Rebuilding Iraq
Actions Still Needed to Improve the Use of Private Security Providers
Gao ID: GAO-06-865T June 13, 2006
GAO was asked to address (1) the extent to which coordination between the U.S. military and private security providers has improved since GAO's 2005 report, (2) the ability of private security providers and the Department of Defense (DOD) to conduct comprehensive background screenings of employees, and (3) the extent to which U.S. or international standards exist for establishing private security provider and employee qualifications. For this testimony, GAO drew from its July 2005 report on private security providers, and its preliminary observations from an ongoing engagement examining contractor screening practices.
Coordination between the U.S. military and private security providers still needs improvement. First, private security providers continue to enter the battle space without coordinating with the U.S. military, putting both the military and security providers at a greater risk for injury. Second, U.S. military units are not trained, prior to deployment, on the operating procedures of private security providers in Iraq and the role of the Reconstruction Operations Center, which is to coordinate military-provider interactions. While DOD agreed with our prior recommendation to establish a predeployment training program to help address the coordination issue, no action has been taken. Many private security providers and DOD have difficulty completing comprehensive criminal background screenings for U.S. and foreign nationals when data are missing or inaccessible. For example, a DOD policy requires biometric screening of most non-U.S. private security providers accessing U.S. bases in Iraq. Biometric screening (e.g., fingerprints and iris scans) measures a person's unique physical characteristics. Biometric screening is not as effective as it could be because the databases used to screen contractor employees include limited international data. Based on its work to date, GAO believes that incomplete criminal background screening may contribute to an increased risk to military forces and civilians in Iraq, and the military would benefit by reviewing the base security measures to ensure that the risk private security contractors may pose has been minimized. A report on screening will be issued in Fall 2006. No U.S. or international standards exist for establishing private security provider and employee qualifications. Reconstruction contractors told GAO during its review for its July 2005 report that they had difficulty hiring suitable security providers. Contractors replaced their security providers on five of the eight reconstruction contracts awarded in 2003 that were reviewed by GAO. Contractor officials attributed this turnover to various factors, including their lack of knowledge of the security market and of the potential security providers and the absence of useful agency guidance in this area. In our report, we recommended that the State Department, United States Agency for International Development, and DOD explore options that would enable contractors to obtain security services quickly and efficiently. In response to our recommendation, the agencies met in November 2005 and agreed that our recommendation was not practical. They determined that they could best assist contractors by providing access to information related to industry best practices and other security-related material.
GAO-06-865T, Rebuilding Iraq: Actions Still Needed to Improve the Use of Private Security Providers
This is the accessible text file for GAO report number GAO-06-865T
entitled 'Rebuilding Iraq: Actions Still Needed to Improve the Use of
Private Security Providers' which was released on June 13, 2006.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Testimony:
Before the Subcommittee on National Security, Emerging Threats, and
International Relations, Committee on Government Reform:
United States Government Accountability Office:
GAO:
For Release on Delivery Expected at 2:00 p.m. EDT:
Tuesday, June 13, 2006:
Rebuilding Iraq:
Actions Still Needed to Improve the Use of Private Security Providers:
Statement of William Solis, Director Defense Capabilities and
Management:
GAO-06-865T:
GAO Highlights:
Highlights of GAO-06-865T, a testimony before the Subcommittee on
National Security, Emerging Threats and International Relations,
Committee on Government Reform House of Representatives.
Why GAO Did This Study:
GAO was asked to address (1) the extent to which coordination between
the U.S. military and private security providers has improved since
GAO‘s 2005 report, (2) the ability of private security providers and
the Department of Defense (DOD) to conduct comprehensive background
screenings of employees, and (3) the extent to which U.S. or
international standards exist for establishing private security
provider and employee qualifications. For this testimony, GAO drew from
its July 2005 report on private security providers, and its preliminary
observations from an ongoing engagement examining contractor screening
practices.
What GAO Found:
Coordination between the U.S. military and private security providers
still needs improvement. First, private security providers continue to
enter the battle space without coordinating with the U.S. military,
putting both the military and security providers at a greater risk for
injury. Second, U.S. military units are not trained, prior to
deployment, on the operating procedures of private security providers
in Iraq and the role of the Reconstruction Operations Center, which is
to coordinate military-provider interactions. While DOD agreed with our
prior recommendation to establish a predeployment training program to
help address the coordination issue, no action has been taken.
