applicant is unable to provide the primary biometric. What will this be, and will separate readers be required? All of the above notwithstanding, we believe TSA has assembled the basic building blocks to launch a program which will meet the need to validate individuals seeking access to secure maritime facilities. And we appreciate that DHS listened to its stakeholders on such key issues as eliminating the employer sponsor requirement, managing the program versus issuing a standard, and aligning the program with other credentials such as the Merchant Mariner Documentation. Over the years, the maritime sector perhaps more than any other has recognized the need to implement new programs and practices in an effort enhance the security of our homeland. We have dramatically altered business processes and worked closely with DHS agencies to help them achieve their missions. As with many Federal programs, we want to continue to work with TSA on the TWIC program to ensure there are no unintended consequences, such as those which might arise if we are unable to credential casual labor, and that the TWIC will be deployed in the safest, most secure, and efficient manner possible. We believe that with additional program refinement, the TWIC will ultimately emerge as an invaluable tool to meet the dual goals of improved security and facilitation of commerce. Thank you for the opportunity to speak today. I will be happy to answer any questions you may have. The Chairman. Mr. Willis? STATEMENT OF LARRY I. WILLIS, GENERAL COUNSEL, TRANSPORTATION TRADES DEPARTMENT, AFL-CIO Mr. Willis. Thank you, Mr. Chairman. First I wanted to thank you, again, for the opportunity to testify this morning on the TWIC program, and specifically on its application to port, maritime, rail and related workers. At the outset, let me clearly state that no one wants to secure our Nation's ports and transportation system more than the workers on the front line. Our members are going to be the first affected if the transportation system is used in an attack--or is attacked itself--so we obviously have a vested interest, as we've articulated many times in front of this committee, to enhancing security. We also understand that a tamper-resistant TWIC-type card is part of that effort, and we support the stated goals of the program--to identify terrorist security risks and to bar them from having unescorted access to our Nation's ports and other transportation systems. There's no disagreement about that. But, at the same time, the TWIC program, if it's going to be a success, must strike the right balance. It must enhance security, but it also must protect the legitimate rights of front-line workers. It must include a robust waiver and appeals process. It must protect the privacy of the information, both submitted and generated by the card. It must not burden the individual worker with the cost of this program. And, again, it must focus on identifying genuine, true security risks, and not punish a worker twice for a bad decision made several years ago. On that point, let me specifically thank this committee for working so hard on the MTSA, and specifically Section 70105, which established the limits and parameters for the maritime security card. You were very clear there. You stated that for felonies only those crimes that cause an individual to be a terrorism security risk should bar that person from the industry. Unfortunately, while that was a good mandate, we think TSA, in issuing the NPRM for this program, for the maritime TWIC program, and, before that, for Hazmat, came up with a list of disqualifying offenses that remains too broad, vague, and, again, not targeted on terrorism security risks. Let me cite just a couple of examples. Under the TSA's rules, those that commit felonies involving fraud are terrorism security risks. Those that commit crimes of misrepresentation are terrorism security risks. Those crimes involving dishonesty, same thing. These are all bad things. People should be punished. There's no disagreement about that. But does that make an individual a terrorism security risk unworthy to work in a U.S. seaport or unworthy to haul Hazmat? Yes, TSA did include a waiver in this rule, as they were required to do by this committee. We think that waiver process is extremely important. But that cannot be used as an excuse to include an overly-broad list of crimes. As you've heard, they will have to check 750,000 workers under this program. This is going to be very complicated. Do we want the additional burden of having to do waivers for workers who never should have been included in the list in the first place? So, we would respectfully ask TSA, which we will in our formal comments, and we have been talking to your committee about this--about having TSA, again, take a look at that list of crimes and try to narrow it, try to make it more specific, and try to have it focused on, again, identifying those individuals who are really terrorism security risks. The waiver process which I referenced, again, is crucial. And for that to have real meaning, it has to have an administrative law judge. We've asked TSA several times for that and that has been denied. I want to thank the Committee for including an ALJ process in its pending Coast Guard bill. That's being held up, obviously, for unrelated reasons. Despite that, we hope and expect TSA will include an ALJ process in its final rule. We need a national standard with states or local jurisdictions. Having additional background checks that go beyond the list of crimes that's expansive enough in the TSA rule is very problematic. Having those states go forward without a waiver or privacy or an appeals right that's at the Federal level, again, is something that we need to work on. Congress spoke to that in the highway bill for Hazmat. We hope that's carried over to maritime. The cost of the program has been talked about. As it is included in this NPRM, the costs will be borne by the applicant. We feel that that is unfair. We think the Federal Government has a role to play here in paying for this. And given the fact that workers are going to have to apply for a TWIC, maybe have additional costs for an appeal or waiver, having to pay for the cost of the card is a burden. That's not proper. I see that my time is up, so I'll stop and be happy to answer any questions the Committee may have. [The prepared statement of Mr. Willis follows:] Prepared Statement of Larry I. Willis, General Counsel, Transportation Trades Department, AFL-CIO On behalf of the Transportation Trades Department, AFL-CIO (TTD) I want to thank you for the opportunity to testify this morning on the Transportation Workers Identification Credential (TWIC) and specifically on its application to port, maritime and related workers. TTD consists of 31 member unions, including those that represent thousands of longshore, maritime, rail and other workers who work in and around port facilities and who will be directly affected by the NPRM recently issued by the Transportation Security Administration (TSA) and the Coast Guard. \1\ In addition, TTD directly participated in the regulatory proceeding that implemented the threat assessments and background checks for Hazmat truck drivers and continues to work with our aviation unions to address concerns that have been raised in that mode of transportation. And finally, we understand that TSA has an interest in eventually extending the TWIC program to other modes of transportation and thus our unions not directly covered by the NPRM have a vested interest in this issue. So again, thank for the opportunity to share our views and concerns. --------------------------------------------------------------------------- \1\ Attached is a complete list of TTD affiliated unions. --------------------------------------------------------------------------- At the outset, let me state clearly that no one wants to secure our Nation's ports and other transportation assets more than the men and women represented by our affiliated unions. Our members are on the front-lines and they will be the ones first affected in the event that a terrorist attack is carried out using or attacking our Nation's transportation system. We also understand that access control procedures, including the use of tamper-resistant identification cards, is part of this effort and we support initiatives to identify and bar individuals who pose a terrorism security risk from working in security-sensitive transportation jobs. With that said, any TWIC program must strike the right balance--it must enhance the security of our transportation system, but must also preserve the legitimate rights of workers and not unduly infringe on the free flow of commerce. In short, the TWIC program must provide workers with basic due process rights, including a meaningful appeal and waiver process, ensure that privacy rights are respected, not force workers to pay the costs of this mandate and focus on identifying true security risks and not unjustly punishing someone twice for a bad decision made years ago. On this point, I want to acknowledge the work of this committee in passing Section 70105 of the Maritime Transportation Security Act (MTSA) that establishes the requirements and limits for a maritime transportation security card. While not a perfect compromise, there are important protections and limitations included in this provision, and it is noteworthy that the Committee has tried to strengthen these protections since passage of the MTSA in 2002. With last week's NPRM, and the Coast Guard's earlier notice that it will check names against the terrorist watch list, the Department is in the beginning stages of implementing the TWIC maritime program required by Congress shortly after 9/11. We are still in the process of reviewing and analyzing this voluminous proposal, and we will submit a more comprehensive response to the TSA and the Coast Guard as requested in the notice. I would like to take the opportunity this morning to highlight some of our initial concerns and reactions to the proposal and to offer some suggestions for improvement. There is little doubt that TSA and the Coast Guard had a challenging task in drafting this NPRM and implementing the Hazmat program as required by the USA PATRIOT Act. We do appreciate the fact that in many regards the NPRM follows the mandates of Section 70105 and otherwise attempts to put forth a reasonable and workable program. Unfortunately, there are many areas, too many in our opinion, where TSA and the Coast Guard have fallen short in both fulfilling the mandates of Section 70105 and generally striking the right balance between security and fairness for workers. These two objectives are not inconsistent. To the contrary, a workable, reasonable and fair TWIC program will only enhance transportation security, and we see no reason why this proposed rule cannot be altered to better achieve this objective. Disqualifying Offenses We remain concerned that that the list of felony offenses that will disqualify a worker from holding a maritime TWIC is too broad, vague and not adequately focused on eliminating true security risks. Section 70105 is clear--for felony convictions, an individual may not be denied a security card unless the individual has been convicted within the past 7 years or released from incarceration in the last five, of a felony ``that the Secretary believes could cause the individual to be a terrorism security risk to the United States.'' We maintain that some of the broad descriptions of disqualifying offenses listed in Section 49 CFR 1572.103 go beyond this mandate and this limitation. Again, in looking at criminal records, the Secretary may only deny a card to someone who could pose a terrorism security risk. By way of example, the NPRM says that all felonies involving dishonesty, fraud or misrepresentation make an individual at least an initial terrorism security risk. If a worker is convicted of a felony in writing bad checks, that would appear to qualify as a crime of ``dishonestly or fraud.'' While we understand why a financial institution may not want to hire that person, we simply do not understand how that makes the individual a terrorism security risk unqualified to work in a port. Simply put, there needs to be a clearer nexus between terrorism security and the crimes that will disqualify an individual from holding a maritime TWIC. The TSA and the Coast Guard note in the NPRM that they are adopting the disqualifying offenses currently in place for the Hazmat program. While we agree that the two programs should be as similar as possible, it must be remembered that the Hazmat program and the maritime TWIC program are governed by two different statutes. Specifically, Section 1012 of the USA PATRIOT Act (codified at 49 U.S.C. 5308(a)) grants TSA broader discretion in deciding what crimes will disqualify someone from the industry and how far back the criminal record should be examined. Section 70105(c) places more limits on the Secretary for the maritime program--only those crimes that make someone a terrorism security risk to the United States should be included. In fact, during consideration of the Hazmat background check program, TTD specifically asked TSA to adopt a list of criminal offenses that in reality was consistent with the MTSA standard. While TSA claimed it was adopting such an approach, we continue to believe that the crimes adopted for the Hazmat program and proposed for a maritime TWIC do not in fact meet the standard established by Section 70105. In response to our calls to limit the list of disqualifying crimes, TSA has often stated that such refinements are unnecessary because a worker can always apply for waiver. While we appreciate the inclusion of a waiver process in Section 70105, and its adoption in the NPRM, it should not be used as excuse to adopt an overly broad list of felonies and allow other problems with the list of disqualifying crimes to go unaddressed. Deeming someone a terrorism security risk is not a characterization that should