Rebuilding Iraq

Actions Still Needed to Improve the Use of Private Security Providers Gao ID: GAO-06-865T June 13, 2006

GAO was asked to address (1) the extent to which coordination between the U.S. military and private security providers has improved since GAO's 2005 report, (2) the ability of private security providers and the Department of Defense (DOD) to conduct comprehensive background screenings of employees, and (3) the extent to which U.S. or international standards exist for establishing private security provider and employee qualifications. For this testimony, GAO drew from its July 2005 report on private security providers, and its preliminary observations from an ongoing engagement examining contractor screening practices.

Coordination between the U.S. military and private security providers still needs improvement. First, private security providers continue to enter the battle space without coordinating with the U.S. military, putting both the military and security providers at a greater risk for injury. Second, U.S. military units are not trained, prior to deployment, on the operating procedures of private security providers in Iraq and the role of the Reconstruction Operations Center, which is to coordinate military-provider interactions. While DOD agreed with our prior recommendation to establish a predeployment training program to help address the coordination issue, no action has been taken. Many private security providers and DOD have difficulty completing comprehensive criminal background screenings for U.S. and foreign nationals when data are missing or inaccessible. For example, a DOD policy requires biometric screening of most non-U.S. private security providers accessing U.S. bases in Iraq. Biometric screening (e.g., fingerprints and iris scans) measures a person's unique physical characteristics. Biometric screening is not as effective as it could be because the databases used to screen contractor employees include limited international data. Based on its work to date, GAO believes that incomplete criminal background screening may contribute to an increased risk to military forces and civilians in Iraq, and the military would benefit by reviewing the base security measures to ensure that the risk private security contractors may pose has been minimized. A report on screening will be issued in Fall 2006. No U.S. or international standards exist for establishing private security provider and employee qualifications. Reconstruction contractors told GAO during its review for its July 2005 report that they had difficulty hiring suitable security providers. Contractors replaced their security providers on five of the eight reconstruction contracts awarded in 2003 that were reviewed by GAO. Contractor officials attributed this turnover to various factors, including their lack of knowledge of the security market and of the potential security providers and the absence of useful agency guidance in this area. In our report, we recommended that the State Department, United States Agency for International Development, and DOD explore options that would enable contractors to obtain security services quickly and efficiently. In response to our recommendation, the agencies met in November 2005 and agreed that our recommendation was not practical. They determined that they could best assist contractors by providing access to information related to industry best practices and other security-related material.

GAO-06-865T, Rebuilding Iraq: Actions Still Needed to Improve the Use of Private Security Providers This is the accessible text file for GAO report number GAO-06-865T entitled 'Rebuilding Iraq: Actions Still Needed to Improve the Use of Private Security Providers' which was released on June 13, 2006. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Testimony: Before the Subcommittee on National Security, Emerging Threats, and International Relations, Committee on Government Reform: United States Government Accountability Office: GAO: For Release on Delivery Expected at 2:00 p.m. EDT: Tuesday, June 13, 2006: Rebuilding Iraq: Actions Still Needed to Improve the Use of Private Security Providers: Statement of William Solis, Director Defense Capabilities and Management: GAO-06-865T: GAO Highlights: Highlights of GAO-06-865T, a testimony before the Subcommittee on National Security, Emerging Threats and International Relations, Committee on Government Reform House of Representatives. Why GAO Did This Study: GAO was asked to address (1) the extent to which coordination between the U.S. military and private security providers has improved since GAO‘s 2005 report, (2) the ability of private security providers and the Department of Defense (DOD) to conduct comprehensive background screenings of employees, and (3) the extent to which U.S. or international standards exist for establishing private security provider and employee qualifications. For this testimony, GAO drew from its July 2005 report on private security providers, and its preliminary observations from an ongoing engagement examining contractor screening practices. What GAO Found: Coordination between the U.S. military and private security providers still needs improvement. First, private security providers continue to enter the battle space without coordinating with the U.S. military, putting both the military and security providers at a greater risk for injury. Second, U.S. military units are not trained, prior to deployment, on the operating procedures of private security providers in Iraq and the role of the Reconstruction Operations Center, which is to coordinate military-provider interactions. While DOD agreed with our prior recommendation to establish a predeployment training program to help address the coordination