TSA Can Improve Aviation Worker Vetting, DHS OIG, 2015
Download original document:
This text is machine-read, and may contain errors. Check the original document to verify accuracy.
TSA Can Improve Aviation Worker Vetting (Redacted) OIG-15-98 June 4, 2015 DHS OIG HIGHLIGHTS TSA Can Improve Aviation Worker Vetting June 4, 2015 Why We Did This We conducted this review to identify enhancements to the Transportation Security Administration’s (TSA) vetting of workers with access to secure areas of commercial airports for links to terrorism, criminal history, and lawful status. We also assessed the accuracy and reliability of data TSA uses for vetting. What We Recommend TSA should request and review additional watchlist data, require that airports improve verification of applicants’ right to work, revoke credentials when the right to work expires, and improve the quality of vetting data. What We Found TSA’s multi-layered process to vet aviation workers for potential links to terrorism was generally effective. In addition to initially vetting every application for new credentials, TSA recurrently vetted aviation workers with access to secured areas of commercial airports every time the Consolidated Terrorist Watchlist was updated. However, our testing showed that TSA did not identify 73 individuals with terrorism-related category codes because TSA is not authorized to receive all terrorism-related information under current interagency watchlisting policy. TSA had less effective controls in place for ensuring that aviation workers 1) had not committed crimes that would disqualify them from having unescorted access to secure airports areas, and 2) had lawful status and were authorized to work in the United States. In general, TSA relied on airport operators to perform criminal history and work authorization checks, but had limited oversight over these commercial entities. Thus, TSA lacked assurance that it properly vetted all credential applicants. Further, thousands of records used for vetting workers contained potentially incomplete or inaccurate data, such as an initial for a first name and missing social security numbers. TSA did not have appropriate edit checks in place to reject such records from vetting. Without complete and accurate information, TSA risks credentialing and providing unescorted access to secure airport areas for workers with potential to harm the nation’s air transportation system. TSA Response TSA concurred with all six recommendations. For Further Information: Contact our Office of Public Affairs at (202) 254-4100, or email us at DHS-OIG.OfficePublicAffairs@oig.dhs.gov www.oig.dhs.gov OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Table of Contents Results of Audit .....................................................................................2 Background……….……… ..................……………………………………………4 TSA Can Enhance Its Process for Vetting Aviation Workers ....................9 TSA Can Improve the Reliability of Its Vetting Data ....…………………...14 Recommendations …………………………………………………………………..16 Appendixes Appendix Appendix Appendix Appendix Appendix A: B: C: D: E: Transmittal to Action Official ……………………………20 Scope and Methodology…………………………………...21 TSA Comments to the Draft Report...………………….23 Major Contributors to This Report... ...............……..30 Report Distribution…………………..…………………….31 Abbreviations CBP CFR CHRC CSG DAC DHS EAB FBI IR&A NCTC OIG SAVE SIDA SSN TIDE TSA TVS USCIS VAD www.oig.dhs.gov Customs and Border Protection Code of Federal Regulations Criminal History Records Check Consolidated Screening Gateway Designated Aviation Channeler Department of Homeland Security Encounter Analysis Branch Federal Bureau of Investigation Investigations, Referrals & Analysis National Counterterrorism Center Office of Inspector General Systematic Alien Verification for Entitlements Program Secure Identification Display Area Social Security Number Terrorist Identities Datamart Environment Transportation Security Administration Transportation Vetting System United States Citizenship and Immigration Service Vetting Analysis Division 1 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Results of Audit We reviewed the Transportation Security Administration’s (TSA) controls over the vetting of aviation workers possessing or applying for credentials that allow unescorted access to secured areas of commercial airports. Specifically, we assessed TSA’s process for vetting workers for terrorist links, criminal history, and lawful status. We also sought to determine the accuracy and reliability of data TSA uses for vetting. We determined that TSA had multiple, layered controls for vetting workers for terrorism. TSA designed its vetting procedures to 1) match new applicants for credentials, and 2) repeatedly re-vet nearly 1 million existing credential holders against the Consolidated Terrorist Watchlist within minutes of receiving updated watchlist data. This process resulted in thousands of watchlist hits that TSA analysts manually reviewed during fiscal year 2014. TSA also proactively identified relationships between current credential holders and watchlisted individuals and nominated over 300 individuals to the watchlist across all credential programs. In addition, TSA recently made improvements to the quality of the aviation worker data used for vetting. Despite these layered controls, our testing showed that TSA did not identify 73 individuals with terrorism-related category codes. According to TSA data, these individuals were employed by major airlines, airport vendors, and other employers. TSA did not identify these individuals through its vetting operations because it is not authorized to receive all terrorism-related categories under current interagency watchlisting policy. Excluded categories TSA acknowledged that these individuals