be casually rendered and places an obvious burden on a person to overcome that label. While TSA may be able to report that it is granting waivers in the Hazmat program, we do not know how many workers have chosen to not apply for a Hazmat endorsement in the first place because of the long list of disqualifying offenses. Furthermore, TSA will need to review and process the criminal histories of approximately 750,000 port and related workers pursuant to this NPRM on an extremely tight deadline. On top of the other procedural challenges inherent in this program, it makes little sense to overload the waiver process with individuals who should never have been disqualified in the first place. We are also disappointed that the proposed regulations do not provide for any mechanism for a person to challenge the determination that a particular crime is one described in Section 1572.103. There may be situations where a person is convicted of crime that TSA believes fits into the broad description of the disqualifying offenses, but a legitimate argument could be made to the contrary. To rectify this problem, we intend to ask TSA to allow workers to challenge the characterization of a particular offense either as part of the waiver or appeal process. Waiver Process and ALJs As indicated earlier, we worked directly with Members of Congress in the negotiations that led to Section 70105 and the inclusion of a waiver process was a major priority for our member unions. We were therefore pleased that TSA chose to incorporate this waiver into the Hazmat program and it has been offered as part of the NPRM. However, we remain concerned that the waiver process, as envisioned in the NPRM, requires workers to apply back to the very same agency that determined the individual was a security risk in the first place. Given the high public anxiety over terrorist risks and the insular nature of this process, we are concerned that TSA might reject waivers that are otherwise meritorious. In an attempt to address this problem, we have asked TSA, on numerous occasions, to allow workers to have their waiver cases heard, at some point in the process, before an administrative law judge (AU) at a hearing on the record. This would allow employees to make their case in front of an impartial decisionmaker not bound by political pressures or subject to agency interference. In addition, ALJ decisions would establish case precedent that would better define what constitutes a security risk. This would bring a level of fairness and consistency to a system that is central both to employee rights and national security. Because TSA has rejected our calls for this basic protection, we have been forced to turn to Congress for redress on this point. Fortunately, this Committee has acted and an ALJ provision is included in the pending Coast Guard Reauthorization Conference Report (H.R. 889). While we understand that the Conference Report is being held up for unrelated reasons, it is clear that there is wide and bipartisan support for the introduction of ALJs into the TWIC process, and I want to thank Chairman Stevens and Co-Chairman Inouye for your help on this issue. For reasons that are quite frankly puzzling, TSA and the Coast Guard have failed to include an ALJ in this NPRM and have simply stated they will alter the proposal if Congress changes the law. While we have every confidence that Congress will act, it is troubling that TSA and the Coast Guard are refusing to include ALJs on a technicality. These agencies clearly have the discretion to include ALJs in the process and their continued resistance to the program gives us some concern regarding how they will implement and incorporate ALJs into the TWIC process. I should note that for the ALJ process to be effective, cases must be heard and decided as expediously as possible so that employees are not unjustly barred from returning to work. Application of Waivers to Subjective Decisions We are also concerned that the waiver process in the NPRM does not apply to security threat assessments made by TSA for subjective reasons under Section 1572.107. Under this Section, TSA can disqualify someone for criminal offenses that are not on the disqualifying list, if the TSA determines that other convictions are ``extensive,'' if the conviction is for a ``serious'' crime, or if the person was imprisoned for over 1 year. Putting aside our concerns with these broad and subjective criteria, we do not understand how TSA is implementing this without allowing workers to seek waivers as they do for crimes listed in Section 1572.103. More to the point, Section 70105(c)(2) of the MTSA specifically mandates that TSA afford a waiver for all reasons a worker may be disqualified from holding a transportation security card. We understand that TSA does not afford waivers under the Hazmat program for disqualifications for subjective decisions. While we objected to that decision in the Hazmat proceeding on policy grounds, the case here is different--for the maritime TWIC, a waiver is a statutory right and cannot be denied by TSA at is discretion. We hope and expect TSA to make this change as it finalizes its rule. National Standard Needed We are concerned with language in the NPRM that would specifically allow states to impose additional and broader background checks and to do so without any of the protections or limitations included in the Federal program. If security threat assessments are needed to enhance our national security, the TSA should adopt and enforce a national standard. It makes little sense for TSA to establish a national program, force workers to pay for this program (over our objections), and then allow local jurisdictions to use national security as an excuse to create yet another security review process. There simply should not be a difference in what constitutes a security risk based on what state or jurisdiction a port resides in. Furthermore, TSA and the Coast Guard have a stated intent, both articulated in the NPRM and in other documents, to achieve a level of consistency governing threat assessments and transportation credentials. Allowing states to arbitrarily impose different security requirements is inconsistent with this objective and should be reversed. Failing that step, TSA must ensure that due process and privacy rights provided for at the Federal level apply to the states. We would note that Congress specifically mandated this for the Hazmat program in the SAFETEA-LU legislation and we would expect TSA to extend this to the maritime side. We will also seek clarification from TSA on how it intends to evaluate and enforce the requirement that states, with separate checks, comply with these statutory due process requirements. Cost of the TWIC We are vehemently opposed to the provisions of the NPRM that passes one hundred percent of the costs of this program on to individual workers. The security threat assessments and the background checks mandated in this proposal are considered necessary to enhance the security of our Nation's ports and are part of the overall effort to fight terrorist elements. Given the reality of this national priority, the government, and not individual workers, must absorb the costs of this program. We understand that the DHS Appropriations Act (Pub. L. 108-90, Section 520) directs TSA to ``charge reasonable fees for providing credentialing and background investigations in the field of transportation.'' We would respectfully ask that Congress lift this appropriations rider and allow the Federal Government to fund this program in a reasonable manner. We would note that even with the rider in place, nothing requires the costs be absorbed by workers--it simply states that ``reasonable fees'' be charged. The TWIC card, and the accompanying background check, is essentially a condition of employment and will surely benefit our employers. The port and related facilities will be more secure and access control procedures will be in place through readers and biometric cards. If the Federal Government refuses to step in and fund this security mandate, employers must be required to fund a program that will directly benefit their operations. It should be remembered that employees will have to go through the time and effort to apply for this card and may incur additional expenses if an appeal and waiver are needed. It is neither fair nor reasonable to ask them to also pay for a security mandate that has broader benefits. Transportation Security Incident Under Section 70105(c)(1)(A)(ii) of the MTSA, an individual will be denied a maritime TWIC if he has committed a felony, within the last 7 years, that causes ``a severe transportation security incident.'' The MTSA further defines this term to include a security incident that results in a ``transportation service disruption'' or an ``economic disruption in a particular area.'' In both the Hazmat rule and in the maritime TWIC NPRM, TSA has made a ``transportation security incident'' a permanent disqualifying offense with no waiver opportunities. We have long been concerned with the broad definition of this offense and that it could be interpreted to include a wide range of activities that while disruptive to commerce or transportation, should not permanently disqualify a person from holding a TWIC. We are pleased that Congress, again in the SAFETEA-LU legislation, included a provision that attempts to limit the reach of this provision and TSA has modified its rules accordingly. Nonetheless, we remain concerned that the term could still be misused, and we will urge further clarifications as the process moves forward. Privacy of Information As we have consistently stated, maintaining the privacy and confidentiality of the information collected and generated by the TWIC process is crucial. Toward this end and at our request, Section 70105(e) includes a specific mandate that ``information obtained by the Attorney General or the Secretary under this section may not be made available to the public, including the individual's employer.'' Consistent with this requirement, information that is gathered from the use of the card, i.e., when the employee enters and leaves a port facility, must not be shared with the employer. The TWIC program was conceived and mandated by Congress to enhance the security of our Nation's seaports. For this effort to succeed, it must remain solely focused on that objective and not be used for any non-security reason. We will continue to work with TSA and the Coast Guard to ensure that this issue is addressed in the final rule. Application of TWIC to Aviation As the Committee is well aware, Congress has mandated that workers in the aviation sector undergo separate threat assessments, including a review of criminal histories. I should note that aviation workers are still denied access to a waiver process, rights afforded to Hazmat and maritime employees, and this double-standard should be rectified. Even though these threat assessments are in place, electronic identity cards have yet to be issued by TSA. Given the unique nature of the aviation industry, and the mobility of its workforce, an electronic biometric identification card would allow these employees to move more efficiently through the system and at the same time enhance aviation security. I know the Air Line Pilots Association (ALPA) has a particular interest in pursuing this issue and has specifically offered its assistance to Secretary Chertoff in this regard. We hope that TSA will work with our aviation unions to implement an aviation TWIC card based on the checks that have already been completed on those employees and consistent with the protections and limitations previously articulated. Customs Problem Before I close, I want to raise a specific problem for workers who must work in Customs-controlled areas. These workers are subject to separate background checks that give individual port directors great leeway in making these threat assessment decisions. In particular, a port director can use a felony conviction to disqualify someone even if that felony was committed well beyond the seven or 10 year look-back period that govern maritime or aviation respectively. In fact, there have been several situations where an airport worker, after passing an extensive background check required by the aviation statute, had his or her customs credentials pulled because of a felony conviction older than 10 years. This double-standard makes no sense and has no security- based rationale. As TSA moves forward with efforts to avoid duplication of background checks, this problem and similar issues must be resolved. Final Thoughts As stated in the outset, transportation labor has always supported policies that will enhance the security of the Nation's seaports and our entire transportation system. We understand and recognize that the TWIC program is part of the Federal response to terror, and we specifically support its stated purpose of preventing terrorist elements from infiltrating our transportation network. But for this program to be successful, the legitimate rights of workers must be preserved and those that pose no terrorist threat must not be denied their right to work in this industry. We look forward to working with this Committee, the TSA and the Coast Guard to meet this objective and to make improvement to this proposal. Thank you again for the opportunity to share the views of transportation workers. Attachment--TTD Member Unions The following labor organizations are members of and represented by the TTD: Air Line Pilots Association (ALPA) Amalgamated Transit Union (ATU) American Federation of State, County and Municipal Employees (AFSCME) American Federation of Teachers (AFT) Association of Flight Attendants--CWA (AFA-CWA) American Train Dispatchers Association (ATDA) Brotherhood of Railroad Signalmen (BRS) Communications Workers of America (CWA) International Association of Fire Fighters (IAFF) International Association of Machinists and Aerospace Workers (IAM) International Brotherhood of Boilermakers, Blacksmiths, Forgers