[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]



 
    THREAT, RISK, AND VULNERABILITY: THE FUTURE OF THE TWIC PROGRAM

=======================================================================



                                HEARING

                               before the

                         SUBCOMMITTEE ON BORDER
                         AND MARITIME SECURITY

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED THIRTEENTH CONGRESS

                             FIRST SESSION

                               __________

                             JUNE 18, 2013

                               __________

                           Serial No. 113-23

                               __________

       Printed for the use of the Committee on Homeland Security
                                     

[GRAPHIC] [TIFF OMITTED] 


                                     

      Available via the World Wide Web: http://www.gpo.gov/fdsys/

                               __________




                  U.S. GOVERNMENT PRINTING OFFICE
85-688                    WASHINGTON : 2013
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001




                     COMMITTEE ON HOMELAND SECURITY

                   Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Peter T. King, New York              Loretta Sanchez, California
Mike Rogers, Alabama                 Sheila Jackson Lee, Texas
Paul C. Broun, Georgia               Yvette D. Clarke, New York
Candice S. Miller, Michigan, Vice    Brian Higgins, New York
    Chair                            Cedric L. Richmond, Louisiana
Patrick Meehan, Pennsylvania         William R. Keating, Massachusetts
Jeff Duncan, South Carolina          Ron Barber, Arizona
Tom Marino, Pennsylvania             Dondald M. Payne, Jr., New Jersey
Jason Chaffetz, Utah                 Beto O'Rourke, Texas
Steven M. Palazzo, Mississippi       Tulsi Gabbard, Hawaii
Lou Barletta, Pennsylvania           Filemon Vela, Texas
Chris Stewart, Utah                  Steven A. Horsford, Nevada
Richard Hudson, North Carolina       Eric Swalwell, California
Steve Daines, Montana
Susan W. Brooks, Indiana
Scott Perry, Pennsylvania
Mark Sanford, South Carolina
                       Greg Hill, Chief of Staff
          Michael Geffroy, Deputy Chief of Staff/Chief Counsel
                    Michael S. Twinchek, Chief Clerk
                I. Lanier Avant, Minority Staff Director
                                 ------                                

              SUBCOMMITTEE ON BORDER AND MARITIME SECURITY

                Candice S. Miller, Michigan, Chairwoman
Jeff Duncan, South Carolina          Sheila Jackson Lee, Texas
Tom Marino, Pennsylvania             Loretta Sanchez, California
Steven M. Palazzo, Mississippi       Beto O'Rourke, Texas
Lou Barletta, Pennsylvania           Tulsi Gabbard, Hawaii
Chris Stewart, Utah                  Bennie G. Thompson, Mississippi 
Michael T. McCaul, Texas (Ex             (Ex Officio)
    Officio)
              Paul L. Anstine, Subcommittee Staff Director
                   Deborah Jordan, Subcommittee Clerk
         Alison Northrop, Minority Subcommittee Staff Director


                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Candice S. Miller, a Representative in Congress 
  From the State of Michigan, and Chairwoman, Subcommittee on 
  Border and Maritime Security:
  Oral Statement.................................................     1
  Prepared Statement.............................................     2
The Honorable Sheila Jackson Lee, a Representative in Congress 
  From the State of Texas, and Ranking Member, Subcommittee on 
  Border and Maritime Security:
  Oral Statement.................................................     4
  Prepared Statement.............................................     5
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Prepared Statement.............................................     7

                               Witnesses

Rear Admiral Joseph A. Servidio, Assistant Commandant for 
  Prevention Policy, U.S. Coast Guard:
  Oral Statement.................................................     8
  Prepared Statement.............................................     9
Mr. Steve Sadler, Assistant Administrator, Transportation 
  Security Administration:
  Oral Statement.................................................    11
  Prepared Statement.............................................    12
Mr. Stephen M. Lord, Director, Forensic Audits and Investigative 
  Services, U.S. Government Accountability Office:
  Oral Statement.................................................    15
  Prepared Statement.............................................    16
Captain Marcus Woodring, USCG (Ret), Managing Director, Health, 
  Safety, Security, and Environmental, Port of Houston Authority:
  Oral Statement.................................................    21
  Prepared Statement.............................................    23

                             For the Record

The Honorable Sheila Jackson Lee, a Representative in Congress 
  From the State of Texas, and Ranking Member, Subcommittee on 
  Border and Maritime Security:
  Letter From the American Association of Port Authorities.......    40
  Statement of American Trucking Associations, Inc...............    41
The Honorable Tulsi Gabbard, a Representative in Congress From 
  the State of Hawaii:
  Statement of the International Longshore and Warehouse Union...    44

                                Appendix

Questions From Chairwoman Candice S. Miller for Joseph A. 
  Servidio.......................................................    49
Questions From Chairwoman Candice S. Miller for Stephen M. Lord..    51


    THREAT, RISK, AND VULNERABILITY: THE FUTURE OF THE TWIC PROGRAM

                              ----------                              


                         Tuesday, June 18, 2013

             U.S. House of Representatives,
      Subcommittee on Border and Maritime Security,
                            Committee on Homeland Security,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 10:09 a.m., in 
Room 311, Cannon House Office Building, Hon. Candice S. Miller 
[Chairwoman of the subcommittee] presiding.
    Present: Representatives Miller, Duncan, Palazzo, Barletta, 
Stewart, Jackson Lee, O'Rourke, and Gabbard.
    Mrs. Miller. Good morning. The Committee on Homeland 
Security, Subcommittee on Border and Maritime Security, will 
come to order.
    The subcommittee is meeting today to examine the future of 
the TWIC program, and our witnesses today are Rear Admiral 
Joseph Servidio from the U.S. Coast Guard, Steven Sadler, 
assistant administrator for the Office of Intelligence and 
Analysis, Transportation Security Administration, Stephen Lord 
with the Government Accountability Office, and Marcus Woodring, 
from the Port of Houston Authority. I will give them a more 
formal introduction in just a moment.
    After 9/11, Congress passed the Maritime Transportation 
Security Act, or MTSA--it is sort of the acronym--to address 
several security vulnerabilities within the Nation's maritime 
and transportation sectors to prevent acts of terrorism that 
might impact our Nation. Among the provisions of the bill was a 
requirement from the Department of Homeland Security to develop 
a secure biometric access credential for individuals who 
require unescorted access to secure areas of regulated maritime 
facilities and vessels.
    Ports by their very nature may be susceptible to acts of 
terrorism that could cause loss of life and severe economic 
disruption. The lack of access control at the Nation's ports 
was certainly a glaring security vulnerability that MTSA and 
subsequently the Transportation Worker Identification 
Credential--we commonly call TWIC--was intended to fix.
    However, more than 11 years later, the TWIC card designed 
to prevent terrorists from gaining access to sensitive parts of 
the Nation's ports is currently no more than an extensive flash 
pass that costs workers about $130, principally to run criminal 
and terrorism background checks on prospective applicants.
    Unfortunately, the biometric capabilities on the card are 
of little use because delays in the pilot program and 
rulemaking processes have taken longer than ever intended. 
Pilot programs as envisioned by the Congress should have been 
designed to assist the Coast Guard in understanding the impact 
of proposed regulations on port operations and transportation 
workers alike, instead have been less than useful in the 
rulemaking process. Certainly, all of us are looking forward to 
hearing from our witnesses today on the extent to which the 
pilot was used to inform the rulemaking process.
    Maritime security is not the provenance of the Federal 
Government alone. Private industry and other stakeholders have 
an important role to play, but the Government has introduced an 
unacceptable level of uncertainty when it comes to TWIC. For 
several years, Members of this committee have been calling on 
the Department to release the reader rules on--or effective 
assessment of the program. That strikes me as a very poor way 
to run this program.
    Last Congress, I introduced the SMART Port Act, which 
passed through this committee and in the House, which would 
have made a series of reforms to the TWIC program. Included in 
that bill was a provision which required TSA to change the 
requirement for TWIC applicants who currently must go to an 
enrollment center twice and instead would allow for only visit 
to an enrollment center by allowing cards to be sent through 
the mail, just as passports and credit cards are today.
    Through our efforts, that provision was attached to last 
year's Coast Guard authorization act and it was signed into law 
by the President. However, it does appear that TSA will not 
comply with the 270-day time line in the statute. Making two 
trips to an enrollment center seems to just be a very onerous 
burden on transportation workers.
    So I will be very interested to hear how TSA will implement 
this provision, consistent with Congressional intent within 
that time frame. Millions of dollars of previously allocated 
and future grant spending are predicated on the TWIC providing 
a tangible security benefit at the Nation's ports and maritime 
facilities. We have an obligation to get this done right, and 
the way this program has been run so far does not give us the 
confidence that we are on the right course.
    Today I hope that we will be able to examine the security 
purpose of the TWIC card, principally, as well as chart out the 
future of this program to ensure that we maximize security and 
minimize the burden on American workers.
    With that, I would yield to the gentlelady from Texas, my 
Ranking Member, Ms. Jackson Lee.
    [The statement of Chairwoman Miller follows:]
               Statement of Chairwoman Candice S. Miller
                             June 18, 2013
    After 9/11, Congress passed the Maritime Transportation Security 
Act--MTSA--to address several security vulnerabilities within the 
Nation's maritime and transportation sectors to prevent acts of 
terrorism that might impact the Nation's economy. Among the provisions 
of the bill, was a requirement for DHS to develop a secure biometric 
access credential for individuals who require unescorted access to 
secure areas of regulated maritime facilities and vessels.
    Ports, by their very nature, may be susceptible to acts of 
terrorism that could cause loss of life and severe economic disruption. 
The lack of access control at the Nation's ports was a glaring security 
vulnerability that MTSA, and subsequently the Transportation Worker 
Identification Credential (TWIC) was intended to fix.
    However, more than 11 years later, the TWIC card, designed to 
prevent terrorists from gaining access to sensitive parts of the 
Nation's ports, is currently no more than an expensive flash pass that 
costs workers $129.75--principally to run criminal and terrorism 
background checks on prospective applicants.
    Unfortunately, the biometric capabilities on the card are of little 
use because delays in the pilot program and rulemaking processes have 
taken longer than ever intended. Pilot programs, as envisioned by the 
Congress, should have been designed to assist the Coast Guard in 
understanding the impact of proposed regulations on port operations and 
transportation workers alike, instead have been less than useful in the 
rulemaking process.
    I am looking forward to hearing from our witnesses on the extent to 
which the pilot was used to inform the rulemaking process.
    Maritime security is not the provenance of the Federal Government 
alone. Private industry and other stakeholders have an important role 
to play, but the Government has introduced an unacceptable level of 
uncertainty when it comes to TWIC.
    For several years, Members of this committee have been calling on 
the Department to release the reader rule to provide some certainty to 
workers and industry. Finally, we have a notice of proposed rulemaking 
that only requires TWIC readers to be used at the riskiest 5 percent of 
all TWIC-regulated vessels and facilities, nearly 6 years after workers 
were first required to pay for and obtain a TWIC card.
    The proposed rule and findings of a recent GAO report, leads to 
some very simple questions about the threat, risk, and vulnerability at 
our Nation's ports, and how the TWIC program should be used to reduce 
the risk of a terrorist attack at the handful of facilities and vessels 
identified in the proposed rule.
    I support a smart, risk-based approach to security, because I am 
convinced that maritime security is maximized through the use of a 
risk-based methodology. However, we should continue to scrutinize 
troubled programs by examining the principal reason they exist--in this 
case, preventing terrorists from doing economic harm to the Nation by 
disrupting the supply chain.
    This hearing will hopefully answer the question of whether or not 
the TWIC program serves that purpose.
    At this point, I believe it is still an open question as to what 
degree this card enhances maritime security. To that end, I hope to 
hear answers to the following questions: How many terrorist plots have 
been stopped by this card? Does TWIC enhance security in a tangible 
way? Can we address the security challenges at our Nation's ports in a 
more cost-effective, and balanced way?
    Today, we will hear from the Government Accountability Office, 
which recently reported that, `` . . . DHS has not demonstrated how, if 
at all, TWIC will improve maritime security.'' An assessment of how 
TWIC improves maritime security should have been one of the very first 
things the Department did when it began to implement the program.
    It has been more than a decade since the legislation that required 
TWIC was first enacted, but it is troubling that we have never done a 
simple security or effectiveness assessment of the program. That 
strikes me as a poor way to run a program.
    Last Congress, I introduced the SMART Port Act which passed through 
this committee and in the House, and would have made a series of 
reforms to the TWIC program.
    Included in that bill was a provision, originally authored by Mr. 
Scalise, which required TSA to change the requirement for TWIC 
applicants who currently must go to an enrollment center twice, and 
instead would allow for only one visit to an enrollment center by 
allowing cards to be sent through the mail, just as passports and 
credit cards are today.
    Through our efforts, that provision was attached to last year's 
Coast Guard Authorization Act and was signed into law by the President. 
However, it appears that TSA will not comply with the 270-day time line 
in statute.
    Making two trips to an enrollment center is an onerous burden on 
transportation workers, and I will be very interested to hear how TSA 
will implement this provision, consistent with Congressional intent 
within that time frame.
    Millions of dollars of previously allocated and future grant 
spending are predicated on the TWIC providing a tangible security 
benefit at the Nation's ports and maritime facilities.
    We have an obligation to get this right, and the way this program 
has been run so far does not give me the confidence that we are on the 
right course.
    Today, I hope that we examine the security purpose of the TWIC 
card, as well as chart out the future of this program to ensure that we 
maximize security and minimize the burden on American workers.
    With that I will yield to the gentlelady from Texas.

    Ms. Jackson Lee. Thank you. Good morning.
    I want to thank you, Madam Chairwoman, for holding today's 
hearing on the Department of Homeland Security's Transportation 
Worker Identification Credential program, something that many 
of us who have served on this committee have been dealing with 
not only with our constituents, but with our individual 
constituents and our corporate constituents, such as the 
Houston Port Authority.
    We have tried to be responsive to individuals, constituents 
who simply need to get to work. To our dismay, there have been 
a number of challenges with this program, though I know that 
its intentions were well-intentioned. Challenges that I would 
like to offer for the record are the site locations for 
individuals, the hours that TWIC offices would be open, the 
difficulty of those who lived away from ports or places like 
Louisiana, where they had to secure them places away from their 
particular home base. So there have been a lot of issues that 
have arisen with TWIC, and as I indicated, the intentions were 
good to give this card of identification.
    As a Member of Congress representing the port of Houston, 
the formal Chairwoman and Ranking Member of the Subcommittee on 
Transportation Security, and now working with this committee 
and Madam Chairwoman, I have been focused on the TWIC program 
since its creation.
    Early on, I engaged ports, workers, and other stakeholders 
about the program and heard their concerns about how it was 
being deployed. Like many of my colleagues, my office has 
received significant amounts of TWIC casework primarily from 
workers having difficulty obtaining and renewing their TWIC 
cards.
    While some of the issues with the program have largely been 
addressed, over time, other concerns have taken their place. I 
am particularly troubled by the Government Accountability 
Office report released last month that found serious problems 
with the TWIC reader pilot, which was intended to serve as the 
basis for the TWIC reader rulemaking. GAO has found that the 
pilot results were incomplete, inaccurate, and unreliable for 
informing Congress and for developing a final reader rule. GAO 
concluded these issues, calling to question the TWIC program's 
premise and its effectiveness in enhancing security.
    These concerns, coupled with prior unaddressed issues 
related to security vulnerabilities with the program, prompted 
GAO to recommend that the Department not move forward until a 
security assessment of the program is completed. However, DHS, 
which was made aware of GAO's finding in December 2012, 
published a notice of proposed rulemaking for the TWIC readers 
in March of this year.
    The NPRM would require readers to be deployed to only the 
highest-risk facilities and vessels accessed by just 5 percent 
of TWIC holders. While nothing precludes DHS from expanding the 
reader requirement in the future, such a limited deployment of 
biometric readers is not what Congress envisioned when it 
mandated the TWIC program, and I would encourage DHS to regroup 
and reassess, take more advice and counsel from stakeholders, 
more importantly reassess the technology. Technology is good. 
But it can be even better, obviously, if we pause for a moment 
and try to develop the technology that will, in fact, work.
    I am not advocating for broader deployment of readers at 
present, but I am concerned that DHS would ask port workers to 
pay for a biometric card whose biometric capabilities 
apparently may never be utilized. More broadly, I am concerned 
that DHS appears to be moving forward with its long-delayed 
reader rule before addressing the fundamental concerns that the 
program GAO has identified in its reports.
    I was pleased to invite from the port Mr. Marcus Woodring, 
who we have engaged and over the years has given effective 
service in the United States Coast Guard and has dealt with the 
TWIC issue over and over again, to testify before the 
subcommittee today to offer his port's perspective on the 
issues facing the TWIC program. Besides being one of the 
Nation's major ports with a significant presence of 
petrochemical-related facilities and vessels, the port of 
Houston has been using TWIC readers voluntarily since 2008. Mr. 
Woodring currently serves as managing director for health, 
safety, security, and environment at the Port of Houston 
Authority, having recently served in the Coast Guard, 
cumulating with service as captain of the port for the Houston 
region.
    I am especially interested in hearing from him about the 
port of Houston's experience with TWIC readers and his views on 
how the TWIC program can be strengthened going forward. I am 
delighted that he is here along with all the other witnesses, 
who I welcome. I want to hear from our DHS witnesses about how 
they plan to address GAO's recommendation, ensure TWIC programs 
become the maritime security program Congress intended, that 
ports and facilities can use without undue disruption to their 
businesses, and that DHS can justify asking maritime workers to 
continue to pay for.
    Finally, I would note that I have previously supported one 
enrollment process, one fee, and one security threat assessment 
for transportation workers. Madam Chairwoman, I will tell you, 
with all the numbers of cards that I have heard workers having 
to have, it may be well time for us to try and do that.
    I would like to hear from witnesses today about how the on-
going issues of the TWIC program might affect this effort. 
Again, we are grateful for the witnesses, and I want to 
acknowledge Mr. O'Rourke and Ms. Gabbard present here today. 
Thank you very much, Madam Chairwoman.
    I yield back.
    [The statement of Ranking Member Jackson Lee follows:]
             Statement of Ranking Member Sheila Jackson Lee
                             June 18, 2013
    As a Member of Congress representing the port of Houston, the 
former Chairwoman and Ranking Member of the Subcommittee on 
Transportation Security, and current Ranking Member of the Subcommittee 
on Border and Maritime Security, I have been focused on the TWIC 
program since its creation.
    Early on, I engaged ports, workers, and other stakeholders about 
the program and heard their concerns about how it was being deployed.
    Like many of my colleagues, my office has received significant 
amounts of TWIC casework, primarily from workers having difficulty 
obtaining and renewing their TWICs.
    While some of the issues with the program have largely been 
addressed over time, other concerns have taken their place.
    I was particularly troubled by the Government Accountability Office 
(GAO) report released last month that found serious problems with the 
TWIC reader pilot, which was intended to serve as the basis for the 
TWIC reader rulemaking.
    GAO found that the pilot results were incomplete, inaccurate, and 
unreliable for informing Congress and for developing a final reader 
rule.
    GAO concluded these issues call into question the TWIC program's 
premise and its effectiveness in enhancing security.
    These concerns, coupled with prior, unaddressed issues related to 
security vulnerabilities with the program, prompted GAO to recommend 
that the Department not move forward until a security assessment of the 
program is completed.
    However, DHS, which was made aware of GAO's findings in December 
2012, published a Notice of Proposed Rulemaking (NPRM) for the TWIC 
readers in March of this year.
    The NPRM would require readers to be deployed to only to the 
highest-risk facilities and vessels, accessed by just 5% of TWIC 
holders.
    While nothing precludes DHS from expanding the reader requirement 
in the future, such a limited deployment of biometric readers is not 
what Congress envisioned when it mandated the TWIC program.
    I am not advocating for broader deployment of readers at present, 
but am concerned that DHS would ask port workers to pay for a biometric 
card whose biometric capabilities apparently may never be utilized.
    More broadly, I am concerned that DHS appears to be moving forward 
with its long-delayed reader rule before addressing the fundamental 
concerns with the program GAO has identified in its reports.
    I was pleased to invite a witness from the port of Houston, Mr. 
Marcus Woodring, to testify before the subcommittee today to offer his 
port's perspective on the issues facing the TWIC program.
    Besides being one of the Nation's major ports with a significant 
presence of petrochemical-related facilities and vessels, the port of 
Houston has been using TWIC readers voluntarily since 2008.
    Mr. Woodring currently serves Managing Director for Health, Safety, 
Security, and Environmental (HSSE) at the Port of Houston Authority, 
having recently served in the Coast Guard culminating with service as 
captain of the port for the Houston region.
    I am especially interested in hearing from him about the port of 
Houston's experience with TWIC readers and his views on how the TWIC 
program can be strengthened going forward.
    Similarly, I want to hear from our DHS witnesses about how they 
plan to address GAO's recommendations and ensure TWIC becomes the 
maritime security program Congress intended, that ports and facilities 
can use without undue disruption to their businesses, and that DHS can 
justify asking maritime workers to continue to pay for.
    Finally, I will note that I have previously supported one 
enrollment process, one fee, and one security threat assessment for 
transportation workers.
    I would like to hear from our witnesses today about how the on-
going issues with the TWIC program might affect this effort.

    Mrs. Miller. Let me formally introduce our witnesses this 
morning. Again, we welcome all of you gentlemen. We appreciate 
you taking the time to be here.
    First of all, Rear Admiral Joseph Servidio is the assistant 
commandant for prevention policy overseeing Coast Guard 
inspections and compliance, marine transportation systems, and 
commercial regulations and standards. He is responsible for 
navigation and boating safety, commercial vessels, ports and 
facilities, merchant mariner credentialing, and vessel 
documentation. We welcome you, Admiral.
    Mr. Steven Sadler is the assistant administrator for the 
Office of Intelligence and Analysis at the Transportation 
Security Administration. In this role, he is responsible for 
the alignment of intelligence functions with vetting 
operations. Before joining TSA, Mr. Sadler spent 25 years in 
the commercial maritime industry in a number of leadership 
roles. Welcome.
    Mr. Stephen Lord directs the GAO's numerous engagements on 
aviation and surface transportation security issues and 
regularly discusses these issues before Congress in various 
industry forums. He supervised recent reviews of TSA passenger 
rail security programs and the TWIC program.
    I am going to ask my Ranking Member to make the formal 
introduction of her constituent, who graciously joins us this 
morning.
    Ms. Jackson Lee. As I indicated, let me welcome all the 
witnesses, but I am particularly--and thank you, Madam 
Chairwoman, very much--particularly excited and pleased to be 
able to welcome Mr. Marcus Woodring, retired from the United 
States Coast Guard, as captain of the port of Houston-Galveston 
in 2011. We are delighted that he assumed his new and current 
position with the port of Houston in July of that year. He is 
responsible for safety, security, environmental stewardship, 
and emergency response at eight terminals along the Houston 
ship channel.
    Over the years, I have had the privilege of working with 
Captain Woodring, and I would tell you, Madam Chairwoman, that 
he is one of the most engaged public servants and a problem-
solver. I am delighted for him to bring that experience to this 
committee and this hearing that is so very important today. 
Welcome you and welcome you from Houston, Captain.
    Mrs. Miller. Thank you very much. Other Members are 
reminded that statements may be submitted for the record.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
                             June 18, 2013
    This committee has a long history of TWIC oversight, going back 
almost to its inception. Since that time, DHS has made progress in 
standing up the program, vetting and enrolling approximately 2.5 
million maritime workers.
    Certainly, workers have done their part by applying for TWICs, 
submitting to background investigations, paying for their credentials, 
filing for waivers and appeals as necessary, and making multiple trips 
to ultimately receive their cards.
    Yet, the program has long been plagued by delays, security 
vulnerabilities, and other problems.
    These problems now have many questioning whether TWIC will ever be 
the transportation security program Congress envisioned when it enacted 
the Maritime Transportation Security Act of 2002 and the SAFE Port Act 
of 2006.
    Just last month, the Government Accountability Office issued its 
latest in a series of troubling reports related to TWIC--this time on 
the reader pilots.
    GAO concluded that the pilots were so severely flawed that they 
cannot be used to inform DHS' long-delayed rulemaking process for the 
TWIC readers.
    Despite being made aware of GAO's serious concerns about the 
reliability of the reader pilot data and the TWIC program as a whole, 
Coast Guard published its Notice of Proposed Rulemaking (NPRM) for the 
TWIC readers earlier this year.
    The NPRM divides ports and facilities into three risk groups, 
requiring only those in the highest-risk group--Group A--to install 
biometric readers for admittance to secure areas.
    Facilities in Groups B and C can continue to allow TWICs to be used 
as ``flash passes'' with only a visual inspection required to gain 
access.
    This means that only 5% of TWIC holders would be using their 
biometric credentials as Congress intended--with a biometric reader.
    The remainder of TWIC holders will continue to use their card as an 
expensive flash pass.
    Let me be clear--I am not advocating for deployment of readers at 
additional facilities or vessels at this time.
    Rather, I believe the limited deployment of readers proposed by the 
rule raises some hard questions that need to be answered.
    For example, what does it say about the security value of the TWIC, 
and the TWIC program itself, if DHS does not believe the program needs 
to be fully deployed at all regulated facilities?
    And how can we continue requiring workers to pay for a biometric 
credential when, in the vast majority of cases, the full capability of 
that card will not be used?
    To get answers to these and other vital questions, I strongly 
support GAO's recommendation for an assessment of the TWIC program 
prior to its continued deployment.
    My staff has done significant stakeholder outreach on the rule, and 
I plan to file comments based on this outreach and our oversight work 
outlining my thoughts and concerns.
    I look forward to a discussion today about what needs to be done to 
address the persistent problems facing the TWIC program.
    In particular, I hope to hear from GAO in detail about their 
recommendations for the path forward for the program.

    Mrs. Miller. Again, thank you all for coming. At this time, 
the Chairwoman recognizes Admiral Servidio.

    STATEMENT OF REAR ADMIRAL JOSEPH A. SERVIDIO, ASSISTANT 
       COMMANDANT FOR PREVENTION POLICY, U.S. COAST GUARD

    Admiral Servidio. Good morning, Madam Chairwoman, Ranking 
Member Jackson Lee, distinguished Members of the subcommittee. 
I am Rear Admiral Joe Servidio, the assistant commandant for 
prevention policy for the Coast Guard, and I am honored to have 
this opportunity to speak before you today about the Coast 
Guard's role in enforcing compliance with the Transportation 
Worker Identification Credential and update you on the status 
of the TWIC reader rule.
    The Coast Guard views TWIC as a key component of our 
layered security strategy. By providing a Nationally-recognized 
vetting standard and a common credential, TWIC promotes both 
security and economic efficiency. Issued under a uniform 
standard, TWIC allows facility and vessel operators, as well as 
law enforcement Nation-wide, to verify the identity of 
individuals using a single official document. TWIC enables 
transportation workers the flexibility to potentially move 
among facilities, vessels, and geographic regions during 
routine operations and in emergencies, maintaining security and 
facilitating resiliency.
    While TWIC provides a standard baseline to determine 
suitability to enter the secure area of a facility or vessel 
regulated under the Maritime Transportation Security Act, it is 
only half of a two-part process. In addition to possessing a 
valid TWIC, an individual must also be specifically granted 
access to a secure area by a vessel or facility security 
officer.
    To re-emphasize, the possession of a valid TWIC alone is 
not sufficient for the holder of a credential to access secure 
areas. This two-step process provides an additional layer of 
security to help protect vital maritime transportation 
infrastructure from unauthorized access or exploitation.
    In addition to facility and vessel operators' significant 
efforts, Coast Guard inspectors have validated about 280,000 
TWICs during planned and unplanned no-notice visits since 2009. 
The Coast Guard also reviews approximately 3,100 facility and 
11,000 vessel security plans each year.
    On 22 March 2013, the Coast Guard released the TWIC reader 
notice of proposed rulemaking, which outlines requirements for 
certain MTSA-regulated facilities and vessels to use electronic 
readers as part of their TWIC access control program. This NPRM 
is an important element of maritime security, as electronic 
readers allow for biometric confirmation of the TWIC holder's 
identity.
    As with our other security regs, the Coast Guard balanced 
the expected security benefits of the requirement with the 
expected costs to industry. Accordingly, the reader rule 
proposes the use of TWIC readers only at the vessels and 
facilities where a security incident could pose the greatest 
consequence and where biometric verification of a TWIC would 
reduce risk.
    Vessels and facilities not required to use electronic 
readers under this rule will still be required to conduct 
visual TWIC verifications. The GAO released a report 
questioning the security benefits of the TWIC and the way the 
Coast Guard used the results of the pilot program to inform the 
rule. We indicated to GAO that we were aware of the pilot 
program's limitations and used pilot data with discretion in 
developing the NPRM.
    Moreover, we are convinced that TWIC, including the use of 
biometric readers, is an important part of our maritime 
security system. The GAO report was released while the NPRM 
common period was open. Given the timing of the report's 
release, a request by Representative Thompson and to ensure 
that we captured comments informed by the report, we extended 
the comment period by 30 days to 20 June 2013.
    The Coast Guard hosted four public meetings around the 
country, providing other outlets for public feedback on the 
proposed regs. To date, we have received approximately 50 
comments on the NPRM.
    The Coast Guard's focus is to facilitate a secure and 
efficient maritime transportation system, and TWIC is an 
important tool in that effort. As part of our layered security 
strategy, we are committed to establishing and enforcing 
effective and efficient access control requirements through 
TWIC. Our reader NPRM solicits public comment, which we 
recognize as critical to port security success, and we will 
continue to work with the Department, TSA, industry groups, 
labor organizations, Congress, and other key stakeholders to 
find ways to improve service.
    We know that we have more work to do, and we will ensure 
that Congress is informed of our progress. Thank you for the 
opportunity to testify today, and I look forward to your 
questions.
    [The prepared statement of Admiral Servidio follows:]
           Prepared Statement of Rear Admiral Joseph Servidio
                             June 18, 2013
    Good morning Madam Chairwoman and distinguished Members of the 
subcommittee. Thank you for the opportunity to testify before this 
committee on the Coast Guard's role in enforcing compliance of the 
Transportation Worker Identification Credential (TWIC) program within 
the maritime transportation system.
    In previous testimonies, the Coast Guard has described our 
responsibility for ensuring industry compliance with TWIC regulations, 
the status of our deployment of handheld readers to field units, and 
our efforts to publish regulations for electronic TWIC readers in 
accordance with Congressional requirements as provided in the Security 
and Accountability For Every (SAFE) Port Act of 2006. This testimony 
will provide an update of our on-going efforts to enhance the safety 
and security of the Nation's ports through the effective implementation 
of the TWIC program and recent publication of the TWIC Reader 
Requirements Notice of Proposed Rulemaking (NPRM).
    The Coast Guard and the Transportation Security Administration 
(TSA) have formed a successful partnership in the joint management of 
the TWIC program and continue to work together to effectively build, 
manage, and improve it. TSA is responsible for TWIC enrollment, 
security threat assessment and adjudication, card production, 
technology, TWIC issuance, conduct of the TWIC appeal and waiver 
process as it pertains to credential issuance, and management of 
Government support systems. The Coast Guard is responsible for 
establishing and enforcing access control requirements at Maritime 
Transportation Security Act (MTSA) regulated vessels and facilities, 
which include the requirement for TWIC.
                             value of twic
    TWIC is one part of the layered approach to port security and 
establishes a minimum, uniform, vetting, and threat assessment for 
mariners and port workers across the country. It ensures that workers 
needing routine, unescorted access to secure areas of facilities and 
vessels are vetted against a specific list of terrorism associations 
and criminal convictions and it provides a standard baseline for 
determining an individual's suitability to enter the secure area of a 
MTSA-regulated vessel or facility. However, it is only the first half 
of a two-part process. First, vessel and facility security personnel 
must determine that an individual posseses a valid TWIC.
    Second, they must assess the individual's business case for 
entering a vessel or facility before granting the person unescorted 
access. The possession of a valid TWIC alone is not sufficient to gain 
the holder of that credential access to secure areas on vessels or 
facilities across the country. The TWIC provides a means by which a 
vessel or facility security officer can determine that an individual 
has been vetted to an established standard. It helps inform the 
security officer's decision to grant unescorted access to an 
individual. The facility owners/operators must maintain control of the 
access privileges to their respective facilities based on the valid 
TWIC and business case.
    The Nation-wide recognition of TWIC promotes security and 
standardization. A common credential enables facility and vessel 
operators as well as Federal, State, local, Tribal, and territorial law 
enforcement entities to verify the identity of individuals--a step that 
was not feasible prior to TWIC implementation with potentially 
thousands of different facility-specific credentials. TWIC also allows 
transportation workers to move among facilities, vessels, and 
geographic regions as needed for routine market demands and during 
emergencies, while still maintaining security.
    As required by the SAFE Port Act, the Coast Guard conducts at least 
two security inspections annually at MTSA-regulated facilities, with 
one inspection being unannounced. Vessels and facilities in all 42 
Coast Guard Captain of the Port Zones are in compliance with TWIC 
requirements, and have been since the April 15, 2009 implementation 
date. In addition to the security activities taken by vessel and 
facility security officers, the Coast Guard conducts regular 
inspections, spot checks, and TWIC verifications at approximately 3,100 
maritime facilities, 14,000 vessels, and 50 outer continental shelf 
facilities. Our enforcement program also includes the use of hand-held 
TWIC readers by Coast Guard personnel to conduct spot checks using the 
biometric capabilities of TWIC.
                          reader requirements
    On March 22, 2013, the Coast Guard issued the TWIC Reader 
Requirements Notice of Proposed Rulemaking which outlines requirements 
for certain MTSA-regulated facilities and vessels to use electronic 
readers in accordance with Congressional requirements as provided in 
the SAFE Port Act as part of their TWIC access control program. The 
Notice of Proposed Rulemaking maintain the visual verification 
requirement for remaining vessels and facilities. Per 33 CFR Parts 104, 
105, and 106, this visual inspection must include, at a minimum:
   A match of the photo on the TWIC to the individual 
        presenting it;
   Verification that the TWIC has not expired; and
   A visual check of the various security features present on 
        the card to determine whether the TWIC has been tampered with 
        or forged.
    This Notice of Proposed Rulemaking is an important element of the 
Coast Guard's maritime security mission. Electronic readers add an 
important additional layer of security by providing biometric 
confirmation of the TWIC holder's identity.
    As you are aware, the Government Accountability Office (GAO) 
recently released a report questioning the security benefits of TWIC, 
and the way in which the Coast Guard used results of the pilot program 
to inform the reader rule. As we indicated to GAO in our reply to their 
report, we were aware of the pilot program's limitations, and used it 
with discretion in developing the Notice of Proposed Rulemaking. 
Moreover, we are convinced that TWIC, including the use of biometric 
readers, can and should be a part of the Nation's maritime security 
system. In part, because the GAO report came out while the Notice of 
Proposed Rulemaking public comment period was open, we extended the 
open period by 30 days to June 20, 2013, to ensure that the public had 
sufficient opportunity to review and provide feedback on the proposed 
regulations.
                               conclusion
    TWIC is improving access control at vessels and maritime facilities 
across the country. Its standard, Nation-wide recognition secures and 
facilitates a resilient, mobile transportation workforce during routine 
and emergency situations. The Coast Guard's NPRM will further increase 
the security value of TWIC to the Nation by focusing on the highest-
risk vessels and facilities. We will continue to work with TSA, 
industry groups, labor organizations, and other stakeholders to find 
ways to reduce costs, and improve service. As part of that process, we 
will continue to monitor the costs and benefits of TWIC, as well as the 
external security environment. In all of these matters, our primary 
concern is to provide the American people with a secure and efficient 
marine transportation system. We know we have more work to do, and we 
will ensure Congress is informed of our progress.
    Thank you for the opportunity to testify today. I look forward to 
your questions.

    Mrs. Miller. Thank you very much, Admiral.
    The Chairwoman now recognizes Mr. Sadler for his testimony.

      STATEMENT OF STEVE SADLER, ASSISTANT ADMINISTRATOR, 
             TRANSPORTATION SECURITY ADMINISTRATION

    Mr. Sadler. Good morning, Chairman Miller, Ranking Member 
Jackson Lee, and distinguished Members of the subcommittee. 
Thank you for the opportunity to speak with you today about 
TSA's role in the TWIC program.
    TWIC provides a uniform biometric tamper-resistant 
credential that is issued following the successful completion 
of the security threat assessment. For those with a business 
need, the credential is required to gain unescorted access to 
secure areas at port facilities and vessels regulated under the 
Maritime Transportation Security Act.
    TSA is responsible for enrollment and security threat 
assessments, as well as system operations and maintenance. TSA 
conducts a comprehensive security threat assessment, and more 
than 2.3 million transportation workers hold active TWIC cards. 
These credentials represent a capability that didn't previously 
exist in the maritime environment.
    We have taken the following steps to improve the program 
and reduce burden on workers while maintaining the security 
objectives of the program. In August 2012, we announced the 
Extended Expiration Date TWIC initiative, a one-time effort 
that runs through December 2014. This initiative allows workers 
to extend their credential for 3 years at half the cost of a 5-
year credential and requires only one visit to an enrollment 
center.
    Last month, TSA processed over 58,000 requests for TWIC 
cards. Of these, almost 23,000 were for the 3-year credential. 
This means the travel burden on 39 percent of all current 
applicants can be cut in half. To reduce wait times for 
workers, we have added customer service representatives and 
refined contractual performance standards.
    We have developed a web-based process that allows workers 
to apply for an Extended Expiration Date TWIC or a replacement 
card, and we have a plan to increase mobile enrollment 
opportunities. We are in the process of transitioning our 
single enrollment and system maintenance contract to two 
separate contracts. This will give us better oversight 
capability and allow the contractors to focus on their core 
functions.
    As directed by Congress, we are reforming the program by 
implementing the one-visit initiative to enable all workers to 
apply for and obtain a credential with a single visit to an 
enrollment center. Beginning with a pilot program in Alaska 
next month, we will expand the initiative Nation-wide in 2014.
    With one visit, an applicant will provide identification 
and biometric information during a single visit to an 
enrollment center. If approved to receive the credential, TSA 
will mail the card directly to the applicants, saving the 
applicant time and travel cost. We are more than doubling the 
number of enrollment centers from 136 to approximately 300 
sites by leveraging existing assets that will allow 
transportation workers to apply for a TWIC or hazardous 
material endorsement at the same location.
    The SAFE Port Act directed DHS to conduct a reader pilot to 
test the viability of biometric card readers. Seventeen sites 
participated on a voluntary basis. These facilities started 
using readers in August 2008, and despite numerous challenges 
identified in our report to Congress submitted in February 
2012, the pilot generated considerable data that proved helpful 
in evaluating reader performance and assessing the impact of 
readers at maritime facilities.
    We concluded that the reader system functions properly when 
designed, installed, and operated in a manner consistent with 
the business requirements of the facility or vessel operation. 
When TWIC readers are deployed, it will determine whether a 
card is authentic, valid, and issued by TSA. They will also 
facilitate access control decisions made by port facilities and 
vessels. In the biometric mode, readers confirm through a 
fingerprint match that the person using the card is the 
rightful owner of the card.
    Prior to the TWIC program, there was no standard identity 
verification or background check policy for entrance to a port 
facility or vessel. Today, facility and vessel owners and 
operators can look for one identification document based on an 
extensive background check.
    The use of readers and biometric verification will enhance 
security at MTSA-regulated port facilities and vessels. Thank 
you for the opportunity to be here today. I look forward to 
taking your questions.
    [The prepared statement of Mr. Sadler follows:]
                   Prepared Statement of Steve Sadler
                             June 18, 2013
    Good morning Chairman Miller, Ranking Member Jackson Lee, and 
distinguished Members of the subcommittee. Thank you for the 
opportunity to testify today about the Transportation Security 
Administration's (TSA) role in the Transportation Worker Identification 
Credential (TWIC) program.
    To fulfill a security mission of such scale, the Department of 
Homeland Security (DHS) leverages the expertise of its components to 
evaluate the entities that comprise the maritime domain and design 
security measures to counter potential threats. TWIC provides a 
uniform, industry-wide, biometric, tamper-resistant credential that is 
issued following successful completion of a security threat assessment 
(STA). Following successful completion of the STA and payment of 
relevant fees, eligible maritime workers are provided a tamper-
resistant biometric credential that permits unescorted access to secure 
areas of port facilities and vessels regulated by the USCG under MTSA. 
These security benefits are most fully realized when the credential is 
used in conjunction with readers that can provide electronic 
verification.
    TSA and the United States Coast Guard (USCG) jointly administer the 
fee-based TWIC program, which was established under Section 102 of the 
Maritime Transportation Security Act (MTSA) of 2002. The Act required 
the Secretary (at the time the Secretary of the Department of 
Transportation) to issue biometric transportation security cards to 
prevent unauthorized individuals from entering an area of a vessel or 
facility designated as a secure area. Currently, TSA is responsible for 
enrollment, STAs, and systems operations and maintenance related to 
TWICs while the USCG is responsible for establishing and enforcing 
access control standards including requirements for TWIC readers at 
MTSA-regulated facilities and vessels.
    TSA began National deployment of the TWIC program on October 16, 
2007, with the enrollment of maritime workers at the Port of 
Wilmington, DE. Since that time, TSA has conducted comprehensive STAs 
and issued TWIC credentials to over 2.5 million workers while 
identifying and preventing approximately 50,000 TWIC applicants who did 
not meet the required security standards from receiving a TWIC.
         twic: meeting industry needs and security requirements
    The TWIC program represents an important maritime security measure 
by allowing facility and vessel security operators to verify that the 
holder has successfully passed the STA, through possession and visual 
inspection of the TWIC credential. Workers at the approximately 13,825 
vessels and 3,270 maritime facilities that the USCG regulates under 
MTSA have been required to present their TWIC for unescorted entry to 
secure areas of those facilities since mid-April 2009. Until TWIC 
readers are in place, security access personnel are required to 
visually inspect the TWIC prior to granting unescorted access to secure 
areas on-board regulated vessels and at facilities.
    TWIC reader systems are designed to determine whether a card is 
authentic, valid, and issued by TSA. The readers also check that the 
card has not expired and, by accessing the cancelled card list, can 
determine if the card has been revoked or reported lost or stolen. When 
used in the biometric mode, readers confirm through a fingerprint match 
that the person using the card is the rightful owner of the card. The 
TWIC card and reader system can perform these checks virtually anywhere 
with portable or fixed readers because connectivity to an external 
database is not required.
    A TWIC is valid for 5 years. The cost is $129.75, unless a worker 
has a comparable STA and uses it to establish TWIC eligibility, in 
which case the cost is $105.25. In late August 2012, DHS announced the 
Extended Expiration Date (EED) initiative under which eligible workers 
have been able to submit a request to extend the expiration date on 
their TWIC by 3 years and pay a $60 card replacement fee. The EED is a 
one-time initiative through December 31, 2014. The TWIC reader 
requirements have been proposed by USCG in a Notice of Proposed 
Rulemaking published on March 22, 2013. The NPRM proposals, if 
finalized as published, would require TWIC readers for certain high-
risk vessels and facilities. Use of readers at these sites would 
enhance security by verifying the validity of the TWIC card as well as 
the identity of the card owner.
    TSA is committed to partnerships with stakeholders, including the 
private sector, to carry out its mission. To meet the demands of the 
TWIC program, the TSA will provide MTSA-regulated facility owners and 
operators with a list of TWIC readers that meet current TWIC 
specifications as outlined in current guidance. TSA established the 
Qualified Technology List (QTL) process on November 1, 2012, with the 
announcement that three National Voluntary Laboratory Accreditation 
Program laboratories were accredited to accept readers for compliance 
testing.
  ``onevisit'' initiative and other plans to enhance customer service
    TSA will soon implement the ``OneVisit'' initiative to facilitate 
card issuance to eligible applicants and individuals needing a 
replacement TWIC. The initiative will enable individuals to apply for 
and obtain a TWIC with a single visit to an enrollment center and will 
begin with a pilot in Alaska this summer and expand Nation-wide in 2014 
after TSA carefully evaluates the pilot results. Under ``OneVisit,'' an 
applicant will visit an enrollment center to provide identification and 
biometric information. Upon successful completion of an STA, TSA will 
directly mail a card to the applicant. ``OneVisit'' will eliminate the 
need for the transportation worker to make a follow-up visit to an 
enrollment center to activate the card and select a Personal 
Identification Number (PIN). Eliminating this second visit saves the 
applicant time and travel costs, as well as easing crowding at 
enrollment centers.
    The Coast Guard and Maritime Transportation Act of 2012 mandates 
that, within 270 days from the date of enactment, DHS reform the 
process for TWIC enrollment, activation, issuance, and renewal to 
require no more than one in-person visit to a designated enrollment 
center, except in cases where extenuating circumstances exist requiring 
more than one visit. DHS made clear that, while a plan would be 
initiated within 270 days to reform the process, it would likely take 
additional time to fully implement the provision in a manner that 
preserved the security of the credential.
    In addition to ``OneVisit,'' TSA is committed to providing enhanced 
customer service in a variety of ways. TSA will expand the number of 
TWIC enrollment centers from 136 to approximately 300 sites by 
transitioning Hazardous Materials Endorsement (HME)/TWIC enrollments 
sites to Universal Enrollment Service Centers. This will permit 
individuals to apply for a TWIC or HME at the same location, and 
shorten travel distances for many applicants. TSA is also increasing 
its oversight of customer service at our enrollment centers and has 
added call center representatives to reduce call wait times.
                         the twic reader pilot
    In October 2006, pursuant to the SAFE Port Act, Congress mandated 
that DHS conduct a TWIC reader pilot to inform reader requirements 
prior to Nation-wide implementation and test the viability of selected 
biometric card readers while examining the technical aspects of 
connecting TWIC readers to access control systems. Seventeen sites 
participated in the reader pilot on a voluntary basis. These facilities 
used readers in conjunction with TWICs starting in August 2008. The 
pilot faced several constraints, including extreme differences in the 
nature of operations at participating sites. Additionally, the 
participating sites had to ensure that the use of the new readers and 
test protocols did not interfere with the security and daily operations 
of the facilities. Notwithstanding these challenges, the TWIC reader 
pilot generated considerable data that proved helpful in evaluating 
reader performance and assessing the impact of using readers at 
maritime facilities.
    Following analysis of the pilot results, TSA concluded that TWIC 
reader systems function properly when they are designed, installed, and 
operated in a manner consistent with the characteristics and business 
needs of the facility or vessel operation. TSA also found that reader 
systems can facilitate access decisions efficiently and effectively 
despite the operational and technological difficulties that affected 
performance at some pilot locations. While a recent Government 
Accountability Office (GAO) report evaluating the results of the TWIC 
reader pilot program concluded that that DHS should not use the 
analysis of the pilot program as basis for developing the final TWIC 
reader regulation, the pilot did produce valuable information 
concerning the environmental, operational, and fiscal impacts of the 
use of TWIC readers.
                               conclusion
    Prior to the TWIC program, there was no standard identity 
verification or background check policy for entrance to a port facility 
or vessel. This created opportunities for fraud as well as security 
risks. Today, facility and vessel owners and operators look for one 
standard identification document that confirms the holder's identity 
and verifies that he or she successfully completed an STA. The use of 
readers and biometric verification will enhance security at MTSA-
regulated port facilities and vessels.
    TSA and its partners have taken significant steps to add layers of 
security to protect our Nation's port facilities and vessels. These 
steps link together information sharing, security, and law enforcement 
from across TSA, USCG, DHS, and a multitude of partnerships. Each 
security layer builds upon and complements the others. TWIC is one of 
those layers. Thank you for the opportunity to discuss the TWIC 
program. I am available to answer any questions.

    Mrs. Miller. Thank you very much.
    The Chairwoman now recognizes Mr. Lord.

  STATEMENT OF STEPHEN M. LORD, DIRECTOR, FORENSIC AUDITS AND 
 INVESTIGATIVE SERVICES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Lord. Good morning, Chairwoman Miller, Ranking Member 
Jackson Lee, and other distinguished Members of the committee. 
I am really pleased to be here today to discuss our recent work 
on the TWIC pilot. As context, I would like to note that GAO 
has conducted an extensive body of work on a TWIC program 
spanning several years, which I believe gives me some unique 
insights to come in on the program today.
    The overall message that I wanted to convey today--I think 
this is a very important message--is that the pilot results 
reported to Congress in February 2012 should not be used as a 
basis to inform the current rulemaking or to inform decision-
making. Why is that? As we noted in our May 2000 report, we 
identified a number of planning, data collection, and reporting 
challenges that we believe made the pilot results unreliable.
    I am a little surprised to see on the March 22 NPRM that 
the Coast Guard concluded that the cards function properly and 
enhance security, as we found this very difficult to 
extrapolate from the pilot results.
    In terms of planning, we think it is notable that DHS did 
take some important initial steps to address the pilot planning 
issues we identified in our 2009 report. At the same time, it 
did not develop an evaluation plan or performance standards as 
we recommended. In terms of data collection, we identified 
several limitations in the way data was collected during the 
pilot. For example, TSA and the independent test agent did not 
always record clear baseline data for comparing reader 
performance. They also did not collect complete data on card 
failures or the reasons an individual was denied access to a 
facility.
    Also, the operational impact of using TWICs, that was one 
of the key purposes of the pilot, with readers was not 
consistently documented across pilot sites. As a result of 
these challenges, this made it really difficult to determine 
whether the problems encountered at the pilot sites were due to 
the card itself, the card reader, or the way the users were 
using them or a combination of all three.
    In terms of the report to Congress, we found that some of 
the information in the report was not always supported by the 
pilot data. For example, assessments of entry times at ports--
this is really important piece of data--the throughput times 
were--seem to have been mixed up with the reader response time, 
which is calculated in a controlled laboratory setting.
    DHS's report also stated that the TWIC readers can enhance 
security, even though that type of data was not collected 
during the pilot, nor was it a purpose of the pilot. Thus, it 
is still unclear how TWICs--using TWICs with readers will 
improve security even though we recommended that the Department 
assess this in our May 2011 report.
    To be fair, DHS officials, TSA officials did note that 
several challenges affected their ability to collect reliable 
data. For example, TSA noted that pilot participation was 
voluntary and, in some cases, it was analogous to herding cats. 
It is difficult to ensure consistency.
    TSA and the Coast Guard also said the independent test 
agent did not always collect and record key data consistently. 
We spoke to the independent test agent. He identified some 
resource constraints. Basically, they didn't have the physical 
presence in all locations to really figure out why the cards 
weren't working. However, we believe these risks could have 
been mitigated through better pilot planning and 
implementation.
    In closing, given the many issues we identified, we believe 
Congress should consider repealing the requirement that the 
final regulations for the card readers be consistent with the 
findings of the pilot. Essentially, we think those two events 
should be de-linked.
    Instead, we still believe Congress should require DHS to 
complete a security assessment to clearly show how using TWICs 
with readers will actually improve security over and above the 
systems that are already in place. This is something we 
recommended in our May 2011 report, which is still an open 
recommendation. As part of this assessment, we believe they 
should consider alternative credentialing approaches, including 
consideration of a more decentralized approach. We think it is 
really important to look at other approaches for achieving the 
same goal.
    Madam Chairwoman, other Members of the committee, this 
concludes my prepared statement. I look forward to your 
questions. Thank you.
    [The prepared statement of Mr. Lord follows:]
                 Prepared Statement of Stephen M. Lord
                             June 18, 2013
  transportation worker identification credential.--card reader pilot 
     results are unreliable; security benefits should be reassessed
                              gao-13-695t
    Chairman Miller, Ranking Member Jackson Lee, and Members of the 
subcommittee: I am pleased to be here today to discuss our work 
examining the Department of Homeland Security's (DHS) Transportation 
Worker Identification Credential (TWIC) program. Ports, waterways, and 
vessels handle billions of dollars in cargo annually, and an attack on 
our Nation's maritime transportation system could have serious 
consequences. Maritime workers, including longshoremen, mechanics, 
truck drivers, and merchant mariners, access secure areas of the 
Nation's estimated 16,400 maritime-related transportation facilities 
and vessels, such as cargo container and cruise ship terminals, each 
day while performing their jobs.\1\
---------------------------------------------------------------------------
    \1\ For the purposes of this statement, the term ``maritime-related 
transportation facilities'' refers to seaports, inland ports, offshore 
facilities, and facilities located on the grounds of ports.
---------------------------------------------------------------------------
    The TWIC program is intended to provide a tamper-resistant 
biometric credential \2\ to maritime workers who require unescorted 
access to secure areas of facilities and vessels regulated under the 
Maritime Transportation Security Act of 2002 (MTSA).\3\ TWIC is to 
enhance the ability of MTSA-regulated facility and vessel owners and 
operators to control access to their facilities and verify workers' 
identities. Under current statute and regulation, maritime workers 
requiring unescorted access to secure areas of MTSA-regulated 
facilities or vessels are required to obtain a TWIC,\4\ and facility 
and vessel operators are required by regulation to visually inspect 
each worker's TWIC before granting unescorted access.\5\ Prior to being 
granted a TWIC, maritime workers are required to undergo a background 
check, known as a security threat assessment.
---------------------------------------------------------------------------
    \2\ A biometric access control system consists of technology that 
determines an individual's identity by detecting and matching unique 
physical or behavioral characteristics, such as fingerprint or voice 
patterns, as a means of verifying personal identity.
    \3\ Pub. L. No. 107-295, 116 Stat. 2064. According to Coast Guard 
regulations, a secure area is an area that has security measures in 
place for access control. 33 C.F.R.  101.105. For most maritime 
facilities, the secure area is generally any place inside the outermost 
access control point. For a vessel or outer continental shelf facility, 
such as offshore petroleum or gas production facilities, the secure 
area is generally the whole vessel or facility. A restricted area is a 
part of a secure area that needs more limited access and higher 
security. Under Coast Guard regulations, an owner/operator must 
designate certain specified types of areas as restricted. For example, 
storage areas for cargo are restricted areas under Coast Guard 
regulations. 33 C.F.R.  105.260(b)(7).
    \4\ 46 U.S.C.  70105(a); 33 C.F.R.  101.514.
    \5\ 33 C.F.R.  104.265(c), 105.255(c).
---------------------------------------------------------------------------
    Within DHS, the Transportation Security Administration (TSA) and 
the U.S. Coast Guard (USCG) jointly administer the TWIC program. USCG 
is leading efforts to develop a new TWIC regulation (rule) regarding 
the use of TWIC cards with readers (known as the TWIC card reader 
rule). The TWIC card reader rule is expected to define if and under 
what circumstances facility and vessel owners and operators are to use 
electronic card readers to verify that a TWIC card is valid. USCG 
published the TWIC card reader notice of proposed rulemaking (NPRM) on 
March 22, 2013, and has since extended the public comment period to 
June 20, 2013.\6\
---------------------------------------------------------------------------
    \6\ 78 Fed. Reg. 17,782 (Mar. 22, 2013); 78 Fed. Reg. 27,335 (May 
10, 2013).
---------------------------------------------------------------------------
    To help inform this rulemaking and to fulfill the Security and 
Accountability For Every Port Act of 2006 (SAFE Port Act) 
requirement,\7\ TSA conducted a TWIC reader pilot from August 2008 
through May 2011 to test a variety of biometric readers, as well as the 
credential authentication and validation process. The TWIC reader 
pilot, implemented with the voluntary participation of maritime port, 
facility, and vessel operators, was to test the technology, business 
processes, and operational impacts of deploying card readers at 
maritime facilities and vessels prior to issuing a final rule.\8\ Among 
other things, the SAFE Port Act required that DHS submit a report on 
the findings of the pilot program to Congress.\9\ DHS submitted its 
report to Congress on the findings of the TWIC reader pilot on February 
27, 2012.\10\ The Coast Guard Authorization Act of 2010 required that, 
among other things, GAO conduct an assessment of the report's findings 
and recommendations.\11\
---------------------------------------------------------------------------
    \7\ Pub. L. No 109-347,  104(a), 120 Stat. 1884, 1888 (codified at 
46 U.S.C.  70105(k)).
    \8\ The SAFE Port Act required the Secretary of Homeland Security 
to conduct a pilot program to test the business processes, technology, 
and operational impacts required to deploy transportation security card 
readers at secure areas of the maritime transportation system. 46 
U.S.C.  70105(k)(1)(A).
    \9\ 46 U.S.C.  70105(k)(4).
    \10\ Department of Homeland Security, Transportation Worker 
Identification Credential Reader Pilot Program: In accordance with 
Section 104 of the Security and Accountability For Every Port Act of 
2006, Pub. L. 109-347 (SAFE Port Act) Final Report. Feb. 17, 2012.
    \11\ Pub. L. No. 111-281,  802, 124 Stat. 2905, 2989.
---------------------------------------------------------------------------
    We have been reporting on TWIC progress and challenges since 
September 2003.\12\ Among other issues, we highlighted steps that TSA 
and USCG were taking to meet an expected surge in initial enrollment as 
well as various challenges experienced in the TWIC testing conducted by 
a contractor for TSA and USCG from August 2004 through June 2005. We 
also identified challenges related to ensuring that the TWIC technology 
works effectively in the harsh maritime environment.\13\ In November 
2009, we reported on the design and approach of a pilot initiated in 
August 2008 to test TWIC readers, and found that DHS did not have a 
sound evaluation methodology to ensure information collected through 
the TWIC reader pilot would be complete and accurate.\14\ Moreover, in 
May 2011, we reported that internal control weaknesses governing the 
enrollment, background checking, and use of TWIC potentially limit the 
program's ability to provide reasonable assurance that access to secure 
areas of MTSA-regulated facilities is restricted to qualified 
individuals.\15\
---------------------------------------------------------------------------
    \12\ GAO, Maritime Security: Progress Made in Implementing Maritime 
Transportation Security Act, but Concerns Remain, GAO-03-1155T 
(Washington, DC: Sept. 9, 2003).
    \13\ GAO, Transportation Security: DHS Should Address Key 
Challenges Before Implementing the Transportation Worker Identification 
Credential Program, GAO-06-982 (Washington, DC: Sept. 29, 2006). TWIC 
readers and related technologies operated outdoors in the harsh 
maritime environment can be affected by dirt, salt, wind, and rain.
    \14\ GAO, Transportation Worker Identification Credential: Progress 
Made in Enrolling Workers and Activating Credentials but Evaluation 
Plan Needed to Help Inform the Implementation of Card Readers, GAO-10-
43 (Washington, DC: Nov. 18, 2009).
    \15\ GAO, Transportation Worker Identification Credential: Internal 
Control Weaknesses Need to Be Corrected to Help Achieve Security 
Objectives, GAO-11-657 (Washington, DC: May 10, 2011).
---------------------------------------------------------------------------
    My statement today highlights the key findings of our May 8, 2013, 
report on the TWIC program, which addressed the extent to which the 
results from the TWIC reader pilot were sufficiently complete, 
accurate, and reliable for informing Congress and the TWIC card reader 
rule.\16\ For the report, among other things, we assessed the methods 
used to collect and analyze pilot data since the inception of the pilot 
in August 2008. We analyzed and compared the pilot data with the TWIC 
reader pilot report submitted to Congress to determine whether the 
findings in the report are based on sufficiently complete, accurate, 
and reliable data. Additionally, we interviewed officials at DHS, TSA, 
and USCG with responsibilities for overseeing the TWIC program, as well 
as pilot officials responsible for coordinating pilot efforts with TSA 
and the independent test agent (responsible for planning, evaluating, 
and reporting on all test events), about TWIC reader pilot testing 
approaches, results, and challenges. Our investigators also conducted 
limited covert testing of TWIC program internal controls for acquiring 
and using TWIC cards at four maritime ports to update our understanding 
of the effectiveness of TWIC at enhancing maritime security since we 
reported on these issues in May 2011. Our May 2013 report includes 
additional details on our scope and methodology. We conducted this work 
in accordance with generally accepted Government auditing standards, 
and conducted the related investigative work in accordance with 
standards prescribed by the Council of the Inspectors General on 
Integrity and Efficiency.
---------------------------------------------------------------------------
    \16\ GAO, Transportation Worker Identification Credential: Card 
Reader Pilot Results Are Unreliable; Security Benefits Need to Be 
Reassessed, GAO-13-198 (Washington, DC: May 8, 2013).
---------------------------------------------------------------------------
twic reader pilot results are not sufficiently complete, accurate, and 
     reliable for informing congress and the twic card reader rule
    Our review of the pilot test identified several challenges related 
to pilot planning, data collection, and reporting, which affected the 
completeness, accuracy, and reliability of the results.
Pilot Planning
    DHS did not correct planning shortfalls that we identified in our 
November 2009 report.\17\ We determined that these weaknesses presented 
a challenge in ensuring that the pilot would yield information needed 
to inform Congress and the card reader rule and recommended that DHS 
components implementing the pilot--TSA and USCG--develop an evaluation 
plan to guide the remainder of the pilot and identify how it would 
compensate for areas where the TWIC reader pilot would not provide the 
information needed. DHS agreed with the recommendations; however, while 
TSA developed a data analysis plan, TSA and USCG reported that they did 
not develop an evaluation plan with an evaluation methodology or 
performance standards, as we recommended. The data analysis plan was a 
positive step because it identified specific data elements to be 
captured from the pilot for comparison across pilot sites. If accurate 
data had been collected, adherence to the data analysis plan could have 
helped yield valid results. However, TSA and the independent test agent 
did not utilize the data analysis plan.\18\ According to officials from 
the independent test agent, they started to use the data analysis plan 
but stopped using the plan because they were experiencing difficulty in 
collecting the required data and TSA directed them to change the 
reporting approach. TSA officials stated that they directed the 
independent test agent to change its collection and reporting approach 
because of TSA's inability to require or control data collection to the 
extent required to execute the plan.
---------------------------------------------------------------------------
    \17\ GAO-10-43.
    \18\ To conduct the TWIC reader pilot, TSA contracted with the 
Navy's Space and Naval Warfare Systems Command (SPAWAR) to serve as the 
independent test agent to plan, analyze, evaluate, and report on all 
test events.
---------------------------------------------------------------------------
Data Collection
    We identified eight areas where TWIC reader pilot data collection, 
supporting documentation, and recording weaknesses affected the 
completeness, accuracy, and reliability of the pilot data.
    1. Installed TWIC readers and access control systems could not 
        collect required data on TWIC reader use, and TSA and the 
        independent test agent did not employ effective compensating 
        data collection measures.--The TWIC reader pilot test and 
        evaluation master plan recognizes that in some cases, readers 
        or related access control systems at pilot sites may not 
        collect the required test data, potentially requiring 
        additional resources, such as on-site personnel, to monitor and 
        log TWIC card reader use issues. Moreover, such instances were 
        to be addressed as part of the test planning. However, the 
        independent test agent reported challenges in sufficiently 
        documenting reader and system errors. For example, the 
        independent test agent reported that the logs from the TWIC 
        readers and related access control systems were not detailed 
        enough to determine the reason for errors, such as biometric 
        match failure, an expired TWIC card, or that the TWIC was 
        identified as being on the list of revoked credentials. The 
        independent test agent further reported that the inability to 
        determine the reason for errors limited its ability to 
        understand why readers were failing, and thus it was unable to 
        determine whether errors encountered were due to TWIC cards, 
        readers, or users, or some combination thereof.

    2. Reported transaction data did not match underlying 
        documentation.--A total of 34 pilot site reports were issued by 
        the independent test agent. According to TSA, the pilot site 
        reports were used as the basis for DHS's report to Congress. We 
        separately requested copies of the 34 pilot site reports from 
        both TSA and the independent test agent. In comparing the 
        reports provided, we found that 31 of the 34 pilot site reports 
        provided to us by TSA did not contain the same information as 
        those provided by the independent test agent. Differences for 
        27 of the 31 pilot site reports pertained to how pilot site 
        data were characterized, such as the baseline throughput time 
        used to compare against throughput times observed during two 
        phases of testing. However, at two pilot sites, Brownsville and 
        Staten Island Ferry, transaction data reported by the 
        independent test agent did not match the data included in TSA's 
        reports. Moreover, data in the pilot site reports did not 
        always match data collected by the independent test agent 
        during the pilot.

    3. Pilot documentation did not contain complete TWIC reader and 
        access control system characteristics.--Pilot documentation did 
        not always identify which TWIC readers or which interface 
        (e.g., contact or contact-less interface) the reader used to 
        communicate with the TWIC card during data collection.\19\ For 
        example, at one pilot site, two different readers were tested. 
        However, the pilot site report did not identify which data were 
        collected using which reader.
---------------------------------------------------------------------------
    \19\ As used in this statement, ``contact-less mode'' refers to the 
use of TWIC readers for reading TWIC cards without requiring that a 
TWIC card be inserted into or make physical contact with a TWIC reader.

    4. TSA and the independent test agent did not record clear baseline 
        data for comparing operational performance at access points 
        with TWIC readers.--Baseline data, which were to be collected 
        prior to piloting the use of TWIC with readers, were to be a 
        measure of throughput time, that is, the time required to 
        inspect a TWIC card and complete access-related processes prior 
        to granting entry. However, it is unclear from the 
        documentation whether acquired data were sufficient to reliably 
        identify throughput times at truck, other vehicle, and 
---------------------------------------------------------------------------
        pedestrian access points, which may vary.

    5. TSA and the independent test agent did not collect complete data 
        on malfunctioning TWIC cards.--TSA officials observed 
        malfunctioning TWIC cards during the pilot, largely because of 
        broken antennas. If a TWIC with a broken antenna was presented 
        for a contactless read, the reader would not identify that a 
        TWIC had been presented, as the broken antenna would not 
        communicate TWIC information to a contactless reader. In such 
        instances, the reader would not log that an access attempt had 
        been made and failed.

    6. Pilot participants did not document instances of denied 
        access.--Incomplete data resulted from challenges documenting 
        how to manage individuals with a denied TWIC across pilot 
        sites. Specifically, TSA and the independent test agent did not 
        require pilot participants to document when individuals were 
        granted access based on a visual inspection of the TWIC, or 
        deny the individual access as may be required under future 
        regulation. This is contrary to the TWIC reader pilot test and 
        evaluation master plan, which calls for documenting the number 
        of entrants ``rejected'' with the TWIC card reader system 
        operational as part of assessing the economic impact. Without 
        such documentation, the pilot sites were not completely 
        measuring the operational impact of using TWIC with readers.

    7. TSA and the independent test agent did not collect consistent 
        data on the operational impact of using TWIC cards with 
        readers.--TWIC reader pilot testing scenarios included having 
        each individual present his or her TWIC for verification; 
        however, it is unclear whether this actually occurred in 
        practice. For example, at one pilot site, officials noted that 
        during testing, approximately 1 in 10 individuals was required 
        to have his or her TWIC checked while entering the facility 
        because of concerns about causing a traffic backup. Despite 
        noted deviations in test protocols, the reports for these pilot 
        sites do not note that these deviations occurred. Noting 
        deviations in each pilot site report would have provided 
        important perspective by identifying the limitations of the 
        data collected at the pilot site and providing context when 
        comparing the pilot site data with data from other pilot sites.

    8. Pilot site records did not contain complete information about 
        installed TWIC readers' and access control systems' design.--
        TSA and the independent test agent tested the TWIC readers at 
        each pilot site to ensure they worked before individuals began 
        presenting their TWIC cards to the readers during the pilot. 
        However, the data gathered during the testing were incomplete. 
        For example, 10 of 15 sites tested readers for which no record 
        of system design characteristics were recorded. In addition, 
        pilot reader information was identified for 4 pilot sites but 
        did not identify the specific readers or associated software 
        tested.

    According to TSA, a variety of challenges prevented TSA and the 
independent test agent from collecting pilot data in a complete and 
consistent fashion. Among the challenges noted by TSA: (1) Pilot 
participation was voluntary, which allowed pilot sites to stop 
participation at any time or not adhere to established testing and data 
collection protocols; (2) the independent test agent did not correctly 
and completely collect and record pilot data; (3) systems in place 
during the pilot did not record all required data, including 
information on failed TWIC card reads and the reasons for the failure; 
and (4) prior to pilot testing, officials did not expect to confront 
problems with nonfunctioning TWIC cards. Additionally, TSA noted that 
it lacked the authority to compel pilot sites to collect data in a way 
that would have been in compliance with Federal standards. In addition 
to these challenges, the independent test agent identified the lack of 
a database to track and analyze all pilot data in a consistent manner 
as an additional challenge to data collection and reporting. The 
independent test agent, however, noted that all data collection plans 
and resulting data representation were ultimately approved by TSA and 
USCG.
Reporting
    As required by the SAFE Port Act and the Coast Guard Authorization 
Act of 2010, DHS's report to Congress on the TWIC reader pilot 
presented several findings with respect to technical and operational 
aspects of implementing TWIC technologies in the maritime environment. 
However, DHS's reported findings were not always supported by the pilot 
data, or were based on incomplete or unreliable data, thus limiting the 
report's usefulness in informing Congress about the results of the TWIC 
reader pilot. For example, reported entry times into facilities were 
not based on data collected at pilot sites as intended. Further, the 
report concluded that TWIC cards and readers provide a critical layer 
of port security, but data were not collected to support this 
conclusion.
    Because of the number of concerns that we identified with the TWIC 
pilot, in our March 13, 2013, draft report to DHS, we recommended that 
DHS not use the pilot data to inform the upcoming TWIC card reader 
rule. However, after receiving the draft that we sent to DHS for 
comment, on March 22, 2013, USCG published the TWIC card reader NPRM, 
which included results from the TWIC card reader pilot.\20\ We 
subsequently removed the recommendation from our final report, given 
that USCG had moved forward with issuing the NPRM and had incorporated 
the pilot results into the proposed rulemaking. In its official 
comments on our report, DHS asserted that some of the perceived data 
anomalies we cited were not significant to the conclusions TSA reached 
during the pilot and that the pilot report was only one of multiple 
sources of information available to USCG in drafting the TWIC reader 
NPRM. We recognize that USCG had multiple sources of information 
available to it when drafting the proposed rule; however, the pilot was 
used as an important basis for informing the development of the NPRM, 
and the issues and concerns that we identified remain valid.
---------------------------------------------------------------------------
    \20\ 78 Fed. Reg. 17,782 (Mar. 22, 2013).
---------------------------------------------------------------------------
    Given that the results of the pilot are unreliable for informing 
the TWIC card reader rule on the technology and operational impacts of 
using TWIC cards with readers, we recommended that Congress consider 
repealing the requirement that the Secretary of Homeland Security 
promulgate final regulations that require the deployment of card 
readers that are consistent with the findings of the pilot program,\21\ 
and that Congress should consider requiring that the Secretary of 
Homeland Security complete an assessment that evaluates the 
effectiveness of using TWIC with readers for enhancing port security. 
This would be consistent with the recommendation that we made in our 
May 2011 report. These results could then be used to promulgate a final 
regulation as appropriate. Given DHS's challenges in implementing TWIC 
over the past decade, at a minimum, the assessment should include a 
comprehensive comparison of alternative credentialing approaches, which 
might include a more decentralized approach, for achieving TWIC program 
goals.
---------------------------------------------------------------------------
    \21\ 46 U.S.C.  70105(k)(3).
---------------------------------------------------------------------------
    Chairman Miller, Ranking Member Jackson Lee, and Members of the 
subcommittee, this concludes my prepared statement. I would be happy to 
respond to any questions that you may have.

    Mrs. Miller. I thank the gentleman. The Chairwoman now 
recognizes Captain Woodring.

  STATEMENT OF CAPTAIN MARCUS WOODRING, USCG (RET), MANAGING 
DIRECTOR, HEALTH, SAFETY, SECURITY, AND ENVIRONMENTAL, PORT OF 
                       HOUSTON AUTHORITY

    Captain Woodring. Good morning, Chairman Miller, Ranking 
Member Jackson Lee, and distinguished Members of the 
subcommittee. We would like to thank Chairman Miller for 
holding this important hearing today. I must also recognize 
Ranking Member Jackson Lee for inviting the Port of Houston 
Authority as the industry witness. As you know, the port of 
Houston is in the Ranking Member's district, and we have 
benefited from both her leadership and advocacy on behalf of 
the port.
    The port of Houston is comprised of the Port Authority's 
eight public terminals, along with more than 150 private 
terminals. The port is consistently ranked first in the United 
States in foreign waterborne tonnage, first in imports, second 
in export tonnage, and second in total tonnage. The port of 
Houston is also home to the largest petrochemical complex in 
the Nation.
    Results of a recent economic impact study show that ship 
channel-related businesses at the port of Houston are 
responsible for more than 2.1 million jobs and annually 
generate $499 billion in economic activity, contributing over 
$52 billion in tax revenue Nationally.
    The Port of Houston Authority was not part of the TWIC 
reader pilot program but has been utilizing installed TWIC 
readers since 2008, so we speak from real-world experience. The 
Port of Houston Authority started very early, with the 
installation of access point hardware, which could utilize the 
features of the TWIC card. The initial infrastructure was 
purchased with close to $10 million in port security grant 
funding.
    The Port of Houston Authority currently has over 350 access 
points that can read the TWIC card, of which 73 are biometric. 
Not all access points used the biometric or coded access 
technology due to the tremendous flow of commerce through our 
gates. Our Bayport container terminal, for example, handles 
close to 19,000 vehicles a week. To facilitate commerce, we 
currently use the TWIC as a flash pass in our vehicle entrance 
lanes in conjunction with our visitor management system.
    Let me expand on that point for just one moment. Having a 
TWIC is just one part of the regulated access control. I have a 
TWIC, but that does not give me unfettered access to any 
restricted port in the country. I must also have a valid 
business reason to be there. Management of that validation is 
left to terminal operators.
    For repeat visitors, we issue a Port of Houston Authority 
ID card. For occasional visitors, we have designated certain 
trusted agents to enter names into our visitor management 
system. On any given day, we average over 3,000 names in that 
system, all that have a valid business reason for being on-
board our facilities and overall have more than 35,000 TWIC 
cards registered with our credentialing office. The key 
takeaway is the possession of a TWIC itself is just a piece of 
the overall security process.
    During my time as captain of the port for the U.S. Coast 
Guard, the TWIC was first being introduced and issued in 
Houston. It took me several months to obtain my initial TWIC 
card. I recently applied for the 3-year extension and witnessed 
some process improvements.
    I would also like to note that when I was with the U.S. 
Coast Guard, I had the pleasure of accompanying the Ranking 
Member Jackson Lee to the TWIC office in Houston to activate 
her card in August 2008. Ma'am, I would like to take this 
opportunity to remind you that your card expires in 60 days.
    [Laughter.]
    Captain Woodring. The benefits of the TWIC reader program 
are clear. Individuals have a Federally-issued tamper-proof 
credential that can be used Nation-wide. The program ensures 
that individuals have been screened against the terrorism 
database, something I cannot do. The threat of a transportation 
security incident is reduced at the macro level, but there are 
still gaps in the system.
    Most ports issue their own credentials in addition to the 
TWIC card. I personally carry a port of Houston ID and my TWIC 
card on a daily basis. Secondly, the background check is only 
conducted at a very high level for very serious crimes. As a 
facility owner and operator, we strive to prevent any crime on 
our docks and still conduct our own local background checks on 
our employees for lesser crimes, such as driving while 
intoxicated, theft, or assault. These lesser crimes are just as 
important to us.
    Finally, the TWIC background check is a snapshot in time. 
Unless self-reported, there does not appear to be a constant 
and on-going linkage between the TWIC issuance and local 
criminal databases. Currently, the background check of the TWIC 
program is only as good as the day it was conducted.
    I would like to leave the subcommittee with two thoughts 
today. The Port of Houston Authority has received over $60 
million in port security grant funding, and it continues to be 
vital to our security posture. We are in the process of making 
application for the 2013 port security grants, one of which 
will request handheld TWIC readers. It is critical to our 
National security that the port security grant program remain 
independent of other grant programs and that the erosion of the 
funding level ceases.
    Second, the initial intent of the Transportation Worker 
Identification Credential program was to credential all 
transportation workers in all transportation modes. It was 
envisioned as a Nation-wide solution to be used at airports, 
seaports, rail, pipeline, trucking, and other mass transit. 
Someday this program will theoretically expand to all those 
modes of transportation, and what comes out of hearings such as 
this will more broadly impact the future of the TWIC program.
    Thank you, and I look forward to your questions.
    [The prepared statement of Captain Woodring follows:]
             Prepared Statement of Captain Marcus Woodring
                             June 18, 2013
    Chairman Miller, Ranking Member Jackson Lee, and Members of the 
subcommittee, I am Marcus Woodring. I serve as the managing director 
for health, safety, security, and environmental (HSSE) at the Port of 
Houston Authority.
    We would like to thank Chairman Miller for holding this important 
and vital hearing today. I must also recognize Ranking Member Jackson 
Lee for inviting the Port of Houston Authority as the industry witness. 
As you may know, the port of Houston is in the Ranking Member's 
district and we have benefitted from her leadership and advocacy on 
behalf of the port.
    Security of our Nation's borders, both land and maritime, is a 
vexing problem with many different components and concerns. While I 
certainly do not have the solutions to all the challenges, I can tell 
you about our maritime port facilities, how we operate, and the impact 
of the TWIC program.
    First, let me begin by giving you a short background about myself. 
I earned an undergraduate degree at Brown University, and a Masters 
degree at Cornell University. I'm fairly new at the Port of Houston 
Authority, having been hired in 2011 after ``retiring'' from a 27-plus 
year career in the U.S. Coast Guard. My U.S. Coast Guard service 
culminated as the Captain of the Port for the Houston region.
    There is a saying that if you've seen one port, you've seen one 
port--every port in the country is organized differently. But let me 
tell you about ours. The port of Houston is comprised of the Port 
Authority's eight public terminals along with 150-plus private 
industrial terminals along the 25-mile long upper Houston Ship Channel.
    Each year, more than 229 million tons of cargo moves through the 
port of Houston, with more than 8,100 vessel calls and 200,000 barge 
transits, trading with over 200 countries around the globe. The port is 
consistently ranked first in the United States in foreign waterborne 
tonnage, first in U.S. imports, and second in U.S. export tonnage, and 
it is also ranked second in the United States in total tonnage.
    The port of Houston is the largest importer and exporter of 
petroleum and petroleum products in the United States, which is no 
surprise, as it is home to the largest petrochemical complex in the 
United States, and is the second-largest petrochemical complex in the 
world.
    As one of the world's busiest ports, the port of Houston is a large 
and vibrant component of the regional economy. Results of a recent 
economic impact study show that ship channel-related businesses at the 
port of Houston were responsible for more than 1 million jobs 
throughout Texas. This activity helped generate more than $178.5 
billion in State-wide economic impact and more than $4.5 billion in 
annual State and local tax revenues. For the United States, the port's 
impact is even greater, with 2.1 million jobs, $499 billion in economic 
activity and $52.1 billion in tax revenue.
    Considering this economic impact and the volume of cargo traveling 
the waterways of the port of Houston, there are potentially significant 
National implications should a Transportation Security Incident occur 
within our maritime domain. Now I will get more specific in answering 
the questions on today's agenda.
                    (1) current use of twic readers
    I have read the recent GAO report, but the Port of Houston 
Authority was not part of the TWIC Reader Pilot Program. Instead, we 
have been utilizing installed TWIC readers since 2008, so I will speak 
from that experience. In an attempt to meet the ``spirit of the 
regulations'', the Port of Houston Authority started very early with 
the installation of access point hardware which could utilize the 
features of the TWIC card. The initial phases of the TWIC reader 
installation project was funded close to $10 million dollars in Port 
Security Grant funding ($6.3 million in Round 5, $1.7 million in Round 
7, and $1.2 million in Round 8). The Port of Houston Authority 
currently has over 350 access points which can read the TWIC card, of 
which 73 are biometric.
    Not all access points use the biometric or coded access technology 
due to the tremendous flow of commerce through our gates. For example, 
the Bayport Container Terminal handles close to 19,000 vehicles a week. 
That equates to an average of almost two trucks per minute, around the 
clock, at just one of our three major terminals. To facilitate 
commerce, we currently use the TWIC as a ``flash pass'' in our vehicle 
entrance lanes, in conjunction with our Visitor Management System 
(VMS).
    Let me expand on that point for a moment, having a TWIC is just one 
part of regulated access control. I have a TWIC, but that does not give 
me unfettered access to any restricted port in the country. I must also 
have ``a valid business reason'' to access the restricted or secure 
area. Management of the validation of that ``business reason'' is left 
to terminal operators, and managed at the Port of Houston Authority by 
our Credentialing Office. For our repeat visitors, we issue a Port of 
Houston Authority ID card. For occasional visitors, we have designated 
certain ``trusted agents'' to enter names into our Visitor Management 
System. On any given day, we average over 3,000 names in our system 
that all have a ``valid business reason'' for being on-board our 
facilities, and overall have 35,000 TWIC cards registered with our 
Credentialing Office. The key ``take-away'' is that possession of a 
TWIC itself is just a piece of the overall security process.
                  (2) enrollment and issuance of twic
    In 2008, during my time as Captain of the Port for the U.S. Coast 
Guard, the TWIC was first being introduced and issued in Houston. I 
heard many stories about the issuance process and while not required by 
law to obtain a TWIC (my military ID and status as a member of the U.S. 
Coast Guard precluded the requirement), I chose to personally apply and 
pay for a card so that I could witness the process first-hand, desiring 
to validate the stories I was hearing. The initial call to schedule an 
appointment took over 3 hours on the phone. After several months, I was 
able to determine my card was ready for pick-up. I made an appointment 
for 0630 and was told my card could not be located. After revealing my 
position with the U.S. Coast Guard, another search quickly located my 
card. The activation was fairly easy.
    Knowing that my card was due to expire in early 2013, I recently 
applied for the 3-year extension option. Again, the phone call took 
over 2 hours. The turn-around time was much quicker, and I was notified 
within several weeks that my new card was ready for activation. My 
appointment time had five other people, and we all lined up in front of 
computers and activated our new cards in less than 30 minutes, a vast 
improvement in the processing.
          (3) security benefits or problems with twic program
    The benefits are clear, individuals have a Federally-issued, 
tamper-proof credential that can be used Nation-wide. The program 
ensures that individuals have been screened against a terrorism 
database (aka the Security Threat Assessment), which I cannot do. The 
threat of a Transportation Security Incident is reduced at the macro 
level. It also allows facilities to automate access by coding the TWIC 
to activate unmanned entrance points.
    But there are still gaps in the system.
   Most ports still issue their own credentials in addition to 
        requiring a TWIC; I personally carry a Port of Houston 
        Authority ID and my TWIC on a daily basis. The Port of Houston 
        Authority ID is required to prove that I have a ``valid 
        business reason'' for being on the docks.
   Second, the background check is only conducted at a very 
        high level, for serious crimes. As a facility owner and 
        operator, we strive to prevent any crime on our docks and still 
        conduct our own local background checks on our employees for 
        lesser crimes, such as driving while intoxicated, theft, or 
        assault. These ``lesser crimes'' are just as important to me in 
        keeping our facilities safe and secure.
   Finally, the TWIC background check is a ``snapshot'' in 
        time. Unless self-reported, there does not appear to be a 
        constant and on-going linkage between the TWIC issuance and 
        local criminal databases. Again, I have over 35,000 TWIC cards 
        registered in my access system, and the background check of the 
        TWIC program is only as good as the day it was conducted.
              (4) thoughts concerning the twic reader nprm
    The Port of Houston Authority has already submitted ``comments for 
the docket'' concerning the TWIC Reader NPRM. I will briefly summarize 
those comments as they are available for public viewing on the docket 
website and included as an attachment to my prepared testimony.
    As I mentioned earlier, the TWIC is just a piece of the overall 
security process. The TWIC Reader Rule emphasizes the need to ensure 
the TWIC is valid, thereby simply ensuring the ``Security Threat 
Assessment'' is valid. There is enormous cost involved to ensure this 
sense of security. The background check associated with the TWIC card 
isn't the risk point, the risk point is when the ``valid business 
reason to be in the secure area'' is accepted by the individual 
facilities, allowing access to the waterfront. That part of the process 
is more critical than obtaining the TWIC card itself, but unregulated 
and left to individual facility security officers.
    We also asked for clarification of several items:
   The process for reporting inoperable readers to the U.S. 
        Coast Guard, and associated waiver process, is problematic if 
        it stops the flow of commerce while awaiting permission.
   The definition of ``CDC in bulk'' is vital to which 
        determining which level of TWIC compliance a facility must 
        obtain, and we asked for the term to be better defined.
   Recordkeeping requirements at a cruise terminal also need 
        clarification as the Facility Security Plans are often 
        ``shared'' between the cruise line and facility owner.
   Finally, we requested that the ``recurring unescorted 
        access'' waiver be better defined to accommodate workers such 
        as porters, who may be required to enter and exit a cruise 
        terminal up to 30 times each, per day.
    I would like to leave the subcommittee with two thoughts today--the 
Port of Houston Authority alone has received over $60 million dollars 
in Port Security Grant funding to date, and it continues to be vital to 
our security posture. We are in the process of making our applications 
for the fiscal year 2013 Port Security Grants, one of which will 
request handheld TWIC readers for our remote access points and for use 
during heightened levels of MARSEC. It is critical to our National 
security for the Port Security Program to remain independent of other 
grant programs, and that the erosion of the funding level cease.
    Second, the initial intent of the Transportation Worker 
Identification Credential program was to credential all transportation 
workers in all transportation modes. It was envisioned as a Nation-wide 
solution to be used at airports, seaports, rail, pipeline, trucking, 
and other mass transit facilities. Someday, this program will 
theoretically expand to all those modes of transportation, and what 
comes out of hearings such as this will more broadly impact the future 
of the TWIC program.
    This concludes my prepared statement. I would be pleased to respond 
to any questions that you may have. Thank you.
     Attachment.--Port of Houston Authority's Comments for Docket 
                          re: TWIC Reader NPRM
    We appreciate the effort being put forth with the TWIC program to 
ensure each potential port worker has been screened with a background 
check. Unfortunately, the background check doesn't go deep enough to 
ensure we are protected from crime. The TWIC Reader Rule wrongly 
emphasizes the need to ensure the TWIC is valid, thereby simply 
ensuring the very broad background check is valid. There is enormous 
cost involved to ensure this small sense of security. The background 
check associated with the TWIC card isn't the risk point, the risk 
point is when the ``valid business reason to be in the secure area'' is 
accepted by the individual facilities, allowing access to the 
waterfront. That part of the process is more critical than the TWIC 
card itself, which is easy to obtain, yet totally unregulated and left 
to individual facility security officers. This TWIC Reader Rule does 
not address the true risk decision point.
    The process for reporting inoperable readers to the USCG, and the 
associated waiver process, needs to be clarified. Are facilities 
allowed to switch methods, so as to not impede commerce, and then 
notify the U.S. Coast Guard? Or must commerce stop until the U.S. Coast 
Guard is notified and permission received to deviate from the TWIC 
Reader Rule? We suggest that facilities take prudent actions required 
to maintain their level of security, and simply notify the U.S. Coast 
Guard of the deviation within a set time frame (say 30 minutes). To 
pause, and await permission, will impact the movement of cargo.
    The term ``CDC in bulk'' is used several times in the NPRM. 
According to 33CFR160.204, carried in bulk means ``a commodity that is 
loaded or carried on board a vessel without containers or labels and 
received and handled without mark or count''. We assume this is the 
same definition being used in the NPRM. As a large container facility, 
with several hundred CDC iso-tanks present in a fairly confined area at 
any given time, we would like to ensure that we are not handling ``CDC 
in bulk''. Request the definition being used in the NPRM be clarified 
in the final rule for vessel and facility grouping purposes.
    As a facility that does not ``handle CDC in bulk'', are we allowed 
to provide a layberth for a vessel that carries CDC in bulk, but that 
we have no capability of handling? If the ship is in Group A, does the 
facility have to match that Group? Conversely, can a Cruise Ship 
Terminal (a Group A facility) act as a Group B layberth for a bulk ship 
when not operating as a Cruise Terminal?
    The record-keeping requirement also requires clarification. As a 
Port Authority, we maintain the FSP for our cruise terminal. When a 
cruise ship is in port, the cruise line security operates under their 
own FSP. Who maintains the records? We assume the Port Authority would 
continue to maintain the records and provide them to the U.S. Coast 
Guard should they desire to inspect the cruise line security operation. 
Request clarification in the rule making.
    At a cruise terminal, porters are required to enter and exit the 
secure area up to 25 times a day each. With 35 porters (for example) 
working, that is hundreds of verifications in a single day. Please 
clarify the process for seeking relief from this apparently cumbersome 
process.
    With the TWIC Reader Rule coming to fruition, the QTL should be 
expanded to include not just the authorized TWIC readers but also any 
supporting software, particularly for record-keeping requirements.

    Mrs. Miller. Thank you very much, all of you. Excuse me.
    I think I am going to just start with you, Captain. I 
appreciate your testimony. I was taking a couple notes as you 
were talking, and what you just said at the end there, that 
someday this would be a much more comprehensive kind of a 
program that could be utilized intermodally for all the various 
types of transportation. Well, actually, that probably was the 
original vision, I think, of Congress with this program, but 
what has happened has become rather unrecognizable from what 
our original vision was, because--excuse me--you have got the 
airports that do their own thing now, really, and even on our 
highways and that, with hazardous material endorsements, the 
way that those are handled through the States as an add-on to a 
commercial driver license, et cetera.
    You also mentioned that in your observation that the TWIC 
card currently is sort of a flash pass. It is something that we 
say here, a very expensive flash pass, and whether or not it 
actually works. Just listening to your testimony about how you 
have your own ID cards in the port of Houston, and most ports 
do, have their own--sort of a layered approach, I suppose, at 
all of these individual ports of what they have.
    Let me just ask you. Do you think the TWIC is really a 
critical component of security at your port?
    Captain Woodring. The TWIC card gives me comfort that a 
background check or a threat assessment has been done against 
the terrorism database which I cannot do. That is at the macro 
level. As Admiral Servidio said, it is a piece of the process 
of the layers that come with it. We have two reasons for 
issuing our own Port of Houston Authority ID card. One is to 
validate that business reason for being on the docks, which 
speeds up commerce going through the gates. You don't have to 
check in the computer to see if they are on the list for today. 
I simply show them that, and it speeds commerce through. But 
that card also allows me to code that card with other things.
    The TWIC card can be coded in our credentialing office to 
beep at the gate and do those kinds of things. Our Port of 
Houston Authority ID card can also be coded up to do other 
things. So we have split purposes. The TWIC card will get you 
into the restricted area. The port of Houston ID card has a 
flash pass, will show you a valid business reason, but it will 
also beep on the doors in the executive building and get us in 
there.
    Mrs. Miller. I see. Admiral, really, the proposed 
rulemaking for the reader really only includes the highest-risk 
facilities. Without going into details of what those all are, 
it has been the one-digit numerals apparently of what the high-
risk facilities actually are.
    So you still have--who are required to have a TWIC card, so 
you still have 90-some percent of those who needed a TWIC card. 
I am just wondering, what is the rationale for requiring the 
entire universe of everyone to be having these TWIC cards if 
you are only--there is such a small percentage that you are 
really looking at.
    Admiral Servidio. Madam Chairwoman, we do see that the TWIC 
is an enabler for the future, in addition to allowing a 
migratory worker population to move between various facilities. 
As Captain Woodring said, the port of Houston is the port 
authority. When I was in St. Petersburg, there were about 80 
different facilities, and over half of those were not part of 
that port authority terminal. So technically, you could have a 
worker that would need to have 30 to 40 to 80 different 
identification credentials to get around the port environment. 
It is a very different environment than an airport environment.
    So having a single credential, I have seen how that has 
increased security in that the gate guards can look at one 
credential and try to figure out, what are the security 
measures on that card, and to verify it.
    Also, we see biometrically that this is the direction we 
need to go. The Coast Guard has approximately 300 biometric 
hand-held readers that we use every time we do an inspection, 
either a regular inspection or a no-notice inspection. We know 
that there are 75 to 100 facilities that have already used the 
TWIC as their one access credential to that port. Some of them 
could potentially biometrically validate those people when they 
come in during high-risk.
    We see--this is the direction that we need to have in the 
future, is a biometrically-enabled, risk-based methodology 
moving forward. At the present time, our cost-benefit analysis 
clearly identified for risk group A that the benefits far 
outweigh the costs, which are about $26 million, I think, 
annualized. We see in the future that there might be changes in 
cost, and we would expand that population.
    Mrs. Miller. Thank you, Admiral.
    Just one other question, Mr. Sadler. I mentioned in my 
opening statement that last year we passed a SMART Port Act, 
where we are trying to assist the customer group, I suppose, 
and obviously security is the marquee issue always, so that 
they didn't have to go to more than one place to access the 
TWIC card. We gave the--we said that we needed to have that 
done, gave the Department 270 days, actually, I think in 
statute, but you were just mentioning that at this point you 
hope to have a pilot program or you will have a pilot program 
in Alaska next month.
    I just mentioned that sort of like, what is the hold-up? I 
think you--the frustration that the Congress always has--
although I have to tell you the truth that sort of what is 
happening--what you just testified to--is indicative of this 
entire program, it seems, during a number of years. So why is 
there such a lag in what the Congress's intent was and the 
application of that?
    Mr. Sadler. Thank you, Chairwoman. We think that the One-
Visit is the right way to go, and we appreciate Congress's 
direction on the One-Visit program. To put it in some context, 
currently we are transitioning one system, which I will call 
the legacy system, which was used to enroll TWIC workers, to a 
new system, a more modernized system. That is going to allow us 
to roll an individual once and use that enrollment for multiple 
credentials.
    So, for instance, if you get a person who is enrolling for 
a TWIC card or an HME background check, we will be able to 
enroll that person once. We will be able to use that background 
check for both of those programs. So when we looked at the 270-
day time line, we determined that we would have to make 
significant changes, very costly changes to the legacy system 
that may or may not be able to be carried over to the 
modernized system. That was one of the first things that 
happened.
    Then doing that, you would have to modify a number of 
contracts, as well, on the legacy side, as well as the 
contracts on the system for modernization. So when we looked at 
the overall risks and did our rough order of magnitudes for 
cost estimates, we determined that in order to get this right, 
because we obviously are fully aware of the work the GAO has 
done with us--and we appreciate their work, as well--in order 
to get this right and make such a significant change in the 
program, because this is one of the most significant changes we 
have made, we are going from two enrollments to one enrollment, 
we determined that the best course of action would be to 
implement a pilot, get some lessons learned, particularly in an 
area like Alaska, which is similar to Hawaii. You have an upper 
peninsula of Michigan. You have a lot of challenges for people 
traveling.
    Let's do it in Alaska. Let's get some lessons learned. 
Let's start building those requirements into the new system and 
then take a--go to another location late this year or early 
calendar year of 2014, and then from there move into Nation-
wide enrollment--or, excuse me, deployment, once we get the new 
system in place next spring. That was our thought process for 
this, ma'am.
    Mrs. Miller. Thank you. I appreciate that. At this time, I 
will recognize the Ranking Member.
    Ms. Jackson Lee. Thank you very much, Madam Chairwoman, and 
I think the testimony of all the witnesses have been 
contributing. Hearings by Members are to be part of problem-
solving. So I would indicate to all the witnesses, and 
particularly to you, Admiral, that you are really working with 
the cards that you are dealt, and I appreciate you rising to 
the occasion to do the best that you can, but I am not 
comfortable that we are where we should be and that we are at 
our best.
    I do, Captain Woodring, thank you very much, and it is good 
to get a personal notice of expiration, and so I will look 
forward to doing it again timely. Thanks for giving me the 60-
day notice. It will be up to me now, after being told, to rush 
quickly to get it done.
    But I want to--you said one--a number of things that I 
think are important that I would like to pursue. First of all, 
the enormity, the largeness of the size of the Houston port is 
a very good prototype because of the numbers of vehicles, 
Bayport, 19,000 vehicles, and I didn't hear whether it is 
19,000 a week, a month. I didn't hear the number.
    Captain Woodring. Yes, ma'am, 19,000 vehicles per week at 
just the Bayport container terminal.
    Ms. Jackson Lee. I think--let me take a point of personal 
privilege to invite my colleagues and the Chair to join me for 
a site visit at the Houston port, Madam Chairwoman. I would 
love to host you there and the committee, as well. So that nod 
is on the record, and it was a nodding yes.
    [Laughter.]
    Mrs. Miller. I would be delighted to do that.
    Ms. Jackson Lee. It is on the record now. Captain is 
writing it down.
    But in any event, you said something about you having the 
ability to access the terrorist lists. Could you just expand on 
that, how important that is for you? Then could you expand on 
your renewal? You said the phone call was 2 hours. Frankly, I 
believe that is too long. Is there something we can do to 
expedite that?
    Captain Woodring. Yes, ma'am. First, on my renewal, when 
the cards first came out, I got my initial card. I was on the 
phone for about 3 hours, made the appointment, went to the TWIC 
center. They couldn't find my card initially, and I revealed 
who I was with the Coast Guard at the time, and they did 
another search in the back room and found it. So that was my--
--
    Ms. Jackson Lee. What center did you go to?
    Captain Woodring. I went to the one up by the Turning 
Basin, ma'am.
    Ms. Jackson Lee. Yes, thank you.
    Captain Woodring. You know the one. But that was 5 years 
ago. When I renewed this time for the 3-year extension, the 
phone call took me about an hour-and-a-half, and I understand 
they have now a web-based ability to do that, or at least I 
heard that in the testimony this morning. Then when I went, it 
was very easy. There were five of us at a long table, and they 
were able to activate all those cards simultaneously. So the 
process had greatly improved over time.
    Ms. Jackson Lee. But there was--and then, could you just 
expand quickly on the value of being able to access the 
terrorist list that the TWIC card provides?
    Captain Woodring. Yes, ma'am. I personally cannot run a--I 
can run a background check through our police department 
through different databases. I cannot access the terrorism 
database at the National level, and that is what the TWIC card 
brings to the table for me.
    Ms. Jackson Lee. So if we could--if we formulated something 
else that was more responsive, moved more quickly, but still 
gave access to the terrorist card, you could be open to that?
    Captain Woodring. I believe in the beginning there was some 
discussion of allowing law enforcement to somehow vet people 
against that list. I am not sure where that went, but we have 
the system we do today, and we appreciate the ability to have 
that.
    Ms. Jackson Lee. Yes, and I wouldn't offer the law 
enforcement. I would just say something more effective than 
where we are with the TWIC card. You would be open to it as 
long as we had--that whatever the new substitute would be would 
have access to that list?
    Captain Woodring. Absolutely, yes, ma'am.
    Ms. Jackson Lee. Let me go to Admiral and Mr. Sadler. I 
just want to have a pointed question. The GAO reported last 
month that not all TWIC reader cards underwent both the 
environmental and functional tests in a laboratory prior to use 
in the pilot. Instead, an initial evaluation was enhanced by 
TSA, and 30 TWIC card readers were approved for use by a pilot 
participant. However, none of the 30 readers underwent and 
passed all tests. Why were the readers deployed if they had not 
passed the proper test? What effect did this have on the pilot 
and the resulting data?
    I am going to ask two questions back-to-back, because I 
want to get Mr. Lord, and your report is quite thought-
provoking, if I might say. I do want to go back to your point 
about asking us to repeal a requirement, I guess, to rely upon 
the data and to go in another direction. If I am going to ask 
Mr. Sadler and then, Mr. Lord, would you follow with your 
recommendation, expand on that recommendation?
    But, gentlemen, could you both answer that? Mr. Admiral, do 
you want to go first, or Mr. Sadler?
    Mr. Sadler. I will go first, ma'am, because we were in 
charge of the pilot, and that was our responsibility. So as we 
started to move forward on the pilot, we did a number of tests 
on the readers that were available at the time. We did some 
initial tests in a lab. We did an environmental test. Then we 
did operational tests in the field prior to the implementation 
of the pilot program.
    So all the readers that were put into the field passed an 
operational test prior to starting the pilot program at that 
particular location. The situation we got into was, because of 
the time it was taking to send all the readers and the cost--
all the readers through these testings--or these different 
tests, we made a determination that we would do a test on a 
certain number of readers and then we would allow the other 
readers to be used in the marketplace. That is how we got to 
that decision, ma'am.
    Ms. Jackson Lee. That is how you got to some of the errors, 
because you tested some and didn't test others?
    Mr. Sadler. I am not sure that is the reason, ma'am, 
because all the readers worked. They were operationally tested 
in the locations prior to the start of the pilot program. There 
were a number of different reasons that you couldn't get a read 
on the card. There may have been reader issues; there may have 
been card issues. One of the challenges that we had is it is 
difficult to get error information from these readers because 
they are not designed to do that. They are designed to 
facilitate access control decisions.
    Ms. Jackson Lee. Admiral, do you quickly want to have a 
comment so I can hear from Mr. Lord? Thank you for your 
service.
    Admiral Servidio. Thank you, Ranking Member. I would like 
to point out that, again, when the pilot first started, the 
systems are more robust than what they were at that time. We 
are looking to have a QTL, a qualified technology list, that 
would show that these readers have been tested and that they 
work properly.
    Our NPRM is soliciting comments from industry specifically 
on whether this is a good rule or bad rule, and we have seen in 
the past that the comments we received will make a better rule 
than what we initially proposed. We intentionally have not 
included some of those high-throughput facilities, like 
container terminals or row-row terminals, because we feel that 
we will get better data initially from the cost-benefit 
analysis and how we are proposing the NPRM.
    Ms. Jackson Lee. Mr. Lord.
    Mr. Lord. Did you want me to respond to the recommendation 
to de-link those two events? Well, obviously, we found some 
limitations in the pilot, and TSA and the Coast Guard were 
directed to use the pilot to help develop the rule. Given the 
importance of the rule, we believe some of the limitations we 
noted we are suggesting, well, they should be relieved of that 
requirement.
    Ms. Jackson Lee. So what should they base the rule on?
    Mr. Lord. Well, as the agencies noted in the rule, they 
used other sources of information to inform the rulemaking. 
Obviously, that is not the only source of information, although 
we view it as a key source, but just to ensure the integrity of 
the process, if the data is no good, we don't believe people 
should be asked to use it.
    Ms. Jackson Lee. Thank you, Madam Chairwoman. I yield back.
    Mrs. Miller. At this time, the Chairwoman recognizes the 
gentleman from South Carolina, Mr. Duncan.
    Mr. Duncan. Thank you, Madam Chairwoman.
    First off, let me just say that, after 11 years, this 
program should be a lot further along than it is. I was reading 
some of the notes, and it said there are disqualifying factors 
that can be waived with proper authority, and they include 
transportation security crimes, improper transportation of 
hazardous material, unlawful handling of explosive devices, 
murder, any threat or purposely false information concerning an 
explosive device in a public or Government facility. That is 
abysmal, the fact that we are going to waive entry for folks 
that have committed those type of crimes. So that needs to be 
addressed, and that is not where I am going to go today, but I 
would throw that out there for future hearings and 
conversation.
    I was contacted by a constituent from South Carolina, and I 
would just like to read some of his e-mail to me, because he is 
a contractor providing some of the hand-held scanners, I think, 
that the admiral talked about. But he said just yesterday, he 
spent nearly half-an-hour on the phone with the vice president 
of SSA, one of the Nation's largest container terminal 
operators. During that conversation, he told me that TWIC was 
dead and suggested I look for another market. We have had a 
team of consultants that work for us in the Texas market, and 
they are hearing much the same thing from many of their 
contacts. This was on June 5.
    He said that the notice of proposed rulemaking is under the 
comment period, which will close the 20th of this month. The 
NPRM was very disappointing, as it only requires Class A 
facilities to electronically validated TWIC cards and 
biometrically identify the holder. All Class B and Class C 
facilities will be allowed to continue to use the TWIC as a 
flash pass.
    Even though this was never the intent, I have spent the 
last several months on ports and private terminal operators' 
location and can tell you that the word flash really is the 
appropriate term. The drivers never take their TWIC out of its 
plastic protective case, which is typically on a lanyard around 
their neck, and hold it up for a security guard to see.
    For the most part, the name is not even readable from the 
distance they are viewing it from, certainly not the expiration 
date. My understanding of the current role and the new NPRM is 
that it is the responsibility of the security staff to 
accomplish three things when allowing a visitor on the port 
facility. One is to get the authenticity of the TWIC. The 
second is to verify the expiration date. The third is to 
positively identify the holder by comparing the picture on the 
TWIC with the face of the individual presenting the TWIC.
    This process should take approximately 15 to 20 seconds if 
it is done correctly. We all experience similar things at TSA, 
as we see airline personnel and TSA personnel and other clear 
people go through TSA screening. However, this is never done. 
In addition, we spend the time and money to publish a CCL so 
that we make sure we are not allowing an individual on the 
ports that has caused their name and number to be placed on the 
list. However, no Class B or Class C port or private terminal 
facility has the ability to check against a certain list. I 
think we heard some of that earlier.
    Even if such a list were made available to them, it would 
disrupt the entire operation and to take the necessary time to 
check the list. No one seems to be able to publish a document 
that clearly states that TWIC is not dead, but moving forward.
    It is concerning to me that I am hearing from someone and 
from my State that is involved. This is real life. This was an 
e-mail. I didn't make this up. So this is the real-life example 
of where we are failing America in this process of making sure 
that our port facilities are safe.
    I agree with the admiral. I think we can have the hand-held 
scanners that you are using. I think that is a very verifiable 
way to identify and make sure that that cardholder is holding a 
valid TWIC, that it is that person that is holding it, it is 
not fraudulent, and it doesn't take that long to validate that.
    Now, I know there are costs involved. But I would be 
willing to bet that over the past 11 years, the money that has 
been spent developing this program that is so far behind 
schedule that we could have probably paid for those type items.
    So the question I have for the witnesses is: Do you believe 
that the TWIC program is dead? Or should it be continued? When 
do you believe we will see some clarity on that issue? I will 
just start and go down the list. Admiral?
    Admiral Servidio. Thank you, sir, and thank you for the 
question. I strongly feel that TWIC is not dead. We, the Coast 
Guard, see great value in having a single credential with the 
background and the biometrically enabled. I think what is 
important is not just to look at the past, but to look at the 
future, and we do need something in the environment we are 
going to be going in that will allow real-time biometric 
enabling to verify a person is who they are when they are going 
in there.
    Mr. Duncan. I agree with you. Thank you.
    I will go down the list. Is TWIC dead? Should it continue? 
When do you think we will see some clarity?
    Mr. Sadler. TWIC is not dead. It should continue. I think 
we will see some clarity when the Coast Guard finishes getting 
its comments for the NPRM and adjudicates those comments and 
comes out with a good reader rule, because that is the key to 
this. The TWIC card is one element in the process. The reader 
is the key to using that card.
    Mr. Duncan. Do you agree with me that it is being used as a 
flash pass now, Class B and Class C terminals?
    Mr. Sadler. Currently, in many terminals, it is being used 
as a flash pass. That is why the reader rule is so important to 
get the readers out there.
    Mr. Duncan. Let's go down the list. Is it dead? Or should 
it continue? Some clarity?
    Mr. Lord. Obviously, it is not dead. It is--I think we need 
to rethink the approach, perhaps focus on more higher--use at 
higher-risk facilities, more selective use. That would help 
address some of the issues we have identified in our past work, 
but, again, that is up for Congress.
    Mr. Duncan. You are a class A terminal in Houston?
    Captain Woodring. Right now, we are not classified, because 
the NPRM is what groups you or classifies you right now. We 
currently use the card as a flash pass.
    Mr. Duncan. Flash pass?
    Captain Woodring. In the new rule, we would be a Group B, 
which means we would not have to have the biometrics unless the 
MARSEC level changed, in which case we would have to 
biometrically check.
    Mr. Duncan. Thank you, gentlemen. My time is up. I will 
yield back.
    Mrs. Miller. The Chairwoman now recognizes the gentleman 
from Texas, Mr. O'Rourke.
    Mr. O'Rourke. Thank you, Madam Chairwoman.
    I wanted to start with a statement that I believe I heard 
Mr. Lord make, which is that you were unable to determine how 
using TWIC has improved security. I just want to make sure I 
heard you correctly.
    Mr. Lord. Yes, the assumption is--and I know the Coast 
Guard and TSA strongly believe that is the case--but we--in 
terms of an analytical perspective or analysis, we have yet to 
see anything comparing TWIC before and after. That is what we 
essentially were asked--calling for in our so-called 
effectiveness study back in 2011.
    So the presumption is it would enhance security, but don't 
forget, a lot of these facilities already have access control 
systems in place. They are already using local credentials, as 
the gentleman to my left just explained, so we would like to--I 
guess we are slightly skeptical and just need to see the 
analysis, and that is why we made that recommendation in 2011.
    Mr. O'Rourke. You know, I think it is important for us to 
move forward with objective, verifiable data. If we have 
spent--as I understand it--more than $500 million so far on 
this program that we know, it is objective, hard data, if we 
are going to be asked to spend anywhere from $700 million to 
more than $3 billion going forward in the future, I think we 
need to know how and to what degree this improves security.
    So because the GAO and Mr. Lord were not able to determine 
that from the information that you provided, Admiral or Mr. 
Sadler, do you have anything that you could add now at this 
hearing that would give us some comfort in moving forward with 
this program?
    Admiral Servidio. Yes, sir. The Coast Guard does an 
assessment every year--at minimum annually--through what we 
call the MSRAM, which is the Maritime Security Risk Assessment 
Model, and we take a look at the whole--all of the components 
of port security. Access control is part of it, and TWIC is 
just part of that access control. So doing an assessment on 
just a subcomponent of one of the components is quite difficult 
at this time. We do agree that we should be doing assessments, 
we should have better measures. We feel that when there is a 
reader rule out there, we can look at the effectiveness of 
having those biometrics and other types of things. We are 
looking internally in how we are using the hand-held readers 
and what the effectiveness of using those hand-held readers are 
to biometrically verify people.
    Mr. O'Rourke. But without any data, without you being able 
to give me hard numbers, how could I support authorizing 
another dime for this program? If we do authorize another dime, 
how do we decide whether it is $3 billion or $10 billion or $1 
trillion if you are not going to give us any reliable cost-
benefit analysis to this?
    We don't have unlimited money to spend on security, and we 
have some troubling lack of evidence as to whether or not this 
is improved security at all so far, and yet we are being asked 
to spend more and perhaps expand this to other modes of 
transportation and other frontiers in National security.
    I also heard Mr. Lord say that in the data that you made 
available, throughput times were mixed up with reader response 
times. That is of particular concern to me in El Paso, Texas, a 
big trade corridor, more than $90 billion in U.S.-Mexico trade 
moving through there. If we slow down already long wait times 
even further, with a system that doesn't work or with a system 
whose effect on throughput we cannot ascertain, that to me is 
troubling, as well.
    Do you have a response to the statement he made about 
throughput times?
    Admiral Servidio. Okay, sir, if I could answer the first 
part with regards to the assessment, I guess there are two 
different answers. I can give you hard numbers on how we have 
reduced risks in our ports using the MSRAM data each and every 
year as a result of the actions we have taken in implementing 
the Maritime Transportation Security Act and the international 
ship and port facility security code.
    We do have numbers saying that we have reduced 
vulnerabilities and we have reduced risks in our ports. 
Anecdotally, I have been the captain of the port at three 
different locations, sir, and I can tell you that we have come 
a long way in accepting any credential and what the guards 
would look at to where we are today in TWIC. Are we where we 
need to be? No, sir, but I think we are moving in that right 
direction.
    Mr. O'Rourke. Was it worth $500 million? Is it worth an 
additional $3.2 billion, what you have seen so far? If you 
can't give us the numbers here, can you tell us in your best 
judgment whether that is good value for the taxpayer?
    Admiral Servidio. I can you tell, sir, that our NPRM has an 
annualized cost of $26 million for the implementation of TWIC 
readers at Group A facilities. That is a good investment in 
money, sir. As we end up maturing the technology, I believe 
that we will be able to justify why we should roll this out to 
Group B facilities and potentially to other facilities, sir.
    Mr. Sadler. Yes, sir, I would like to add a couple of 
things. On the transaction times, that was our responsibility 
in the reader pilot. We made a determination as we were going 
through the pilot to use transaction times from the card 
itself, because we were having difficulty collecting the 
information on throughput times through these access points. 
That is one of the challenges that we faced.
    So if you think about throughput, whether it is a 
pedestrian coming up to a gate and presenting the card, or 
whether it is a truck coming up to a gate and presenting a 
card, it got to the point that if a truck comes up to the gate, 
for instance, and the individual has the card on a lanyard and 
has to back up or move closer to the reader, is that part of 
the throughput time that is affected by the TWIC?
    For us, that throughput time would be standard, no matter 
who was going through that gate. For us, we were concerned with 
the transaction time of the card. When the person actually put 
the card up to the reader, put the fingerprint down or finger 
down to check the fingerprint, and collect that transaction 
time, because that was going to determine, you know, how we 
affected the actual throughput of an individual or a vehicle.
    On the card itself--and as far as security is concerned--we 
believe that the card does improve security. Having gone 
through ports and facilities for over 20 years myself, I know 
that you can get through gates or used to be able to get 
through gates with multiple credentials. I never had to go 
through a gate with one common credential. I never had to go 
through a gate with a biometric credential.
    I don't think there was a background check at that time. We 
have got a standard background check. We have got an 
adjudication process. There are a lot of things that we have 
done with this card that were never done before in this 
maritime environment.
    Then last thing, if I could just finish, sir, on the cost 
estimate, the numbers you are referring to, the $3.2 billion, 
that is our life-cycle cost estimate for the program through a 
10-year estimate. We did that, if I remember correctly, in 
2007-2008. I would have to check that number.
    So to date, we have spent $394 million on the program--this 
is in the GAO report--approximately $100 million on 
appropriations, and $294 million in fees, because it is a fee-
funded program.
    Mr. O'Rourke. Madam Chairwoman, I know my time is up. I 
just want to say that I appreciate your belief that this makes 
us more secure. The concept is a good one. But we need facts if 
we are to make informed decisions going forward. Thank you.
    Mrs. Miller. Thank you.
    The Chairwoman now recognizes the gentleman from Utah, Mr. 
Stewart.
    Mr. Stewart. Thank you, Madam Chairwoman.
    To the witnesses, thank you all. Thanks for your service. 
Thanks for your expertise and being with us today. I know that 
you have a difficult task. The challenges confronting us as a 
Nation and as a people that you have been involved with over 
the last 10 or 12 years are in some cases enormous, and we 
appreciate that.
    I think one thing that--an observation, if I could--and I 
would like to keep my comments and then my specific questions 
to you very big picture--being kind of new to this, I was a 
military officer for 14 years. I understand some of the 
security concerns. I also understand a little bit about how 
Government bureaucracies work.
    I think one of the things--an observation that many of us 
would agree with, and that is that Government sometimes creates 
bad legislation when that legislation is created in a time of 
perceived crisis. When there is a great urgency like we 
experienced after 
9/11 and there was this cry to do something, and we did 
something, and some of that has been very effective and very 
important, but some of it has been less so, because it was 
perhaps not as thoughtful as we would have done had we not been 
under this--again, this sense of urgency, this sense of crisis.
    There were many who warned at the creation of the 
Department that it would become a big bureaucracy, that it 
would become unyielding and unresponsive to some of the needs 
of the people. I think that that is a fair observation. I 
think--I don't know anyone who would disagree with that, that 
like any Government agency, that there are some issues with the 
Department of Homeland Security that could be made better. I 
think, frankly, this is a pretty good example of that. What the 
Department has done is good, and there are many great success 
stories, but, again, I think that there is criticism there that 
we can take and probably try to apply.
    Again, I think the TWIC program is--as you have indicated, 
I think all of you--and as has been indicated in the 
questions--it has been troubled from the very beginning. Since 
its initiation in 2002, DHS has failed to meet every time 
requirement, essentially. We are, what, 5 years behind what our 
goal was and where we wanted to be?
    So, Mr. Sadler, maybe I will ask you, but then, Admiral, I 
would like to come to you, as well. Help me understand the big 
picture. If you can, answer this question not in a couple 
paragraphs, but answer it in a sentence or two sentences, if 
you will. What is the greatest challenge we have had? What is 
the one thing that we can--you know, that you would say this is 
the problem or this is the most important problem, and then how 
do we fix that one problem?
    Mr. Sadler.
    Mr. Sadler. Well, thank you, sir. This is important to 
understand, so I can put some context around it. We started 
with nothing in the beginning of the program. So what I mean by 
that is, there was no common credential. There was no common 
background check. There was no adjudication process. There was 
no appeals process or waiver process or administrative law 
judge review. There was no waiver process. There were no 
disqualifiers. I will try and keep my answer short, but this is 
very important. When we started this program, the program as it 
exists today did not exist then.
    Mr. Stewart. So then are you alluding that that is the 
great challenge, because we started from zero?
    Mr. Sadler. I think that is one of the challenges. That is 
a challenge, because we had to design all these things to get 
to this point. Another challenge is that we are taking this 
security and we are applying it across the maritime 
environment. I know Captain Woodring or Admiral Servidio would 
say, if you have seen one port, you have seen one port. There 
are different throughputs. There are trucks. There are 
vehicles. There are pedestrians. There are service workers. 
There are tremendous challenges in this program.
    Mr. Stewart. Okay.
    Mr. Sadler. So I think that is the answer. I think we had 
to design something that didn't exist. Although there were 
other cards and credentials and programs out there, it didn't 
exist in the maritime environment, and just the maritime 
environment itself is very challenging.
    Mr. Stewart. Okay, and I appreciate that, and I know you 
are not trying to evade the question or the answer, but when 
you say it is difficult and we had to start from zero, it has 
still been a long time, and we have still spent a lot of money. 
I am not sure any of us are satisfied with the result of where 
we are now.
    I was hoping that you would be able to say--and maybe you 
can't--I was hoping you would be able to say, this is the 
challenge we have. This is the one thing that if we did this or 
these two things, if we did this, this would be better, this 
would be--we would be able to make progress now. We wouldn't 
get this sense that we are just kind of spinning our wheels. 
Admiral, do you have any comments on this? Can you help me 
understand, you know, the one or two things that we could fix 
that would help this process?
    Admiral Servidio. Yes, sir. I believe the two issues are, 
we have one single credential now, one background credential, 
the TWIC card, and getting the socialization of that concept, 
getting the implementation of that has been a challenge. But we 
have done that.
    I think the greatest concern going forward is customer 
service, and I think we need to decouple customer service 
issues to trips and other types of issues, being on the phone 
for 3 hours or 2 hours, from the value in having a single 
credential with a common background and making it easier for 
our ports to implement.
    I really think we have made progress on going to the single 
credential. I think we still have work to do on the customer 
service, and we are working actively with TSA and the 
Department on addressing those concerns.
    Mr. Stewart. All right. Thank you. I am out of time, Madam 
Chairwoman.
    Mrs. Miller. I thank the gentleman very much.
    The Chairwoman now recognizes the gentlelady from Hawaii, 
Ms. Gabbard.
    Ms. Gabbard. Thank you, Madam Chairwoman.
    Thank you, gentlemen, for your time, your service, and your 
work here. Like my colleagues, of course, we are concerned 
about--at the bottom line, how are we addressing potential 
threats and alleviating threats that we see today, as well as 
going forward along our borders and at our maritime ports?
    As you can imagine in Hawaii, this is something that is 
particularly of interest to us, as we receive close to 95 
percent of all of our goods coming through our ports. I have a 
few questions regarding the actual TWIC card. I know you have 
said that this is just one component of the overall maritime 
security plan, but looking at the level of threat that we see 
coming through our containers, coming through the cargo that is 
coming in, I am curious about how many either specifically or a 
ballpark figure, maritime figures you have found using this 
National terrorism database--have found to be on that list?
    Mr. Sadler. Well, ma'am, if I could speak to you outside of 
public forum, I would be happy to give you those numbers, but I 
am just not comfortable discussing it in this forum.
    Ms. Gabbard. Have you seen that this is a prevalent issue?
    Mr. Sadler. It is an issue, but, frankly, I would like to 
discuss it outside of the open forum.
    Ms. Gabbard. The reason I ask is because I have had 
conversations with many of our maritime workers that I have 
seen in our States. I have visited our various harbors and 
ports and have seen, more often than not, frustration at a 
basic level of dysfunction. Not only--you have talked about the 
readers and the other issues that have been there, but with 
folks who have been working at our ports for 12, 15, even 20 
years, erroneously being flagged as they go through the 
screening process and then are put out of work for 1 month, 6 
months, 8 months, which creates a tremendous hardship on their 
families and our workers, and to have to undergo this screening 
not only on an annual basis, you are saying that there is a 3-
year plan now that people can apply for, but also the hardship, 
as we see in Hawaii, of having to travel to the mainland for 
this screening.
    How do you reduce these erroneous disqualifications that 
are occurring?
    Mr. Sadler. Well, we are required to adjudicate the 
backgrounds against certain disqualifying criminal issues. 
There are approximately 27 crimes that we look at. Some of them 
we look back for an unlimited period of time. Some are 5 years 
from conviction or 7 years from a release from incarceration. 
That is a statutory requirement.
    So one of the things that we do is, we have a robust 
appeals, waivers, and review process, and as soon as an 
individual is flagged for having some type of issue, we 
immediately get a letter out to that person once we have 
identified that person or that issue, and then we try and get 
them into this review process, so we can clear up whatever that 
issue is.
    One of the challenges that we have with that type of 
background check is, the States need to upload their 
information into the database that we use from the FBI, all 
right? At this point, we are getting State records from 
approximately 40 States. They may be more complete than the 
Federal database. They may not be. They may be more extensive. 
If we got the records from all the States, that would help us a 
lot.
    It--I am sorry. What were your other questions, ma'am? Oh, 
on the travel. So, for instance, on the travel, we are doing a 
couple of things. We are increasing our enrollment sites from 
136 to over 300, so if you have a TWIC enrollment site or a 
hazardous material enrollment site, you will be able to apply 
for both of those background checks at the same place, and you 
can get a discount on the background check if you choose to get 
both of them.
    We are also extending the One-Visit pilot program to 
Nation-wide in 2014, which will only require one visit for all 
individuals. Then currently, we have the extended expiration 
date TWIC, the 3-year card, that only requires one visit. So we 
are taking positive steps to try and reduce that burden, 
whether it is through an adjudication process or whether it is 
through the actual visits to an enrollment center.
    Ms. Gabbard. Admiral, maybe you could answer this question. 
How does this background check that our maritime workers are 
undergoing compare to a background check that a brand-new 
enlistee in the uniformed services undergoes? I am not talking 
about a secret clearance. I am just talking about walking in 
the door.
    Admiral Servidio. I am not sure exactly what background 
check we do when someone comes in, so I am going to have to get 
back to you on the record. I can tell you that the background 
check we do for TWIC is different than what we require for a 
merchant mariner, because of just the interaction with the 
public and other types of things. So we do tailor some of those 
background checks to what we are looking for with that part of 
the industry.
    Ms. Gabbard. The reason I ask is because I am wondering if 
in some ways you are saying we are starting from ground zero, 
there has been nothing like this put in place before, but when 
you look at our U.S. military, for example, I know some of the 
branches have different and higher levels of requirement, but 
at a baseline level, you have a criminal background check much 
like the States already provide at the local level.
    Without a secret clearance, that is kind of it. There are 
different requirements there that they are undergone, but you 
have an ID card with the biometric system that is accessible at 
military bases around the world, that it is rugged, it is 
supposed to be durable, and it seems like this is a system that 
has already been in place and it has worked, and I am not sure 
why we are investing in something that has now already been 
done.
    Mr. Sadler. Well, our credential--the TWIC card is accepted 
at DOD facilities. It is--the basic card is the same card as 
the CAC card, the DOD card. It is a card that we get from the 
GSA schedule. So it is tested to the same standards, and we 
believe it probably has about the same failure rate, because it 
has similar use.
    I think the main difference outside of the card itself is 
the fact that this is a commercial environment, it is all about 
high volume and throughput and speed. So that is where our 
challenge comes in, but the card itself is the same card stock 
that any Federal agency would buy off the GSA schedule.
    Ms. Gabbard. Thank you very much. Thank you, Madam 
Chairwoman.
    Mrs. Miller. I thank the gentlelady.
    I certainly thank all the witnesses. You can see by the 
level of frustration, some of the questions that we are asking, 
I am sure you all share that. We will see what happens here 
with this TWIC card, but it is a very important issue. We 
appreciate all of your attendance here today.
    Ms. Jackson Lee. Madam Chairwoman----
    Mrs. Miller. I would--yes, the Ranking Member?
    Ms. Jackson Lee. Yes, before we end, might I ask to put in 
the record three things? One, the letter from the American 
Association of Port Authorities on this very issue, I ask 
unanimous consent.
    Mrs. Miller. Without objection.
    [The information follows:]
        Letter From the American Association of Port Authorities
                                     June 13, 2013.
U.S. Department of Transportation,
Docket Management Facility (M-30), West Building Ground Floor, Room 
        W12-140, 1200 New Jersey Avenue, S.E., Washington, DC 20590.
RE: Comments of the American Association of Port Authorities on the 
NPRM, Transportation Worker Identification Credential (TWIC) Reader 
Requirements Docket: USCG-2007-28915.

    Dear Sir/Madam: Seaports deliver prosperity by serving as critical 
links for access to the global marketplace. Safe and secure seaport 
facilities are fundamental to both protecting our borders and moving 
goods. The American Association of Port Authorities (AAPA), on behalf 
of its U.S. members, welcomes this opportunity to comment on the Coast 
Guard's (USCG) Notice of Proposed Rulemaking (NPRM) related to the 
Transportation Worker Identification Credential (TWIC) Reader 
Requirements. Our U.S. members handle containers, auto and ro/ro cargo, 
cruise passengers, as well as many bulk and breakbulk cargos, all of 
which would be impacted by this rule.
    While the comments below address specific issues raised in the 
NPRM, AAPA is concerned about the findings in the recent Government 
Accountability Office (GAO) May 8, 2013 report, Transportation Worker 
Identification Credential: Card Reader Pilot Results Are Unreliable; 
Security Benefits Need to Be Reassessed GAO-13-198. GAO recommended 
that Congress halt DHS's efforts to promulgate a final regulation until 
the successful completion of a security assessment of the effectiveness 
of using TWIC readers. While we understand that there may be some 
disagreements over these findings, we do ask the Department to consider 
delaying the implementation date of the rule, and we stand ready to 
assist in further analysis of TWIC reader operational problems 
identified in the report.
    Below are specific recommendations related to the NPRM.
    In the final rule, USCG should be more specific in defining what 
are considered TIER A, B, and C facilities and utilize a risk-based 
approach to reader requirements that more clearly addresses the 
particular circumstances of each port area and the facilities that fall 
within the category requiring readers.
    As noted in AAPA's May 13, 2009, comments on the TWIC rule, we 
support the Maritime Transportation Security Act (MTSA) regulatory 
system that is performance- and risk-based. Unlike earlier TWIC 
proposals, the NPRM proposes a risk-based approach. While this is an 
improvement from the previous proposal, we do not believe the system as 
proposed should be adopted. We are concerned that the three categories 
for TWIC reader use are based upon the passenger capacity of vessels, 
bulk of hazardous material, and the facilities that they use, rather 
than taking an approach that is more specific to the individual 
circumstances of each facility. (It is unclear, for example, how 
Strategic Ports will be classified based on the criteria listed.)
    AAPA recommends that USCG expand the risk-based concept and include 
a more performance-based and flexible system as reflected in other MTSA 
regulations. Every port is different and in making evaluations about 
risk, USCG should aggregate risks to the port area first, followed by a 
second layer of risk at the facility level using a Maritime Security 
Risk Analysis Model (MSRAM), including an evaluation of what other 
facilities are in close proximity. This would result in a flexible, but 
risk-based system. Therefore, a facility's risk and associated reader 
requirements should be based on a variety of risk factors, not just 
what type of vessels call on it or the type of cargo that it handles.
    At certain facilities, TWIC should be checked by electronic reader 
at the beginning of a shift but then afterward and for the duration of 
the shift employees should be able to walk into and out of the secure 
area only having to flash their card or show some other identification 
to the guard. At cruise terminals, for example, porters walk into and 
out of the secure area 25-30 times during their shifts. Having to stop 
and use the reader every time that movement into the secure area is 
made could well create an unnecessary burden, delay work, impact vessel 
schedule, and result in unnecessary expenses. While it is true that, 
according to the NPRM, the Captain of the Port (COTP) has the power to 
suspend the reader requirement if it is unduly holding up cargo or 
passenger processing, this particular exception to the rule should be 
codified before the fact and not reliant upon an after-the-fact 
assessment. Differing assessments by individual COTP's could 
inequitably impact inter-port competitiveness.
    According to the NPRM, the Captain of the Port is authorized to 
suspend the reader requirement in the event that a reader malfunctions 
or some other event transpires that makes the reader requirement unduly 
onerous. AAPA recommends that in the event of a minor occurrence, such 
as a reader malfunction, the port should immediately be able to 
continue to process workers using an alternative means that has 
previously been identified in the approved Facility Security Plan. 
Rather than being required to contact USCG for approval to resort to 
the previously-approved alternate plan, the port should be able to 
resort to the plan and then log the occurrence for review by USCG after 
the fact. USCG will be able to monitor how frequently or infrequently 
the alternate plan is used and address irregularities without holding 
up the process at the time.
    The NPRM requires that ports submit an updated Facility Security 
Plan describing what procedures will be used to comply with the new 
reader requirement, once it goes into effect. AAPA recommends that 
ports be permitted to submit TWIC updates within the 5-year plan 
resubmission, rather than be required to submit immediate amendments to 
already-existing security plans.
            Sincerely yours,
                                             Kurt J. Nagle,
                                                 President and CEO.

    Ms. Jackson Lee. A letter from the American--excuse me, 
statement from the American Trucking Association on this issue.
    Mrs. Miller. Without objection.
    [The information follows:]
           Statement of American Trucking Associations, Inc.
                             June 18, 2013
                              introduction
    The American Trucking Associations (ATA), founded in 1933, is the 
Nation's preeminent organization representing the interests of the U.S. 
trucking industry. Directly and through its affiliated organizations, 
ATA encompasses over 37,000 companies and every type and class of motor 
carrier operation.
    The trucking industry is an integral component of our Nation's 
economy, transporting more than 80% of our Nation's freight bill and 
employing approximately 7 million workers in trucking-related jobs, 
including over 3 million commercial drivers. It is important to note 
that the trucking industry is comprised primarily of small businesses, 
with 97% of trucking companies operating 20 trucks or less, and 90% 
operating six trucks or less.\1\ More importantly, about 80 percent of 
all U.S. communities depend solely on trucks to deliver and supply 
their essential commodities.
---------------------------------------------------------------------------
    \1\ American Trucking Associations, American Trucking Trends 2011 
(March 2011).
---------------------------------------------------------------------------
                               background
    As ATA has testified on several occasions at Congressional 
hearings, including before the House Homeland Security Committee, both 
the private sector and Government agencies continue to struggle to find 
the right balance between improving security while facilitating 
commerce throughout our Nation's transportation sector. The motor 
carrier industry believes that security and commerce are not mutually 
exclusive goals throughout the transportation system and the 
increasingly sophisticated supply chains that move global trade. To 
truly enhance security without disrupting the flow of commerce, 
security regulations and programs must be implemented in a cost-
effective and coordinated manner. A key goal of such an effort must be 
that individual programs should be designed in a way that they can be 
leveraged to comply with a multiplicity of regulations and security 
requirements. The trucking industry believes that the Transportation 
Worker Identification Credential (TWIC) can be such a program if 
implemented and utilized in an appropriate manner.
    ATA has long supported the original concept of the TWIC: One 
application/enrollment process, one fee, one security threat assessment 
(STA), and a single credential that transportation workers may utilize 
to demonstrate compliance with multiple security requirements. However, 
commercial drivers today continue to face multiple security 
credentialing requirements. For example, in addition to the TWIC, 
drivers must undergo separate STAs for the Hazardous Materials 
Endorsement (HME), the Free and Secure Trade (FAST) program for border 
crossings, to name a few. The cost to drivers and companies of these 
separate STAs and credentialing programs is almost $300 in fees alone, 
not including the costs associated with drivers' lost wages and fuel 
costs while traveling to and from multiple enrollment centers, and the 
aggravation of providing fingerprints multiple times for each program 
that performs the same background check.
    Over 10 years ago, Admiral James Loy, then the second-most senior 
official at the Transportation Security Administration) TSA, summed up 
the concept and the purpose of the TWIC, stating:

``A fourth initiative also underway is development of a Transportation 
Worker Identification Credential or TWIC . . . The idea is to have 
these [transportation] employees undergo only one standard criminal 
background investigation . . . I've heard that there are some truck 
drivers currently carrying up to 23 ID cards around their necks. I 
wouldn't want to pay that chiropractor bill. Under the TWIC program 
drivers and other transportation workers will only have one card to 
deal with which would be acceptable across the United States.\2\
---------------------------------------------------------------------------
    \2\ Remarks of Admiral James M. Loy, Under Secretary of 
Transportation for Security, Transportation Security Administration, 
during Transportation Research Board 82nd Annual Meeting Chairman's 
Luncheon, January 15, 2003.

    Unfortunately, the TWIC program/concept has not lived up fully to 
its promise and has become another expensive, duplicative security 
credential that truck drivers must obtain to access maritime 
facilities. TWIC works, but the goal of universal acceptance of a 
single security credential has yet to be implemented by TSA. It is not 
too late to enhance TWIC's capabilities and acceptance across multiple 
programs to improve its benefits and reduce the need for multiple 
screenings through the same databases. In essence, implement the long-
established Department of Homeland Security principle of ``enroll once, 
use many.''
                   twic challenges and opportunities
    The TWIC program has had to confront strong criticism since it was 
first proposed in an NPRM in 2006 implementing statutory requirements 
mandated under the Maritime Transportation Security Act of 2002. Some 
of the key criticisms that the TWIC has encountered include:
   The excessively high cost of the TWIC: $132.50 (reduced to 
        $129.50 in 2012);
   The extended time the application process requires of 
        applicants, taking time off work twice: Once to apply and 
        provide the biometrics, a second visit to pick up the 
        credential;
   The failure to expand TWIC's utilization to satisfy other 
        Federal STA regulatory requirements, including sister programs 
        within TSA;
   The lack of TWIC enrollment facilities Nation-wide to 
        facilitate the enrollment of transportation workers who live 
        far from either coast;
   The failure to implement TWIC with its essential counterpart 
        reader rule, annulling the credential's technology benefits and 
        serving only as an expensive ``flash-pass''.
    ATA generally agrees with these criticisms of the TWIC program and 
we have expressed such concerns in past testimony before Congressional 
Committees as well as in comments to TSA, The United States Coast Guard 
(USCG), and the Department of Homeland Security (DHS). However, our 
greatest concern at this point is the multiplicity of background 
checks, and their associated costs and burdens, which drivers undergo 
to perform their everyday work responsibilities, from transporting 
hazardous materials and delivering at maritime facilities, to crossing 
our international land borders and transporting air cargo.
    As a matter of policy, ATA has long supported a system and process 
that provides for a Criminal History Records Check through National 
databases. But today's state of affairs in which commercial drivers 
undergo multiple STAs is untenable, excessively burdensome, and 
patently inefficient. Because of this, ATA has taken the position to 
support the TWIC as the potential single credential and STA that can 
demonstrate and provide compliance with multiple programs and 
regulations that require a STA through a single enrollment, a single 
fee, a single background check and a single credential.
    Although TSA has not provided for full recognition of one STA for 
compliance with another regulatory STA, for example allowing TWIC 
holders seeking an HME to show their TWIC as proof of already having an 
equivalent STA--a policy supported statutorily by Section 1556 of the 
9/11 Commission Act--other Federal agencies are accepting the TWIC for 
compliance with their credentialing requirements. For example, the 
Department of Defense (DoD) has an established policy allowing 
commercial drivers transporting freight in and out of appropriate 
military facilities to use a TWIC in lieu of obtaining a DoD issued 
Common Access Card (CAC). DoD acceptance of the TWIC for such purposes 
is recognition of the strength of the TWIC STA process and its 
compliance with Federal Personal Identity Verification (PIV) standards 
used by millions of Federal employees.
    In its latest report regarding the TWIC card reader pilot 
results,\3\ the U.S. Government Accountability Office (GAO) criticized 
TSA's planning shortfalls for implementing the TWIC reader pilot in a 
manner that did not yield usable information due to data-collection 
challenges. ATA is aware that TSA faced some technology challenges in 
collecting TWIC-reader functionality data, including that the first 
generation of TWIC cards had faulty antennas embedded in the cards 
which rendered them useless when utilized with contactless readers. 
However, ATA is also aware of certain facilities that have been using 
the TWIC readers successfully to verify the credential's status, 
identity, and improving throughput for truck operations. Perhaps 
additional focus should be given to facilities that have successfully 
implemented the TWIC readers and utilize such ``lessons-learned'' that 
can be applied to other facilities facing reader challenges.
---------------------------------------------------------------------------
    \3\ U.S. Government Accountability Office; Transportation Worker 
Identification Credential: Card Reader Pilot Results Are Unreliable; 
Security Benefits Need to be Reassessed; May 2013.
---------------------------------------------------------------------------
    GAO's concerns and suggestions should be given careful 
consideration by DHS in improving the development and implementation of 
TWIC-readers at regulated facilities. ATA also agrees that Congress 
should continue to carefully assess the overall implementation of the 
TWIC program. However, ATA is concerned with GAO's suggestion that 
Congress consider ``alternative credentialing approaches, which might 
include a more decentralized approach for achieving TWIC program 
goals.'' A decentralized approach could result in an environment in 
which each State or location performs STAs and issues separate 
credentials for truck drivers to access maritime facilities throughout 
the country. Such a scenario would result in an increasingly 
burdensome, inefficient, and ineffective system for transportation 
workers who work and operate at multiple MTSA-regulated facilities. The 
TWIC is a robust, Nation-wide and uniform STA that can be utilized at 
multiple locations when matched with the appropriate readers. TSA and 
USCG need to focus their efforts in ensuring the deployment of TWIC 
readers nationwide rather than creating a vast assortment of individual 
systems.
    With the appropriate leadership within TSA and with clear guidance 
from Congress, the TWIC has the potential to serve as a valuable tool 
to ensure that personnel working throughout our country's critical 
transportation infrastructure have been screened appropriately and 
continue to be vetted frequently through relevant databases. Moreover, 
when the credential is utilized with the appropriate readers it can 
ensure the validity of the card, match the TWIC to the cardholder and 
allow for improved throughput when entering secure areas requiring such 
systems.
                               conclusion
    Notwithstanding that the TWIC continues to face several challenges 
to gain broad support from various sectors within Government--as 
demonstrated by the latest GAO TWIC report--as well as private-sector 
entities, the TWIC's future utility is robust if implemented as 
originally intended by leveraging its applicability throughout other 
security programs. But appropriate efforts and policies must be 
implemented by DHS, TSA, USCG, and other Federal entities to coordinate 
the utility of such a PIV for compliance with multiple STA 
requirements. The 2.4 million transportation workers in possession of a 
TWIC, including over 400,000 commercial drivers, are already heavily 
invested in the program. It would be a disservice to these workers to 
consider doing away with the TWIC when they have spent resources and 
time to obtain the credential.
    ATA urges the Homeland Security Committee and its various relevant 
subcommittees to:
   Continue supporting the TWIC as a viable STA program used by 
        millions of personnel to access secure areas of maritime 
        facilities as well as various Federal facilities;
   Authorize and mandate the use of the TWIC for compliance 
        with equivalent STA programs;
   Analyze and require TSA to significantly reduce the high 
        cost of the TWIC and ensure ample geographic coverage of 
        enrollment centers;
   Not overlook the fact that the TWIC, as a stand-alone 
        credential, provides a solid STA component and a perpetual 
        vetting process that offers a high degree of security;
   Allow the USCG to move forward with the implementation of 
        the TWIC readers, after careful consideration of industry 
        comments and recommendations.
    The implementation of the TWIC readers is essential to leverage 
properly the technology embedded in the TWIC and to establish uniform, 
secure, and efficient access procedures at secure areas of MTSA-
regulated facilities. Even with the very high cost of the TWIC, at 
roughly $130.00, it is a more cost-efficient scenario rather than 
paying multiple fees and undergoing multiple enrollment and finger-
printing processes. The trucking industry asks that these costs be 
reasonable and part of an efficient, risk-based process. ATA supports 
an approach that is good for security--and good for commerce.
    ATA appreciates the opportunity to offer this written statement and 
we look forward to continue working with this subcommittee and the 
Homeland Security Committee to further improve the security of our 
transportation system, doing so in a coordinated and efficient manner.

    Ms. Jackson Lee. For the record, a question to the Coast 
Guard and TSA to provide us in writing whether you have the 
tools to assess and evaluate the effectiveness of using the 
TWIC with readers for enhancing port security. I think we need 
a--I need a focus one, two, three, four, in relation to the GAO 
report in 2011 and 2013.
    I thank the Chairwoman, and I think this has been a very 
helpful hearing from all of the witnesses and look forward to 
maybe providing some legislative fix. I yield back to the 
Chairwoman.
    Mrs. Miller. I thank the gentlelady. Any Members of the 
committee that might have some additional questions for the 
witnesses there, we will--pursuant to the committee rule, the 
hearing record will be open for 10 days for those.
    Ms. Gabbard. Excuse me, Madam Chairwoman. Just briefly 
request----
    Mrs. Miller. Gentlelady from Hawaii.
    Ms. Gabbard [continuing]. Unanimous consent to insert 
testimony we have here submitted for the record from the 
Longshore and Warehouse Union, representing port workers in 
Hawaii and the western region for the record.
    Mrs. Miller. Without objection.
    [The information follows:]
      Statement of the International Longshore and Warehouse Union
                             June 18, 2013
    The International Longshore and Warehouse Union (``ILWU'') 
represents port workers in California, Oregon, Washington, Alaska, and 
Hawaii, as well as warehouse, maritime, agriculture, and hotel and 
resort workers. The ILWU's membership includes the approximately 22,000 
longshore workers, marine clerks and foremen who load, unload, track, 
monitor and oversee the movement of cargo into and out of all of the 
major ports on the West Coast, Alaska, and Hawaii. We appreciate the 
opportunity to submit these comments on the TWIC Program.
    The ILWU and its members have been active participants in the 
development and roll-out of TWIC since its inception. The union's 
experience of the program and deep knowledge of the waterfront have 
shown that TWIC does not improve port security and unfairly burdens 
working people. The program is now at a crossroads. The program stands 
poised to expand through the mandatory installation of expensive TWIC 
readers at approximately 570 locations pursuant to proposed regulations 
currently under review by the Coast Guard.\1\ According to the GAO, the 
TWIC Program has cost more than $500 million and will cost between $690 
million and $3.2 billion more over the next 10 years, not counting the 
costs of installing and operating readers.\2\ In one of its multiple 
recent reports critical of the program, GAO concluded: ``11 years after 
initiation, the TWIC program continues to be beset with significant 
internal control weaknesses and technology issues, and . . . the 
security benefits of the program have yet to be demonstrated. The 
weaknesses we have identified suggest that the program as designed may 
not be able to fulfill the principal rationale for the program--
enhancing maritime security.''\3\ Before proceeding further, we urge 
this committee to re-think the wisdom of TWIC. We believe that careful 
consideration of the facts on the ground will reveal that TWIC does not 
make our Nation safer, hurts American workers, and is a poor use of 
limited Government dollars.
---------------------------------------------------------------------------
    \1\ Notice of Proposed Rulemaking on TWIC Readers, 78 Fed. Reg. 56 
(March 22, 2013) at 17782, et seq.
    \2\ ``Transportation Worker Identification Credential: Card Reader 
Pilot Results are Unreliable; Security Benefits Need to Be 
Reassessed'', GAO-13-198, Appendix III, p. 59-60 (May 2013).
    \3\ ``Transportation Worker Identification Credential: Card Reader 
Pilot Results are Unreliable; Security Benefits Need to Be 
Reassessed'', GAO-13-198, at p. 42 (May 2013); see also ``Security 
Benefits Need to Be Reassessed,'' GAO-13-198 (May 2013); 
``Transportation Worker Identification Credential: Internal Control 
Weaknesses Need to be Corrected to Help Achieve Security Objectives,'' 
GAO-11-657 (May 2011).
---------------------------------------------------------------------------
    First, the fundamental focus of the TWIC program is wrong. If 
preventing terrorism is the goal, then targeting American workers for 
screening, as opposed to targeting containers and cargo, is the wrong 
approach. On the modern container facilities through which most of our 
imports and exports travel, port workers like those whom we represent 
have no real access to the cargo or the documentation associated with 
the containers' contents. Thus, requiring that workers be screened does 
not help to prevent facilities from being used to transport items that 
could be used to commit an act of terrorism.
    Moreover, the majority of the facilities themselves (whether 
container terminals or bulk operations) are large, decentralized spaces 
with workers, cargo, and equipment typically spread out across many 
acres. These characteristics make the facilities poor targets for a 
terrorist hoping to have a significant impact on commerce or on the 
public. Thus, screening the facilities' workforces is not a meaningful 
way to prevent a terrorist attack.
    Second, the TWIC program unfairly targets working people and has 
caused substantial hardships for workers and their families with no 
added security benefit. In 2006, when TWIC was still in the planning 
stages, ILWU longshore workers and marine clerks went through a Coast 
Guard-mandated threat assessment screening to ensure that they did not 
pose a National security risk.\4\ The ILWU cooperated with the Coast 
Guard and TSA to complete this process. The ILWU is not aware of any 
members being found to pose a risk.
---------------------------------------------------------------------------
    \4\ 71 Fed. Reg. 82 (April 28, 2006) at 25067 (requiring the ILWU 
to provide the Coast Guard with identifying information, including 
Social Security Numbers and alien identification numbers for all 
longshoremen to permit TSA to ``analyze . . . whether or not an 
employee or longshoreman poses or is suspected of posing a security 
threat warranting denial of access to the port facility'' and stating 
that anyone meeting those criteria will be denied access).
---------------------------------------------------------------------------
    In 2008, when the Department of Homeland Security began to require 
TWICs to obtain unescorted access to longshore workplaces, the ILWU 
membership was screened again.\5\ ILWU members applied for TWICs, were 
fingerprinted, had their irises scanned, underwent criminal background 
checks, and paid $129.75 each out of their own pockets to obtain these 
technologically-advanced cards. Almost none of these expensive 
technologies were ever put to use.
---------------------------------------------------------------------------
    \5\ 72 Fed. Reg. 3492 (Jan. 25, 2007); 33 CFR  101.514, 
104.115(d).
---------------------------------------------------------------------------
    The Government databases relied upon in evaluating TWIC 
applications contain an abundance of incomplete and faulty 
information.\6\ Due to this fact and delays by TSA, some of our members 
languished for months, unable to work, and unable to support their 
families while they tried to obtain TWICs.\7\ The following are only a 
few examples:
---------------------------------------------------------------------------
    \6\ U.S. Attorney General, ``The Attorney General's Report on 
Criminal History Background Checks,'' at page 3 (June 2006) (concluding 
that FBI's database was ``missing final disposition information for 
approximately 50% of its records''); see also ``A Scorecard on the Post 
9/11 Port Worker Background Checks: Model Worker Protections Provide a 
Lifeline for People of Color, While Major TSA Delays Leave Thousands 
Jobless During the Recession,'' National Employment Law Project (July 
2009), available at http://www.nelp.org/page/SCLP/PortWor- 
kerBackgroundChecks.pdf?nocdn=1.
    \7\ The National Employment Law Project, which represented or 
assisted more than 450 workers seeking to obtain TWICs estimated that 
workers waited almost 4 months on average to obtain an initial decision 
from TSA on their TWIC applications and workers waited an average of 7 
months for their appeals or waiver requests to be reviewed. ``A 
Scorecard on the Post- 
9/11 Port Worker Background Checks: Model Worker Protections Provide a 
Lifeline for People of Color, While Major TSA Delays Leave Thousands 
Jobless During the Recession,'' National Employment Law Project (July 
2009), at p. at 5-6.
---------------------------------------------------------------------------
   William Ericson, a lonsghore worker from Seattle was 
        erroneously denied a TWIC based on incorrect or incomplete 
        information in the notoriously flawed FBI database. Despite 12 
        years of work history on the waterfront, Brother Ericson sat 
        unable to work for 6 months, exhausted his savings and came 
        close to having his home foreclosed upon before he was able to 
        finally convince TSA that the agency had made a mistake.
   Another member from Seattle, Steven Richards, was born 
        outside of the United States on a military base. Even though he 
        was a citizen and met all of the qualifications to obtain a 
        TWIC, TSA denied his application. He found himself stuck in the 
        bureaucratic snarl and unable to work for months while TSA 
        obtained the records that proved his citizenship and 
        eligibility.
   Another member in the San Francisco Bay Area was denied a 
        TWIC because he had previously been convicted of a marijuana-
        related offense even though the court had expunged his 
        conviction.\8\ He had been a hard-working longshore worker for 
        18 years and had no other convictions. He spent months waiting 
        for TSA to rule on his initial application and, then even 
        longer waiting for TSA to review his request for a waiver. In 
        the meantime, he was unable to work and his family struggled to 
        avoid losing their home.
---------------------------------------------------------------------------
    \8\ To protect the member's privacy, we do not include his name.
---------------------------------------------------------------------------
    These members and others like them posed no risk to the security of 
the United States.
    These members are not alone. The Department of Homeland Security 
reports that, as of May 21, 2013, it had issued initial TWIC 
disqualification letters to 120,224 people.\9\ TSA has two procedures 
whereby someone can challenge the denial of a TWIC--appeal and 
waiver.\10\ Appeal is available to an applicant who was wrongly denied 
a TWIC. In other words, the applicant met all of the statutory and 
regulatory criteria for obtaining a TWIC but TSA erroneously denied his 
or her application anyway.\11\ Waiver can be sought by an applicant who 
does not meet all of the statutory and regulatory criteria for 
obtaining a TWIC but who nonetheless ``does not pose a security 
threat.''\12\ As of May 21, 2013, DHS had received 54,271 appeals and 
had granted 52,299 (more than 96%). In addition, DHS had received 
14,593 waiver requests and granted 12,289 (more than 84%). While these 
numbers indicate the absolute necessity of having an appeal and waiver 
process available, they also indicate that TSA initially denied TWICs 
to more than 50,000 people erroneously and to more than 12,000 people 
who posed no security threat. Almost certainly, there are tens of 
thousands more workers who met the requirements to obtain a TWIC but 
did not or could not appeal their denial or seek a waiver. These people 
are being wrongly denied access to work for no good reason.
---------------------------------------------------------------------------
    \9\ http://www.tsa.gov/sites/default/files/publications/pdf/twic/
monthly_dashboard_cur- rent.pdf.
    \10\ 49 C.F.R.  1515.6-1515.7.
    \11\ Id.  1515.6(b).
    \12\ Id.  1515.7(b).
---------------------------------------------------------------------------
    Third, TWIC has shown itself to be of little to no value if the 
goal of the program is to limit facility and vessel access. As ILWU 
members like those discussed above struggled and were denied the 
ability to work for lack of a TWIC, the ILWU has watched as unknown 
truckers, rail crews, vessel crews, maintenance workers, and 
construction crews without TWICs routinely enter and work at marine 
terminal facilities. Sometimes these workers are ``escorted'' by people 
with TWICs. However, in many cases the ``escort'' is more theoretical 
than real and individuals without TWICs work on the facilities largely 
unmonitored. What is more, these workers have no lasting relationship 
with the facility owner or operator and therefore pose an arguably more 
serious security risk than ILWU members.
    In addition, while ILWU members' backgrounds have been scrutinized 
in the name of National security, the union has watched waterfront 
employers eliminate people and protocols that actually improve security 
and replace them with cost-cutting technologies that are no substitute. 
For example, many marine terminal operators used to require that seals 
on stuffed containers be visually checked to ensure that they had not 
been tampered with. They also previously required that empty containers 
be opened and checked. To cut costs and speed up the movement of cargo, 
many employers now use only a camera linked to a monitor at a remote 
location. But a camera cannot tug on the seals to make sure they are 
intact, or open empty containers.
    The ILWU has been advised by some facility owners and operators 
that, if TWIC readers become mandatory, the employers intend to use the 
readers to further cut costs by eliminating security guards. Facility 
security personnel know the regular workforce on the docks and, 
therefore, know who belongs and who does not. Again, technology is no 
substitute, particularly given the serious flaws with TWIC card 
technology and readers noted by the GAO.\13\
---------------------------------------------------------------------------
    \13\ GAO-13-198, ``Transportation Worker Identification Credential: 
Card Reader Pilot Results Are Unreliable; Security Benefits Need to Be 
Reassessed,'' (May 8, 2013) at 25 (``according to officials from two 
pilot sites, approximately 70 percent of the TWICs they encountered 
when testing TWICs against contactless readers had broken antennas or 
malfunctioned. Further, a separate 2011 report commissioned and led by 
USCG . . . identified one site where 49 percent of TWICs could not be 
read in contact-less (or proximity mode, and two other sites where 11 
percent and 13 percent of TWICs could not be read in contact-less mode. 
Because TWIC cards malfunctioned, they could not be detected by 
readers.'').
---------------------------------------------------------------------------
    For all of these reasons, TWIC is misguided. It does not improve 
port security and it unfairly targets working people. Public monies can 
and should be put to better use.
    The ILWU appreciates the opportunity to submit these comments and 
thanks the committee for its consideration.

    Ms. Gabbard. Thank you.
    Mrs. Miller. Again, thank you to the witnesses very much. 
The committee is now adjourned.
    [Whereupon, at 11:25 a.m., the subcommittee was adjourned.]


                            A P P E N D I X

                              ----------                              

   Questions From Chairwoman Candice S. Miller for Joseph A. Servidio
    Question 1. A Coast Guard official started in an interview with a 
Fierce Homeland Security reporter ``there is not a real strong nexus 
between the results of the pilot program and what is in the reader 
regulation.'' However, the pilot was referenced several times in the 
NPRM. What data from the TSA pilot were used to inform the NPRM? Could 
this information have been provided through other means? How can the 
Coast Guard be certain the NRPM will not have negative impacts on 
business operations knowing that this system has not truly been tested? 
Had the TSA pilot been more complete or shown a strong feasibility in 
carrying out the biometric requirements of the TWIC program, would the 
rule have sought to regulate more than 5 percent of all MTSA-regulated 
vessels and facilities?
    Answer. The Coast Guard used the best available data to 
characterize economic impacts, which in some cases resulted in using 
sources other than the TWIC pilot. Specifically, the TWIC pilot was the 
main data source associated with the cost to install TWIC readers, as 
well as the number of readers required per access point, throughput 
times, and failure rates of readers. However, TWIC pilot data was 
supplemented with other available data sources to provide preliminary 
estimates of other costs and benefits. Other data sources included the 
Marine Information for Safety and Law Enforcement (MISLE) database for 
population figures, the Marine Security Risk Assessment Model (MSRAM) 
for risk hierarchy and consequence data, the General Services 
Administration (GSA) schedule for reader hardware and software costs, 
and other literature for basic background on TWIC reader deployment. 
Based on the judicious use of all data sources, the Coast Guard has 
confidence in the proposed regulation's limited impact on business 
operations as noted in the Regulatory Assessment.
    Decisions regarding application of TWIC reader requirements were 
not driven by any limitations of the TWIC pilot, but rather by 
comparing costs of the requirements versus benefits gained. In the case 
of vessels, given the inherent limits on manning for barges (and 
thereby the limited utility for using a reader to verify the identity 
of mariners accessing any secure spaces on a barge), barges were 
excluded from TWIC reader requirements, thus eliminating approximately 
51 percent of the MTSA population (includes vessels and facilities). 
Similarly, other vessels with lower risk (e.g., vessels not engaged in 
transport of hazardous cargoes) and/or with fewer than 14 TWIC-holding 
crewmembers were eliminated given relatively low utility for the cost. 
This eliminated another 32 percent of the MTSA population (for a total 
of about 83 percent of the MTSA population exempted in the current 
proposal). Similar logic was applied to facilities, with requirements 
imposed on those 20 percent of MTSA facilities that comprised 
approximately 80 percent of the risk exposure. By eliminating lower 
risk facilities, another 13 percent of the MTSA population was exempted 
from requirements for a total of about 95 percent of the MTSA 
population exempted from reader requirements.
    Question 2. Since 9/11, Congress has implemented legislation 
specifically addressing perceived vulnerabilities with containerized 
cargo entering the United States. However, no container facilities will 
fall within Risk Group A, and thus will not be impacted by the proposed 
reader regulations at this time. Does containerized cargo deserve to be 
in a higher-risk group, or are earlier concerns regarding the threat 
within containerized cargo overstated? If container facilities are a 
major vulnerability, why are they not widely impacted by the proposed 
card reader rule?
    Answer. In the development of the NPRM, the Coast Guard evaluated 
TWIC reader requirements alternatives to those proposed in the NPRM 
including an alternative that would have required the installation of 
TWIC readers at Risk Group A facilities and all container facilities.
    The Coast Guard considered this alternative because container 
facilities are perceived to pose a unique threat to the maritime sector 
due to the transfer risk associated with containers (i.e., there is a 
greater risk of a threat coming through a container facility and 
inflicting harm or damage elsewhere than with any other facility type). 
However, as discussed in the preamble of the NPRM, many of the high-
risk threat scenarios at container facilities would not be mitigated by 
TWIC readers. Although TWIC readers serve as an additional access 
control measure, they do not mitigate the threat associated with the 
contents of a container, and would not improve screening of cargoes for 
dangerous substances or devices.
    Additionally, the costs/impacts for TWIC readers at container 
facilities would not be justified by the amount of potential risk 
reduction at these facilities. This alternative would increase the 
burden on industry by increasing the affected population from 532 
facilities to 651 facilities. The discounted 10-year costs would go 
from $186.1 million to $624.9 million. The inclusion of container 
facilities would also potentially have adverse environmental impacts 
due to increased air emissions due to longer queuing times and 
congestion at facilities.
    Question 3. In recent years, many port facilities have designated 
Port Security Grant funds specifically to procure TWIC readers and 
other equipment associated with TWIC implementation. How many 
facilities not in Group A, have received funding for TWIC card readers 
and infrastructure? Is it your expectation that Group B and C 
facilities, which are not required to purchase card readers, will still 
go ahead with the investment? Did the Coast Guard take into 
consideration, while drafting the NPRM, whether or not risk Group B or 
C facilities have already obtained Port Security Grant funding to 
purchase card readers?
    Answer. In the development of the TWIC Reader NPRM, the Coast Guard 
specifically focused on risk, security, and economic impacts rather 
than taking into consideration whether or not facilities had 
voluntarily purchased electronic TWIC Readers (with or without PSG 
funding). The Coast Guard expects that each facility in Groups B and C 
will make a determination on whether to implement readers based on what 
best meets its specific business and security needs and assessments. 
Absent of regulatory requirement, there is no expectation for B and C 
facilities to implement readers.
    The PSG Program allocates funds towards maritime security risk 
mitigation projects based on risk. Eligible PSG applicants may request 
several different projects within an application of which a TWIC 
project may be one of the projects or part of a project.
    PSG Program financial data is maintained via methodology 
established by Congress for Federal grant funding. From fiscal year 
2007 through fiscal year 2012, a total of 401 TWIC implementation 
projects were approved by DHS, and a total of $144.7 million was 
awarded for TWIC projects. Funding awarded for TWIC projects 
represented 7.5% of the total PSG Program funding ($1.92 billion) 
awarded during the period.
    Question 4. The crewmembers operating the Saugatuck Chain Ferry, 
out of Saugatuck, Michigan are required to carry a TWIC card. Given the 
low threat nature of this vessel as it operates on a fixed chain system 
propelled by a hand crank does it make sense for crewmembers of this 
vessel to be required to carry a TWIC card? Has there been any 
consideration to waive the requirement for crewmembers to obtain a TWIC 
card for vessels like this?
    Answer. The Saugatuck Chain Ferry (also known as the M/V DIANE) is 
a Coast Guard inspected 46 CFR Subchapter `T' small passenger vessel 
that operates on the Kalamazoo River (a navigable waterway). In 
accordance with Coast Guard Policy Letter 11-15, since the Saugatuck 
Chain Ferry does not meet the applicability requirements of maritime 
security for vessels (33 CFR 104.105) and therefore is not required to 
maintain a Vessel Security Plan (VSP), a credentialed mariner operating 
the vessel is not required to retain a Transportation Worker 
Identification Credential (TWIC).
    However, individuals applying for their initial Merchant Mariner 
Credential (MMC) are required to apply for a TWIC in order to undergo a 
Security Threat Assessment (STA). Such persons would only need to pass 
the STA in order to obtain their MMC. There is no requirement for that 
individual to actually hold a valid TWIC unless they are working on a 
vessel required to hold a VSP. Additionally, the Coast Guard will not 
require a mariner who holds or has held a TWIC to renew it in order to 
renew their current credential.
    Because of the Saugatuck Chain Ferry's route and service, the 
operator of the vessel is required to possess a Coast Guard issued MMC. 
The Coast Guard does not have the authority to waive this statutory 
requirement. Therefore, any person applying for their initial MMC who 
would like to then use that MMC to operate the Saugatuck Chain Ferry 
would have to apply for a TWIC in order to undergo a STA, but would not 
be required to carry the TWIC.
    Questions From Chairwoman Candice S. Miller for Stephen M. Lord
    [Note.--The responses are based on work associated with our 
previously issued products.]\1\
---------------------------------------------------------------------------
    \1\ See GAO, Transportation Worker Identification Credential: Card 
Reader Pilot Results Are Unreliable; Security Benefits Need to Be 
Reassessed, GAO-13-198 (Washington, DC: May 8, 2013); Transportation 
Security: Actions Needed to Address Limitations in TSA's Transportation 
Worker Security Threat Assessments and Growing Workload, GAO-12-60 
(Washington, DC: Dec. 8, 2011); Transportation Worker Identification 
Credential: Internal Control Weaknesses Need to Be Corrected to Help 
Achieve Security Objectives, GAO-11-657 (Washington, DC: May 10, 2011); 
Transportation Worker Identification Credential: Internal Control 
Weaknesses Need to Be Corrected to Help Achieve Security Objectives, 
GAO-11-648T (Washington, DC: May 10, 2011); and Transportation Worker 
Identification Credential: Progress Made in Enrolling Workers and 
Activating Credentials but Evaluation Plan Needed to Help Inform the 
Implementation of Card Readers, GAO-10-43 (Washington, DC: Nov. 18, 
2009).
---------------------------------------------------------------------------
    Question 1. Although TWIC was originally intended to be the common 
credential for workers in all modes of transportation, it has been 
limited to strictly a maritime security access control credential. The 
Coast Guard has further limited its scope by developing a Notice of 
Proposed Rulemaking (NPRM) which applies to less than 5 percent of all 
MTSA-regulated vessels and facilities. Given that the reader 
requirement is not being applied to Group B and C facilities should 
TWIC be further reduced by limiting issuance and use to only the 
highest-risk maritime facilities?
    Answer. Given the current uncertainties surrounding the 
implementation of the TWIC program in the maritime environment, and the 
program weaknesses highlighted in our 2011 and 2013 reports, limiting 
the use of TWIC to maritime facilities where the Coast Guard can 
clearly demonstrate that use of TWIC will effectively mitigate the 
three terrorist scenarios illustrated in the March 2013 NPRM (i.e., a 
truck bomb, a person/passenger carrying an improvised explosive device 
(IED), or a terrorist assault team) would be consistent with our 
findings and recommendations.\2\ As highlighted in our May 2013 report, 
the TWIC pilot conducted to test the use of TWICs with biometric card 
readers and other supporting analyses did not provide DHS with complete 
and accurate information on the impact of TWIC on facility and vessel 
operations or the added security benefits that the TWIC may provide.\3\ 
For example, we found that the pilot test's results were unreliable, 
and that DHS has not assessed the effectiveness of TWIC at enhancing 
security or reducing risk at Maritime Transportation Security Act 
(MTSA)-regulated facilities and vessels. While the current NPRM is 
aimed at implementing the use of TWIC with readers at Group A/highest-
risk-vessels and facilities, the NPRM suggests allowing for the 
expanded use of TWIC with readers at lower-risk facilities in the 
future.
---------------------------------------------------------------------------
    \2\ GAO-11-657 and GAO-13-198.
    \3\ GAO-13-198.
---------------------------------------------------------------------------
    Question 2. DHS argues that the decentralized security credential 
similar to the airport's Secure Identification Display Area (SIDA) 
badge is not comparable to TWIC because airport workers generally work 
at only one airport and disagrees with the GAO assessment that 
``maintaining site-specific credentials enhances security.'' Why do you 
believe decentralized security ``enhances security?'' What examples of 
such a decentralized approach would you recommend DHS evaluate for use 
at port facilities?
    Answer. Based on findings from our prior work, a decentralized 
credentialing approach could help remediate internal control weaknesses 
identified in our May 2011 report, and may therefore enhance 
security.\4\ Among others, we reported that TWIC program controls are 
not in place to determine whether an applicant has a need for a TWIC, 
and that our investigators were successful in obtaining authentic TWIC 
cards despite going through the background-checking process. As 
implemented, a uniform TWIC credential is issued by TSA after it 
conducts a security threat assessment. Operator participation is not 
required as part of this centralized TWIC enrollment, security review, 
or issuance process. According to our review of the evidence, operator 
participation, as would be required under a decentralized credentialing 
approach using facility- or port-specific credentials, could help 
validate an individual's identity and need for a credential to access a 
specific facility or vessel prior to issuing the credential. Maritime 
vessel and facility operators have a paramount interest in securing 
their assets. Involving operators in the credentialing process gives 
them more control and insight into the risks posed by people seeking 
access to secure areas, and could better ensure operators and the 
Federal Government of the individual's identity, need for a credential, 
and need for access to specific vessels and facilities.
---------------------------------------------------------------------------
    \4\ See, for example, GAO-13-198; GAO-12-60; and GAO-11-657.
---------------------------------------------------------------------------
    As we reported in May 2011, the TWIC program's internal controls 
for positively identifying an applicant, arriving at a security threat 
determination for that individual, and approving the issuance of a 
TWIC, are not designed to provide reasonable assurance that only 
qualified applicants can acquire TWICs. If an individual presents an 
authentic TWIC acquired through fraudulent means when requesting access 
to the secure areas of a MTSA-regulated facility or vessel, the 
cardholder is deemed not to be a security threat to the maritime 
environment because the cardholder is presumed to have met TWIC-related 
qualifications during a background check. In such cases, these 
individuals could inappropriately gain unescorted access to secure 
areas of a MTSA-regulated facility or vessel, as our investigators did 
for our May 2011 report and again for our May 2013 report.
    Through our work on the TWIC program, we have not identified any 
industry-wide common credential--beyond TWIC--that is used as a 
security tool for controlling access to individual, and often 
privately-owned, entities. Moreover, the Federal Government, which 
provides access to its many departments and agencies, does not use a 
single identification credential for controlling access to its 
facilities and vessels. Under the Federal model, agencies apply a 
standard for conducting background checks and creating the credentials. 
For example, as we reported in May 2011, TWIC is unlike other 
Federally-sponsored access control credentials, such as the Department 
of Defense's Common Access Card--the agency-wide standard 
identification card--for which sponsorship by an employer is required. 
For these Federal credentialing programs, employer sponsorship begins 
with the premise that an individual is known to need certain access as 
part of his or her employment. Further, the employing agency is to 
conduct a background investigation on the individual and has access to 
other personal information, such as prior employers, places of 
residency, and education, which it may confirm as part of the 
employment process and use to establish the individual's identity. 
According to our analysis, use of a decentralized credentialing 
approach could enhance the TWIC program's identity verification, 
vetting, and issuance controls by leveraging the employer and 
operator's knowledge of the individual's background and need for an 
access credential prior to conducting the Federal security threat 
assessment required as part of the TWIC program. In addition, localized 
control over credential issuance could enhance security by making it 
easier for individuals to replace lost or nonfunctioning credentials on 
site, and forgo potential travel times and waiting periods currently 
experienced under the TWIC program.
    Similarly, the decentralized aviation model may enhance security to 
a greater extent than the TWIC because this model includes employer 
sponsorship, background vetting at the local level, a Federal security 
threat assessment, and card revocation at the local level. For example, 
based on our prior work, in order to receive a SIDA, a person seeking a 
credential is sponsored by a previously vetted and authorized 
individual within the airport. This process provides greater assurance 
that the person seeking the credential has a real need for the 
credential and that the person is the person he or she claims to be on 
the application. Further, since the credential is valid only within a 
given airport, the person holding the credential cannot use that 
credential to access other airports where he or she has no legitimate 
need to gain access. As demonstrated by our covert tests, having a TWIC 
provided the appearance of legitimacy for our testers and allowed them 
to access multiple facilities with a single card. Moreover, the SIDA 
vetting process allows local airport authorities to see the criminal 
background check information pulled by DHS from the Federal Bureau of 
Investigation (FBI). Airport authorities use this information to make 
the determination about whether to grant or deny a credential. This 
allows the totality of an individual's criminal background to be 
considered, not just disqualifying offenses. We found that the 
Transportation Security Administration (TSA) has the authority and 
discretion to do this for the TWIC program but has seldom done so as 
part of the adjudication process.\5\ Consequently, under the SIDA 
model, airport authorities have greater control and ability to watch 
over the vetting process. Similarly, when local credentials are granted 
by local authorities, they can be customized for the unique needs of 
the facilities and can be revoked by the facilities, thus providing the 
facilities with greater control. As we found during our December 2011 
work on local credentialing programs, when Florida repealed provisions 
of law requiring workers accessing the State's 12 active deepwater 
public ports to undergo a State criminal history records check, 
individuals with criminal backgrounds who were kept out of the ports 
were allowed to return to work because they possessed a TWIC.\6\
---------------------------------------------------------------------------
    \5\ GAO-11-657.
    \6\ GAO-12-60.
---------------------------------------------------------------------------
    Regarding TSA's assertion that the lack of a common credential 
across the industry could leave facilities open to a security breach 
with falsified credentials, DHS has not provided or discussed with us 
any studies or evidence showing that use of a centralized common access 
credential enhances security beyond use of port- or facility-specific 
credentials supplemented by a Federal security threat assessment. As we 
reported in May 2011, unlike prior access control approaches that 
allowed access to a specific facility, the TWIC potentially facilitates 
access to thousands of facilities once the Federal Government attests 
that the TWIC holder has been positively identified and is deemed not 
to be a security threat. Further, DHS argues that the aviation 
industry's SIDA badge is not comparable to TWIC because airport workers 
generally work at only one airport. However, during the course of our 
work, DHS did not provide us with analysis on the number of TWIC 
holders that are ``transient'' or for whom a local port-specific 
credential(s) could necessitate the need for multiple credentials. 
Further, DHS did not provide us with analysis demonstrating that the 
majority of people seeking access to maritime facilities require more 
access control credentials than individuals working in the airport 
environment, or showing the extent to which requiring multiple access 
control credentials negatively affects security. Use of a single 
credential to access thousands of maritime facilities Nation-wide may 
prove to be more convenient for certain individuals or segments of the 
transportation industry. However, the TWIC program's primary intention 
is to enhance security. Given the lack of validated analysis available 
to support DHS's position on the security merits of using a common 
credential such as TWIC instead of a local port- or facility-specific 
credential supplemented by a Federal security threat assessment, we 
continue to believe that our May 2011 recommendation to DHS that it 
conduct an effectiveness assessment of the TWIC program, has merit and 
should be implemented. We also continue to believe that our May 2013 
suggestion to Congress that it consider requiring that DHS complete 
such an assessment, including a comprehensive comparison of alternative 
credentialing approaches, which might include a more decentralized 
approach for achieving TWIC program goals, before implementing a final 
regulation requiring the use of TWIC cards with biometric readers, has 
merit and should be implemented.
    Question 3. Considering the numerous delays and tribulations with 
the TWIC program over the past 11 years would the Department be able to 
produce a better product if only one component was responsible for the 
entire program?
    Answer. It is unclear that making one component responsible for the 
entire TWIC program would enhance the program at this time. The Coast 
Guard has primary responsibility for ensuring the safety and security 
of maritime ports and has individuals stationed at the ports, among 
other things. However, TSA manages the resources for conducting 
required security threat assessments for TWIC and other transportation-
related credentials. Therefore, moving the security threat assessment 
function to the Coast Guard may create duplication, though we have not 
conducted work in this area.

                                 