were cleared for access to secure airport areas despite representing a potential transportation security threat. TSA had less effective controls in place to ensure that airports have a robust verification process over a credential applicant’s criminal history and authorization to work in the United States. TSA did not perform recurrent criminal records checks similar to its terrorism vetting due to current law and FBI policies. TSA depended on 467 commercial airports and air carriers to verify credential holders’ criminal histories through a limited review process, and relied on the credential holders themselves to report disqualifying crimes to the airports where they worked. Further, TSA had to deny thousands of credentials to individuals because it could not verify their lawful status, even though airports represented that these individuals had passed the airports’ own work authorization verification. We identified thousands of TSA data records containing potentially incomplete and inaccurate biographic information. TSA relied on airports to gather www.oig.dhs.gov 2 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security complete and accurate information from the credential applicants. According to vetting officials, TSA can only vet workers based on data received from airports. While TSA had made some improvements to its data collection to meet its requirements, TSA lacked assurance that it properly vetted all credential applicants. We recommended that TSA work with the necessary interagency partners to determine if its aviation worker credential program warrants the receipt of additional categories of terrorism-related data, require airports to improve their verification of applicants’ right to work, and terminate credentials when the right to work expires. We also recommended that TSA take steps to ensure the data it uses for aviation worker vetting are complete and accurate. www.oig.dhs.gov 3 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Background TSA was created in 2001 to ensure the safety and free movement of people and commerce within the Nation’s transportation systems. As part of this mission, TSA also has statutory responsibility for properly vetting aviation workers such as baggage handlers and airline and vendor employees with unescorted access to Secure Identification Display Area (SIDA) and sterile areas of commercial airports. Chapter 49 of the Code of Federal Regulations (CFR) and TSA Security Directive 1542-04-08G require that individuals applying for credentials to work in secure areas of commercial airports undergo background checks prior to being granted badges that allow them unescorted access to secure areas. Each background check includes 1) a security threat assessment from TSA, including a terrorism check; 2) a fingerprint-based criminal history records check (CHRC); and 3) evidence of the applicants’ right to work in the United States. The CHRC determines whether the credential applicant has a disqualifying criminal offense in the previous 10 years. These crimes fall into 28 categories, including crimes involving air safety as well as violent felonies, fraud, and bribery. Under Security Directive 1542-04-08G, TSA relies on airport operators to collect and verify applicant data for individuals seeking credentials. This data includes each applicant’s name, address, date of birth, place of birth, country of citizenship, passport number, and alien registration number (if applicable). Social security number (SSN) is not currently a required field on the aviation worker credential application, but is collected if provided by the applicant. TSA also relies on airport or air carrier employees to collect an applicant’s fingerprints for the CHRC. Airports use one of three Designated Aviation Channelers (DAC) to submit prospective aviation worker information and changes to biographic data for existing workers to TSA. The DACs ensure the applicant’s biographic and fingerprint information is complete and formatted properly before forwarding the information to TSA for vetting. Once it receives biographic data from the Consolidated Screening Gateway (CSG), the Vetting Analysis Division (VAD) of TSA’s Office of Intelligence and Analysis uses the Transportation Vetting System (TVS) to match credential applicants against its extract of the DHS Watchlist Service to identify individuals with potential links to terrorism. TSA also re-vets airport workers with unescorted access to secure areas of commercial airports against the watchlist on a recurring real-time basis. That is, it performs a match of all existing airport workers every time it receives watchlist updates, which may www.oig.dhs.gov 4 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security happen many times in a day. 1 TSA’s matching model scores each worker it vets against the Consolidated Terrorist Watchlist using various rules, such as name matches; SSN, passport number or alien registration number matches; address matches; or combinations of different variables. TVS scores potential matches automatically and presents them to analysts for manual review and analysis. Analysts then determine whether the potential match represents a true name match. For true name matches, analysts prepare a preliminary vetting match report that includes all relevant information related to the match. VAD sends the report to TSA’s Investigations, Referrals & Analysis (IR&A) to help conduct a full investigation. Figure 1 provides an overview of this vetting process. As shown in figure 1, upon receiving information from VAD, the IR&A team performs additional research to determine whether a potential match is indeed a real match. If necessary, IR&A coordinates with other law enforcement or terrorism prevention agencies to arrive at a final disposition. In addition to aviation workers, TSA also recurrently re-vets over 13 million other credential holders in programs such as the Transportation Worker Identification Credential and Federal Aviation Administration Airmen Certificate. 