issue, no action has been taken. Many private security providers and DOD have difficulty completing comprehensive criminal background screenings for U.S. and foreign nationals when data are missing or inaccessible. For example, a DOD policy requires biometric screening of most non-U.S. private security providers accessing U.S. bases in Iraq. Biometric screening (e.g., fingerprints and iris scans) measures a person‘s unique physical characteristics. Biometric screening is not as effective as it could be because the databases used to screen contractor employees include limited international data. Based on its work to date, GAO believes that incomplete criminal background screening may contribute to an increased risk to military forces and civilians in Iraq, and the military would benefit by reviewing the base security measures to ensure that the risk private security contractors may pose has been minimized. A report on screening will be issued in Fall 2006. No U.S. or international standards exist for establishing private security provider and employee qualifications. Reconstruction contractors told GAO during its review for its July 2005 report that they had difficulty hiring suitable security providers. Contractors replaced their security providers on five of the eight reconstruction contracts awarded in 2003 that were reviewed by GAO. Contractor officials attributed this turnover to various factors, including their lack of knowledge of the security market and of the potential security providers and the absence of useful agency guidance in this area. In our report, we recommended that the State Department, United States Agency for International Development, and DOD explore options that would enable contractors to obtain security services quickly and efficiently. In response to our recommendation, the agencies met in November 2005 and agreed that our recommendation was not practical. They determined that they could best assist contractors by providing access to information related to industry best practices and other security-related material. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-865T]. To view the full product, including the scope and methodology, click on the link above. For more information, contact William Solis at (202) 512-8365 or solisw@gao.gov. [End of Section] Mr. Chairman and Members of the Subcommittee: I am pleased to be here today to discuss issues related to the use of private security providers by U.S. government agencies and the contractors that are helping to rebuild Iraq. As you know, because of the continued hostilities in Iraq, the United States as well as other governments and nongovernmental agencies are relying heavily on private firms to provide security for those helping to build a democratic Iraq. This is the first time that the United States has depended on contractors to provide such extensive security in a hostile environment, although it has previously contracted for more limited security services in Afghanistan, Bosnia, and elsewhere. Because of growing interest by members of Congress in the use of private security providers in Iraq, we began a review under the Comptroller General's authority and issued a report in July 2005 on the use of private security providers in Iraq.[Footnote 1] We reported that: * Agencies and reconstruction contractors made extensive use of private security providers because providing security for these organizations is not part of the U.S. military's stated mission. We reported that the reconstruction contractors' efforts to obtain security met with mixed results as they often found that the security providers they selected could not meet their needs. We recommended that the Secretaries of State and Defense and the Administrator of United States Agency for International Development (USAID) explore options to assist contractors in obtaining suitable security providers: * The relationship between the U.S. military and private security providers is based on cooperation and not control. It appeared that coordination between the military and the private security providers improved when the Reconstruction Operations Center (ROC) opened to coordinate military-provider interactions.[Footnote 2] However, we noted that additional actions could be taken to improve coordination and recommended that units deploying to Iraq receive predeployment training to better understand typical private security provider operating procedures and the role of the ROC. * Despite the significant role private security providers play in the reconstruction of Iraq, none of the principal agencies responsible for reconstruction had complete data on costs associated with using private security providers. We recommended that the Secretaries of State and DOD and the Administrator of USAID establish a means to track and account for security costs to develop more accurate budget estimates. There has been growth in the private security industry in Iraq. In our 2005 report, we reported that the Department of Defense (DOD) estimated at least 60 private security providers were working in Iraq with perhaps as many as 25,000 employees. In March 2006, the Director of the Private Security Company Association of Iraq estimated that approximately 181 private security companies were working in Iraq with just over 48,000 employees. Today, my testimony will address some of the issues we raised in our 2005 report as well our preliminary observations from an ongoing engagement on the processes used to screen private security providers. Specifically, my testimony today will address: * the extent to which coordination between the U.S. military and private security providers has improved since our 2005 report, * the ability of private security providers and DOD to conduct