Many private security providers and DOD have difficulty completing
comprehensive criminal background screenings for U.S. and foreign
nationals when data are missing or inaccessible. For example, a DOD
policy requires biometric screening of most non-U.S. private security
providers accessing U.S. bases in Iraq. Biometric screening (e.g.,
fingerprints and iris scans) measures a person‘s unique physical
characteristics. Biometric screening is not as effective as it could be
because the databases used to screen contractor employees include
limited international data. Based on its work to date, GAO believes
that incomplete criminal background screening may contribute to an
increased risk to military forces and civilians in Iraq, and the
military would benefit by reviewing the base security measures to
ensure that the risk private security contractors may pose has been
minimized. A report on screening will be issued in Fall 2006.
No U.S. or international standards exist for establishing private
security provider and employee qualifications. Reconstruction
contractors told GAO during its review for its July 2005 report that
they had difficulty hiring suitable security providers. Contractors
replaced their security providers on five of the eight reconstruction
contracts awarded in 2003 that were reviewed by GAO. Contractor
officials attributed this turnover to various factors, including their
lack of knowledge of the security market and of the potential security
providers and the absence of useful agency guidance in this area. In
our report, we recommended that the State Department, United States
Agency for International Development, and DOD explore options that
would enable contractors to obtain security services quickly and
efficiently. In response to our recommendation, the agencies met in
November 2005 and agreed that our recommendation was not practical.
They determined that they could best assist contractors by providing
access to information related to industry best practices and other
security-related material.
[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-865T].
To view the full product, including the scope and methodology, click on
the link above. For more information, contact William Solis at (202)
512-8365 or solisw@gao.gov.
[End of Section]
Mr. Chairman and Members of the Subcommittee:
I am pleased to be here today to discuss issues related to the use of
private security providers by U.S. government agencies and the
contractors that are helping to rebuild Iraq. As you know, because of
the continued hostilities in Iraq, the United States as well as other
governments and nongovernmental agencies are relying heavily on private
firms to provide security for those helping to build a democratic Iraq.
This is the first time that the United States has depended on
contractors to provide such extensive security in a hostile
environment, although it has previously contracted for more limited
security services in Afghanistan, Bosnia, and elsewhere.
Because of growing interest by members of Congress in the use of
private security providers in Iraq, we began a review under the
Comptroller General's authority and issued a report in July 2005 on the
use of private security providers in Iraq.[Footnote 1] We reported
that:
* Agencies and reconstruction contractors made extensive use of private
security providers because providing security for these organizations
is not part of the U.S. military's stated mission. We reported that the
reconstruction contractors' efforts to obtain security met with mixed
results as they often found that the security providers they selected
could not meet their needs. We recommended that the Secretaries of
State and Defense and the Administrator of United States Agency for
International Development (USAID) explore options to assist contractors
in obtaining suitable security providers:
* The relationship between the U.S. military and private security
providers is based on cooperation and not control. It appeared that
coordination between the military and the private security providers
improved when the Reconstruction Operations Center (ROC) opened to
coordinate military-provider interactions.[Footnote 2] However, we
noted that additional actions could be taken to improve coordination
and recommended that units deploying to Iraq receive predeployment
training to better understand typical private security provider
operating procedures and the role of the ROC.
* Despite the significant role private security providers play in the
reconstruction of Iraq, none of the principal agencies responsible for
reconstruction had complete data on costs associated with using private
security providers. We recommended that the Secretaries of State and
DOD and the Administrator of USAID establish a means to track and
account for security costs to develop more accurate budget estimates.
There has been growth in the private security industry in Iraq. In our
2005 report, we reported that the Department of Defense (DOD) estimated
at least 60 private security providers were working in Iraq with
perhaps as many as 25,000 employees. In March 2006, the Director of the
Private Security Company Association of Iraq estimated that
approximately 181 private security companies were working in Iraq with
just over 48,000 employees.
Today, my testimony will address some of the issues we raised in our
2005 report as well our preliminary observations from an ongoing
engagement on the processes used to screen private security providers.
Specifically, my testimony today will address:
* the extent to which coordination between the U.S. military and
private security providers has improved since our 2005 report,
* the ability of private security providers and DOD to conduct
comprehensive background screenings of employees, and:
* the extent to which U.S. or international standards exist for
establishing private security provider and employee qualifications.
