Rebuilding Iraq: Actions Still Needed to Improve the Use of	 
Private Security Providers (13-JUN-06, GAO-06-865T).		 
                                                                 
GAO was asked to address (1) the extent to which coordination	 
between the U.S. military and private security providers has	 
improved since GAO's 2005 report, (2) the ability of private	 
security providers and the Department of Defense (DOD) to conduct
comprehensive background screenings of employees, and (3) the	 
extent to which U.S. or international standards exist for	 
establishing private security provider and employee		 
qualifications. For this testimony, GAO drew from its July 2005  
report on private security providers, and its preliminary	 
observations from an ongoing engagement examining contractor	 
screening practices.						 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-06-865T					        
    ACCNO:   A55463						        
  TITLE:     Rebuilding Iraq: Actions Still Needed to Improve the Use 
of Private Security Providers					 
     DATE:   06/13/2006 
  SUBJECT:   Americans employed abroad				 
	     Biometric identification				 
	     Contract performance				 
	     Contractor personnel				 
	     Criminal background checks 			 
	     Federal aid to foreign countries			 
	     Federal procurement				 
	     Performance measures				 
	     Personnel qualifications				 
	     Personnel security policies			 
	     Security services contracts			 
	     Standards						 
	     Standards evaluation				 
	     Iraq						 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-06-865T

     

     * Summary
     * Background
          * The Mission of Private Security Providers in Iraq
          * Laws and Guidance Governing Private Security Providers in Ir
          * The Cost Impact of Private Security Providers in Iraq
     * Coordination between the U.S. Military and Private Security
     * Missing or Inaccessible Data May Make Criminal Background Sc
          * Information Is Not Always Available or Accessible When Condu
          * The Effectiveness of DOD's Biometric Screening in Iraq Is Li
     * There Are No Established Standards to Assist Contractors in
     * Concluding Observations
     * GAO Contacts and Acknowledgments
          * Order by Mail or Phone

Testimony

Before the Subcommittee on National Security, Emerging Threats, and
International Relations, Committee on Government Reform

United States Government Accountability Office

GAO

For Release on Delivery Expected at 2:00 p.m. EDT

Tuesday, June 13, 2006

REBUILDING IRAQ

Actions Still Needed to Improve the Use of Private Security Providers

Statement of William Solis, Director Defense Capabilities and Management

GAO-06-865T

Mr. Chairman and Members of the Subcommittee:

I am pleased to be here today to discuss issues related to the use of
private security providers by U.S. government agencies and the contractors
that are helping to rebuild Iraq. As you know, because of the continued
hostilities in Iraq, the United States as well as other governments and
nongovernmental agencies are relying heavily on private firms to provide
security for those helping to build a democratic Iraq. This is the first
time that the United States has depended on contractors to provide such
extensive security in a hostile environment, although it has previously
contracted for more limited security services in Afghanistan, Bosnia, and
elsewhere.

Because of growing interest by members of Congress in the use of private
security providers in Iraq, we began a review under the Comptroller
General's authority and issued a report in July 2005 on the use of private
security providers in Iraq.1 We reported that

           o  Agencies and reconstruction contractors made extensive use of
           private security providers because providing security for these
           organizations is not part of the U.S. military's stated mission.
           We reported that the reconstruction contractors' efforts to obtain
           security met with mixed results as they often found that the
           security providers they selected could not meet their needs. We
           recommended that the Secretaries of State and Defense and the
           Administrator of United States Agency for International
           Development (USAID) explore options to assist contractors in
           obtaining suitable security providers
           o  The relationship between the U.S. military and private security
           providers is based on cooperation and not control. It appeared
           that coordination between the military and the private security
           providers improved when the Reconstruction Operations Center (ROC)
           opened to coordinate military-provider interactions.2 However, we
           noted that additional actions could be taken to improve
           coordination and recommended that units deploying to Iraq receive
           predeployment training to better understand typical private
           security provider operating procedures and the role of the ROC.
           o  Despite the significant role private security providers play in
           the reconstruction of Iraq, none of the principal agencies
           responsible for reconstruction had complete data on costs
           associated with using private security providers. We recommended
           that the Secretaries of State and DOD and the Administrator of
           USAID establish a means to track and account for security costs to
           develop more accurate budget estimates.

           There has been growth in the private security industry in Iraq. In
           our 2005 report, we reported that the Department of Defense (DOD)
           estimated at least 60 private security providers were working in
           Iraq with perhaps as many as 25,000 employees. In March 2006, the
           Director of the Private Security Company Association of Iraq
           estimated that approximately 181 private security companies were
           working in Iraq with just over 48,000 employees.

           Today, my testimony will address some of the issues we raised in
           our 2005 report as well our preliminary observations from an
           ongoing engagement on the processes used to screen private
           security providers. Specifically, my testimony today will address

           o  the extent to which coordination between the U.S. military and
           private security providers has improved since our 2005 report,
           o  the ability of private security providers and DOD to conduct
           comprehensive background screenings of employees, and
           o  the extent to which U.S. or international standards exist for
           establishing private security provider and employee
           qualifications.

           My testimony is based on our July 2005 report, a May 2006 visit to
           Iraq, and our preliminary observations from an ongoing engagement
           requested by this subcommittee on the effectiveness of the
           processes used to screen contractor employees in the U.S. Central
           Command's area of responsibility, which includes Iraq. To obtain
           our preliminary observations on the effectiveness of the processes
           used to screen contractor employees in Iraq, we have reviewed
           relevant documents such as contracts, as well as DOD and
           governmentwide policies; met with DOD officials both in the United
           States and Iraq, and interviewed contractors providing services to
           deployed forces in Iraq as well as professional background
           screeners in the United States and India. This work is being done
           in accordance with generally accepted government auditing
           standards.
		   
		   Standards

           Although we reported in July 2005 that coordination between the
           U.S. military and private security providers had improved since
           the establishment of the ROC in October 2004, interviews with
           military officials we met with in Iraq and with military officials
           that have recently returned from Iraq indicate that coordination
           is still a problem and needs further improvement. First, private
           security providers are still entering the battle space without
           coordinating with the U.S. military, putting both the military and
           security providers at a greater risk for injury. Second, U.S.
           military units are not trained, prior to deployment, on the
           operating procedures of private security providers in Iraq and the
           mission and role of the ROC. In our 2005 report, we recommended
           that a predeployment training program would help address the
           coordination issue. DOD agreed with our recommendation; however,
           DOD has not issued any guidance or conducted training in regard to
           working with or coordinating with private security providers on
           the battle field.

           On preliminary observations on the background screening of
           contractor employees suggests that private security providers and
           DOD have difficulty conducting comprehensive background screening
           when data are missing or inaccessible. When doing background
           screenings of those living in the United States, private security
           providers use public information available at the county, state,
           or federal level and search state criminal information
           repositories and commercial databases such as those that collect
           information on incarcerations. None of these types of searches,
           however, guarantees a comprehensive background screening.
           Screening host nation and third3 country national employees can be
           difficult because of inaccurate or unavailable records in some
           countries. In addition, officials from some background screening
           firms told us that some foreign laws restrict access to criminal
           records. Finally, DOD's biometric4 screening of most non-U.S.
           contractors (including employees of private security providers)
           accessing U.S. installations in Iraq is not as effective as it
           could be because the databases used to screen contractor employees
           included only limited international data.

           No U.S. or international standards exist for establishing private
           security provider and employee qualifications. During our review
           for our 2005 report, we found that reconstruction contractors had
           difficulty hiring suitable security providers. Contractors
           replaced their security providers on five of the eight
           reconstruction contracts awarded in 2003 that we reviewed.5
           Contractor officials attributed this turnover to various factors,
           including their lack of knowledge of the security market and of
           the potential security providers and the absence of useful agency
           guidance in this area. We recommended that the agencies explore
           options that would enable contractors to obtain such services
           quickly and efficiently. Such options could include (1)
           identifying minimum standards for private security personnel
           qualifications, (2) training requirements and other key
           performance characteristics that private security personnel should
           possess, (3) establishing qualified vendor lists, and (4)
           establishing contracting vehicles which contractors could be
           authorized to use. DOD agreed with the recommendation and USAID
           did not comment on the recommendation. The State Department
           disagreed with our recommendation citing concerns that the
           government could be held liable for performance failures, but
           determined that they could best assist contractors by providing
           access to information related to industry best practices and other
           security-related material.

           Background
		   
		   Prior to the war in Iraq, DOD and the U.S. government agencies
           responsible for the reconstruction of Iraq believed that
           reconstruction would take place in an environment with little
           threat from insurgents or terrorists. By June 2003, the security
           situation began to worsen, and it became clear in August 2003 with
           the bombing of the United Nations complex that insurgents were
           targeting nonmilitary targets.

           As the Comptroller General testified before this subcommittee in
           April 2006, the poor security environment continues to be a
           concern as insurgents demonstrate the ability to recruit, supply,
           and attack coalition and Iraqi security forces, and impede the
           development of an inclusive Iraqi government and effective Iraqi
           security forces. The insurgency intensified through October 2005
           and has remained strong since then.6 According to a February 2006
           testimony by the Director of National Intelligence, insurgents are
           using increasingly lethal improvised explosive devices and
           continue to adapt to coalition countermeasures.