comprehensive background screenings of employees, and: * the extent to which U.S. or international standards exist for establishing private security provider and employee qualifications. My testimony is based on our July 2005 report, a May 2006 visit to Iraq, and our preliminary observations from an ongoing engagement requested by this subcommittee on the effectiveness of the processes used to screen contractor employees in the U.S. Central Command's area of responsibility, which includes Iraq. To obtain our preliminary observations on the effectiveness of the processes used to screen contractor employees in Iraq, we have reviewed relevant documents such as contracts, as well as DOD and governmentwide policies; met with DOD officials both in the United States and Iraq, and interviewed contractors providing services to deployed forces in Iraq as well as professional background screeners in the United States and India. This work is being done in accordance with generally accepted government auditing standards. Summary: Although we reported in July 2005 that coordination between the U.S. military and private security providers had improved since the establishment of the ROC in October 2004, interviews with military officials we met with in Iraq and with military officials that have recently returned from Iraq indicate that coordination is still a problem and needs further improvement. First, private security providers are still entering the battle space without coordinating with the U.S. military, putting both the military and security providers at a greater risk for injury. Second, U.S. military units are not trained, prior to deployment, on the operating procedures of private security providers in Iraq and the mission and role of the ROC. In our 2005 report, we recommended that a predeployment training program would help address the coordination issue. DOD agreed with our recommendation; however, DOD has not issued any guidance or conducted training in regard to working with or coordinating with private security providers on the battle field. On preliminary observations on the background screening of contractor employees suggests that private security providers and DOD have difficulty conducting comprehensive background screening when data are missing or inaccessible. When doing background screenings of those living in the United States, private security providers use public information available at the county, state, or federal level and search state criminal information repositories and commercial databases such as those that collect information on incarcerations. None of these types of searches, however, guarantees a comprehensive background screening. Screening host nation and third[Footnote 3] country national employees can be difficult because of inaccurate or unavailable records in some countries. In addition, officials from some background screening firms told us that some foreign laws restrict access to criminal records. Finally, DOD's biometric[Footnote 4] screening of most non-U.S. contractors (including employees of private security providers) accessing U.S. installations in Iraq is not as effective as it could be because the databases used to screen contractor employees included only limited international data. No U.S. or international standards exist for establishing private security provider and employee qualifications. During our review for our 2005 report, we found that reconstruction contractors had difficulty hiring suitable security providers. Contractors replaced their security providers on five of the eight reconstruction contracts awarded in 2003 that we reviewed.[Footnote 5] Contractor officials attributed this turnover to various factors, including their lack of knowledge of the security market and of the potential security providers and the absence of useful agency guidance in this area. We recommended that the agencies explore options that would enable contractors to obtain such services quickly and efficiently. Such options could include (1) identifying minimum standards for private security personnel qualifications, (2) training requirements and other key performance characteristics that private security personnel should possess, (3) establishing qualified vendor lists, and (4) establishing contracting vehicles which contractors could be authorized to use. DOD agreed with the recommendation and USAID did not comment on the recommendation. The State Department disagreed with our recommendation citing concerns that the government could be held liable for performance failures, but determined that they could best assist contractors by providing access to information related to industry best practices and other security-related material. Background: Prior to the war in Iraq, DOD and the U.S. government agencies responsible for the reconstruction of Iraq believed that reconstruction would take place in an environment with little threat from insurgents or terrorists. By June 2003, the security situation began to worsen, and it became clear in August 2003 with the bombing of the United Nations complex that insurgents were targeting nonmilitary targets. As the Comptroller General testified before this subcommittee in April 2006, the poor security environment continues to be a concern as insurgents demonstrate the ability to recruit, supply, and attack coalition and Iraqi security forces, and impede the development of an inclusive Iraqi government and effective Iraqi security forces. The insurgency intensified through October 2005 and has remained strong since then.