My testimony is based on our July 2005 report, a May 2006 visit to
Iraq, and our preliminary observations from an ongoing engagement
requested by this subcommittee on the effectiveness of the processes
used to screen contractor employees in the U.S. Central Command's area
of responsibility, which includes Iraq. To obtain our preliminary
observations on the effectiveness of the processes used to screen
contractor employees in Iraq, we have reviewed relevant documents such
as contracts, as well as DOD and governmentwide policies; met with DOD
officials both in the United States and Iraq, and interviewed
contractors providing services to deployed forces in Iraq as well as
professional background screeners in the United States and India. This
work is being done in accordance with generally accepted government
auditing standards.
Summary:
Although we reported in July 2005 that coordination between the U.S.
military and private security providers had improved since the
establishment of the ROC in October 2004, interviews with military
officials we met with in Iraq and with military officials that have
recently returned from Iraq indicate that coordination is still a
problem and needs further improvement. First, private security
providers are still entering the battle space without coordinating with
the U.S. military, putting both the military and security providers at
a greater risk for injury. Second, U.S. military units are not trained,
prior to deployment, on the operating procedures of private security
providers in Iraq and the mission and role of the ROC. In our 2005
report, we recommended that a predeployment training program would help
address the coordination issue. DOD agreed with our recommendation;
however, DOD has not issued any guidance or conducted training in
regard to working with or coordinating with private security providers
on the battle field.
On preliminary observations on the background screening of contractor
employees suggests that private security providers and DOD have
difficulty conducting comprehensive background screening when data are
missing or inaccessible. When doing background screenings of those
living in the United States, private security providers use public
information available at the county, state, or federal level and search
state criminal information repositories and commercial databases such
as those that collect information on incarcerations. None of these
types of searches, however, guarantees a comprehensive background
screening. Screening host nation and third[Footnote 3] country national
employees can be difficult because of inaccurate or unavailable records
in some countries. In addition, officials from some background
screening firms told us that some foreign laws restrict access to
criminal records. Finally, DOD's biometric[Footnote 4] screening of
most non-U.S. contractors (including employees of private security
providers) accessing U.S. installations in Iraq is not as effective as
it could be because the databases used to screen contractor employees
included only limited international data.
No U.S. or international standards exist for establishing private
security provider and employee qualifications. During our review for
our 2005 report, we found that reconstruction contractors had
difficulty hiring suitable security providers. Contractors replaced
their security providers on five of the eight reconstruction contracts
awarded in 2003 that we reviewed.[Footnote 5] Contractor officials
attributed this turnover to various factors, including their lack of
knowledge of the security market and of the potential security
providers and the absence of useful agency guidance in this area. We
recommended that the agencies explore options that would enable
contractors to obtain such services quickly and efficiently. Such
options could include (1) identifying minimum standards for private
security personnel qualifications, (2) training requirements and other
key performance characteristics that private security personnel should
possess, (3) establishing qualified vendor lists, and (4) establishing
contracting vehicles which contractors could be authorized to use. DOD
agreed with the recommendation and USAID did not comment on the
recommendation. The State Department disagreed with our recommendation
citing concerns that the government could be held liable for
performance failures, but determined that they could best assist
contractors by providing access to information related to industry best
practices and other security-related material.
Background:
Prior to the war in Iraq, DOD and the U.S. government agencies
responsible for the reconstruction of Iraq believed that reconstruction
would take place in an environment with little threat from insurgents
or terrorists. By June 2003, the security situation began to worsen,
and it became clear in August 2003 with the bombing of the United
Nations complex that insurgents were targeting nonmilitary targets.
As the Comptroller General testified before this subcommittee in April
2006, the poor security environment continues to be a concern as
insurgents demonstrate the ability to recruit, supply, and attack
coalition and Iraqi security forces, and impede the development of an
inclusive Iraqi government and effective Iraqi security forces. The
insurgency intensified through October 2005 and has remained strong
since then.[Footnote 6] According to a February 2006 testimony by the
Director of National Intelligence, insurgents are using increasingly
lethal improvised explosive devices and continue to adapt to coalition
countermeasures.
Our July 2005 report on private security providers addressed, among
other things, the mission of private security providers in Iraq, the
laws and guidance governing the conduct of private security providers,
and the cost impact of using private security providers.