           Our July 2005 report on private security providers addressed,
           among other things, the mission of private security providers in
           Iraq, the laws and guidance governing the conduct of private
           security providers, and the cost impact of using private security
           providers.

           The Mission of Private Security Providers in Iraq
		   
		   The mission of private security providers is to protect government
           agency officials and reconstruction contractors in Iraq's unstable
           security environment. Providers may be U.S. or foreign companies
           and their staffs are likely to be drawn from various countries,
           including the United States, the United Kingdom, South Africa,
           Nepal, Sri Lanka, or Fiji, and may include Kurds and Arabs from
           Iraq. Generally, private security providers provide the following
           services:

           o  Static security - security for housing areas and work sites,
           o  Personal security details - security for high-ranking U.S.
           officials,
           o  Security escorts - security for government employees,
           contractor employees, or others as they move through Iraq,
           o  Convoy security - security for vehicles and their occupants as
           they make their way into Iraq or within Iraq, and
           o  Security advice and planning.

           During its existence, the Coalition Provisional Authority (CPA)
           issued a number of orders or memoranda to regulate private
           security providers and their employees working in Iraq between
           December 2003 and June 2004.7 Among these are CPA order number 3,
           which authorized possession, use and registration of weapons used
           by private security providers; CPA order number 17, which stated
           that contractors (including private security providers) will
           generally be immune from the Iraqi legal process for acts
           performed in accordance with the terms and conditions of their
           contracts; and CPA Memorandum number 17, which stated that private
           security providers and their employees must be registered and
           licensed by the government of Iraq. According to the Director of
           the Private Security Companies Association of Iraq, as of June 1,
           2006, the CPA memorandum and orders were still in effect.

           In September 2005, U.S. Central Command's Staff Judge Advocate
           issued interim legal guidance regarding DOD's use of private
           security providers in Iraq. The September 2005 guidance permitted
           the use of properly licensed private security providers to protect
           civilians, contractors, nonmilitary facilities and equipment as
           well as static military facilities and the military personnel and
           equipment within them. In January 2006, the U.S. Central Command's
           Staff Judge Advocate issued additional guidance which gave
           commanders in Iraq the authority to use private security providers
           to provide security to convoys transporting military supplies and
           to provide personal security. Currently, DOD is using private
           security providers to guard facilities located within U.S. bases
           and installations, and may expand its use of private security
           providers based on the January 2006 guidance. However, it is not
           clear to what extent DOD plans to make use of this expanded
           authority.

           Although private security providers are generally not subject to
           prosecution under the Uniform Code of Military Justice in the
           absence of a formal declaration of war by Congress, the federal
           government can impose sanctions in response to acts of misconduct.
           For example, private security providers are subject to prosecution
           by the Department of Justice under applicable U.S. federal laws,
           to include the Military Extraterritorial Jurisdiction Act,8 the
           special maritime and territorial jurisdiction provisions of title
           18 of the U.S. code,9 and the War Crimes Act.10

           The Cost Impact of Private Security Providers in Iraq
		   
		   Despite the significant role played by private security providers
           in enabling reconstruction efforts to proceed, neither the
           Department of State, nor DOD, nor the USAID-the principal agencies
           responsible for Iraq reconstruction efforts-had complete data on
           the costs associated with using private security providers. As of
           December 2004, the agencies and contractors we reviewed had
           obligated more than $766 million for security services and
           equipment, and by reviewing invoices that providers of security
           services and equipment provided to the contractors, we found that
           security costs had accounted for more than 15 percent of the
           contract's costs in 8 of the 15 contracts we reviewed. We
           cautioned, however, that our estimates did not reflect
           security-related costs incurred by subcontractors or lower tier
           suppliers, or attempt to quantify the impact of the security
           environment on the pace of reconstruction efforts caused by
           security-related work stoppages or delays or the costs associated
           with repairing the damage caused by the insurgency on work
           previously completed. In January 2006, the State Department
           reported to Congress that direct and indirect costs of security
           represented 16 to 22 percent of the overall cost of major
           infrastructure reconstruction projects.11 DOD officials
           acknowledged, however, that the estimate may not have accounted
           for all security costs and that different methodologies and
           methods were used to prepare the estimate.