and Helpers (IBB) International Brotherhood of Electrical Workers (IBEW) International Federation of Professional and Technical Engineers (IFPTE) International Longshoremen's Association (ILA) International Longshore and Warehouse Union (ILWU) International Organization of Masters, Mates & Pilots, ILA (MM&P) International Union of Operating Engineers (IUOE) Laborers' International Union of North America (LIUNA) Marine Engineers' Beneficial Association (MEBA) National Air Traffic Controllers Association (NATCA) National Association of Letter Carriers (NALC) National Conference of Firemen and Oilers, SEIU (NCFO, SEIU) National Federation of Public and Private Employees (NFOPAPE) Office and Professional Employees International Union (OPEIU) Professional Airways Systems Specialists (PASS) Sheet Metal Workers International Association (SMWIA) Transportation Communications International Union (TCU) Transport Workers Union of America (TWU) United Mine Workers of America (UMWA) United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (USW) United Transportation Union (UTU) The Chairman. Well, thank you very much for that. Let me call on our Co-Chairman first this time. Senator Inouye? Senator Inouye. Mr. Willis, your position is that if the conference bill is adopted with the administrative law judges involvement, that would meet your requirement of due process? Mr. Willis. Yes. I think for the purposes of the waiver process, the administrative law judge is a critical component for due process, and that is a provision that, obviously, we have supported, and we think is a good provision. I will say, though, as I said in my opening statement, that part of due process is coming up with a list of disqualifying offenses that is not too broad and too vague. Simply because you have a good waiver process and a good ALJ process, it doesn't change the fact that you have to narrow those crimes. And I think it's also important to note that once you have an administrative law judge, those cases need to be heard quickly and efficiently, because you're going to be keeping that individual worker out of a job, I believe, under the TSA rule. So, that is an important component of the due process question. Senator Inouye. Are you, at this moment, discussing this matter with TSA? Mr. Willis. We have clearly raised the need for an ALJ provision, both in the context of the Hazmat proceeding and-- before the rule came out on this topic. Quite frankly, we were a little puzzled that they didn't just go ahead and include the ALJ in the NPRM, stating that if Congress were to change the law, then they'll do it in their final rule. Given that you're so close on that, and given that there is wide bipartisan support for an administrative law judge, we would have preferred to see TSA just do it. They clearly have the discretion to include it. So, that's something that we're going to continue to work on, both legislatively and in the regulatory proceeding. Senator Inouye. Thank you very much. Mr. Cummings, you noted in your testimony that the cost associated with the program must be not only reasonable for individuals, but also for facilities and vessels. Mr. Cummings. Yes, sir. Senator Inouye. Now, we have been advised that the total cost for the nationwide implementation of TWIC is going to cost between $1.1 billion to 1.9 billion. And the cost for facility owners will be estimated between $580 million and $1.2 billion. Do you think this is reasonable? Or how is this cost going to apply to the 50 facilities in your area, Los Angeles/Long Beach? Mr. Cummings. Yes, sir. In our port, both Los Angeles and Long Beach are landlord ports, so the individual terminals have to comply with these regulations, and that relationship is between them and the United States Coast Guard. So, as was published in the notice of proposed rulemaking, if it follows along those lines, these individual terminals will then have to fund the installation of the systems on their own terminals-- the card-reading systems--so that their terminals will be in compliance with the Coast Guard regulations. Senator Inouye. What will be the cost implication for your area for the 50 facilities? Mr. Cummings. On a--it's hard to say, exactly, Senator. On a--the way the notice of proposed rulemaking is set up, the requirement is for one individual reader to be installed to meet the requirements. I think our experience is that on many of our terminals, particularly the larger ones, they will require significantly more system installation than just a single reader. Estimates we've made, on a per-terminal basis, is more on the order of $200,000 or so. I think that's considerably higher than an estimate that's just based on a single reader. So, there will be discretion at--on the part of the terminals, in terms of how widely and what investment they make. And they'll make those decisions based on their operations and their need for expediency and flow, and also, again, to meet the Coast Guard regulations. So, we expect that it'll be more along the lines of more cost to the terminals than was estimated in the rulemaking, more on the order of $100,000 to $200,000 per terminal, at least the larger terminals, Senator. Senator Inouye. Do you that will be reasonable? Mr. Cummings. I think, for our terminals, they have--they have all demonstrated strong commitment. As I mentioned in my testimony, all of our terminals, as soon as the initial Coast Guard regulations came out, they were all very expedient in getting their plans done and submitted. They made the monetary investments that they needed to make on their terminals. I'm confident that all of our facilities will follow suit and make whatever investments they need to make to continue to comply with the full implementation of the program. Senator Inouye. In implementing your program, will these facilities have to be examined by you, and approved? Mr. Cummings. No, sir. The approval process will be by the United States Coast Guard. We will function as a port authority in our capacity. We'll function as a facilitation entity between the terminals and the Coast Guard. We'll do what we can to promote both the system installation process, as well as the credentialing process, for our--we consider our stakeholders our--you know, our longshore populations, the truckers, as well as the terminal employees, so we will--we'll work as--any way we can to accommodate and facilitate the process. Senator Inouye. You'll have to receive the approval of the Coast Guard. Mr. Cummings. The terminals--yes, the terminals will, in the end, require an approval of a plan--a plan amendment and then the actual installations to support the TWIC program. Senator Inouye. Ms. Himber, the same question. Do you have a lot of port facilities there? Ms. Himber. We have roughly 40 facilities along the three states on the Delaware River. And I have not had the opportunity, since the proposed draft regulation came out last weekend, to go through, with my members, how they feel that the costs will affect them, and whether or not they think it's reasonable. A few things that I did notice in the proposed rulemaking that were not included, in addition to only costing out potentially one reader site at each facility--which does not seem to be reasonable; it's quite likely that all of the facilities will require more than one--there was also no consideration taken to the software costs which might be required to integrate the TWIC readers with the facilities' internal access control software and system. So, whether or not the estimate that--it does strike me that the estimate that TSA's put together may be a little bit low. Senator Inouye. I thank you very much. Thank you. The Chairman. Thank you, my friend. First, let me say, Mr. Cummings, I appreciated the courtesy that your people showed me and my staff when we did visit the Los Angeles Port. Mr. Cummings. Thank you, Mr. Chairman. The Chairman. Having gone to high school in that area of the South Bay, I can tell you it's changed considerably since the last century. Mr. Cummings. Yes. [Laughter.] The Chairman. You seem to have an access problem that goes beyond just identification. I note there's only one railroad line going in and out. Have you covered the question of the contents of the containers that come and go into the port? Are you working on that security, also? Mr. Cummings. Yes, Mr. Chairman. We're working on a number of different ways on cargo security. We are participating in Operation Safe Commerce, which is entering its third phase, and that program, as you may know, is intended to identify and test leading-edge and effective and efficient cargo security measures that then can be implemented industry-wide. We continue to work on--with our terminals and with the U.S. Customs and Border Protection, both at the national level and within the port, to implement their programs, such as the Radiation Portal Monitor Program, which is the radiation detection screening at the out-gates of the terminals. And for our port, that is--that installation is nearly complete. I believe they're just about finished with those installations. The Chairman. When I was there, I felt there was a question as to whether the same identification should be required of people who drive these containers to the port as will be required for those people who work in the port. Are you going to have two sets of identifications? Mr. Cummings. No, Mr. Chairman. The way that the TWIC program is laid out, and the way we've understood it in--during our participation in its development is that it would just be this single credential that would apply to anyone who requires the unescorted access on the maritime terminal that's--as dictated in the regulations. So, to our way of thinking, that actually will work fine. The single definition and the single card would be suitable. The Chairman. Well, Mr. Willis, a person who is driving a truck that has got containers on it does not necessarily have a Hazmat identification, does he? Mr. Willis. That container may or may not include Hazmat. Regardless, they--if they're going to have regular access, they are still going to be, under this NPRM, required to have a TWIC, as are the rail workers that we represent. The Chairman. You're saying all the people who are involved in the trucks that come and go, and all the people involved in the trains, operating the trains and the cars that come and go into the port, they will have the TWIC. Is that the plan? Mr. Willis. If they need regular unescorted access to a secure area of a port, yes, they will need a TWIC, under this NPRM. The Chairman. Well, now, that brings me back to you, Mr. Cummings. Mr. Cummings. Yes. The Chairman. There is a secure area beyond which everybody has to have it. What percentage of the port is actually a secure area? Mr. Cummings. Mr. Chairman, in our port, as you're familiar with from your visit, it's the--the port complex overall is fairly broad, encompassing the two port authorities and the two cities. Within it are these 50 individual terminals. For our port, that's where the security begins. It's at the gate of each of those individual facilities. And, for the most part, they have deemed that the entry into their area restricted, because they consider everything within their gates their responsibility to maintain security over--the highlines, the cargo transition points, all the buildings and so forth. So, they are, for the large--for the vast majority, just maintaining the one single perimeter. So, that will be the point at which unescorted access within that area will require the TWIC card. The Chairman. So, you're not going to have a single entry into that big port, are you? Mr. Cummings. No, sir. We'll just maintain the current structure with the 50 individual terminals. The Chairman. But if a person has a card and wants to go to any one of those terminals, that same card will let them get into any terminal, right? Mr. Cummings. Only--according to the regulation, only if that individual facility has listed that person on their system. In other words, each of these 50 terminals will then have the authority to only grant this unescorted access to those TWIC cardholders. So, the first step, Mr. Chairman, would be to get a TWIC card. The second step would be to present yourself at a facility and convince them that you need unescorted access on their terminal. They will--they'll enter you into their system, their database, and you will then proceed. The Chairman. That means that every one of those terminals has to have a card reader? Mr. Cummings. Absolutely. Yes, sir. Multiple, probably, in most cases. The Chairman. You've got the same problem, Ms. Himber? Ms. Himber. Yes. Most of the facilities in the Delaware River have designated the entire perimeter as the--anything inside the external perimeter as a secure area. The Chairman. Well, as I recall getting into the Port of Los Angeles, it's going to be a redundant thing. You're going to have a couple of places where you have to be identified, right? Ms. Himber. Right. And you might have multiple truck lanes at the main gate, so each one of those lanes, potentially, would have to have a reader, plus a visitor lane. The Chairman. Mr. Willis, in terms of what your people are doing, as I understand it, you question the financial impact on the individual, right? Mr. Willis. That's correct. The Chairman. Who's going to be required to make sure the persons that are operating these vehicles have cards, the owner of the trucks or the individual member? Mr. Willis. Well, I think how it's going to work is that if you come up to a port, you're not going to be able to have unescorted access unless you have a TWIC. I think with the truck drivers, it's going to be a complicated issue, because many of these--most of these, I believe, are independent contractors. I think that with the folks that work regularly in the ports and those who work in the rail, obviously they have a consistent employer, so there's going to be some connection there, and some ability to communicate with