[Footnote 6] According to a February 2006 testimony by the Director of National Intelligence, insurgents are using increasingly lethal improvised explosive devices and continue to adapt to coalition countermeasures. Our July 2005 report on private security providers addressed, among other things, the mission of private security providers in Iraq, the laws and guidance governing the conduct of private security providers, and the cost impact of using private security providers. The Mission of Private Security Providers in Iraq: The mission of private security providers is to protect government agency officials and reconstruction contractors in Iraq's unstable security environment. Providers may be U.S. or foreign companies and their staffs are likely to be drawn from various countries, including the United States, the United Kingdom, South Africa, Nepal, Sri Lanka, or Fiji, and may include Kurds and Arabs from Iraq. Generally, private security providers provide the following services: * Static security - security for housing areas and work sites, * Personal security details - security for high-ranking U.S. officials, * Security escorts - security for government employees, contractor employees, or others as they move through Iraq, * Convoy security - security for vehicles and their occupants as they make their way into Iraq or within Iraq, and: * Security advice and planning. Laws and Guidance Governing Private Security Providers in Iraq: During its existence, the Coalition Provisional Authority (CPA) issued a number of orders or memoranda to regulate private security providers and their employees working in Iraq between December 2003 and June 2004.[Footnote 7] Among these are CPA order number 3, which authorized possession, use and registration of weapons used by private security providers; CPA order number 17, which stated that contractors (including private security providers) will generally be immune from the Iraqi legal process for acts performed in accordance with the terms and conditions of their contracts; and CPA Memorandum number 17, which stated that private security providers and their employees must be registered and licensed by the government of Iraq. According to the Director of the Private Security Companies Association of Iraq, as of June 1, 2006, the CPA memorandum and orders were still in effect. In September 2005, U.S. Central Command's Staff Judge Advocate issued interim legal guidance regarding DOD's use of private security providers in Iraq. The September 2005 guidance permitted the use of properly licensed private security providers to protect civilians, contractors, nonmilitary facilities and equipment as well as static military facilities and the military personnel and equipment within them. In January 2006, the U.S. Central Command's Staff Judge Advocate issued additional guidance which gave commanders in Iraq the authority to use private security providers to provide security to convoys transporting military supplies and to provide personal security. Currently, DOD is using private security providers to guard facilities located within U.S. bases and installations, and may expand its use of private security providers based on the January 2006 guidance. However, it is not clear to what extent DOD plans to make use of this expanded authority. Although private security providers are generally not subject to prosecution under the Uniform Code of Military Justice in the absence of a formal declaration of war by Congress, the federal government can impose sanctions in response to acts of misconduct. For example, private security providers are subject to prosecution by the Department of Justice under applicable U.S. federal laws, to include the Military Extraterritorial Jurisdiction Act,[Footnote 8] the special maritime and territorial jurisdiction provisions of title 18 of the U.S. code,[Footnote 9] and the War Crimes Act.[Footnote 10] The Cost Impact of Private Security Providers in Iraq: Despite the significant role played by private security providers in enabling reconstruction efforts to proceed, neither the Department of State, nor DOD, nor the USAID--the principal agencies responsible for Iraq reconstruction efforts--had complete data on the costs associated with using private security providers. As of December 2004, the agencies and contractors we reviewed had obligated more than $766 million for security services and equipment, and by reviewing invoices that providers of security services and equipment provided to the contractors, we found that security costs had accounted for more than 15 percent of the contract's costs in 8 of the 15 contracts we reviewed. We cautioned, however, that our estimates did not reflect security-related costs incurred by subcontractors or lower tier suppliers, or attempt to quantify the impact of the security environment on the pace of reconstruction efforts caused by security- related work stoppages or delays or the costs associated with repairing the damage caused by the insurgency on work previously completed. In January 2006, the State Department reported to Congress that direct and indirect costs of security represented 16 to 22 percent of the overall cost of major infrastructure reconstruction projects.