The Mission of Private Security Providers in Iraq:
The mission of private security providers is to protect government
agency officials and reconstruction contractors in Iraq's unstable
security environment. Providers may be U.S. or foreign companies and
their staffs are likely to be drawn from various countries, including
the United States, the United Kingdom, South Africa, Nepal, Sri Lanka,
or Fiji, and may include Kurds and Arabs from Iraq. Generally, private
security providers provide the following services:
* Static security - security for housing areas and work sites,
* Personal security details - security for high-ranking U.S. officials,
* Security escorts - security for government employees, contractor
employees, or others as they move through Iraq,
* Convoy security - security for vehicles and their occupants as they
make their way into Iraq or within Iraq, and:
* Security advice and planning.
Laws and Guidance Governing Private Security Providers in Iraq:
During its existence, the Coalition Provisional Authority (CPA) issued
a number of orders or memoranda to regulate private security providers
and their employees working in Iraq between December 2003 and June
2004.[Footnote 7] Among these are CPA order number 3, which authorized
possession, use and registration of weapons used by private security
providers; CPA order number 17, which stated that contractors
(including private security providers) will generally be immune from
the Iraqi legal process for acts performed in accordance with the terms
and conditions of their contracts; and CPA Memorandum number 17, which
stated that private security providers and their employees must be
registered and licensed by the government of Iraq. According to the
Director of the Private Security Companies Association of Iraq, as of
June 1, 2006, the CPA memorandum and orders were still in effect.
In September 2005, U.S. Central Command's Staff Judge Advocate issued
interim legal guidance regarding DOD's use of private security
providers in Iraq. The September 2005 guidance permitted the use of
properly licensed private security providers to protect civilians,
contractors, nonmilitary facilities and equipment as well as static
military facilities and the military personnel and equipment within
them. In January 2006, the U.S. Central Command's Staff Judge Advocate
issued additional guidance which gave commanders in Iraq the authority
to use private security providers to provide security to convoys
transporting military supplies and to provide personal security.
Currently, DOD is using private security providers to guard facilities
located within U.S. bases and installations, and may expand its use of
private security providers based on the January 2006 guidance. However,
it is not clear to what extent DOD plans to make use of this expanded
authority.
Although private security providers are generally not subject to
prosecution under the Uniform Code of Military Justice in the absence
of a formal declaration of war by Congress, the federal government can
impose sanctions in response to acts of misconduct. For example,
private security providers are subject to prosecution by the Department
of Justice under applicable U.S. federal laws, to include the Military
Extraterritorial Jurisdiction Act,[Footnote 8] the special maritime and
territorial jurisdiction provisions of title 18 of the U.S.
code,[Footnote 9] and the War Crimes Act.[Footnote 10]
The Cost Impact of Private Security Providers in Iraq:
Despite the significant role played by private security providers in
enabling reconstruction efforts to proceed, neither the Department of
State, nor DOD, nor the USAID--the principal agencies responsible for
Iraq reconstruction efforts--had complete data on the costs associated
with using private security providers. As of December 2004, the
agencies and contractors we reviewed had obligated more than $766
million for security services and equipment, and by reviewing invoices
that providers of security services and equipment provided to the
contractors, we found that security costs had accounted for more than
15 percent of the contract's costs in 8 of the 15 contracts we
reviewed. We cautioned, however, that our estimates did not reflect
security-related costs incurred by subcontractors or lower tier
suppliers, or attempt to quantify the impact of the security
environment on the pace of reconstruction efforts caused by security-
related work stoppages or delays or the costs associated with repairing
the damage caused by the insurgency on work previously completed. In
January 2006, the State Department reported to Congress that direct and
indirect costs of security represented 16 to 22 percent of the overall
cost of major infrastructure reconstruction projects.[Footnote 11] DOD
officials acknowledged, however, that the estimate may not have
accounted for all security costs and that different methodologies and
methods were used to prepare the estimate.
Given the expectation of a relatively benign environment that would
require only a minimal level of security, such costs undoubtedly
diverted resources and contributed to decisions to cancel or reduce the
scope of some projects. In our view, the absence of reliable data in an
area critical to supporting U.S. efforts, limited the agencies' ability
to assess the impact of and manage security costs on future
reconstruction efforts. Consequently, we recommended in our July 2005
report that agencies develop a means to track and account for security
costs to develop more accurate budget estimates.