those workers and make sure that they are applying for the TWIC in a timely manner, and some infrastructure there. The Chairman. Are there any other identifications that are required of your members that--to be involved in this activity? Mr. Willis. Well, I mean, clearly there are a whole set of documents, as you mentioned, that the mariners need and that the Coast Guard is trying to figure out how you merge those. And that's going to be something that we're very interested in. The Chairman. But they have to have their own driver's license, right? Mr. Willis. Our members, you mean? Or the mariners? The Chairman. Yes, your members. Mr. Willis. Well, for the truck drivers to get a CDL, obviously you need a driver's license. And for the port workers, the TWIC would be the main identification. The Chairman. Well, currently isn't there an identification card they have? Mr. Willis. Sure. For individual ports--I can't speak for all of them, but, some ports are going to have--may already have current identification cards. The Chairman. Do you have them, Mr. Cummings? Mr. Cummings. We do not have a port identification card, no, sir. The access to our terminals right now is based on a driver's license or, for our longshoremen, their union card. The Chairman. How about you, Ms. Himber? Ms. Himber. Some ports in the Delaware region have issued port site-specific cards, and others are using a driver's license. The Chairman. And who pays for them now? Ms. Himber. The individual facility. The Chairman. I've got some questions I'd like to submit to you, too. We've got to go to the floor to have a vote. I appreciate very much your help. We'd like to be able to work to find a way to reduce the cost of these cards. And maybe you're right, by the time we get the quantity-based concept, the cost will go down. Have any of you thought about the idea of having private companies do this? Have you, Ms. Himber? Ms. Himber. We've thought about it. In fact, we even talked about it, at one point during the course of the pilot program, about 2 years ago, and we met with TSA and other--from Florida all the way up to New York on the East Coast, and looked at other opportunities to do this. But, at that time, we were told by TSA that they were nearing completion of whatever the current phase was, so we discontinued those discussions in favor of the TWIC. Mr. Willis. I would only add that if you're going to have-- and clearly I think this is where TSA is going--if you're going to have a private contractor issue these cards and participate in this program, there are significant requirements, both in statute and regulation, as far as protecting the privacy of the worker, making sure that the information is only used for security purposes, and isn't disclosed to employers or the public, and that these cards have to be, you know, given out in a quick fashion and quick turnaround time, so that any private entity that does provide these services--you really have to look to make sure that they're prepared to do that and that there is a process where that can be assured. The Chairman. Well, that's true. But they're going to contract that out, anyway. Mr. Willis. Exactly. I think as they look at that---- The Chairman. As a practical matter, it's going to be in some private sector. I just don't know why the whole thing wasn't looked at as being a private-sector objective--something that'll be nationwide, that it would bring the cost down considerably. Senator Inouye, do you have any further questions? Senator Inouye. No, thank you. The Chairman. We want to work with you to make sure this system works, our bill would set a drop-dead date. Do any of you disagree with that? Ms. Himber. No. Mr. Cummings. No, sir. The Chairman. Mr. Willis? Mr. Willis. No. The Chairman. Thank you very much. We appreciate your coming. [Whereupon, at 11:50 a.m., the hearing was adjourned.] A P P E N D I X Prepared Statement of American Trucking Associations, Inc. (ATA) American Trucking Associations, Inc. (ATA) appreciates the opportunity to submit comments on the Transportation Worker Identification Credential (TWIC). ATA is a federation of motor carriers, state trucking associations, and national trucking conferences created to promote and protect the interests of the trucking industry. ATA's membership includes more than 2,000 trucking companies and industry suppliers of equipment and services. Directly and through its affiliated organizations, ATA encompasses over 34,000 companies and every type and class of motor carrier operation. The trucking industry is the one mode of transportation that connects all other modes of the supply chain. ATA's motor carrier members are, on a daily basis, transporting containers in and out of our Nation's seaports, rail terminals, and airports. The screening of individuals involved in the transportation of goods is important to the trucking industry. Any discussion of the TWIC should start with the underlying concept of the TWIC and why it was deemed necessary. In January 2003, Admiral Loy, then the second most senior official at the Transportation Security Administration (TSA), summed it up best, stating: A fourth initiative also underway is development of a Transportation Worker Identification Credential or TWIC . . . The idea is to have these [transportation] employees undergo only one standard criminal background investigation . . . I've heard that there are some truck drivers currently carrying up to 23 ID cards around their necks. I wouldn't want to pay that chiropractor bill. Under the TWIC program drivers and other transportation workers will only have one card to deal with which would be acceptable across the United States.--Remarks of Admiral James M. Loy, Under Secretary of Transportation for Security, Transportation Security Administration, before the Transportation Research Board 82nd Annual Meeting Chairman's Luncheon, January 15, 2003. As the representatives of the trucking industry, ATA supported this concept of a single background assessment and the issuance of a single security credential. However, since Admiral Loy's speech in January 2003, the trucking industry has witnessed the implementation of a background check process for individuals obtaining hazmat endorsements (HME), a different background check requirement for truckers going to secure areas of airports, and now the implementation of yet another background check process for truckers transporting cargo in and out of the seaports. To obtain these different credentials, applicants must appear at different enrollment facilities, adapt to different administrative procedures, and pay steep ``user fees'' for each process required. The chiropractor bill is not the only hefty bill the trucker is paying. The bad news is that TSA has not been faithful to its vision of the TWIC. The good news is that it is not too late to get it right. ATA urges this Committee and TSA to return the TWIC to its initial moorings. We believe the following principles will facilitate achieving the original, laudable goal: (1) the current multitude of federally- mandated background checks should be consolidated into one check that evidences an individual's privileges, from a security standpoint, to access areas or goods in the transportation supply chain; (2) the TWIC should serve not only as the one background check but also the one credential for access from a security perspective--this means the states should not be allowed, without demonstrating some compelling need, to add additional security checks and/or credentials; and (3) the system should be designed so that costs are minimized and evenly spread over all users. Adhering to these principles, a system can be implemented which truly will enhance the security of our country, while minimizing the cost of discovering the few bad apples in the large barrel of patriotic individuals who make their livings on our Nation's highways. In developing the HME background check, TSA intended to harmonize the HME check with the check required under the Maritime Transportation Security Act of 2002 (MTSA), the law authorizing use of TWIC in the seaports. \1\ Under the HME check, a driver submits fingerprints and biographical information and is checked against multiple criminal history, intelligence, terrorist, and immigration databases. Under the proposed TWIC rule, an individual requiring unescorted access to secure areas of the seaport (e.g., a truck driver) would submit fingerprints and biographical information and be checked against the same databases. Furthermore, the disqualifying criteria for TWIC are the same as the criteria for HME. Although these portions seem to have been harmonized, they were not consolidated. An individual who has successfully cleared the HME background check still has to undergo a costly ``enrollment'' process for issuance of the TWIC (while the individual saves some money on the threat assessment portion, the cost is still expected to be $105). \2\ Conversely, ATA can think of no reason why an individual who cleared the TWIC background check should not be deemed to have met the HME background check. That individual should not have to undergo any additional process from a security perspective. \3\ --------------------------------------------------------------------------- \1\ ``[T]he agency plans to harmonize, to the extent possible, all of the various background checks that are required by statute, and so elements of MTSA appear in this rule.'' 68 Fed. Reg. 23852, 23853 (2003); ``TSA intends to maintain as much consistency as possible between the current hazmat driver and future maritime programs.'' 69 Fed. Reg. 68720, 68726. \2\ The proposed rule provides for the costs to these individuals for enrollment to range from $95-$115; however, TSA has specified the $105 amount in several presentations, including a summary of highlights of the proposed rule. \3\ ATA agrees that the individual should still have to meet all the knowledge, skills and safety requirements for issuance of the HME. --------------------------------------------------------------------------- Other security programs that include background checks on truck drivers, such as the secure identification display area (SIDA) at the airports or the Department of Defense's clearance to haul arms, ammunition or explosives, have not been consolidated at all. The individual would have to undergo a separate check for each program. To the extent possible, ATA supports harmonizing these programs and the disqualifying criteria for these programs. ATA understands that some programs may have more stringent criteria than others, and thus a tiered level of clearance may be necessary. Nevertheless, this could still be established through one background check. TSA's proposed definition of a TWIC as a federally-issued biometric card issued to an individual who has successfully completed a security threat assessment suggests that one check for multiple programs should be sufficient. ATA continues to share Admiral Loy's concern for the well-being of truck drivers weighed down by a multiplicity of cards. The proposed TWIC rule, by allowing state authorities to impose additional requirements for access to the ports, is an invitation for each port authority to issue its own credential on top of the TWIC. The State of Florida is already doing so at its seaports. The regulations issued by the Coast Guard under MTSA properly claimed the need for national standards of security and claimed preemption. ATA supported this eminently sensible position. ATA is disappointed that TSA has not adopted a similar approach, as the need for national standards of security remains equally applicable. One rationale frequently proffered by states that require additional checks of their state criminal history databases is that their state databases are more comprehensive or fully populated. The failure of states to upload criminal history information to the FBI's national databases actually creates a security loophole rather than bolstering security. For example, an individual may commit a disqualifying offense in Florida that is only in the Florida database but has not been uploaded into the FBI's database. That individual would not be able to get a TWIC at one of the Florida ports but he/she could get the TWIC from a South Carolina port, because the check against the FBI's database will not reveal the disqualifying offense in Florida. If the disqualifying offense indicates that the individual is a threat in Florida (which purportedly is the rationale for having a list of disqualifying offenses), then that same individual is also a threat in South Carolina. The failure to upload state data in a timely manner is a problem that needs to be addressed for the security of the whole. Other than the differences between the criminal history databases, it is difficult to conceive of scenarios where a state's judgment on security of the Nation's supply chain should supplant the Federal Government's considered judgment. If such a scenario exists, however, the state should have to make the case to Federal authorities on a case-by-case basis. Otherwise, the Federal standards should be controlling. This, and the consolidation discussed earlier, would help return the TWIC to being the ``one card to deal with which would be acceptable across the United States.'' Finally, ATA understands that securing the Nation's supply chain involves costs. The trucking industry is willing to bear the cost of one--but not multiple--background checks and security credentials. The stovepipe approach to security programs taken by TSA has resulted in the unnecessary imposition of wasteful costs. As discussed above, the processes for submission of fingerprint and biographical data for the HME background check and the TWIC background check are essentially the same. The main difference is that, under TWIC, the individual has a photograph taken and ultimately receives a security credential. A driver that has undergone the HME background check process pays a fee of $94 in 34 states (including D.C.) that use