The Transportation Security Administration has failed to effectively oversee the badging of airport employees with unescorted access to sensitive security areas at the nation’s airports, according to a partially redacted report from the Department of Homeland Security.
The Transportation Security Administration (TSA) has failed to effectively oversee the badging of airport employees with unescorted access to sensitive security areas at the nation’s airports, according to a partially redacted report from the Department of Homeland Security (DHS).
During an investigation carried out by DHS’s Office of the Inspector General (OIG), investigators found that badges have been issued to applicants whose applications were inaccurate or omitted critical information. The investigation also discovered that TSA does not require airport operators to conduct recurring FBI background checks on active badge holders to identify those who have committed disqualifying offenses since receiving their security badges.
“Consequently, the safety of airport workers, passengers, and aircraft is at risk due to the potential of inappropriate individuals obtaining airport badges,” reports the OIG, which has investigative authority over the department’s component parts like the TSA.
Airport workers who need access to sensitive portions of U.S. airports must go through a fingerprint-based FBI criminal history check as well as a security threat assessment (STA) conducted by the TSA. To carry out the process, however, TSA relies on designated airport badging employees to collect the necessary biographical and biometric information for the vetting process, including fingerprints, who then electronically transmit the data to the American Association of Airport Executives’ Transportation Security Clearinghouse (TSC). This data is then forwarded to the FBI for a criminal history records check and the results are then passed on to the TSA, where a decision is made to issue the badge after running the applicants’ information against selected databases.
According to the IG report, the TSA’s Transportation Threat Assessment and Credentialing Vetting Operations, which oversees the process, vets approximately 550,000 individuals every year. Applicants who are deemed an insider threat to aviation security are denied badges. Currently, about 890,000 individuals carry 1.2 million active badges, some individuals with more than one, giving them unescorted access to secured areas of the nation’s airports, including airplanes.
The OIG’s investigation discovered that an unspecified number of badges were issued to people with omitted or inaccurate information--such as STA status, birthdates, and birthplaces--on their badging applications. All numerical details were redacted in the released report. In one instance, investigators found that one individual in the TSC database had three active badges, with each application listing a different place of birth--the United Kingdom, Ukraine, and the United States.
Carter Morris, senior vice president of transportation security policy, said that because of privacy laws, the AAAE cannot check the accuracy of the data submitted to it, but ensure that the application is complete and acceptable to the federal government for vetting. In the instance above, he said the airport badging employee probably confused the place of birth codes required on the application. Confusingly, the code for the United Kingdom is not “UK” but “UN.” So when an airport badging employee entered “UK,” it registered that the applicant’s place of birth was the Ukraine. Regarding the third place of birth, the United States, Morris said that badging employee must have confused place of birth with citizenship.
Regardless, Morris said the AAAE will already taking steps to ensure that airport badging employees submit appropriate and accurate information to the TSC before its forwarded to the FBI and the TSA. “We’re going to take these recommendations to heart,” he said.
Investigators learned that airport operators and local TSA officials did not have an adequate understanding of the badging process. “Officials at the 12 airports visited did not know what happens to the data once they enter the [TSC],” the report explains. “These officials did not realize how data entry errors or transposed numbers related to key identifying elements could create vulnerabilities, be exploited, and provide the wrong individuals access to secured airport areas.”
The data integrity issues occurred, according to the IG, because TSA did not ensure that airports have quality assurance procedures for the badging process, did not ensure airports provide adequate training and tools to badging employees, and did not require its inspectors to verify airport data during TSA inspections. The OIG report also notes that TSA does not require airports to conduct recurring background checks to ensure active badge holders have remained law-abiding citizens.
TSA Spokesman Greg Soule told Security Management that the agency is developing a proposed regulation to require airport operators and badging personnel to meet improved standards for accuracy and completeness of applicant information submitted to TSA, addressing an OIG recommendation.
He also said that TSA runs recurrent checks of active badge holders against terrorism watch lists. “These recurrent checks are designed to reveal the most serious criminal activity related to terrorism by an individual occurring after his or her initial criminal history records check,” Soule said.
In response to the OIG report, Rep. Bennie G. Thompson (D-MS), the ranking member of the House Homeland Security Committee, urged the TSA to implement the report’s recommendations. “By making the vetting process for airport employees more thorough and comprehensive, we can improve security,” he said in a statement.
♦ Photo by Erik Charlton from flickr