In early June 2006, the State Department issued a procurement
information bulletin in response to our recommendation. The Department
noted that DOD, USAID and the State Department had agreed to include
requirements for reconstruction contractors to report all costs for
private security supplies and services that the contractor or any
subcontractor may have to acquire necessary for the successful
performance of the contract. For example, for all future contracts
where performance or delivery takes place in Iraq, contractors are
required to include in their proposal an estimate of all costs expected
to be incurred by the contractor, or any tier of subcontractor, for
private security goods or services that the contractor or subcontractor
obtained as part of contract performance. The contractors will be
required to report similar information when submitting invoices for
payment for goods and services provided. If fully implemented, such an
approach should provide the Department with a clearer picture on the
impact of security costs on reconstruction contracts.
Coordination between the U.S. Military and Private Security Providers
Continues to Be a Problem:
Despite improvements in coordination between private security providers
and the U.S military, military officials we met with in Iraq in May
2006 and those who recently returned from Iraq said that coordination
continues to be a problem. Coordination between the U.S. military and
private security providers evolved from an informal coordination based
on personal relationships to a more structured, although voluntary,
mechanism--the ROC. U.S. military and contractor officials we spoke
with prior to issuing our July 2005 report had indicated that
coordination had improved.
While the ROC has helped improve coordination between the military and
security providers, military officials we spoke to during our May 2006
visit to Iraq and representatives from the 3rd Infantry Division remain
concerned about coordination. Officials from the 3rd Infantry Division,
who were located in Baghdad from January 2005 to January 2006, told us
that (1) they had a difficult time working and interfacing with private
security providers during their deployment because they had no means to
communicate with the private security providers, (2) they were
unfamiliar with the ROC, and (3) private security providers frequently
entered their battle space without notifying the division. Military
officials we spoke with stated that private security providers should
be required to coordinate with the military. Several U.S. military
officers whom we interviewed who served in Iraq said that they had a
responsibility to aid contractors who need assistance. If private
security providers do not coordinate their movements with military
units, it places both the U.S. military and the private security
providers at risk. Also, with better coordination, private security
providers would be informed of areas that were unsafe and either change
their route or delay the movement.
At the time we issued our report in July 2005, incidents of U.S.
military shooting at private security providers were a concern. During
the 5-month period of January through May 2005, the ROC received
reports of 20 friendly-fire incidents. It is likely that the number of
actual incidents during that time period was higher since some
providers told us they stopped reporting these types of incidents. For
the 12-month period, from June 1, 2005 to June 1, 2006, 12 incidents
were reported to the ROC. We spoke with the Director of the Private
Security Company Association of Iraq about these incidents, among other
things. He said that he believes the decrease in such incidents is the
result of better enforcement of the rules of engagement by the U.S.
military. In addition to better enforcement of the rules of engagement,
which require that U.S. troops determine whether a person's intent is
hostile before the military uses deadly force, the director of the ROC
believed that our 2005 report led to increased awareness of the issue.
We recommended in 2005 that the Secretary of Defense develop a training
package for units deploying to Iraq to improve coordination between the
U.S. military and private security providers. The training package
would include information on the ROC, typical private security provider
operating procedures, and any guidance or procedures developed by Multi-
national Force-Iraq (MNF-I) or Multi-national Corps-Iraq (MNC-
I)[Footnote 12] applicable to private security providers. Although the
Department of Defense agreed with our recommendation and tasked the
Joint Staff to develop the training package, no action had been taken.
Early this year, we contacted officials from the 10th Mountain Division
(who deployed to Iraq in early 2006) to determine if their
predeployment training had included any information on working with
private security providers. Division officials advised us that they had
received no information on working with private security providers.
While in Iraq, we met with Army officials at Camp Anaconda who told us
that they received little guidance regarding private security providers
in Iraq prior to deployment and stated that they needed better guidance
regarding the military's responsibility to private security providers.
Finally, in May 2006 while in Iraq we met with the director of the ROC
who told us that military units should receive some training regarding
private security providers before the units deployed to Iraq. He stated
that such training would help improve U.S. military and private
security provider coordination.