the TSA contractor for information collection. This fee included paying for nearly $4.8 million to set up the TSA Screening Gateway. Under the proposed TWIC rule and TSA briefings on the rule, that same driver will be asked to pay another $105 for the TWIC process. While the cost justification in the proposed TWIC rule is sufficiently vague to prevent us from knowing what the categories of costs are covering, ATA finds it hard to believe that the cost for taking a digital photo and producing a biometric card amounts to $105--particularly when a cost estimate from another government agency for the production of similar biometric cards is in the $10-$12 range. In justifying this $105 cost, TSA has stated that $45-$65 is for information collection, i.e., the same fingerprints and biographical information already submitted for the HME process plus a digital photograph. Since the HME background check rule was promulgated after passage of the MTSA requirement, it seems that reasonable forethought would have suggested storing the fingerprints and biographical information of HME driver-applicants. This would have meant the only information collection cost would have been the capture of a digital photograph. Surely, that would not cost between $45 and $65. However, TSA chose a non-uniform approach to information collection, allowing states to elect to conduct the information themselves or use a TSA contractor. In the 17 states electing to conduct information collection themselves, TSA has no control over what happens to the fingerprints. ATA hopes that TSA will address these types of self-erected hurdles that simply add to the costs borne by the trucking industry. The consideration of the TWIC concept transportation-wide began as early as December 2001. Its implementation has been marred by numerous delays. Admittedly, there are a number of issues to consider and get right. ATA is alarmed that, rather than building a scalable program that is true to the concept laid out by Admiral Loy and his predecessors, TSA is simply building another stovepipe program to screen workers at the seaports. ATA does not oppose background checks of individuals in the trucking industry. ATA does oppose the wasteful expenditure of resources--both government and private sector--that comes with conducting multiple background checks of the same individual against the same databases. The trucking industry has consistently demonstrated its willingness to contribute to the security of the homeland and its willingness to pay the costs related to driver screening. In return, ATA simply asks that these costs be reasonable and part of an efficient process. ATA supports an approach that is good for security--and good for commerce. ______ Joint Prepared Statement of James Kneeland, Director, Project Management Office, Florida Department of Highway Safety and Motor Vehicles; and Florida Highway Patrol Colonel Billy Dickson (Retired), Florida UPAC TSA Liaison Florida Perspective--Introduction First of all, Florida firmly believes that the Transportation Workers Identification Credential (TWIC) has the potential to be the archetype of a secure credential. During the past 2 years Florida has worked closely with TSA and believes that the implementation of a Transportation Workers Identification Credential is a key ingredient to national security at transportation modes. This document is not meant to be a criticism of any entity or person but instead will hopefully provide some additional insight into a methodology for implementation. We have identified a chronology of events culminating with recommendations. In addition, we have learned several valuable lessons which we would like to share with the Committee. I. Detailed Events Timeline 2003 June--Florida passes Section 311.125, Florida Statutes, mandating a biometric credential for Florida's public entity seaports modeled on the TWIC standard. (July to October)--Florida builds team and requirements document for a Florida Uniform Port Access Credential (FUPAC). (October-December)--Florida negotiates with TSA for a Memorandum of Understanding (MOU) and Memorandum of Agreement (MOA). 2004 January--Florida signs a MOU with TSA. February--Florida signs MOA with TSA. February to June--Florida assists with TWIC design. June to August--Florida participates as a member of Request For Proposal Committee to evaluate technology vendors. August--TSA Awards prototype contract (Phase III) to BearingPoint. September--HSMV was advised by TSA that the Phase III Prototype would involve an Initial Operating Capability (IOC) which was basically a prototype of a prototype. November--End of November finish IOC. December--Florida meets with vendor (BearingPoint) and then reports to TSA that the system has potential problems. 2005 January--Florida meets with TSA in Washington, D.C., to identify the potential problems and highlights a number of significant issues with the system. February--Concerned about the system Florida meets with TSA who reaffirm support. March--Florida meets with TSA--still problems with system, TSA assures Florida system will be ready in April. April--Florida outlines several concerns to TSA via e-mail. May--TSA claims system is ready. Florida advises TSA that a User Acceptance Test must be performed before rollout to Florida seaports. TSA reported they could not test because printing capability was not activated at the Federal Card Production Center. June--Florida checks TSA enrollment centers and discovers significant issues with the enrollment process. June--End of June TSA reports they are shutting program down due to budgetary constraints. July--Florida Governor's office intervenes (Office of Drug Control) and TSA meets with the Governors office. TSA agrees to review the feasibility of sustainment for Florida. August--TSA meets with Florida program directors and acknowledged that the system does not work properly so program would close down but proffers to print cards for Florida at $10 per card in Corbin, Kentucky. September--Following several discussions, TSA and Florida agree to perform a User Acceptance Test (UAT) to verify system works properly. October and November--UAT is conducted. System still has problems but Florida agrees to move forward at meeting in Governor's office with TSA, provided that TSA would appropriately support the system. December--Florida team meets in Washington, D.C. with TSA. TSA promises support so Florida sets up Pensacola to be first port scheduled for activation on January 9, 2006. December 29--TSA notifies Florida that, due to lack of funds, they are delaying the program until further notice. 2006 February--Lacking response from TSA, Florida moves forward with Risk Mitigation plans. February 21--TSA informs Florida that they can retain use of the enrollment centers, however, cannot use the biometric/ICC cards (60,000). February, March, April--Florida begins implementation of its Risk Mitigation Plan (FUPAC Implementation.) April--TSA notifies Florida of TWIC badge revocations. Florida queries TSA and is told that the entire system has been taken down. II. History 1. The 2003 Session of the Florida Legislature passed and Governor Bush signed into law an amendment to Chapter 311, Florida Statutes, adding Sec. 311.125, Florida Statutes. The amendment mandates a Florida Uniform Port Access Credentialing (FUPAC) system and charged the Department of Highway Safety and Motor Vehicles (DHSMV) with design, implementation and management of the new credentialing and access control system. Prior to the passage of the legislation, commercial interests who engaged in business on multiple Florida seaports were required to obtain and pay for access credentials, including multiple fingerprint-based background checks for each port. 2. The 2003 legislation strengthens security by creating a central credential repository in the Florida Department of Highway Safety and Motor Vehicles (DHSMV), adding modern security elements to the credential, alleviating the concern of stakeholders related to the cost of multiple credentials \1\ for the public port system in Florida. --------------------------------------------------------------------------- \1\ Truck drivers were required to purchase a separate credential at each port requiring a separate background check at each port. The new statute provided for a single Florida credential and one background check valid at all ports. --------------------------------------------------------------------------- 3. While the statutory revision charged DHSMV with the development of the credentialing and access control system, the revised statute also called for DHSMV to act in consultation with the Florida Department of Law Enforcement; Florida Seaport Transportation and Economic Development Council; Florida Trucking Association; modeling on the TSA TWIC in the development of a Uniform Port Access Credential System that provides a biometric confirmation of claimed identity and on-site verification of access authority for all persons having business necessity aboard a public seaport. The statute retains the granting of access privileges to the seaport and continues the authority of seaports to allow access to seaports for visitors and persons having limited business necessity without a permanent port access credential. 4. As noted above, a key component of the statutory revisions called for the FUPAC to be modeled on the emerging Transportation Workers Identification Credential (TWIC) under development by the Transportation Security Administration (TSA). 5. In 2003, a $3 million Federal grant was awarded through the Office of Domestic Preparedness (ODP) to DHSMV for the design, development and implementation of the TWIC/FUPAC project. a. The majority of the grant was allocated to the development and implementation of the state access control system and its interface with the TWIC card. 6. At the request of TSA, Florida provided a Florida Integrated Project Team leader (FIPT) who was embedded with TSA for 6 weeks in Washington D.C. for training and development of a long-term MOA between TSA and DHSMV. DHSMV selected a team leader with over forty years of experience in law enforcement, credentialing and criminal investigations related to credentialing fraud. The Florida IPT, Col. Billy Dickson, is considered to be a national expert on identity issues, regularly serving on national committees for AAMVA, the American Association of Motor Vehicle Administrators. 7. In early 2004, TSA replaced the Florida IPT with a Federal FTE position and removed the DHSMV position. However, Florida retained Col. Dickson. Well-known and respected throughout Florida and the country, Col. Dickson continues to serve as liaison with TSA and act as an advocate for the Florida seaports, as well as coordinating the implementation effort. 8. In 2004, Florida also hired an Information Technology (IT) expert to serve as Director of the program for Florida. The Director, James Kneeland, has over 30 years experience as a CIO and IT Architect. He has successfully installed dozens of systems and has experience as a Systems Engineer with EDS, and helped implement the National Flood Insurance program in 1978 and a Medicare-A system that became a HCFA standard in 1985. As a Senior Executive and CIO with the Massachusetts Registry of Motor Vehicles, he also implemented the first imaged licensing system in the United States. He has taught IT for 22 years at Northeastern University and is a certified PMP (Project Management Professional). A nationally recognized expert in IT, Project Management and Credentialing, the project Director was viewed as the ideal selection to balance a complex IT credentialing project. 9. A Memorandum of Agreement (MOA) between TSA and DHSMV was signed in February 2004. In essence, it's a requirements document indicating the responsibilities of TSA and the responsibilities of DHSMV. The MOA codified a Federal/state partnership to enhance the security of Florida's public seaports. The MOA assigned responsibility to TSA to design, develop and implement a Federal credentialing system that includes applicant vetting, threat analysis and ties claimed identity to an individual through the Federal I-9 form. \2\ Claimed identity would be verified and tied to the individual through a reference biometric (fingerprint) that would be retained in the Federal Identity Management System (IDMS) and would be embedded as a reference biometric within the credential (fingerprints reside in the Integrated Circuit Chip (ICC)). --------------------------------------------------------------------------- \2\ Department of Homeland Security, U.S. Citizenship and Immigration Services, Employment Eligibility Verification, Form I-9 (Rev. 05/31/05). --------------------------------------------------------------------------- 10. The shared vision of TWIC is a high-assurance identity credential that is trusted and used across all transportation modes for unescorted physical access to secure areas and logical (cyber) access to (computer) systems. 11. The original goals of TWIC included improved security through a reduced risk of fraudulent or altered credentials by deploying biometrics to positively match an individual to a secure credential; enhanced commerce by reducing the need for seaport workers and the trucking industry to possess multiple credentials requiring multiple background checks; leverage current security investments; protect personal privacy by collecting minimal personal data and using a secure identity management computer system. 