1 www.oig.dhs.gov 5 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Figure 1. TSA Vetting Process Source: Department of Homeland Security (DHS) Office of Inspector General (OIG) analysis of TSA vetting procedures. www.oig.dhs.gov 6 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Based on its additional research, IR&A may direct the airport to: • • • grant the credential (for a new applicant), deny the credential (for a new applicant), revoke an existing credential (in the case of an existing credential holder who matched against the watchlist as part of the recurrent vetting process), or IR&A confers with other governmental organizations, such as the Federal Bureau of Investigation (FBI), that have nominated an individual to the watchlist or may have an open case on the individual. In some instances, other governmental organizations may request that TSA not direct the airport to deny or revoke a credential because the denial or revocation may impact an open investigation. TSA Security Directive 1542-04-08G requires airport operators to perform a CHRC for all employees who require unescorted access to SIDA and sterile areas of commercial airports, except for Federal, State, or local government employees who already have CHRCs performed as conditions of their employment. To perform the CHRC, applicants submit fingerprint records to the appropriate airport operators, who in turn provide the fingerprint records to TSA. TSA sends the fingerprint records to the FBI for a background check. FBI returns the results to airport operators through TSA. Airport operators are responsible for conducting reviews of the applicant’s criminal history for criminal offenses that would disqualify the individual from unescorted access to secured areas of an airport. Disqualifying offenses are listed in 49 CFR 1542.209 and include espionage; sedition; treason; crimes involving terrorism, transportation security, or explosives; some violent offenses; and some felonies. www.oig.dhs.gov 7 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Chapter 49 of the CFR and TSA Security Directive 1542-04-08G require that prospective credential applicants undergo immigration checks to ensure that the individuals have lawful presence and that airport operators verify the applicant’s authorization to work in the United States. This check occurs in two stages. First, airport operators collect and review documents validating that a credential applicant is authorized to work in the United States. For example, legal permanent residents and certain student visitors may have authorization to work in the United States, while tourists visiting the United States under a visitor visa would likely not have the right to work. The airport then forwards the validated file on the individual to TSA for a second review. During this review, TSA performs its verification to ensure that the individual has lawful status to be in the United States. According to TSA’s Security Directive, airports have to verify an individual’s authorization to work before sending their record to TSA for the security threat assessment, and not issue credentials unless the individual is authorized to work. To check a prospective credential holder’s lawful status, TSA’s Security Threat Assessment Operations verifies against the U.S. Citizenship and Immigration Service’s (USCIS) Systematic Alien Verification for Entitlements Program (SAVE) all individuals listed as being born outside the United States. SAVE provides the ability for Federal, State, or local benefit and licensing agencies to verify the immigration status of noncitizen applicants for Federal, State, or local benefits and licenses. In 2011, we reported that TSA’s oversight of commercial airports’ badging process needed improvement, and made recommendations to TSA to help improve the accuracy and completeness of vetting information, improve identity verification, and require recurrent vetting of applicant criminal histories. 2 TSA took some steps to improve in those areas, including issuing guidance to airports to help improve data quality and encourage airport operators to use Customs and Border Protection’s (CBP) Identification Verification guide for periodic training. However, TSA is not currently authorized under law and FBI policy to conduct recurrent criminal history records checks, although it has made efforts to gain the authorization to perform recurrent checks. DHS OIG, TSA’s Oversight of Airport Vetting Process Needs Improvement, OIG-11-95, July 7, 2011. 2 www.oig.dhs.gov 8 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security TSA Can Enhance Its Process for Vetting Aviation Workers TSA’s multiple, layered controls for vetting potential and existing credential holders against the Consolidated Terrorist Watchlist were generally effective. TSA performed initial and recurrent vetting, regularly tested the algorithms it uses for vetting, and proactively identified new terrorism suspects for nomination to the watchlist. An independent match performed by the National Counterterrorism Center (NCTC) found that overall, the TSA algorithms used and the manual review process were effective in identifying prospective and existing credential holders’ links to terrorism. However, we found that TSA did not receive certain terrorism-related category codes as part of the watchlist extract they used for vetting. Consequently, TSA’s vetting process did not identify 73 aviation workers with active badges that we determined had terrorism-related category codes. TSA had less effective controls in place for ensuring that airports vet aviation workers for disqualifying criminal