Missing or Inaccessible Data May Make Criminal Background Screening of
Private Security Provider Employees Difficult:
Private security providers and DOD have difficulty conducting
comprehensive criminal background screening when data are missing and
inaccessible. When doing such background screenings of those living in
the United States, background screening firms generally use public
information available at the county, state, or federal level or search
commercial databases such as those that collect information on
incarcerations or arrest records. None of these types of searches,
however, guarantees a comprehensive background screening. Private
security firms may find it difficult to complete background screenings
of their Iraqi and third country national employees because of a lack
of reliable information. In addition, DOD's program to biometrically
screen all Iraqi private security provider employees as well as most
third country nationals who are private security provider employees
seeking access to U.S. installations is not as effective as it could be
because of the limited number of international and foreign databases
available for screening. Because of the numerous difficulties in
screening employees, particularly those who do not live in the United
States, it may not be possible to know the true identities and
backgrounds of the thousands of private security provider employees
working in Iraq. This lack of knowledge increases the security risk to
U.S. military forces and civilians in Iraq.
Information Is Not Always Available or Accessible When Conducting
Criminal Background Screening:
Many private security providers that conduct criminal background
investigations use screening firms. The private security provider
requesting the screening determines the parameters of the background
screening. Information is not always available or accessible when
conducting criminal background investigations of U.S. nationals, third
country nationals, and Iraqi nationals. Another factor that can
contribute to difficulties is foreign privacy laws that make some
criminal information inaccessible according to screening firm
officials.
U.S. Nationals: When screening firms conduct background investigations
of those living in the United States, they generally use public
information available at the county, state, or federal level, search
state maintained criminal information repositories, and commercial
databases such as those that collect information on incarcerations.
However, none of these actions guarantees a comprehensive background
check. For example, screening companies may not review federal court
records if not directed to by the client. Furthermore, background
screening firms generally only check the records of the court that
maintains the preponderance of criminal data and may miss some records
maintained by specialized courts such as domestic or family law courts.
State repositories of information may not include all criminal data.
For example, one official from a background screening firm explained
that only 66 of the 88 counties in Ohio report crimes to the state
repository. Similarly, the State of Illinois reported that in 2003 only
59 percent of the computerized criminal history records they audited
had complete information. Furthermore, commercial databases may not
provide a complete background investigation because the databases may
not contain the most recent criminal data; certain criminal offenses
may not be reported; and there are no standards on how data in
commercial databases should be collected and validated.
Third Country Nationals: Screening third country nationals presents
additional challenges according to background screeners to whom we have
spoken. Officials from international background screening firms cited
the challenges in verifying criminal background information on third
country nationals because they are relying on the applicant to provide
all prior addresses. Since some countries, such as India, maintain
criminal data at the local level, persons doing the background
screenings may miss crimes that were committed in other locations
within the country if the applicant did not reveal all previous
addresses. Those doing screenings face other challenges as well. For
example, some countries lack criminal records or the records are
unreliable because of high levels of corruption according to
representatives of the screening firms we interviewed. Additionally,
some countries only maintain records for 3 to 5 years which some in the
background screening industry consider to be insufficient. Also, many
countries lack national identification numbers, which makes it
difficult to know if the person being screened was the person who
committed the crimes cited in the court or police records.
Iraqi Nationals: Some private security companies have been encouraged
by their clients to hire Iraqi nationals to put money back into the
Iraqi economy and to reduce security costs compared with the salaries
of other employees. However, screening Iraqi nationals is very
difficult because of a lack of criminal information. One firm we spoke
with told us that they have encountered problems screening Iraqi
nationals because the Iraqi police lack criminal records or criminal
information. Another company depends on their Iraqi subcontractors to
screen Iraqi applicants and may not have a clear understanding of how
the screening takes place. According to officials from one of the
private security providers we spoke with, their Iraqi subcontractor
claims to have a screening process, and the provider trusts the company
to provide qualified individuals. One company we spoke with told us
that they rely on local tribal leaders to screen their employees.
Finally, the Iraqi Ministry of the Interior also screens Iraqi private
security employees as part of the registration and licensing process.
Privacy Laws: Privacy laws may also make it difficult to complete
accurate screenings on those who live outside of the United States.
According to officials from background screening firms, some countries
do not permit criminal background searches of their citizens or limit
the type of information that can be released to a third party. In other
countries, criminal information cannot be given to third parties and is
only released to the applicant who can then determine whether to
release the information. According to screening company officials,
there are often issues related to the authenticity of documents
provided by applicants.
The Effectiveness of DOD's Biometric Screening in Iraq Is Limited
Because of Missing Data:
DOD conducts biometric screening of most non-U.S. private security
provider employees needing access to installations in Iraq; however,
the value of the screening process is limited because the databases
used to screen the applicants have little international biometric data.
In March 2005, shortly after a dining facility bombing at a U.S.
installation in Iraq killed 14 U.S. soldiers and wounded at least 50,
the deputy secretary of Defense issued a policy requiring the biometric
screening of most non -U.S. personnel (including private security
provider employees) seeking access to U.S. installations in Iraq. The
goal of this policy is to improve force protection for U.S. and
coalition forces in Iraq and to provide positive identification of
local and third country nationals accessing U.S. facilities.[Footnote
13] This policy requires that those seeking access to installations in
Iraq be fingerprinted, photographed, have their irises scanned and be
enrolled in one of two systems DOD uses to gather the required
biometric data. The biometric screening is in addition to the in-person
interview and screening of Iraqis (and some third country nationals)
wishing to access a base or installation.
Biometric information from the two installation access systems is sent
to DOD's Biometric Fusion Center in West Virginia where it is merged
with other biometric data to form the Automated Biometric
Identification System (ABIS). The Biometric Fusion Center screens the
applicant's data against the ABIS system as well as the FBI's
Integrated Automated Fingerprint Identification System (IAFIS)
database. The IAFIS database includes the fingerprint records of more
than 51 million persons who have been arrested in the United States as
well as information from databases maintained by other agencies such as
the Department of Homeland Security, the Department of State and the
International Criminal Police Organization (Interpol).[Footnote 14]
While DOD's biometric screening process has successfully identified
several persons seeking access to bases in Iraq who have criminal
records in the United States, the lack of international biometric data
limits its usefulness. According to an official from the FBI's Criminal
Justice Information Services Division, the IAFIS database includes
criminal fingerprint data from only a limited number of foreign
countries because some countries are reluctant to share criminal
history information and others do not have fingerprint repositories or
do not collect fingerprints in a manner compatible with the FBI's
system. In addition, although the IAFIS database includes about 50,000
fingerprint records from Interpol, Interpol does not maintain a
repository of all criminal offenses committed in the member countries.
Instead, Interpol's criminal database is composed of wanted notices
submitted by the member countries and the information is only retained
for 5 years. Access to international criminal biometric information is
vital to meeting DOD's goal of establishing the positive identification
of local and third country nationals accessing U.S facilities in Iraq.
Without access to foreign biometric information, DOD may find it
difficult to determine if third country nationals may pose a threat to
U.S. military and civilians in Iraq.
There Are No Established Standards to Assist Contractors in Obtaining
Suitable Security Providers:
At the time we issued our report in July 2005, there were no U.S. or
international standards that would establish security provider
qualifications in such areas as training and experience requirements,
weapons qualifications, and similar skills that are applicable for the
type of security needed in Iraq. Security industry associations and
companies have discussed the need for and desirability of establishing
standards, but as of June 2006, no such standards have been developed
or implemented. As we reported in our 2005 report, reconstruction
contractors had difficulty hiring suitable security providers.
Contractors replaced their security providers on five of the eight
reconstruction contracts awarded in 2003 that we reviewed.[Footnote 15]
Contractor officials attributed this turnover to various factors,
including their lack of knowledge of the security market and of the
potential security providers and the absence of useful agency guidance
in this area.
In our report, we recommended that the State Department, USAID, and DOD
explore options that would enable contractors to obtain security
services quickly and efficiently. Such options may include identifying
minimum standards for private security personnel qualifications,
training requirements and other key performance characteristics that
private security personnel should possess; establishing qualified
vendor lists; and/or establishing contracting vehicles which
contractors could be authorized to use. In response to our
recommendation, the State Department noted in November 2005 that it had
met with representatives from DOD and USAID to discuss ways to assist
contractors in acquiring security services. According to the State
Department, all agencies agreed that it was not practical to prequalify
vendors or establish contracting vehicles, in part due to concerns
regarding the agency's liability if contractors failed to perform.
Rather, they determined that they could best assist contractors by
providing access to information related to industry best practices and
other security-related material.