12. DHSMV participated in the design of TSA's Request for Proposal (RFP) process, so DHSMV was able to ensure the TSA design for vetting and credentialing would meet the requirements of Sec. 311.12 and Sec. 311.125, Florida Statutes. TSA agreed to provide: a. Up to 30 Federal enrollment centers (computers, software, communications, card production) in 12 Florida seaports; b. A Credentialing Management System (IDMS); c. Card Production (including printing, shipping, consumable products, etc.); d. All necessary communications; e. All necessary software; f. Up to 238 perimeter ICC (Integrated Circuit Chip) biometric card entry readers; \3\ and --------------------------------------------------------------------------- \3\ The placement of TSA provided readers was contingent upon seaport infrastructure readiness--only a handful of TSA readers were actually installed and those have since been removed and DHSMV provided readers will be installed. --------------------------------------------------------------------------- g. 60,000 ICC Biometric cards. To date, TSA has informed Florida that they can keep the 15 enrollment centers that were installed during the prototype phase. It is anticipated that these 15 enrollment centers will be utilized in Florida's FUPAC implementation. 13. Services and equipment promised by TSA were originally estimated to be valued at $7 to $8 million. 14. DHSMV completed the general design document for the access control system and its interface with the Federal Identity Management System (IDMS) in April 2004. 15. TSA awarded a contract to BearingPoint as the prime vendor for the development and implementation of the TWIC credentialing prototype in August 2004. 16. The 2003 state legislation specified that ``By July 1, 2004, each seaport shall be required to use a Uniform Port Access Credential Card.'' and ``Each seaport defined in Sec. 311.09 and required to meet the minimum security standards set forth in Sec. 311.12 shall comply with technology improvement requirements for the activation of the Uniform Port Access Credential System no later than July 1, 2004.'' Equipment and technology requirements for the system were specified by the department prior to July 1, 2003. The statute mandated that the system be implemented at the earliest possible time that all seaports have active technology in place, but no later than ``July 1, 2004.'' a. Due to the unusual partnership formed with TSA, the implementation date of this project was delayed. DHSMV provided numerous reports to Senate, House and Oversight committees to keep everyone informed that progress was being made. 17. In May 2004, DHSMV awarded a contract to ADT as its prime vendor to upgrade existing credentialing and access control systems provided to the seaports upon the original implementation of Sec. 311.12, Florida Statutes, in 2001. 18. Picture PerfectTM, a General Electric (GE) access control product, was selected to upgrade existing GE systems previously installed in all 12 seaports--two seaports; Ft. Pierce and Port St. Joe are classified by FDLE as inactive and exempt from the credentialing and access control requirements specified in Sec. 311.12, Florida Statutes. 19. DHSMV in consultation with the Florida Ports Council established a Seaport Implementation Committee to establish a method of communications with all seaports. Numerous meetings with each port, the Florida Trucking Association and other stakeholders have been held to continually update stakeholders on the status of the project and define the detailed design of the credentialing and access control system. 20. DHSMV also built a website dedicated to the TWIC/FUPAC program to insure seaports were versed in all aspects of the program. 21. DHSMV has completed the fee structure for the TWIC/FUPAC in accordance with Section 311.125, Florida Statutes. The fee for a four- year credential is set at $100.00 (no TSA fee was indicated by TSA since TSA does not currently have rulemaking authority to assess a credentialing fee--joint rulemaking involving the U.S. Coast Guard and TSA is ongoing and draft rules are expected to be published in the second quarter of 2006. The readily apparent benefit to the trucking industry and other seaport workers is one credential, one fingerprint- based background check and one fee for the TWIC/FUPAC credential. Individual workers will see a substantial cost reduction with the one- time process credentialing system. 22. TSA signed a unique partnership agreement with the State of Florida [DHSMV] which provides equipment, software, services and credentials. The intent was for the credential to be governed originally by the Florida FUPAC laws (311.125) and once TSA finalized its rules the FUPAC card would morph into a TWIC card. Because of this unique arrangement, Florida and the ports would only have to implement the credential once. 23. The TSA/DHSMV MOA provides equipment, software, services and credentials. In return Florida agreed to assist TSA in their prototype by allowing special readers to be placed in specific locations in each port. The readers have the capability to collect metrics which allow TSA to gather information. This information would assist TSA in moving forward with appropriate recommendations for final TWIC implementation. Each port has for the most part done everything possible to meet the infrastructure requirements necessary for TSA (for a variety of reasons, some seaports did not complete their infrastructure requirements in time to assist TSA in the collection of metrics. This is of particular importance since it reflects the problems seaports have in installing readers and gates. It requires ports to break concrete, install conduits and cable and build-out pedestals). 24. TSA Enrollment Centers have been installed at 12 seaports. If TWIC had been implemented in Florida seaports, the centers were necessary to capture all the applicant data along with full-face digital images, fingerprint and associated documents. This hardware setup went relatively smooth and is a credit to TSA and the TSA PMO Team. 25. TSA developed and implemented an Identity Management Data System (IDMS) in May 2005. Although TSA claimed the IDMS was in place, Florida was concerned that it was not ready for production enrollment capability. A rudimentary UAT (User Acceptance Test) was performed on May 23, 2005, with six transactions. While the six transactions were completed, the test indicated that the system was not ready for production service. 26. In June of 2005, the Florida Director, James Kneeland, test enrolled at Pensacola. The transaction was completed. However, it took over 40 minutes and had several problems associated with it. 27. In late June of 2005, TSA informed Florida that they were out of funds so they had to close the program down. 28. Florida objected and after several months of negotiation TSA agreed to conduct a User Acceptance Test (UAT) to test approximately 100 enrollments through the credentialing system. The UAT was conducted at the Port of Pensacola in October 2005, with the enrollment of 17 applicants; Port Canaveral in November, with the enrollment of approximately 17 applicants; and, Port Manatee, with the enrollment of approximately 33 applicants. 29. After a thorough analysis of the UAT data, DHSMV concluded that the functionality of the system (TWIC enrollment and identity management system) was sufficient to allow the State of Florida to work with TSA to begin the process of systematically rolling out the credentialing system to 12 deep-water seaports, provided that TSA would commit to active support of the enrollment and identity management process. 30. This recommendation was predicated on the requirement for TSA to provide support, sustainment and enhancement of enrollment software, especially, the fingerprinting component of the enrollment process. 31. A meeting was held at TSA in early December and everyone agreed to an implementation starting with Pensacola on January 9, 2006. 32. On December 29, 2005, TSA notified Florida that the implementation at Pensacola needed to be called off until further notice due to budgetary constraints. 33. Communication since December 29, 2006 has been minimal. III. Lessons Learned/Recommendations 34. Throughout the project TSA has made numerous management changes. The lack of stability, constant change, learning curves and changing management styles has been devastating to this program. TSA needs to stabilize positions and utilize personnel who understand credentialing, access control, IT solutions and large-scale project management. 35. A lack of planning has also been devastating to this project. It was a criticism of the GAO and Florida in 2005 and it is still a major issue. It is imperative that not only should TSA partner but they should effect planning sessions with their clients and partners. Federal Rulemaking and Background Vetting 36. TSA and U.S. Coast Guard joint rulemaking is an issue for Florida and both agencies have been briefed on Florida's concerns. It is important to recognize that under existing law in Florida, Sec. 311.12 and Sec. 311.125, Florida Statutes, a very high bar has been set for entry into restricted access areas and employment on the 14 public agency-owned landlord tenant congregate waterfront facilities located in the ports within the state (12 ports are actually involved in the TWIC implementation and two ports are exempt pursuant to the provisions of Sec. 311.12, Florida Statutes.) If the TWIC requirements were to preempt existing law in Florida and if the TWIC requirements are not equally stringent the TWIC process will not ``significantly improve security within U.S. ports'' for the particular ports in which these public landlord tenant facilities exist because they make up a significant portion of the overall general commercial activity in the port and they make up the overwhelming majority of foreign cruise and passenger day cruise vessel activity in the ports in Florida. If the TWIC does not meet the minimums imposed by Florida law within these publicly-owned lands operating in maritime commerce security will in fact by definition be reduced. Therefore, it must be understood that for Florida the issues associated with the TWIC need to be examined both from the perspective of existing operations on private property and the security required on publicly-owned maritime landlord tenant facilities. 37. From the original concept of TWIC, the process has evolved with the intent and assurance of a high level of security to the entire process; however, the credential is only as good as the foundation documents that will tie a person to a claimed identity. Additional safeguards on the front-end process, such as verification of legal presence and work authorization for foreign nationals and verification of social security numbers, must be included in the TWIC implementation. DHSMV remains committed to work with TSA to meet these requirements during the Florida implementation phase. 38. In the future, IF TWIC is implemented in Florida, TSA and/or DHSMV should (the below recommendations also apply to the implementation of a state-issued seaport credential): a. Provide the means to verify claimed identity foundation documents; b. Provide a technology solution to ensure all foreign nationals applying for a TWIC have legal presence and work authorization; c. Provide a methodology to evaluate both state of residence criminal history repository information as well as Federal (FBI) criminal history data: --It is anticipated for the future that TSA will conduct a threat assessment check and a Federal (FBI) criminal history check that will not include the state of residence criminal history; and --NOTE: In Florida approximately 1.5 million criminal history records are indexed at the state level that are not included in the FBI criminal history records; \4\ and --------------------------------------------------------------------------- \4\ Source--FDLE. d. TSA and DHSMV must provide standardized training to all trusted agent (enrollment center) personnel. Summary Florida is poised and ready to implement a biometric credentialing system modeled on TWIC standards and turn on the state access control system that is dependent on the biometric credential. The Florida team is committed to the implementation of a system that is effective and provides the seaports with a highly secure credentialing and access control system. DHSMV continues to build-out the access control system; has acquired 170 hand-held (portable) biometric readers and has initiated the purchase of the first-round of fixed biometric readers (and accompanying infrastructure--panels, micros, etc.) Additionally, DHSMV has developed a ``fail-safe'' solution that will provide for a state uniform credential that is compatible to the Federal TWIC credentialing system. Florida will be moving forward on a parallel path to implement a Florida Uniform Port Access Credential (FUPAC) that will employ the TWIC standards. Florida remains optimistic that the Federal credentialing system and a support mechanism for the Federal system will be implemented at some point in the future and the Florida implementation will allow incorporation (within specific parameters to be negotiated) of the Federal credentialing process into the Florida system. It is now anticipated that the state implementation (roll-out) will take place beginning in mid-July 2006. ______ Response to Written Questions Submitted by Hon. Ted Stevens to Hon. Michael P. Jackson Question 1. How do you guarantee against duplicates or multiple identities? Answer. As tested during prototype, the Transportation Worker Identification Credential (TWIC) Identity Management System automatically conducts a ``one-to-many'' search of each new applicant's fingerprints against the stored fingerprints of all previous applicants to verify that the new applicant has not previously applied for a TWIC. The final system design may be altered as required by the TWIC implementing rule. Question 2. How do you keep aliases out of the database? Answer. As tested during prototoype, the Transportation Worker Identification Credential (TWIC) application and vetting processes were designed to prevent an individual from using an alias to obtain a TWIC. Specific processes included: Digitally scanning and storing each document presented to verify an applicant's identity. Confirming the authenticity of passports, driver licenses, and alien registration cards through the use of a specialized document authenticator. Verifying the claimed identity against