records and authorization to work in the United States. TSA relied on airport operators to perform criminal history and work authorization checks and had limited access to documentation supporting the airports’ credentialing decisions. As such, TSA lacked awareness of applicants’ criminal histories. TSA also had to deny credentials to 4,800 individuals that the airports had previously cleared for work in the United States because it could not verify lawful status for those individuals. TSA’s Multi-Layered Process to Vet Workers for Links to Terrorism Was Generally Effective The vetting and re-vetting procedures that TSA used were generally effective in identifying credential holders with links to terrorism. For example, since its inception in 2003, TSA has directed airports to deny or revoke 58 airport badges as a result of its vetting process for credential applicants and existing credential holders. According to TSA’s vetting managers, TSA’s recurrent vetting process has been a crucial tool in ensuring the security of the Nation’s transportation system. TSA has also taken the following steps to continually enhance this vetting process: • TSA implemented a quality review process to test and refine the effectiveness of its scoring model. According to vetting officials, testing the scoring model allowed TSA to determine what percentage of potential matches would represent true name matches, and gave TSA the ability to optimize the number and type of matches it presented to analysts for manual review. • The VAD tested its name matching algorithms against those of its peers. According to TSA officials, in 2013, TSA participated in a name-matching contest sponsored by the Mitre Corporation along with three other DHS www.oig.dhs.gov 9 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security name-matching systems from CBP and USCIS. TSA’s TVS namematching capabilities ranked first in the contest among DHS entrants based on an overall quality measure. • In 2010, TSA created the Encounter Analysis Branch (EAB) team to leverage the vast amount of data it analyzed to proactively identify new terrorism suspects. For example, the EAB submits newly identified addresses, phone numbers, or other pertinent identifying information not currently included in a watchlist record. The EAB also submits new terrorist watchlist nominations, for example, if TSA determines there is sufficient information to link a credential holder to a known or suspected terrorist. According to TSA officials, for the 18-month period ending June 30, 2014, EAB analysis resulted in TSA submitting terrorist watchlist nominations and providing new information for records. In one example, TSA identified an aviation worker who As a result of TSA’s nomination, the aviation worker was added to the consolidated terrorist watchlist. TSA Did Not Identify 73 Workers with Links to Terrorism Although TSA’s vetting procedures for terrorism were mostly effective, our testing determined that TSA did not identify 73 individuals with links to terrorism. This occurred because TSA is not authorized under current interagency watchlisting policy to receive certain terrorism-related category codes as part of the watchlist extract they used for vetting. TSA acknowledged that individuals in these categories represented a potential transportation security threat. To assess the accuracy and effectiveness of TSA’s terrorism vetting procedures, we asked NCTC to match over 900,000 records of active aviation workers against NCTC’s Terrorist Identities Datamart Environment (TIDE). 3 Our analysis of NCTC results determined that TSA did not find 73 individuals linked to terrorism because the watchlist extract TSA received from the DHS Watchlist Service and used for vetting did not contain the terrorism codes associated with those individuals. 4 According to an official at the DHS Office of Policy, in order to receive additional categories of TIDE records, TSA must work with DHS to formalize a request to the Watchlisting Interagency Policy TSA maintains over 2 million aviation worker entities in the TVS vetting system. However, we did not submit all aviation worker records vetted by TSA to NCTC for matching. We eliminated inactive badge records that are retained by TSA, as well as badges for individuals who do not have access to secured areas of airports. 4 The Interagency Policy Committee responsible for watchlist policy determines what terrorismrelated categories are provided to TSA for vetting, while the DHS Watchlist Service provides allowable information to TSA. 3 www.oig.dhs.gov 10 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Committee through its Screening Coordination Office. Details on the individuals and their terrorism codes can be found in table 1. Table 1: Categories of Aviation Worker Records with Terrorism Links TerrorismRelated Terrorism Record Category Category Code Total Records Source: DHS OIG analysis of NCTC matching results. Aviation Worker Record Matches 73 As shown in table 1, codes TSA did not receive for vetting include According to the DHS Screening Coordination Office, codes are TIDE-only codes that are not included in the Terrorist Screening Database and cannot currently be used for vetting purposes. 