Procurement Sleight of Hand Gave Contractors Access to Naval Bases

A member of the Navy checks vehicles at a gate to the Washington Navy Yard.

A member of the Navy checks vehicles at a gate to the Washington Navy Yard. Jacquelyn Martin/AP

Navy tapped government purchase cards, piggybacked on other contracts to acquire access control system.

This story has been updated throughout with detail.

The Navy Installations Command reached outside normal competitive channels to procure a flawed and risky commercial access control system that has allowed 65,000 contractors to routinely access its bases. The procurement process involved purchases on government credit cards 51 cents below the $2,500 maximum allowed, the Defense Department Inspector General said in a report released this week.

The Installations Command used a contract for a Navywide perimeter monitoring system run by the Naval Surface Warfare Center in Panama City, Fla., as the umbrella contract for the Navy commercial access control system, or NCACS, in 49 states and the Mariana Islands.  The command also tapped a contract for sensor systems run by the Naval Surface Warfare Center in Port Hueneme, Calif., to buy $9.9 million worth of handheld barcode scanners to check IDs at bases as part of the NCACS project, the IG reported.

The report also made it clear that the Installations Command outsourced base credentialing and background checks to a private contractor in order to save money.

In July 2010, the Installation Command selected the Rapidgate system developed by Eid Passport of Hillsboro, Ore., to vet contractor employees who needed routine base access for up to a year in place of the more secure Defense Department common access card issued to Aaron Alexis, an employee of a Hewlett-Packard Corp. subcontractor who killed 12 people at the Washington Navy Yard Monday.

The Rapidgate system consists of a registration station that takes a photo of the contractor and scans fingerprints, and a Web interface for submission of personnel information.

Eid Passport then uses a third party vendor to conduct a public records check, and when that is completed, issues a permanent ID badge, which a gate guard verifies with a handheld barcode scanner. The IG said that until that process is completed, contractor employees can receive temporary pass for 28 days.

The IG reported that flaws in the Rapidgate vetting process allowed 52 convicted felons to receive access to Navy installations ranging from 62 to 1,035 days, a lapse that “placed military personnel, dependents, civilians and installations at an unacceptable level of safety and security risks.”

Eid Passport sells its system on a subscription basis -- $159 for one employee to access a single base and $199 for multiple bases -- and the Installations Command, which does not have contracting authority, took advantage of this to procure seven subscriptions in April 2010 on a government purchase card through the General Services Administration.

The total price for those seven subscriptions came to $3,059; the IG said the Installations Command requested a price change authorization that resulted in a cost of $2,449.49, 51 cents below the Navy’s micro-purchase threshold.

To acquire NCACS for installations in the continental United States, Hawaii and the Marianas, in October 2011 the Installation Command directed 3e Technologies International of Rockville, Md., part of Ultra Electronics, to purchase eight Rapidgate subscriptions from Eid Passport under a contract run by the Naval Surface Warfare Center for a servicewide perimeter monitoring system, which would not include Rapidgate. Panama City contracting personnel were unaware of the Rapidgate subcontract, the IG said.

On Sept. 27, 2012, 3eTI subcontracted with Eid Passport for proprietary Rapidgate handheld scanners at the direction of the Naval District Washington Chief Information Officer through a contract with the Naval Surface Warfare Center in Port Hueneme for design, development, integration and testing of the critical infrastructure network.

The Port Hueneme contract did not cover the purchase of handheld scanners and the Port Hueneme contracting officer was unaware of the subcontract that the IG said was an “unauthorized commitment for out-of-scope work that would require use of competitive contracting procedures or a justification and approval for sole source.”

The Installations Command circumvented competitive contracting requirements in its acquisition of NCACS, the IG concluded.  In May 2012, the command issued a “sources sought” notice for vendors interested in a new phase of NCACS, but the notice stated no contract would be issued.

Eid Passport and Intellicheck/Mobilisa, a Port Townsend, Wash., company that supplies an access control system to the Army responded to the notice. Despite the fact that previous statements of work said Eid Passport vetted contractors against unreliable databases, the Installations Command determined only Eid Passport met its requirements and selected the company to continue work on NCACS.

The Installations Command pitched Rapidgate as a low-cost way to vet and provide IDs for contractors who do not require a CAC cards – such as delivery personnel – and estimated it would save $295 million over five years, as contractors would absorb the costs of the system, including subscription fees, with vetting and infrastructure outsourced to Eid Passport.

Contractors, meanwhile, planned to pass the costs of Rapidgate back to the Navy, with one Joint Strike Fighter contractor planning to add $1 million a year to its bill every year for five years to cover the costs of NCACS.

The IG said 9,657 companies with a total of 64,924 employees were enrolled in NCACS as of November 2011 and estimated Eid Passport took in $53 million a year that could be charged back to the Navy by contractors.  An analysis done by the Naval Supply Systems Command determined NCACS could potentially cost ten times more over ten years, the IG said.

The IG report concluded that “Rapidgate, did not effectively mitigate access control risks, and did so at a potentially exorbitant price to the Navy.” The IG also concluded that the command “took extraordinary measures to ensure the program continued to operate without contracting authority.”  The IG recommended that the command replace Rapidgate with a system that uses databases, such as the FBI’s National Crime Information Center, to vet contractor personnel.

The Installation Command in its Aug. 1 reply to the IG -- written six weeks before the Navy Yard attack -- said NCACS security checks “meet or exceed federal and DoD requirements for background vetting.”  The command added, “Discontinuing a successful system that has facilitated over 14,000,000 safe and secure visits will ensure there are unnecessarily long waiting lines at gates and access points . . . including some of our largest bases.”

Lt. Caroline Hutcheson, a Navy spokeswoman, said the service is in the process of reviewing the final report and its recommendations.

Sen. Claire McCaskill, D-Mo., said that based on her review of the IG report, NCACS “wasted money, allowed dozens of felons access to installations they should never have had, and utterly lacked competent oversight." She added, "It's clear that its existence constitutes an unnecessary danger to the Navy and its personnel, and it should be discontinued immediately.”

In a letter sent Tuesday to Navy Secretary Ray Mabus, McCaskill called out the service for allowing Eid Passport to conduct checks, despite its history of referring to unreliable databases and failing to include certain government databases.

She said the Navy Yard shooting “highlights the importance of complete, thorough background investigations of the contractors and subcontractors granted access to Navy installations” and asked for a briefing on contractor access to Navy installations on or before Friday, Sept. 27. 

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.