[Footnote 11] DOD officials acknowledged, however, that the estimate may not have accounted for all security costs and that different methodologies and methods were used to prepare the estimate. Given the expectation of a relatively benign environment that would require only a minimal level of security, such costs undoubtedly diverted resources and contributed to decisions to cancel or reduce the scope of some projects. In our view, the absence of reliable data in an area critical to supporting U.S. efforts, limited the agencies' ability to assess the impact of and manage security costs on future reconstruction efforts. Consequently, we recommended in our July 2005 report that agencies develop a means to track and account for security costs to develop more accurate budget estimates. In early June 2006, the State Department issued a procurement information bulletin in response to our recommendation. The Department noted that DOD, USAID and the State Department had agreed to include requirements for reconstruction contractors to report all costs for private security supplies and services that the contractor or any subcontractor may have to acquire necessary for the successful performance of the contract. For example, for all future contracts where performance or delivery takes place in Iraq, contractors are required to include in their proposal an estimate of all costs expected to be incurred by the contractor, or any tier of subcontractor, for private security goods or services that the contractor or subcontractor obtained as part of contract performance. The contractors will be required to report similar information when submitting invoices for payment for goods and services provided. If fully implemented, such an approach should provide the Department with a clearer picture on the impact of security costs on reconstruction contracts. Coordination between the U.S. Military and Private Security Providers Continues to Be a Problem: Despite improvements in coordination between private security providers and the U.S military, military officials we met with in Iraq in May 2006 and those who recently returned from Iraq said that coordination continues to be a problem. Coordination between the U.S. military and private security providers evolved from an informal coordination based on personal relationships to a more structured, although voluntary, mechanism--the ROC. U.S. military and contractor officials we spoke with prior to issuing our July 2005 report had indicated that coordination had improved. While the ROC has helped improve coordination between the military and security providers, military officials we spoke to during our May 2006 visit to Iraq and representatives from the 3rd Infantry Division remain concerned about coordination. Officials from the 3rd Infantry Division, who were located in Baghdad from January 2005 to January 2006, told us that (1) they had a difficult time working and interfacing with private security providers during their deployment because they had no means to communicate with the private security providers, (2) they were unfamiliar with the ROC, and (3) private security providers frequently entered their battle space without notifying the division. Military officials we spoke with stated that private security providers should be required to coordinate with the military. Several U.S. military officers whom we interviewed who served in Iraq said that they had a responsibility to aid contractors who need assistance. If private security providers do not coordinate their movements with military units, it places both the U.S. military and the private security providers at risk. Also, with better coordination, private security providers would be informed of areas that were unsafe and either change their route or delay the movement. At the time we issued our report in July 2005, incidents of U.S. military shooting at private security providers were a concern. During the 5-month period of January through May 2005, the ROC received reports of 20 friendly-fire incidents. It is likely that the number of actual incidents during that time period was higher since some providers told us they stopped reporting these types of incidents. For the 12-month period, from June 1, 2005 to June 1, 2006, 12 incidents were reported to the ROC. We spoke with the Director of the Private Security Company Association of Iraq about these incidents, among other things. He said that he believes the decrease in such incidents is the result of better enforcement of the rules of engagement by the U.S. military. In addition to better enforcement of the rules of engagement, which require that U.S. troops determine whether a person's intent is hostile before the military uses deadly force, the director of the ROC believed that our 2005 report led to increased awareness of the issue. We recommended in 2005 that the Secretary of Defense develop a training package for units deploying to Iraq to improve coordination between the U.S. military and private security providers. The training package would include information on the ROC, typical private security provider operating procedures, and any guidance or procedures developed by Multi- national Force-Iraq (MNF-I) or Multi-national Corps-Iraq (MNC- I)[Footnote 12] applicable to private security providers. Although the Department of Defense agreed with our recommendation and tasked the Joint Staff to develop the training package, no action had been taken. Early this year, we contacted officials from the 10th Mountain Division (who deployed to Iraq in early 2006) to determine if their predeployment training had included any information on working with private security providers. Division officials advised us that they had received no information on working with private security providers. While in Iraq, we met with Army officials at Camp Anaconda who told us that they received little guidance regarding private security providers in Iraq prior to deployment and stated that they needed better guidance regarding the military's responsibility to private security providers. Finally, in May 2006 while in Iraq we met with the director of the ROC who told us that military units should receive some training regarding private security providers before the units deployed to Iraq. He stated that such training would help improve U.S. military and private security provider coordination. Missing or Inaccessible Data May Make Criminal Background Screening of Private Security Provider Employees Difficult: Private security