5 In addition, interagency watchlisting guidance does not allow codes to be provided to TSA for aviation worker vetting. TSA’s VAD recognized that not receiving these codes represented a weakness in its program. VAD officials informed us that as part of its analysis efforts, VAD had independently identified derogatory information on some individuals, and subsequently determined that these individuals belonged to the missing categories. VAD officials informed us that without receiving these categories, TSA could not guarantee that it could consistently identify all questionable individuals. TSA officials believed that receiving these categories would at least give them an opportunity to monitor these individuals. In 2014, the TSA Administrator signed an internal TSA policy memo to partially address this potential weakness. In addition to category codes identified above, the TSA Administrator authorized his staff to request category codes for vetting. TSA’s policy memo states that individuals in such categories could pose potential threats to aviation security if TSA is not given a chance to examine the information and assess any potential associated risk. Classified derogatory information for subjects with an international nexus to terrorism is maintained in TIDE. Terrorist records that meet minimum substantive derogatory and identifying criteria requirements are exported to the Terrorist Screening Database, which serves as the U.S. Government’s consolidated terrorist watchlist. 5 www.oig.dhs.gov 11 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security TSA Relies on Airports for Criminal History and Work Authorization Checks Compared to the generally effective controls TSA had in place to link individuals with terrorism information, TSA lacked effective controls to ensure that aviation workers did not have disqualifying criminal histories and that they possessed lawful status and the authorization to work in the United States. Under current law and FBI policy, TSA is not authorized to perform recurrent criminal checks of aviation workers because aviation worker vetting is considered to be for non-criminal justice purposes. Therefore, TSA did not recurrently vet workers for criminal histories similar to the recurrent vetting it performed for terrorism information. Instead, it relied on airport operators to perform criminal history and work authorization checks with limited quality reviews. Ultimately, TSA had to deny credentials for 4,800 individuals whose work authorizations had been previously approved by airports because it was unable to verify their lawful status in the United States. TSA did not have an adequate monitoring process in place to ensure that airport operators properly adjudicated credential applicants’ criminal histories. Chapter 49 of the CFR, part 1542 and TSA Security Directive 1542-04-08G require airports to complete a fingerprint-based CHRC before approving an individual for unescorted access. While TSA facilitated the CHRC for aviation worker applicants, over 400 commercial airports maintained the ultimate authority to review and determine whether an individual’s criminal history contained disqualifying crimes under Federal law. 6 However, TSA officials informed us that airport officials rarely or almost never documented the results of their CHRC reviews electronically. TSA inspectors may view the hardcopy results of a CHRC during TSA’s annual security inspection at commercial airports. However, this is a limited review of as few as one percent of aviation workers. Without sufficient documentation, TSA cannot systematically determine whether individuals with access to secured areas of the airports are free of disqualifying criminal events. TSA and the airports are not legally authorized to conduct recurrent criminal history vetting, except for the U.S. Marshals Service Wants and Warrants database. Instead, airports relied on individuals to self-report disqualifying crimes. As individuals could lose their job if they report the crimes, individuals had little incentive to do so. Current FBI law and policy prohibit TSA from conducting recurrent criminal checks of aviation workers because aviation worker vetting is considered to be for non-criminal justice purposes. However, TSA has planned a pilot of the FBI’s “Rap Back” program in order to address the weakness of not having a recurrent criminal history records check. Under 6 According to TSA officials, TSA inherited criminal history procedures that were developed prior to the formation of TSA. TSA has drafted a proposed rule intended to strengthen criminal history vetting. The proposed rule remains in the clearance process as of May 2015. www.oig.dhs.gov 12 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security the program, TSA and/or the airports will receive automated updates from the FBI for new criminal history matches associated with individuals who have undergone criminal history records checks so that they might provide these results to airports for action. TSA is planning this pilot program for multiple airports in late 2015. Given recent incidents where aviation workers were charged with crimes such as smuggling illegal drugs or guns, recurrent vetting of criminal histories may help TSA identify criminals before they can pose a risk to transportation security. As previously discussed, TSA’s Security Directive required that airport operators first validate an individual’s authorization to work in the United States before forwarding the individual’s records to TSA for additional clearance. Based on TSA data, however, airports may not be consistently verifying that credential applicants possess the immigration status necessary to work in the United States. Typically, a person “authorized to work” has lawful status in the United States. If airport operators accurately performed the verifications prior to sending the applicants’ records to TSA, there should be minimal discrepancies between an “authorized to work” check and a lawful status check. However, according to program officials, TSA has had to send nearly 29,000 inquiries to credential applicants since program inception in 2004. These inquiries were necessary because TSA had questions about the applicants’ lawful status. Of those individuals, over 4,800 were eventually denied credentials because TSA determined that they did not prove lawful status even after appeal. This occurred despite the fact that these individuals had already received clearance from the airports as being authorized to work. The magnitude of individuals “authorized to work” for whom TSA cannot confirm lawful status may indicate a control weakness in the airports’ work verification process that should be addressed. 7 TSA’s Office of Security Operations performed annual inspections of commercial airport security operations, including reviews of the documentation that aviation workers submitted when applying for credentials. However, due to workload at larger airports, this inspection process may look at as few as one percent of all aviation workers’ applications. In addition, inspectors were generally given airport badging office files, which contained photocopies of aviation worker documents rather than the physical documents themselves. An official from this office told us that a duplicate of a document could hinder an inspector’s ability to determine whether a document is real or fake, because a photocopy may not be matched to a face, and may not show the security elements contained in the identification document. Since airports are required to collect and review documents validating an individual’s right to work in the United States, those documents should contain evidence of lawful status as well. 7 www.oig.dhs.gov 13 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Additionally, we found that TSA did not require airports to restrict the credentials of individuals who may only be able to work in the United States temporarily. Security Directive 1542-04-08G contains no requirement that airport operators limit the expiration date of an individual’s credential to the last date they are eligible to work in the United States. Under the Security Directive, TSA required airports to verify work authorizations upon badge renewal every 2 years, or whenever another credential was requested. If an individual’s authorization to work expired within a year or a month of the individual obtaining the credential, the individual would continue to be cleared for the credential because the airports did not put an expiration date on the credential consistent with the term of the work authorization. Without ensuring that an individual’s credential is voided when he or she is no longer authorized to work, TSA runs the risk of providing individuals access to secure airport areas even though they no longer have the authorization to work in the United States. TSA Can Improve the Reliability of Its Vetting Data TSA relied on airports to submit complete and accurate aviation worker application data for vetting. However, we identified thousands of aviation worker records that appeared to have incomplete or inaccurate biographic information. Incomplete or inaccurate aviation worker data can hinder TSA’s ability to identify individuals who may pose a risk to transportation security. Vetting Databases Contain Incomplete or Inaccurate Biographic Information Although TSA had implemented robust procedures, its vetting of terrorism information may be impacted by incomplete and inaccurate data. TSA Security Directive 1542-04-08G requires that TSA not initiate a security threat assessment of an applicant or current badge holder until the airport operators submit all biographic information for an individual, including the following: • • • • full legal first, middle and last name, gender, date of birth, and alien registration number or I-94 Arrival/Departure form number for non-U.S. citizens. Despite these requirements, we identified records in TSA vetting databases that contained potentially inaccurate or missing data. Specifically, we identified over 1,500 records in TSA’s screening gateway where an individual’s first name contained two or fewer characters; over 300 contained a single character. We identified an additional 75,000 records where individuals with active aviation www.oig.dhs.gov 14 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security worker credentials were listed in the CSG as being citizens of non-U.S. countries, but did not have passport numbers listed. Out of those records, over 14,000 also did not list alien registration numbers. According to TSA, the passport number is a desired field to collect, but is not required. Through analysis of TSA data, we determined that nearly 87,000 active aviation workers did not have SSNs listed. Pursuant to the Privacy Act, TSA is not authorized to require the collection of SSNs, although TSA’s data matching model identified the SSN as a strong matching element. TSA encouraged applicants to submit their SSNs during the application process; however, to the extent individuals applying for aviation worker credentials do not list their SSNs, TSA may be unable to identify additional strong matches for analysts to manually review. For full details of potentially incomplete or inaccurate biographic information, refer to table 2. Table 2: Potentially Incomplete or Inaccurate Biographic Information Provided to TSA Data Issue First Names with 2 Characters or Less No Alien Registration Number for Immigrants No Passport Number for Immigrants8 No SSNs Potentially Incomplete/Inaccurate Records 1,500 14,000 75,000 87,000 Source: DHS OIG analysis of TSA data. In addition to the data completeness issues that we identified, TSA had independently determined that airports may not be providing all aliases used by applicants undergoing security threat assessments. Complete and accurate aliases are important to the accuracy and effectiveness of TSA’s vetting processes. As such, TSA had issued correspondence to airports stating that legal name changes, birth name changes, maiden names, and spelling variations must be listed on the credential applications, and that TSA would reject applications where it determined a second name existed that was not listed on the application. However, in some instances, TSA may not have been aware that aliases existed for specific individuals. To the extent that airports do not ensure that aliases are captured and provided to TSA, TSA terrorism vetting may be limited for those individuals. While TSA considered passports to be excellent proof for identity verification and work authorization, it allows individuals to present other documents in place of passports. 