immigration status databases. Binding the claimed identity to the applicant with biometrics using both photo and fingerprints. Conducting a ``one-to-many'' search of each new applicant's fingerprints against the stored fingerprints of all previous applicants to verify that the new applicant has not previously applied for a TWIC. The final system design may be altered as required by the TWIC implementing rule. ______ Response to Written Questions Submitted by Hon. Daniel K. Inouye to Hon. Michael P. Jackson Question 1. Is it correct that if a port truck driver receives a TWIC, they will not be required to undergo an additional background check to get a Hazardous Materials Endorsement? Answer. Yes, as proposed in the Transportation Worker Identification Credential (TWIC) notice of proposed rulemaking, that is correct. Question 2. Where is the Department on implementing the SAFETEA-LU Hazardous Materials Endorsement background check provisions? Has the Department begun the rulemaking required by SAFETEA-LU to determine which background checks are equivalent to the Hazardous Materials Endorsement background check? Answer. The Transportation Security Administration (TSA) has proposed standards to determine the comparability of other governmental background checks in the Transportation Worker Identification Credential (TWIC) proposed rule, which was published May 22, 2006. The proposed rule also states that the background check administered by the U.S. Customs and Border Protection (CBP) Free and Secure Trade (FAST) program and the hazardous materials threat assessment are comparable. After reviewing comments and making any necessary changes to the proposed rule, TSA will publish a final rule that includes comparability standards and comparability determinations. Question 3. As you may know, Section 7105 of SAFETEA-LU requires states that have additional background check requirements for Hazardous Materials Endorsements provide due process procedures for applicants identical to those offered to applicants undergoing the Federal background check. Will DHS require states that develop their own security credentials above and beyond TWIC to provide the same due process procedures for applicants as the Federal Government provides applicants under the TWIC application process? Answer. The Transportation Security Administration (TSA) issued a proposed rule for the Transportation Worker Identification Credential (TWIC) on May 22, 2006, held four public hearings, and is currently assessing comments from the industry and public. Therefore, we cannot determine at this time what the final TWIC standards will require. Federalism concerns may prevent the Department of Homeland Security (DHS) from requiring certain specific state actions. Question 4. Can you explain the individual components that make up the roughly $100 cost of a TWIC (Transportation Worker Identification Credential) that is charged to hazmat-endorsed truck drivers? Since they already have a background check that satisfies the requirements of TWIC, what else must they pay for beyond the card itself? Answer. As described in the Notice of Proposed Rulemaking for the Transportation Worker Identification Credential (TWIC), TSA estimates that applicants who already have a Hazardous Materials Endorsement will be charged an estimated $105 for a TWIC. The components of those costs are as follows: Enrollment/Issuance-- $55 Credential Production-- $50 ---------------------------------------- Total-- $105 The Threat Assessment estimated cost, including the $22 paid to the Federal Bureau of Investigation (FBI) for its Criminal History Records Check (CHRC) and paid by applicants without a comparable background check, is not assessed to applicants with a comparable current background check. Question 5. Are the truck driver fingerprints collected through the Hazardous Materials Endorsement background checks retained by the Transportation Safety Administration (TSA)? Can these fingerprints be used for the TWIC application or will drivers have to be re-printed? Answer. The Transportation Security Administration (TSA) retains only those fingerprints collected by the TSA agent in 33 states and the District of Columbia. Seventeen states collect fingerprints using existing state infrastructures and may or may not store fingerprints. Regardless of the availability of fingerprints from sources other than the Transportation Worker Identification Credential (TWIC) enrollment process, good business practice is to maintain a chain-of-trust for all data that requires the collection of identity documents and biometric data (photo and fingerprints) during a single, seamless enrollment process. This process avoids potential data file matching errors and conforms to the Personal Identity Verification procedures required by Federal Information Processing Standard (FIPS) 201-1. Since all TWIC applicants must be present to enroll, the incremental time and cost to collect fingerprints with the scanning device during enrollment is small. Question 6. Under the Coast Guard's Maritime Identification Credentials program announced in the Federal Register on April 28, 2006, port workers and sailors needing unescorted access to secure port areas are required to undergo name-based background checks to receive a credential until the TWIC (Transportation Worker Identification Credential) program is implemented. I understand port truck drivers, who make up one of largest segments of port workers and have access to most areas of a port, are exempt from this requirement. Can you explain why? Answer. The Coast Guard's Maritime Identification Credentials program was an interim security measure at our ports. It was not intended to replace the Transportation Worker Identification Credential (TWIC) nor was it intended to capture the entire maritime port worker population. Long-haul truckers, due to their high degree of mobility, were not included in this measure. The measure targeted those populations within the more direct control of port facility and vessel operators. Name-based background checks are an immediate security measure designed to limit individuals that pose a threat from gaining access to port facilities. This is a first step that covers those individuals with frequent access to our ports. Other populations are expected to be covered when the TWIC program is fully implemented. Question 7. If it was deemed too difficult to require name-based background checks for port truck drivers under the Maritime Identification Credentials program, how will the Transportation Security Administration (TSA) handle fingerprint-based background checks for port truckers when TWIC is implemented? Answer. All workers requiring a Transportation Worker Identification Credential (TWIC) will enroll in exactly the same manner at enrollment sites operated by TSA through contract arrangements. Question 8. Based on your testimony, you say that the TWIC pilot project awarded to BearingPoint has proven that the TWIC technology can work in the field. Yet the Delaware Exchange testimony indicated that the biometric was never tested in the pilot and the interoperability of the pilot was tested in limited circumstances. How do you account for the failure to test biometrics and the cards interoperability and still claim the pilot was successful? Answer. During prototype, biometric readers were tested at selected maritime facilities in the three prototype test areas: Delaware River Valley; Florida; and Los Angeles/Long Beach. Biometric readers were tested at maritime facilities in Florida and LA/LB. Readers matched the fingerprint template on the prototype card to the template generated by the fingerprint scanning pad on the reader. Since the Transportation Worker Identification Credential (TWIC) prototype tests, the National Institute of Standards and Technology (NIST) has specified the fingerprint template biometric as the standard for all government employee Personal Identity Verification (PIV) credentials. The interoperability of the TWIC with a wide variety of readers is assured since TWIC will follow the technical standards set by NIST for all government PIV credentials. Question 9. The TWIC pilot project contract was originally to include 75,000 workers at a cost of $12.3 million. However, according to the August 2005 BearingPoint Report it ended up including only 1,657 cards, costing $22.8 million. The pilot project was over budget and undersubscribed. How can you say this pilot was successful when only 1,657 cards were used in the field? Answer. The objectives achieved during Phase III of the Transportation Worker Identification Credential (TWIC) Prototype Program were to: (1) assess performance of conceptual TWIC identity management business processes; (2) assess performance of TWIC as an access control tool; and (3) assess readiness of TWIC system for production phase. The Transportation Security Administration (TSA) concluded that the TWIC prototype system is functional and met all requirements specified for the prototype. TSA has concluded that the TWIC prototype business processes demonstrated the capability to meet each of the broad objectives of the TWIC missions-need statement. Question 9a. Further your testimony claims over 4,000 cards were tested. What date are you drawing this metric from? What was the cost of the sustaining the BearingPoint contract to this date? Answer. Following the conclusion of prototype testing on June 30, 2005, the Transportation Security Administration (TSA) continued to enroll workers and issue prototype Transportation Worker Identification Credentials (TWIC) to support those facilities that participated in prototype and wished to continue using the TWIC for their access control systems. By the time TSA concluded this support to prepare the system for implementation, over 4,000 cards had been issued to workers. During this extended period, TSA gained additional confidence in the TWIC system's ability to routinely enroll workers and provide them with credentials quickly and efficiently. As of May 31, 2006, $26.3 million had been expended on the BearingPoint prototype contract. Question 10. How does TSA and the Coast Guard plan to administer their responsibilities for processing TWIC cards and Merchant Mariner Documents (MMD)? Will the Coast Guard be processing an application for an MMD at the same time that TSA is processing the TWIC application or will the Coast Guard wait to process a MMD until after TSA completes the vetting process for a TWIC card? How will TSA be notifying the Coast Guard when a TWIC background check is completed? What specific functions of an MMD application is being transferred to TSA? Answer. It is the Coast Guard's intent to obtain identity data from TSA and use it to process mariner applications for Merchant Mariner Credentials. The Merchant Mariner Credential (MMC) would take the place of the current merchant mariner license, document and Certificate of Registry, so the Coast Guard would be issuing an MMC and no longer issue the MMD referenced in the question above. In the Notice of Proposed Rulemaking (NPRM) published in May, the Coast Guard proposed to begin processing MMC applications only after an individual was issued a TWIC. In the public meeting process, the Coast Guard and TSA received many comments about the current delay in the MMD/Licensing process and the concern that the public has with respect to adding a TWIC processing time onto that process. All of these comments will be addressed in the final rule. Question 12. How does the Coast Guard plan to apply TWIC card verification procedures on vessels? How is a secure area defined on vessel? Does this restrict vendors, contractors from access to a vessel for people performing minor repairs unless they have a TWIC card? Answer. The Coast Guard and Transportation Security Administration are reviewing comments received in response to the joint notice of proposed rulemaking. It would be inappropriate at this time to provide a detailed response because the rulemaking process is ongoing. The final rule will address TWIC verification onboard vessels and at facilities. There will be clarification regarding the areas where TWIC will be required. ______ Response to Written Questions Submitted by Hon. Ted Stevens to Lisa B. Himber Question 1. Would you explain what you see as the biggest vulnerabilities at your port facility that need to be addressed? Answer. The Maritime Exchange for the Delaware River and Bay does not represent a single port facility; rather we represent each of the facilities operating in the port region, including both public- and private-sector, handling general cargo, containers and petroleum facilities in each of the three states bordering the Delaware River. Accordingly, the answer to this question will be specific to those vulnerabilities associated with access control rather than other potential areas of exposure or weakness. An attack against a vessel docked at a maritime facility, particularly an oil, gas or chemical tanker, would certainly result in a major disruption to Delaware River Port operations. Undoubtedly we could expect a cessation of all port activities for many days or weeks. A larger concern from a public health and safety perspective surrounds a shore-based attack on the facility itself (e.g., someone driving a truck laden with explosives into a facility). An event of this scope has the potential for much greater impact on the surrounding population than would an attack against a single vessel. Additionally, under MTSA, facility security officers (FSOs) are required to ensure that everyone entering their facilities has the right and the need to do so. That there is no standard, effective system in place to provide FSOs with advance notice of gate schedules-- or modifications to those schedules--leaves a security hole. Obviously, the operations at each trucking company or facility will be unique to its needs, and such an advance notification system may not be practical in every instance. Yet in many instances. not only are some