providers and DOD have difficulty conducting comprehensive criminal background screening when data are missing and inaccessible. When doing such background screenings of those living in the United States, background screening firms generally use public information available at the county, state, or federal level or search commercial databases such as those that collect information on incarcerations or arrest records. None of these types of searches, however, guarantees a comprehensive background screening. Private security firms may find it difficult to complete background screenings of their Iraqi and third country national employees because of a lack of reliable information. In addition, DOD's program to biometrically screen all Iraqi private security provider employees as well as most third country nationals who are private security provider employees seeking access to U.S. installations is not as effective as it could be because of the limited number of international and foreign databases available for screening. Because of the numerous difficulties in screening employees, particularly those who do not live in the United States, it may not be possible to know the true identities and backgrounds of the thousands of private security provider employees working in Iraq. This lack of knowledge increases the security risk to U.S. military forces and civilians in Iraq. Information Is Not Always Available or Accessible When Conducting Criminal Background Screening: Many private security providers that conduct criminal background investigations use screening firms. The private security provider requesting the screening determines the parameters of the background screening. Information is not always available or accessible when conducting criminal background investigations of U.S. nationals, third country nationals, and Iraqi nationals. Another factor that can contribute to difficulties is foreign privacy laws that make some criminal information inaccessible according to screening firm officials. U.S. Nationals: When screening firms conduct background investigations of those living in the United States, they generally use public information available at the county, state, or federal level, search state maintained criminal information repositories, and commercial databases such as those that collect information on incarcerations. However, none of these actions guarantees a comprehensive background check. For example, screening companies may not review federal court records if not directed to by the client. Furthermore, background screening firms generally only check the records of the court that maintains the preponderance of criminal data and may miss some records maintained by specialized courts such as domestic or family law courts. State repositories of information may not include all criminal data. For example, one official from a background screening firm explained that only 66 of the 88 counties in Ohio report crimes to the state repository. Similarly, the State of Illinois reported that in 2003 only 59 percent of the computerized criminal history records they audited had complete information. Furthermore, commercial databases may not provide a complete background investigation because the databases may not contain the most recent criminal data; certain criminal offenses may not be reported; and there are no standards on how data in commercial databases should be collected and validated. Third Country Nationals: Screening third country nationals presents additional challenges according to background screeners to whom we have spoken. Officials from international background screening firms cited the challenges in verifying criminal background information on third country nationals because they are relying on the applicant to provide all prior addresses. Since some countries, such as India, maintain criminal data at the local level, persons doing the background screenings may miss crimes that were committed in other locations within the country if the applicant did not reveal all previous addresses. Those doing screenings face other challenges as well. For example, some countries lack criminal records or the records are unreliable because of high levels of corruption according to representatives of the screening firms we interviewed. Additionally, some countries only maintain records for 3 to 5 years which some in the background screening industry consider to be insufficient. Also, many countries lack national identification numbers, which makes it difficult to know if the person being screened was the person who committed the crimes cited in the court or police records. Iraqi Nationals: Some private security companies have been encouraged by their clients to hire Iraqi nationals to put money back into the Iraqi economy and to reduce security costs compared with the salaries of other employees. However, screening Iraqi nationals is very difficult because of a lack of criminal information. One firm we spoke with told us that they have encountered problems screening Iraqi nationals because the Iraqi police lack criminal records or criminal information. Another company depends on their Iraqi subcontractors to screen Iraqi applicants and may not have a clear understanding of how the screening takes place. According to officials from one of the private security providers we spoke with, their Iraqi subcontractor claims to have a screening process, and the provider trusts the company to provide qualified individuals. One company we spoke with told us that they rely on local tribal leaders to screen their employees. Finally, the Iraqi Ministry of the Interior also screens Iraqi private security employees as part of the registration and licensing process. Privacy Laws: Privacy laws may also make it difficult