News

FBI Allowed Suspected Terrorist To Get TWIC

(Note: This story has been updated to correct that the Maritime Security Program is a division of the FBI. An earlier version of the story incorrectly stated that the program was part of a different agency.)

The Department of Justice Inspector General (OIG) released a blistering report March 21 identifying “significant deficiencies relating to the FBI’s efforts to help ensure the security of our nation’s ports.”

Among the report’s findings: the FBI allowed a known terrorist suspect who was on a federal no-fly list to receive a Transportation Workers Information Credential (TWIC). The report highlighted one “particularly concerning” individual who “had access to large scale modes of maritime transportation and ports.”

A redacted version of the full report made available to the public notes that “fortunately,” because of intelligence gathered elsewhere, the FBI was able to interview (and presumably detain) the unnamed person later.

TWICs were created after 9/11 as part of measures designed to improve port safety and security, but they have been severely criticized as a costly and ineffective extra step that imposes large costs on mariners. TWIC cards include a chip with biometric information on the mariner or port worker holding it. But after years of delay, the Coast Guard still does not have a final rule for a machine that could read the chips. This led at least one member of Congress to mock the TWIC during a hearing as “an expensive library card.”

Among the deficiencies the report found are lapses in the information provided by the FBI to the Transportation Security Administration (TSA) for background checks for applicants for TWICs. “We believe FBI personnel may have made recommendations to the TSA regarding TWIC credentialing decisions without an adequate understanding of the TWIC program, the level of access a TWIC provides to restricted port facilities and vessels and the potential risks posed by such individuals possessing a TWIC,” according to the report.

The FBI is supposed to cross-check information given on a TWIC application, such as name, Social Security number or date of birth, with information on the federal terrorist watchlist. If there is a correlation, the vetting agent is supposed to create an “encounter.” The report blacked out the number of persons possessing a TWIC who were found to have been the subject of an “encounter.” It noted that some known terrorist suspects had either since lost their TWICs or have been removed from the no-fly list.

Relying on the Coast Guard, the FBI has never conducted its own formal independent maritime threat assessment. The FBI has a system called Guardian that flags potential incidents and categorizes them. According to the FBI, maritime-related incidents account for only 2 percent of Guardian-flagged incidents. Between FY 2014 and FY 2016, the FBI initiated full or preliminary investigations for 15 maritime-related Guardian incidents.

However, the OIG’s report said, “We identified Guardian records associated with TWIC-related encounters that were not categorized as Transportation or Maritime,” and were therefore not included in estimates of maritime threats the FBI compiled. The report concluded the FBI is relying on “incomplete information [that] can pose a significant threat to the maritime domain.”

The list of keywords used by FBI personnel to retrieve Guardian data did not include “TWIC,” “Transportation Worker Identification Credential,” or other relevant terms such as “stowaway,” submersible” or “submarine.” When the OIG’s team asked FBI personnel to conduct searches using the first two terms, the system flagged 206 Guardian incidents, of which 29 related to lost, stolen or counterfeit TWICs. According to FBI policy, all of these incidents should have received either preliminary or full investigations.

The report also found that even when individuals with TWICs were subjects of an FBI investigation, the investigators did not always communicate with officials in the FBI’s Maritime Security Program, which is part of the FBI’s National Joint Terrorism Task Force.

The report concluded, “Based on the foregoing, we believe the MSP does not currently identify all TWIC intelligence, and therefore does not have the information it needs to develop a complete understanding of the terrorism threat to the maritime domain.”

The FBI is not the only agency that comes up short in the OIG’s report.  The Coast Guard, the primary federal agency responsible for port security, was unable to provide estimates of how many TWIC readers are in activation or where they are located—information the FBI and other agencies would need to investigate maritime incidents.  The report notes that the Coast Guard’s final rule regarding TWICs requires card readers only for a group designated as Risk Group A, about 5 percent of the MTSA-regulated population, according to one estimate.

The report made nine recommendations to the FBI to strengthen its TWIC-related security procedures. The FBI agreed with all of them. The first recommendation was for the FBI “to conduct a full and independent evaluation of the terrorist threat to the maritime domain, with resulting intelligence products disseminated to key audiences.”

Other recommendations included better training of its personnel on the uses and purposes of TWICs, and better coordination between agencies.

The report’s full title is “Audit of the Federal Bureau of Investigation’s Management of Maritime Terrorism Threats.”  The full redacted report is available here.