Michael Tennant/New American
The federal government has entrusted the security of the nation’s airports to the Transportation Security Administration (TSA). Yet according to a recent report from the Department of Homeland Security’s Office of Inspector General (OIG), the agency’s bungling of an airport security badge vetting program allowed at least 11 individuals with criminal backgrounds to obtain access to secured airport areas. What’s more, says the OIG, because of the TSA’s lack of oversight, some individuals with criminal records may retain such access to this day.
According to the OIG, the TSA initially selected a single vendor, the American Association of Airport Executives’ (AAAE) Transportation Security Clearinghouse, to relay background check information to the TSA, which then submits the data for a Criminal History Records Check and a Security Threat Assessment. Only individuals who pass both screenings are to be given badges granting them unescorted access to secured airport areas.
Responding to requests from airports, the TSA created the Aviation Channeling Services Provider (ASCP) program in 2010 to offer them a choice of vendors for the badge vetting process. The next year it selected three vendors to participate in the program: AAAE, Telos ID, and L1 Identity Solutions (now MorphoTrust Enrollment Solutions).
This being a government project, it comes as no surprise that the OIG found that the TSA “did not properly plan, manage, and implement” it. In fact, the “project is still not completely implemented and continues to face challenges to accomplish its mission.” As of July 1, 2012, only a single airport had switched vendors (from AAAE to Telos ID), and MorphoTrust Enrollment Solutions was just beginning the testing phase of the project.
From the beginning, the project was doomed. “TSA did not have a written comprehensive plan for the ASCP project design and implementation,” noted the report. The agency has very little documentation on the project at all, and none about who made or approved project decisions. The project team supposedly made decisions, but no one can prove what they were because “TSA did not maintain team meeting minutes but relied on agendas as evidence of actions assigned to each responsible member of the team.”
The TSA also has no idea how much the project has cost thus far. Writes the OIG, “TSA did not track and report all project costs related to implementing the ASCP project.” As a result, it cannot say whether more than three vendors could have been acquired, and it “cannot be sure that it has not incurred unplanned additional costs.”
“TSA did not establish standard testing requirements,” says the report, “nor did the agency require that all vendors test system functionality with at least one airport.” When the time came for testing, the TSA was ready, but none of its vendors was; one had not completed testing nearly a year later. “Since TSA did not establish testing timeframe requirements, the agency could not hold the vendors accountable for delaying the ASCP project schedule.”
All of this ensured that the deployment of the project would be fraught with difficulties. Sure enough, when ASCP was finally deployed in April 2012, “airports began to experience significant problems with the new … system,” according to the OIG. “Airport operations were hindered because of aviation workers’ inability to access secured areas without proper badge authority.”