to complete accurate screenings on those who live outside of the United States. According to officials from background screening firms, some countries do not permit criminal background searches of their citizens or limit the type of information that can be released to a third party. In other countries, criminal information cannot be given to third parties and is only released to the applicant who can then determine whether to release the information. According to screening company officials, there are often issues related to the authenticity of documents provided by applicants. The Effectiveness of DOD's Biometric Screening in Iraq Is Limited Because of Missing Data: DOD conducts biometric screening of most non-U.S. private security provider employees needing access to installations in Iraq; however, the value of the screening process is limited because the databases used to screen the applicants have little international biometric data. In March 2005, shortly after a dining facility bombing at a U.S. installation in Iraq killed 14 U.S. soldiers and wounded at least 50, the deputy secretary of Defense issued a policy requiring the biometric screening of most non -U.S. personnel (including private security provider employees) seeking access to U.S. installations in Iraq. The goal of this policy is to improve force protection for U.S. and coalition forces in Iraq and to provide positive identification of local and third country nationals accessing U.S. facilities.[Footnote 13] This policy requires that those seeking access to installations in Iraq be fingerprinted, photographed, have their irises scanned and be enrolled in one of two systems DOD uses to gather the required biometric data. The biometric screening is in addition to the in-person interview and screening of Iraqis (and some third country nationals) wishing to access a base or installation. Biometric information from the two installation access systems is sent to DOD's Biometric Fusion Center in West Virginia where it is merged with other biometric data to form the Automated Biometric Identification System (ABIS). The Biometric Fusion Center screens the applicant's data against the ABIS system as well as the FBI's Integrated Automated Fingerprint Identification System (IAFIS) database. The IAFIS database includes the fingerprint records of more than 51 million persons who have been arrested in the United States as well as information from databases maintained by other agencies such as the Department of Homeland Security, the Department of State and the International Criminal Police Organization (Interpol).[Footnote 14] While DOD's biometric screening process has successfully identified several persons seeking access to bases in Iraq who have criminal records in the United States, the lack of international biometric data limits its usefulness. According to an official from the FBI's Criminal Justice Information Services Division, the IAFIS database includes criminal fingerprint data from only a limited number of foreign countries because some countries are reluctant to share criminal history information and others do not have fingerprint repositories or do not collect fingerprints in a manner compatible with the FBI's system. In addition, although the IAFIS database includes about 50,000 fingerprint records from Interpol, Interpol does not maintain a repository of all criminal offenses committed in the member countries. Instead, Interpol's criminal database is composed of wanted notices submitted by the member countries and the information is only retained for 5 years. Access to international criminal biometric information is vital to meeting DOD's goal of establishing the positive identification of local and third country nationals accessing U.S facilities in Iraq. Without access to foreign biometric information, DOD may find it difficult to determine if third country nationals may pose a threat to U.S. military and civilians in Iraq. There Are No Established Standards to Assist Contractors in Obtaining Suitable Security Providers: At the time we issued our report in July 2005, there were no U.S. or international standards that would establish security provider qualifications in such areas as training and experience requirements, weapons qualifications, and similar skills that are applicable for the type of security needed in Iraq. Security industry associations and companies have discussed the need for and desirability of establishing standards, but as of June 2006, no such standards have been developed or implemented. As we reported in our 2005 report, reconstruction contractors had difficulty hiring suitable security providers. Contractors replaced their security providers on five of the eight reconstruction contracts awarded in 2003 that we reviewed.[Footnote 15] Contractor officials attributed this turnover to various factors, including their lack of knowledge of the security market and of the potential security providers and the absence of useful agency guidance in this area. In our report, we recommended that the State Department, USAID, and DOD explore options that would enable contractors to obtain security services quickly and efficiently. Such options may include identifying minimum standards for private security personnel qualifications, training requirements and other key performance characteristics that private security personnel should possess; establishing qualified vendor lists; and/or establishing contracting vehicles which contractors could be authorized to use. In response to our recommendation, the State Department noted in November 2005 that it had met with representatives from DOD and USAID to discuss ways to assist contractors in acquiring security services. According to the State Department, all agencies agreed that it was not practical to prequalify vendors or establish contracting vehicles, in part due to concerns regarding the agency's liability if contractors failed to perform. Rather, they determined that they could best assist contractors by providing access to information related to industry best practices and other security-related material. Concluding Observations: Mr. Chairman, we believe two recommendations we made in our July 2005 report continue to have merit and should be implemented. Specifically, we believe private security provider operations would be improved by (1) developing a training package for deploying units to Iraq that would provide information on the ROC, private security providers operating procedures, and any MNF-I or MNC-I guidance on private security providers and (2) further exploring options to assist contractors in obtaining suitable security providers. Further, U.S. military officials who have been in Iraq or who we interviewed during our May 2006 visit stated that coordination between the military and private security providers should be required. Given the increased risk both parties are subject to when private security providers do not coordinate their activities with the military, we believe U.S. government agencies using private security providers in Iraq may want to consider such a requirement utilizing the ROC as the focal point for such a requirement. Additionally, based on our preliminary observations, incomplete criminal background screenings may contribute to an increased risk to military forces and civilians in Iraq. The military would benefit by reviewing the installation security measures in place in Iraq to ensure that the risk private security contractors may pose has been minimized. Lastly, as noted in our July 2005 report, our experience in Iraq has made us aware that future operations may include reconstruction efforts in an unstable or deteriorating security environment, thus requiring extensive use of private security providers. Given their important role in Iraq, planning that includes the use of private security providers will need to be incorporated in future military operations and reconstruction efforts. Mr. Chairman and members of the Subcommittee, this concludes my prepared statement. I will be happy to answer any questions you may have. GAO Contacts and Acknowledgments: For questions regarding this testimony, please call William Solis at (202) 512-8365. Other key contributors to this statement were Vincent Balloon, Carole Coffey, Grace Coleman, Laura Czohara, Gary Delaney, Timothy DiNapoli, and Wesley A. Johnson. FOOTNOTES [1] GAO, Rebuilding Iraq: Actions Needed to Improve the Use of Private Security Providers, GAO-05-737 (Washington, D.C.: July 28, 2005). [2] The national ROC is located in Baghdad with six regional centers collocated with the military's major subordinate commands. Participation is open at no cost to all U.S. government agencies, contractors, and nongovernmental organizations operating in Iraq. The ROC and the regional centers are staffed with a combination of military, U.S. government civilian, and contractor personnel and provide such services as disseminating unclassified intelligence information and specific threat assessments on future building sites and planned vehicle routes to contractors; recording information about incidents and threats to coalition forces; facilitating military assistance, such as a quick reaction force or medical services, to contractors in need; and facilitating communication between contractors and U.S. military units. [3] A third country national is a person working for a contractor who is neither a citizen of the United States nor the host country. [4] A biometric measures a person's unique physical characteristics (such as fingerprints, hand geometry, facial patterns, or iris and retinal scans) or behavioral characteristics (voice patterns, written signatures, or keyboard typing techniques) and can be used to recognize the identity, or verify the claimed identify, of an individual. [5] On one additional 2003 contract, the contractor provided its own security. [6] GAO, Rebuilding Iraq: Governance, Security, Reconstruction, and Financing Challenges, GAO-06-697T (Washington, D.C.: April 25, 2006). [7] The CPA served as Iraq's interim government from April 2003 to June 28, 2004, and was responsible for overseeing, directing, and coordinating rebuilding efforts. [8] Military Extraterritorial Jurisdiction Act 18 U.S.C. 3261. [9] Special maritime and territorial jurisdiction provisions of 18 U.S.C. 7(9). [10] War Crimes Act 18 U.S.C. 2441. [11] Department of State, Report to Congress, Section 2207 Report on Iraq Relief and Reconstruction, January 2006. [12] Multi-National Force-Iraq is responsible for counter-insurgency operations to isolate and neutralize former regime extremists and foreign terrorists and for organizing, training, and equipping Iraq's security forces. Multi-National Corps-Iraq is the tactical unit of MNF- I responsible for command and control of operations in Iraq. [13] At the time of our visit to Iraq in May 2006, only a limited number of bases were using the biometric information to verify the identities of contractor employees accessing the base on a daily basis. [14] States voluntarily provide fingerprint records to the FBI for inclusion in the IAFIS database. According to FBI officials, not all persons arrested and convicted of crimes in the U.S. are included in the IAFIS database. [15] On one additional 2003 contract, the contractor provided its own security. GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to www.gao.gov and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, D.C. 20548: Public Affairs: Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: