The Transportation Security Administration’s program for issuing security credentials at the nation’s ports remains unreliable, and could allow serious breaches, an inspector general’s report said.
Department of Homeland Security inspector general John Roth’s report, issued Sept. 1, said the TSA’s identification credentials system is in such a state of disarray that “there is a risk that someone with major criminal or immigration offenses maintains access to secured areas of maritime facilities.”
In March 2014, Jeffrey Tyrone Savage, a civilian truck driver who had an active TSA security card, managed to get past several layers of security at the Norfolk Naval Station in Virginia.
Savage was able to walk to a docked Navy destroyer, where he shot and killed Master at Arms 2nd Class Mark Mayo.
Savage’s TSA security card should not have allowed him to get so deep into the naval station. But the shooting highlighted what Sen. Mark Warner (D-Va.) said is a problem with TSA-issued security cards.
In a 2014 Senate hearing, Warner said there is a “wide-spread misunderstanding” that the TSA cards mean individuals carrying them have gone through extensive background checks.
In reality, he suggested, “it’s harder to get a job at McDonald’s” than it is to get a TSA card.
Since 2002, all individuals who need unescorted access to regulated port facilities must have an identification card, which includes an encrypted file that contains the user’s name, photo, two fingerprints and the card’s expiration date.
The cards are mostly issued to dockworkers, truckers, port employees and U.S. merchant mariners. More than 2.1 million cards are currently active.
Card applicants are screened against four databases to check their criminal histories, immigration status and whether they have any outstanding warrants or appear on terrorist watch lists.
Roth’s report said 60 percent of all applicants “may match one or more databases,”
which triggers a personal review by a TSA agent.
Roth’s report said the Government Accountability Office has issued two audits critical of the program, but the TSA has yet to address all of the watchdog’s recommendations.
In his own report, Roth said the TSA’s Office of Intelligence and Analysis “has not provided sufficient oversight and guidance” to correct problems with the credentialing program.
Roth said “ineffective fraud-detection techniques, inadequate guidance, missing quality control and insufficient planning for recurrent vetting reduce the reliability of TSA’s background check process.”
Roth pointed out TSA agents have not been trained in how to detect fraudulent documents like Social Security cards, and often have to rely on hunches and personal experience to determine whether the documents provided by the applicants are real or fake.
Roth said the guidance TSA provides screeners conducting manual evaluations of applicants flagged for review is “disorganized and difficult to use,” and is made up of a “collection of emails and memorandums without a table of contents or an index.”
Roth’s report also said cardholders are supposed to self-report and give up their cards if they are charged with a “disqualifying offense,” such as fraud, or identity theft. But the TSA told Roth’s investigators this has only happened once since 2007.
“Vulnerabilities in the … background-check process inhibit TSA from providing assurances that individuals with unescorted access to secure maritime facilities have not committed disqualifying criminal or immigration offenses” and have not committed such offenses since their cards were first issued, Roth said.
He recommended the TSA create a new office with the authority and oversight powers to bring all of the agency’s screening procedures under one roof.
In addition, Roth recommended the TSA conduct a thorough risk analysis to identify and correct weaknesses in the background-check program, and ensure agents have the training necessary to properly screen applications.
The TSA’s deputy administrator, Huban Gowadia, agreed with all the recommendations, but said the TSA does have several “controls and quality-assurance mechanisms” in place to manage the credentialing program.