FSOs unaware of who is planning to arrive on any given day to drop off or pick up cargo, but when those individuals reach the facility. there are many who are unknown to security personnel. Most facility operators in the Delaware River region require a U.S. or Canadian driver's license at a minimum, and all truck drivers will have paperwork authorizing them to pick up (delivery order) or drop off (booking), but there are no guarantees that these documents are legitimate or that the individuals have undergone security screening. Another vulnerability exists waterside at some facilities. In reality, many facility operators have no advance information on what crew members--U.S. or foreign--will be arriving on vessels docking at their facilities. In many instances, facilities are not provided with crew/non-crew manifest at any point during the vessel call. If ships are coming from foreign, FSOs must rely on an advance screening of these persons by U.S. Customs and Border Protection. If an individual is deemed to be high-risk, CBP and Coast Guard will require that the vessel owner (or operator/agent) hire a security guard or take other appropriate measures to ensure the individual does not attempt to debark the vessel. The facility operator is not necessarily privy to this information. Facility and vessel owner/operators would prefer that if an individual is deemed high-risk, he be escorted off the vessel/facility by appropriate Federal personnel. Question 2. How far would implementation of the TWIC go toward mitigating those vulnerabilities? Answer. While it would not completely eliminate the vulnerabilities described above, the TWIC will go a long way toward minimizing current susceptibilities. With the exception of aliens arriving by vessel (or indeed foreign seafarers arriving via land to join a ship) who are exempted from the TWIC program as proposed May 22, with the TWIC program in place FSOs would have the assurance that the individuals arriving at their facilities have undergone security screenings. This would provide a measure of expectation that the individual is less likely to attempt a terrorist action, or otherwise tamper with, steal, or mishandle vessels, containers and cargoes moving through U.S. seaports. This assurance is further heightened due to the fact that TWIC is designed to be used in conjunction with a biometric identifier and is in fact a tamper-proof credential. Used in conjunction with other programs mandated under the Maritime Transportation Safety Act or individual vessel/facility security plans. it is expected that TWIC will be a valuable tool to harden access control to U.S. ships and facilities. Currently, it is anticipated that foreign seafarers will be exempted from the TWIC regulations when they are promulgated. Question 3. Why has it taken so long for the Federal Government to implement the TWIC and what improvements would you recommend that the government make? Answer. With regard to the first part of the question. one can only speculate. As indicated in the written and oral testimony presented May 16, I believe a large part of the delay has resulted from the continual changes in program management--from leadership at all levels down to the day-to-day operating staff. The largest gap in the TWIC deployment schedule seemed to be between the end of Phase II, the Technology Evaluation, in October of 2003 and commencement of Prototype in November of 2004. I believe it was during this time that questions surfaced as to whether TSA should issue a standard or manage the program, but I do not know whether there were other factors involved which postponed the schedule so dramatically. It appears reasonable to assume that the learning curve faced by the new personnel within the TSA program office, coupled with the fact that TSA utilized different contractors for Phase III than were involved in Phase II, may have prolonged the delay. I also believe there was another unexpected setback associated with a modification of the contract for the TWIC Prototype Phase after it had been awarded: I was apprised neither of the scope of the modification nor the reasons for making the change. Last, I understand there was a suspension of activity in late 2004, early 2005, while the card production activities were moved mid-process from a facility in Pennsylvania to one in Kentucky. I am not aware of why the decision was made to start the process in Pennsylvania or why it was moved once started. I am unfamiliar with the level of technical and operational training made available to both program managers and ``trusted agent'' contractors, but I believe many individuals involved in the pilot program experienced significant delays associated with improper use, operation, and performance of the system. With regard to improvements that can be made, I offer the following: A. Program Management To ensure future delays are minimized, or at least the effects of such delays are mitigated, it might be appropriate to create a Government-Industry Oversight Committee to work with TSA and address issues as they arise during the implementation period. TSA should also establish a consistent and clear method of communicating information to government and industry stakeholders. DHS must identify a mechanism to ensure program and contractors management and staff personnel will remain with the program through implementation. Program staff must undergo sufficient training to ensure they can operate the system effectively. If necessary, technical personnel should be available onsite to address any system deficiencies within a reasonable time-frame. In many offices, for example, IT contractors must guarantee a response time of not more than 4 hours. TWIC personnel must also be conversant with the regulations governing the program and its myriad processes (such as, who is required to obtain a TWIC, background checks, how to request an appeal, etc.) to ensure they can answer applicant's questions in a timely and accurate manner. Along these lines, TSA and Coast Guard should develop a joint Frequently Asked Questions (FAQ) document. The U.S. should work through the International Labor Organization to ensure that all mariners be in a position to provide electronic verifiable credentials which are compatible with TWIC. If the ILO adopts a technology which is incompatible with TWIC, the U.S. must be prepared to adopt the international technology in a reasonable, low-cost time-frame. B. Program Operation Test the technology--more below. TSA should modify the web portal to allow for additional automation of TWIC tasks. For example, the TWIC portal could be used to request a replacement card rather than a personal visit. TWIC can serve as a building block for a host of programs which will improve security while facilitating commerce at U.S. seaports and in other modes of transportation. For example, it can serve as the basis for an advance terminal gate appointment system as described above, it can be used to tie a truck driver to a company, which can then potentially be tied to an electronic version of a cargo delivery order. This electronic delivery order could likewise be linked electronically to the cargo manifest provided by the ocean carrier to the facility operator, further strengthening the security of the cargo supply chain once the cargo lands in the U.S. TSA should add the capability for applicants to request access at multiple facilities at time of enrollment. TWIC holders might also use the TWIC portal to request access to any facility to which they've not been granted access previously. This will go a long way toward minimizing the amount of time spent entering data into the facility internal access control systems upon first arrival. Some operators require color codes to visually determine that an individual has rights to be in a certain part of the vessel or facility (or warehouse, railyard, etc). TSA should work with industry to identify mechanisms which may be used to visually identify individuals via the TWIC. During the pilot program. there were times when the applicant was not notified that the enrollment center had received the card from the production facility. We suggest TSA include e-mail notifications to the applicant when the card is shipped to and received at the enrollment center. Because mariners and truck drivers are often away from their homes for extended time-periods, the TWIC program should offer applicants an option to designate an enrollment center for card pick-up or mail the card to their homes or workplaces rather than requiring they to return the center where the applications were originally processed. In addition to testing the technology. TSA needs further testing on the processes associated with using a TWIC before it can be deployed at maritime facilities on any wide scale. For example, the card hotlisting, revocation and notification processes were not tested, neither was the individual applicant enrollment (vs. employer sponsor enrollment of employees). There are undoubtedly many other additional opportunities for improvement that may present themselves during the next testing phase. An opportunity exists to address the vulnerability mentioned above regarding facility operators' lack of advance information on which crew members will be arriving at their facilities on vessels. This opportunity is not available via TWIC, but rather through another DHS program: the Coast Guard electronic Notice of Arrival/Departure (eNOA/ D) system. Under current regulations, vessel owners or operators must submit detailed crew manifest data not less than 96 hours prior to each vessel's arrival in the U.S. The Maritime Exchange and others have requested on numerous occasions that CBP and Coast Guard provide local port community information systems with copies of that eNOA/D data. This request has precedent in the CBP ``Port Authority Download'' component of the Automated Manifest System. In short, a certified entity in a local port, such as a Maritime Exchange or Port Authority, can receive electronic copies of all manifest data filed by ocean carriers for ships destined for their ports. We believe adding similar functionality to the eNOA/D system would provide a secure, effective means for the Federal Government to share critical data with the private sector, and as illustrated above, fill a security gap. To date, however, the Coast Guard has declined requests to partner on this initiative. Question 4. Do you believe the technology necessary for implementing the TWIC at port facilities--card readers, etc.--is ready for deployment? Answer. No. As indicated during my September 16 testimony, there were many technical components--and associated processes--that were either untested or under-tested during the TWIC pilot program. These include the TSA-vessel/database facility electronic communications (database updates to facilities, notification to TSA by facilities of who has been granted access, and subsequent hotlisting notifications) and processes; use of a biometric and/or pin number for access in a maritime environment, validation of identification documentation provided at enrollment. Further, that the use of TWIC was not tested on vessels, which will rely on wireless telecommunications access, is troubling. Additionally, that the card used during the Pilot program did not meet the FIPS-201 standard required by Homeland Security Presidential Directive 12 and that the card formally deployed must do so, is also a significant concern. Changing out the underlying technology in essence negates all aspects of the TWIC pilot program beyond initial application processing. We appreciate the August 16 announcement by TSA and Coast Guard that they would change the approach to TWIC deployment to address card issuance processes in the first phase and holds off on infrastructure (i.e., card readers) installation and usage to a second phase. However, as welcome as this approach may be, it does present a distinct possibility that cards issued during Phase I will not operate in the technology ultimately selected for Phase II. Recently, the U.S. Maritime Administration Ship Operations Cooperative Program, has successfully tested its Mariner Access Card, which will use technologies and processes similar to those proposed for TWIC. The initial reports are very positive, and we are optimistic that the technologies proposed will work in the maritime environment. However, this has yet to be used in any operating capacity and we therefore remain concerned that TSA does not deploy a full-scale roll- out without additional testing. ______ Response to Written Questions Submitted by Hon. Ted Stevens to George P. Cummings Question 1. Much was made in Congress about the proposed acquisition of U.S. port terminal leases by Dubai Ports World. Would the controversy have been nullified had the TWIC program been in place? Answer. Implementation of the TWIC program would have mandated that all individuals to be granted unescorted access to the restricted areas of the terminal would have to qualify for a TWIC card, regardless of their position in the company. This would have ensured that all of these individuals were legally present in the United States. Question 2. From your experiences regionally, what are the greatest impediments to nationwide implementation of TWIC? Answer. The selection of the technology to be used in the card readers will be critical. The technology identified in the Notice of Proposed Rulemaking would have required a full contact card and a PIN number for each entry. This would have caused major delays at terminal gates. We were in agreement with the recent change to the proposed regulation to delay the requirement for installation of card readers at facilities until a system is identified that can read cards and biometrics rapidly enough that back-ups do not occur at marine terminal gates. Also, there may be a significant impact to the population of truck drivers that haul containers in and out of the port if a large number of these drivers are not eligible for the TWIC card.