WASHINGTON – Two anti-terrorism ID programs have been sent back to the drawing board and a third is being farmed out to private companies after costing hundreds of millions of dollars.
Begun after the Sept. 11, 2001, hijackings, the programs were supposed to help prevent catastrophic terrorist attacks on the U.S. transportation system by checking airline passenger names against watch lists and providing special identification cards to every worker with access to airports, railroads, seaports or trucks.
So far, the Transportation Security Administration — which has been overseeing development of the three programs— has not gone beyond testing, has issued no IDs and has screened no passengers against terrorist lists.
TSA chief Kip Hawley defended the agency's efforts this week, saying the projects by their very nature use expensive and unreliable advanced technology.
All three are back on track, Hawley said. "Massive changes have happened here," he said. "We have a good acquisitions team and a good process."
According to documents obtained by The Associated Press, the agency has spent more than $200 million on the Transportation Worker Identity Credential, Secure Flight and Registered Traveler programs.
On all three, the TSA and contractors hired by the agency have spent more than anticipated, missed deadlines and raised questions about their ability to protect the public's privacy and the private sector's commercial interests.
Congressional investigators have warned repeatedly that the agency is mismanaging the programs.
"Five years after 9/11, the Bush Administration and TSA are stuck in neutral on critical security measures," said Massachusetts Rep. Ed Markey, a senior Democrat on the Homeland Security Committee.
"The lack of oversight by this Republican Congress on this program and countless others is just another reason Americans are ready to head in a new direction in November," Markey said.
Hawley called Secure Flight the most important of the three projects. It is envisioned as a computer-based program to check all airline passengers' names against terrorist watch lists before they board an airplane.
Airlines already check names against the lists and alert TSA officials when a passenger's name appears similar to one on a watch list. The system has led to thousands of false identifications. More than 30,000 people who are not terrorists have asked TSA to remove their names from the lists since Sept. 11, 2001.
The TSA for four years tried to develop a technology system to take over the task of checking names against watch lists. The major contractors on the project were IBM, Lockheed Martin and Eagle Force Associates. Also involved in testing were Acxiom Corp., HNC Software, Infoglide Software, and Ascent Technology.
In February, the Government Accountability Office found security vulnerabilities with Secure Flight and it was suspended for retooling — after $110 million had been spent.
Hawley said the project stalled because of debate about whether it should try to identify unknown terrorists — which raises civil liberties concerns — or simply match names against watch lists.
"That debate was played out," he said. "Congress said this is simply going to be watch-list matching."
The Transportation Workers Identity Credential, or TWIC, is an ID card to be issued to about 6 million longshoremen, mechanics, airport workers, locomotive engineers and truck drivers — if they pass government background checks. The card will use a biometric identifier — fingerprint or eye scan, for example.
Bearing Point, a Virginia consulting firm, did the bulk of TWIC development so far.
But years after the first cards were supposed to be issued, a contractor hasn't been chosen, a technical standard hasn't been issued for the card reader and regulations haven't been written to describe who will be required to get the card.
On Friday, the GAO reported that TSA must test the program to make sure the technology can work in harsh outdoor environments and that it won't delay the movement of goods.
"That is moving along and it is going to work," said Hawley, adding that TSA is pursuing a card that can be read without making physical contact with a machine. "This is cutting-edge technology," he said.
Registered Traveler is supposed to be a smart card program for frequent flyers in which they pay for a background check and a biometric ID card so they can wait in shorter security lines.
The government tested Registered Traveler in five airports and let a private company — Verified Identity Pass Inc. — test it in Orlando, Fla. Contractors for the pilot project were Unisys and EDS.
Frequent flyers who enrolled in the test said they liked Registered Traveler. The TSA found it didn't compromise security. The test, though, was staged in so few airports that its benefits were limited.
The TSA pulled the plug on the government tests in September 2005 because that year's funding ran out. Two months later TSA said Registered Traveler would be up and running in June 2006. It would be turned over to a consortium of private companies to develop and operate.
On Monday, Hawley said the TSA had decided Registered Traveler was a low priority but that it would be ready by the end of November.
Some security experts say Congress never should have ordered the TSA to undertake such complex information technology projects because they're far more expensive than anyone imagined, and probably will not work as envisioned.
"I blame Congress," said James Carafano, homeland security fellow at the Heritage Foundation, a Washington think tank.
Congress dictates deadlines for untested projects without ever analyzing if it is a good requirement or whether it can be accomplished, Carafano said.