8 www.oig.dhs.gov 15 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security TSA has taken steps to address some of these weaknesses. Specifically, TSA made system enhancements between 2012 and 2014 designed to improve the quality of data that it received from airports. These enhancements included policies such as rejecting dates of birth that indicate an individual is 14 years of age or under, or older than 105 years, or encouraging airports to submit electronic copies of required immigration paperwork with applications, in order to expedite the threat assessment process. These enhancements will become effective for new or reissued badges, which should happen within 2 years as required by TSA’s Security Directive. Recommendations We recommend that the TSA Acting Administrator: Recommendation 1. Follow up on TSA’s request to determine if its credential vetting program warrants the receipt of additional categories of terrorism related records. Recommendation 2. Issue guidance requiring that TSA’s annual security inspection process include verification of original documentation supporting airport adjudication of an applicant’s criminal history and work authorization. Recommendation 3. Pilot FBI’s Rap Back program and take steps to institute recurrent vetting of criminal histories at all commercial airports. Recommendation 4. Require airports to put an end date to credentials of individuals allowed to work in the United States temporarily. Recommendation 5. Analyze TSA’s denials of credentials due to lawful status issues to identify airports with specific weaknesses, and address these weaknesses with airport badging officials as necessary. Recommendation 6. Implement all necessary data quality checks necessary to ensure that all credential application data elements required by TSA Security Directive 1542-04-08G are complete and accurate. TSA Response We obtained written comments on a draft report from the Acting Deputy Administrator for TSA. We have included TSA’s comments, in their entirety, in appendix C. TSA concurred with all of the recommendations. www.oig.dhs.gov 16 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security OIG Analysis of TSA Comments Management Comments to Recommendation 1 TSA concurs with recommendation 1. TSA officials said TSA is coordinating with DHS to formulate its request to receive additional Terrorist Identities Datamart Environment (TIDE) records to carry out its statutory duties to assess threats to transportation. TSA anticipates completion of this action by the close of calendar year 2015. OIG Analysis The described actions satisfy the intent of this recommendation. This recommendation will remain open and resolved until TSA provides its formal written request to the Interagency Policy Committee for additional terrorismrelated records, or evidence that such a request cannot be implemented. Management Comments to Recommendation 2 TSA concurs with recommendation 2. TSA officials said TSA will take action to update the Compliance Program Manual to include a requirement for Transportation Security Inspectors to witness airport badging office review of applicant criminal history record checks (CHRC) and lawful status during a comprehensive inspection. The update is expected to be completed by September 30, 2015. OIG Analysis The described actions satisfy the intent of this recommendation. This recommendation will remain open and resolved until TSA provides an updated Compliance Program Manual containing additional requirements for the annual review of airport badging office checks of CHRCs and lawful status. Management Comments to Recommendation 3 TSA concurs with recommendation 3. TSA officials said TSA plans to initiate an FBI Rap Back pilot in late 2015 to help ensure full implementation across all eligible TSA-regulated populations in the future. OIG Analysis The described actions satisfy the intent of this recommendation. This recommendation will remain open and resolved until TSA provides evidence that it has initiated a Rap Back pilot at commercial airports to provide recurrent vetting of aviation workers. www.oig.dhs.gov 17 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Management Comments to Recommendation 4 TSA concurs with recommendation 4. TSA officials said TSA will publish guidance, no later than September 30, 2015, to all federalized airports to ensure that airport badge offices deactivate badges promptly when an individual’s temporary authorization to work in the United States is terminated. OIG Analysis The described actions satisfy the intent of this recommendation. This recommendation will remain open and resolved until TSA provides evidence it has issued guidance to federalized airports to ensure airport badging offices deactivate badges with temporary work authorizations that have terminated. Management Comments to Recommendation 5 TSA concurs with recommendation 5. TSA officials said TSA will work with airport operators to further analyze denials related to lawful status and will use a risk-based approach to identify and address specific weaknesses, as necessary, by September 30, 2015. To conduct the analysis, TSA will review applicable records in TSA systems to identify denials based on lawful status, validate reasons for the denials, and issue guidance to airports to address any noted weaknesses. OIG Analysis The described actions satisfy the intent of this recommendation. This