Concluding Observations:
Mr. Chairman, we believe two recommendations we made in our July 2005
report continue to have merit and should be implemented. Specifically,
we believe private security provider operations would be improved by
(1) developing a training package for deploying units to Iraq that
would provide information on the ROC, private security providers
operating procedures, and any MNF-I or MNC-I guidance on private
security providers and (2) further exploring options to assist
contractors in obtaining suitable security providers. Further, U.S.
military officials who have been in Iraq or who we interviewed during
our May 2006 visit stated that coordination between the military and
private security providers should be required. Given the increased risk
both parties are subject to when private security providers do not
coordinate their activities with the military, we believe U.S.
government agencies using private security providers in Iraq may want
to consider such a requirement utilizing the ROC as the focal point for
such a requirement. Additionally, based on our preliminary
observations, incomplete criminal background screenings may contribute
to an increased risk to military forces and civilians in Iraq. The
military would benefit by reviewing the installation security measures
in place in Iraq to ensure that the risk private security contractors
may pose has been minimized. Lastly, as noted in our July 2005 report,
our experience in Iraq has made us aware that future operations may
include reconstruction efforts in an unstable or deteriorating security
environment, thus requiring extensive use of private security
providers. Given their important role in Iraq, planning that includes
the use of private security providers will need to be incorporated in
future military operations and reconstruction efforts.
Mr. Chairman and members of the Subcommittee, this concludes my
prepared statement. I will be happy to answer any questions you may
have.
GAO Contacts and Acknowledgments:
For questions regarding this testimony, please call William Solis at
(202) 512-8365. Other key contributors to this statement were Vincent
Balloon, Carole Coffey, Grace Coleman, Laura Czohara, Gary Delaney,
Timothy DiNapoli, and Wesley A. Johnson.
FOOTNOTES
[1] GAO, Rebuilding Iraq: Actions Needed to Improve the Use of Private
Security Providers, GAO-05-737 (Washington, D.C.: July 28, 2005).
[2] The national ROC is located in Baghdad with six regional centers
collocated with the military's major subordinate commands.
Participation is open at no cost to all U.S. government agencies,
contractors, and nongovernmental organizations operating in Iraq. The
ROC and the regional centers are staffed with a combination of
military, U.S. government civilian, and contractor personnel and
provide such services as disseminating unclassified intelligence
information and specific threat assessments on future building sites
and planned vehicle routes to contractors; recording information about
incidents and threats to coalition forces; facilitating military
assistance, such as a quick reaction force or medical services, to
contractors in need; and facilitating communication between contractors
and U.S. military units.
[3] A third country national is a person working for a contractor who
is neither a citizen of the United States nor the host country.
[4] A biometric measures a person's unique physical characteristics
(such as fingerprints, hand geometry, facial patterns, or iris and
retinal scans) or behavioral characteristics (voice patterns, written
signatures, or keyboard typing techniques) and can be used to recognize
the identity, or verify the claimed identify, of an individual.
[5] On one additional 2003 contract, the contractor provided its own
security.
[6] GAO, Rebuilding Iraq: Governance, Security, Reconstruction, and
Financing Challenges, GAO-06-697T (Washington, D.C.: April 25, 2006).
[7] The CPA served as Iraq's interim government from April 2003 to June
28, 2004, and was responsible for overseeing, directing, and
coordinating rebuilding efforts.
[8] Military Extraterritorial Jurisdiction Act 18 U.S.C. 3261.
[9] Special maritime and territorial jurisdiction provisions of 18
U.S.C. 7(9).
[10] War Crimes Act 18 U.S.C. 2441.
[11] Department of State, Report to Congress, Section 2207 Report on
Iraq Relief and Reconstruction, January 2006.
[12] Multi-National Force-Iraq is responsible for counter-insurgency
operations to isolate and neutralize former regime extremists and
foreign terrorists and for organizing, training, and equipping Iraq's
security forces. Multi-National Corps-Iraq is the tactical unit of MNF-
I responsible for command and control of operations in Iraq.
[13] At the time of our visit to Iraq in May 2006, only a limited
number of bases were using the biometric information to verify the
identities of contractor employees accessing the base on a daily basis.
[14] States voluntarily provide fingerprint records to the FBI for
inclusion in the IAFIS database. According to FBI officials, not all
persons arrested and convicted of crimes in the U.S. are included in
the IAFIS database.
[15] On one additional 2003 contract, the contractor provided its own
security.
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site.
To have GAO e-mail you a list of newly posted products every afternoon,
go to www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125
Washington, D.C. 20548:
Public Affairs:
Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548: