Coalition for Secure Ports
Coalition for Secure Ports
About Us
WHAT'S BEEN ACCOMPLISHED
IMPROVING PORTS SECURITY
News
Contact
Home
Search Secure Ports.org

The Implementation of the Transportation Worker Identification Credential (TWIC) System For Marine Cargo Handling Facilities1

EXECUTIVE SUMMARY

Recommendation:

The Secretary of the Department of Homeland Security (DHS) must promulgate regulations implementing the Transportation Worker Identification Credential (TWIC) program as soon as possible to verify the identity of individuals with access to critical transportation infrastructure and cargo. These regulations must be the framework for a uniform national system. Such a system under which a governmental entity duly authorized by the Secretary performs requisite background records checks and issues TWICs to individual applicants who have a legitimate business purpose for obtaining one would obviate the need for redundant security credentials. Each individual applicant for a TWIC should be responsible for reasonable fees associated with performing the background checks and issuing his or her credential. Inasmuch as the TWIC is an essential element in the multi-layered maritime security regime authorized in the Maritime Transportation Security Act of 2002 (MTSA)2 and United States Coast Guard regulations for maritime security,3 TWICs must be issued as soon as possible in a manner consistent with these security requirements.

Rationale:

The absence of a uniform personal credential that vets the identity and background of individuals with access to secure areas of a marine cargo handling facility and cargo permits unnecessary vulnerabilities in a system that is otherwise being secured.

Legislative mandate as well as international and domestic maritime security regulations requires marine cargo handling facility operators to control the ability of vessels, vehicles, and individuals to gain access to the facility. How a facility performs its access control function is addressed in its facility security plan, a statutorily mandated security plan reviewed and approved by the Coast Guard pursuant to maritime security regulations that became effective July 1, 2004. The MTSA specifically directs the Secretary to issue biometric transportation security cards to individuals allowed unescorted access to secure areas as designated in such a facility security plan. However, this program has yet to be implemented, constituting a vital missing link in the chain of maritime security.

As recognized by the Coast Guard, commercial operations of a marine cargo handling facility generally necessitate the designation of the entire facility as a secure area because of the presence of critical transportation infrastructure, cargo, intermodal containers, and massive equipment.4 As a result, individuals with legitimate business purposes for their presence on the facility, including longshore workers, terminal employees, contractors, vendors, and other service providers, require verification of their identity before access may be granted. Currently, this verification is conducted pursuant to stop-gap Coast Guard regulations. Identification verification is achieved by checking a photo-ID issued by a governmental entity, employer, union, or trade association. Obtaining such a photo-ID does not require a criminal history records check or check against relevant national security data bases.

The MTSA mandates that a transportation security card shall not be issued unless the requisite background records check is conducted and the individual is deemed not to be a terrorism security risk to the United States. This requirement is based on sound security policy and its implementation is a necessary component of a maritime security regime that is already making considerable progress in enhancing facility and cargo security. The Transportation Security Administration (TSA), the agency with primary jurisdiction over the implementation of the TWIC program which DHS has expanded under alternative statutory authority5 to cover all transportation workers, is currently engaged in pilot programs in three ports to test technological solutions. Although progress is being made in the area of technological systems requirements, significant policy issues regarding implementation of the TWIC program are still outstanding. Unless immediately and appropriately resolved, these issues will cause further delays to the implementation of the program and risk efficient and secure facility operations.

This paper will discuss a workable controlled access system for verifying individual identity that is responsive to maritime security needs while at the same time facilitating the efficient and effective movement of cargo. The principles introduced here are solely intended to address the marine cargo handling facility but may have application to other modes of transportation.

1. Legal Authority for the TWIC Program

International Treaty and Legislative Mandate

In response to the need for a comprehensive international system for maritime security, the International Maritime Organization (IMO) amended the International Convention for the Safety of Life at Sea (SOLAS) through the adoption of the International Ship and Port Facility Security (ISPS) Code. The United States, a signatory to SOLAS, has implemented the ISPS through the promulgation of domestic maritime security regulations6 under the authority delegated to the United States Coast Guard in the MTSA.

Regulations Require Access Control

The Coast Guard's regulations for maritime security became effective on July 1, 2004, and in large part mirror the provisions of the ISPS Code. As such, the regulations for maritime security are consistent for port facilities throughout the world. Under this regulatory scheme, covered port facilities are required to conduct security vulnerability assessments from which appropriate facility security plans must be drafted. These security plans are subject to Coast Guard review and domestic facility operation is not permitted without the Coast Guard's approval of these plans.

Approved security plans, which are security sensitive information, are required to contain information about, among other items, handling cargo; incident response; monitoring; restricted areas; and access control.

Access control is a key component of maritime security. Measures to ensure facility access control can include perimeter security to prevent unauthorized vessels, vehicles, or people from obtaining entry. A facility with a secure perimeter would have limited controlled locations called access points at which those individuals duly authorized for entry can gain access. Access points are also where delivery, cargo, cargo documentation, and equipment interchange information are checked.

Whether or not an individual is authorized to gain entry to a facility is dependent upon the functions of the facility and the individual's purpose for seeking entry. The Coast Guard regulations require the "implementation of security measures to deter the unauthorized introduction of dangerous substances and devices, secure dangerous substances and devices that are authorized by the owner or operator to be on the facility; and control access to the facility."7 To do this, a facility "must ensure that an identification system is established for checking the identification of facility personnel or other persons seeking access to the facility that allows identification of authorized and unauthorized persons…."8 This regulatory language was drafted in response to the statutory mandate of the MTSA that requires the promulgation of regulations to "prevent an individual from entering an area of a vessel or facility that is designated a secure area by the Secretary for the purposes of a security plan for the vessel or facility…unless the individual holds a transportation security card issued under this section and is authorized to be in the area in accordance with the plan…."9

MTSA Authorizes the TWIC Program

While the MTSA requires the issuance of a biometric transportation security card for individuals seeking unescorted access to secure areas of maritime facilities, such a program has yet to be implemented. In publishing its final rules for maritime security, the Coast Guard instituted interim regulations for the utilization of suitable personal identification credentials until the TWIC program can be implemented.10 These interim regulations require the presentation of a laminated or otherwise tamper resistant credential that contains the individual's name, a photograph and the issuing authority, which must be a governmental entity or the individual's employer, union, or trade association.11

The implementation of the TWIC program is a critical component in fulfilling the mandate of MTSA and maritime security regulations that are based on a family of plans multi-layered approach.

2. Privatization: Federally Managed vs. Federally Regulated

The expeditious implementation of the TWIC program is a national security imperative. However, important policy issues have yet to be clearly resolved, placing the TWIC program at considerable risk.

Policy addresses made by both the outgoing Secretary and Deputy Secretary of the DHS; the TSA's recently published TWIC Stakeholder Brief; as well as the President's 2006 budget indicate that DHS may pursue privatization of the TWIC program.

An important distinction must be made in any discussion of the privatization of governmental security functions. That distinction is generally summarized as "federally managed versus federally regulated." Any potential regulation that would require maritime employers to vet employee backgrounds or issue TWICs will negatively impact the intended purpose of the program. A federally regulated TWIC program requiring marine cargo handling facility employers or their associations to vet employees or issue credentials would be inappropriate and counterproductive for a myriad of reasons including but not limited to the following:

  • Prevailing labor relationships in the organized maritime workplace would not permit direct employers or their collective bargaining associations to issue TWICs. Denying an employee a TWIC and thus the ability to access the workplace and earn a living is a serious undertaking. Government regulations that would put the onus on employers to vet or credential organized maritime employees would directly implicate longshore collective bargaining agreements and could threaten port operations and international commerce.
  • Current maritime industry models that credential certain longshore workers do so under governmental mandate through programs implemented by a governmental entity. Any such credential is issued by the governmental authority. To do otherwise introduces the risk of serious security compromises.
  • Serious security issues may arise if marine cargo handling facility employers, who will be required to apply for TWICs themselves, are also the vetting or issuing authority for TWICs.

Coast Guard maritime security regulations delineate access control to a marine cargo handling facility as a two-tier process: 1) only individuals who can verify their identity can potentially gain access; and 2) only if those verified individuals have an appropriate business purpose for needing access. That said, it would not be objectionable if the Secretary duly authorized a third-party vendor to vet employees and issue TWICs as long as the TWIC procurement process was a private matter between the employee and the issuing entity. At most, employers or their associations may be required to provide such vetting, and issuing entities some form of confirmation that the marine cargo handling facility employee or invitee TWIC applicant is eligible for a TWIC as an individual needing access to a secure facility.

3. Marine Cargo Handling Facilities — One Level of Access

Some proponents have suggested a multi-tiered access program for the TWIC. This envisions differing levels of access for individuals. While this approach might work at other transportation facilities, it would not work at marine cargo handling facilities as the Coast Guard has recognized.12

It is imperative that any marine cargo handling facility access control regime be operable within the conditions that prevail at these facilities. At major container facilities throughout the country thousands of gate moves (cargo being taken out or cargo being brought in) occur each day. The ability to process these moves in an efficient and secure manner is of strategic economic importance to the entire nation. The reliance on just-in-time delivery means that terminal delays have a ripple effect throughout the entire supply chain. Cargo delayed at a terminal can idle a factory or lead to empty store shelves.

According to Coast Guard regulations, each container terminal shall designate its restricted areas, which can be the entire terminal facility.13 Each terminal is uniquely configured and only the terminal operator can appropriately determine how access controls should be deployed. The TWIC program cannot mandate varying levels of access at a facility. There cannot be a general requirement for security zones within a secure area. Marine terminal operations generally require longshore workers, motor carriers, and certain service providers to move about different areas within the terminal as cargo functions warrant. Often a single longshore worker may be certified to perform various jobs that are located at different areas of a terminal. A separate security zone or zones required within the secure perimeter would require internal access control points which would be logistically burdensome, extremely costly, unproductive, and of no additional security benefit.

4. Credentialing Standards

Uniform Federal Standard

The federal government must create uniform federal standards for credentialing individuals who seek entry or have access to a marine cargo handling facility and/or security sensitive information wherever in the intermodal transportation chain they are located. Transportation workers often cross jurisdictions and would be subject to a wide variety of credentialing standards if one uniform national standard is not adopted. It is of critical importance that the TWIC should supersede redundant credentials issued by other entities. Moreover, uniformity in the system will make it easier to detect fraudulent credentials and deny access to those with improper credentials. This will enhance security as well as ease the regulatory burden for individuals needing access.

Issued by the Secretary

Notwithstanding the needs of the other transportation modes, the MTSA requires that TWICs for individuals needing unescorted access to a maritime facility that is required to operate under a Coast Guard approved facility security plan must be issued by the Secretary of DHS. As such, TWICs for these individuals should be issued by the federal government or by an appropriately delegated issuing authority according to federal standards.

Period of Validity

Notwithstanding the potential for invalidation caused by a subsequent act that would disqualify a TWIC holder, a TWIC should have a reasonable period of validity before a renewal would be required. Renewal is a good idea to ensure that photographs reasonably depict the current appearance of the TWIC holder. A five – to eight – year period may be appropriate. However, there must be an automatic mechanism that can invalidate a credential for intervening disqualifying acts that might occur during the credential's period of validity.

5. Credentialing System Requirements

The credential system should employ appropriate technology to process and validate credentials at a positive access control without impeding terminal operations. This should involve an interoperable electronic system that includes biometric identifying information. The credentialing system should detect invalid credentials, unauthorized users, inappropriate access to security sensitive information and inappropriate use of credentials. There must also be a staggered phase-in period for requiring credentials and background checks to ensure the availability of the workforce.

The pilot programs currently being conducted by TSA are testing potential solutions for these issues.

6. Obtaining Credentials

Privacy — Individuals Apply For and Obtain Their Own TWIC

Individuals required to have credentials must be responsible for obtaining their own credentials and ensuring that their employment screening and criminal history record check is accurate. TWIC applicants should also be responsible for fees required to perform the requisite background records check and issue the TWIC, just as an individual would pay for his or her own driver's license.

Denying a TWIC

The criteria for disqualifying acts should be related to terrorist threats or the real potential for vulnerability to terrorist or criminal activity. A meaningful appeals process for individuals who might face adverse employment actions as a result of the credentialing process should be instituted. Such a process should consider the potential for errors, mitigating circumstances, or evidence of rehabilitation.

This process should be a private matter between the TWIC applicant and the issuing authority. Employers should not have access to the information generated by an individual's government sponsored employment investigation and criminal history check, or information on any appeal that may result. It is anticipated that employers and employer associations may be required to provide the credentialing entity with authorization that certain individuals are entitled to apply for TWICs. Inasmuch as an employee may lose the ability to access the workplace because of some disqualifying act discovered in the credentialing process, employers and employer associations must be held harmless for adverse employment actions taken as a result of statutorily required credentialing.

7. Inter–Agency Participation is Vital in the Promulgation of Regulations

While TSA may be the lead agency in implementing the TWIC for all transportation workers, the Coast Guard must play a significant role in promulgating regulations for the TWIC program and its implementation within the maritime industry. In promulgating the regulations for maritime security, the Coast Guard has expanded upon its previous expertise in marine operations. By reviewing and approving domestic facility security plans, the agency has become very familiar with the maritime industry's business operations. As such, this expertise must be utilized in implementing the TWIC program. The experience that the various DHS agencies have in screening individuals needs to be appropriately applied to maritime workplaces in accordance with the maritime security regime supervised by the Coast Guard. The coordination of agency expertise will best serve the Nation's maritime security needs.

CONCLUSION

Significant progress in enhancing the security of the Nation's ports, critical infrastructure, and cargo supply chain has been made by the government and the private sector. This progress is based on a multi-layered approach to security that closes gaps and highlights potential breaches. As discussed, physical security — fencing, patrols, cargo screening — is critical but insufficient without information about the individuals who have access to the system. The full impact of current security efforts will not be realized until the layer that addresses personnel access is addressed. The background and criminal history of individuals seeking access to this system must be checked to ensure that individuals who pose a terrorist threat or other security threat are not granted access.

The system created to check personal backgrounds and criminal histories must be operable within existing marine cargo handling facility procedures so as not to interrupt international commerce, and trustworthy and uniform so as to ensure individual privacy and convenience. As such, the only model that would satisfy each of these vital criteria is includes:

  • uniform national standards for issuance;
  • the federal government or its duly authorized agent performing requisite background and criminal history records checks and issuing the TWIC;
  • appropriate assurances for the privacy of the individuals involved; and
  • a reasonable process for appeals in the event a TWIC is denied.

The drafters of the MTSA understood the importance of these factors and created the legislative mandate for such a program. It is now imperative that a TWIC program based on this model be implemented as soon as possible to fulfill the promise to the American public enacted in the MTSA.

 

1 Presented by the Waterfront Employer Industry as represented by the National Association of Waterfront Employers (NAWE), Pacific Maritime Association (PMA) and United States Maritime Alliance Limited (USMX). Collectively these entities handle 97% of containers moving in U.S. maritime commerce and a significant portion of bulk, break-bulk, and RO-RO cargo as well.

2 Pub. Law No. 107-295, 116 Stat. 2073 (herein cited as "MTSA").

3 33 CFR Chapter 1, Subchapter H, Part 101 et seq. (hereinafter referred to as "maritime security regulations").

4 33 CFR Chapter 1, Subchapter H, Part § 105.260(b); 68 Fed. Reg. 60528.

5 USA Patriot Act of 2001; Aviation and Transportation Security Act of 2001.

6 33 CFR Chapter 1, Subchapter H, Part 101 et seq.

7 33 CFR Chapter 1, Subchapter H, Part §105.255(a)(1),(2), and (3).

8 Id. at § 105.255(c)(1).

9 MTSA at § 70105(a)(1).

10 68 Fed. Reg. 60460.

11 33 CFR Chapter 1, Subchapter H, Part § 101.515.

12 33 CFR Chapter 1, Subchapter H, Part § 105.260(b); 68 Fed. Reg. 60528.

13 33 CFR Chapter 1, Subchapter H, Part § 105.260(b).


Mission | Background | Members | Accomplishments | Improving Port Security | News | News Archive | Contact