recommendation will remain open and resolved until TSA provides evidence of its review and any guidance issued to airports to address noted weaknesses. Management Comments to Recommendation 6 TSA concurs with recommendation 6. TSA officials said TSA will continue to work with airport operators to identify and correct data anomalies, and implement lessons learned to improve the quality of data received from airport operators for vetting purposes. TSA will review and analyze data submissions from airport operators and issue additional guidance to airport operators to address noted weaknesses by September 30, 2015. OIG Analysis The described actions satisfy the intent of this recommendation. This recommendation will remain open and resolved until TSA provides evidence of www.oig.dhs.gov 18 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security its review of airport operator data submissions and any guidance issued to airport operators to address noted weaknesses. www.oig.dhs.gov 19 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Washington, D.C Appendix A Transmittal to Action Official www.oig.dhs.gov 20 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Appendix B Scope and Methodology The Department of Homeland Security Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978. This is one of a series of audit, inspection, and special reports prepared as part of our oversight responsibilities to promote economy, efficiency, and effectiveness within the Department. The objectives of our review were to identify potential enhancements to the TSA vetting process for individuals with access to secure areas of commercial airports and to determine the accuracy and reliability of data TSA uses to vet those individuals. We reviewed applicable laws, regulations, and security directives concerning TSA’s responsibilities in the vetting of individuals with access to secure areas of commercial airports. In addition, we reviewed prior OIG audit reports and U.S. Government Accountability Office reports on commercial airport security. We conducted site visits in Colorado Springs, Colorado; Annapolis Junction, Maryland; and Herndon and Arlington, Virginia. During these site visits we interviewed TSA officials and walked through the control processes and procedures for vetting individuals applying for credentials granting unescorted access to secure areas of commercial airports. The processes and procedures we examined included automated and manual procedures for vetting individuals against terrorism information; the adjudications process for immigration and criminal history checks; the coordination, disposition, and monitoring of terrorism cases; and the identification of new terrorism subjects using nonobvious link analysis. We did not interview DHS Office of Policy’s Screening Coordination Office. We received full databases of individuals holding or applying for secure access credentials from the CSG and the VAD. We analyzed individuals’ biographic data for accuracy and other data errors, and matched CSG data against VAD data to determine whether there was evidence that all individuals holding or applying for credentials were being vetted against terrorism information. We also collaborated with the National Counterterrorism Center to perform a data match of aviation worker’s biographic data against TIDE to determine if TSA identified all individuals with potential links to terrorism. We conducted this performance audit between May 2014 and February 2015 pursuant to the Inspector General Act of 1978, as amended, and according to generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to www.oig.dhs.gov 21 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security provide a reasonable basis for our findings and conclusions based upon our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives. www.oig.dhs.gov 22 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Appendix C TSA Comments to the Draft Report www.oig.dhs.gov 23 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security www.oig.dhs.gov 24 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security www.oig.dhs.gov 25 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security www.oig.dhs.gov 26 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security www.oig.dhs.gov 27 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security www.oig.dhs.gov 28 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security www.oig.dhs.gov 29 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Appendix D Major Contributors to This Report Tuyet-Quan Thai, Director, Forensics Division Scott Wrightson, Audit Manager, Forensics Division Charles Twitty, Referencer www.oig.dhs.gov 30 OIG-15-98 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Appendix E Report Distribution Department of Homeland Security Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director, GAO/OIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs TSA Audit Liaison Office of Management and Budget Chief, Homeland Security Branch DHS OIG Budget Examiner Congress Congressional Oversight and Appropriations Committees www.oig.dhs.gov 31 OIG-15-98 ADDITIONAL INFORMATION AND COPIES To view this and any of our other reports, please visit our website at: www.oig.dhs.gov. For further information or questions, please contact Office of Inspector General Public Affairs at: DHS-OIG.OfficePublicAffairs@oig.dhs.gov. Follow us on Twitter at: @dhsoig. OIG HOTLINE To report fraud, waste, or abuse, visit our website at www.oig.dhs.gov and click on the red "Hotline" tab. If you cannot access our website, call our hotline at (800) 323-8603, fax our hotline at (202) 254-4297, or write to us at: Department of Homeland Security Office of Inspector General, Mail Stop 0305 Attention: Hotline 245 Murray Drive, SW Washington, DC 20528-0305