           Given the expectation of a relatively benign environment that
           would require only a minimal level of security, such costs
           undoubtedly diverted resources and contributed to decisions to
           cancel or reduce the scope of some projects. In our view, the
           absence of reliable data in an area critical to supporting U.S.
           efforts, limited the agencies' ability to assess the impact of and
           manage security costs on future reconstruction efforts.
           Consequently, we recommended in our July 2005 report that agencies
           develop a means to track and account for security costs to develop
           more accurate budget estimates.

           In early June 2006, the State Department issued a procurement
           information bulletin in response to our recommendation. The
           Department noted that DOD, USAID and the State Department had
           agreed to include requirements for reconstruction contractors to
           report all costs for private security supplies and services that
           the contractor or any subcontractor may have to acquire necessary
           for the successful performance of the contract. For example, for
           all future contracts where performance or delivery takes place in
           Iraq, contractors are required to include in their proposal an
           estimate of all costs expected to be incurred by the contractor,
           or any tier of subcontractor, for private security goods or
           services that the contractor or subcontractor obtained as part of
           contract performance. The contractors will be required to report
           similar information when submitting invoices for payment for goods
           and services provided. If fully implemented, such an approach
           should provide the Department with a clearer picture on the impact
           of security costs on reconstruction contracts.

           Coordination between the U.S. Military and Private Security 
		   Providers Continues to Be a Problem
		   
		   Despite improvements in coordination between private security
           providers and the U.S military, military officials we met with in
           Iraq in May 2006 and those who recently returned from Iraq said
           that coordination continues to be a problem. Coordination between
           the U.S. military and private security providers evolved from an
           informal coordination based on personal relationships to a more
           structured, although voluntary, mechanism-the ROC. U.S. military
           and contractor officials we spoke with prior to issuing our July
           2005 report had indicated that coordination had improved.

           While the ROC has helped improve coordination between the military
           and security providers, military officials we spoke to during our
           May 2006 visit to Iraq and representatives from the 3rd Infantry
           Division remain concerned about coordination. Officials from the
           3rd Infantry Division, who were located in Baghdad from January
           2005 to January 2006, told us that (1) they had a difficult time
           working and interfacing with private security providers during
           their deployment because they had no means to communicate with the
           private security providers, (2) they were unfamiliar with the ROC,
           and (3) private security providers frequently entered their battle
           space without notifying the division. Military officials we spoke
           with stated that private security providers should be required to
           coordinate with the military. Several U.S. military officers whom
           we interviewed who served in Iraq said that they had a
           responsibility to aid contractors who need assistance. If private
           security providers do not coordinate their movements with military
           units, it places both the U.S. military and the private security
           providers at risk. Also, with better coordination, private
           security providers would be informed of areas that were unsafe and
           either change their route or delay the movement.

           At the time we issued our report in July 2005, incidents of U.S.
           military shooting at private security providers were a concern.
           During the 5-month period of January through May 2005, the ROC
           received reports of 20 friendly-fire incidents. It is likely that
           the number of actual incidents during that time period was higher
           since some providers told us they stopped reporting these types of
           incidents. For the 12-month period, from June 1, 2005 to June 1,
           2006, 12 incidents were reported to the ROC. We spoke with the
           Director of the Private Security Company Association of Iraq about
           these incidents, among other things. He said that he believes the
           decrease in such incidents is the result of better enforcement of
           the rules of engagement by the U.S. military. In addition to
           better enforcement of the rules of engagement, which require that
           U.S. troops determine whether a person's intent is hostile before
           the military uses deadly force, the director of the ROC believed
           that our 2005 report led to increased awareness of the issue.

           We recommended in 2005 that the Secretary of Defense develop a
           training package for units deploying to Iraq to improve
           coordination between the U.S. military and private security
           providers. The training package would include information on the
           ROC, typical private security provider operating procedures, and
           any guidance or procedures developed by Multi-national Force-Iraq
           (MNF-I) or Multi-national Corps-Iraq (MNC-I)12 applicable to
           private security providers. Although the Department of Defense
           agreed with our recommendation and tasked the Joint Staff to
           develop the training package, no action had been taken. Early this
           year, we contacted officials from the 10th Mountain Division (who
           deployed to Iraq in early 2006) to determine if their
           predeployment training had included any information on working
           with private security providers. Division officials advised us
           that they had received no information on working with private
           security providers. While in Iraq, we met with Army officials at
           Camp Anaconda who told us that they received little guidance
           regarding private security providers in Iraq prior to deployment
           and stated that they needed better guidance regarding the
           military's responsibility to private security providers. Finally,
           in May 2006 while in Iraq we met with the director of the ROC who
           told us that military units should receive some training regarding
           private security providers before the units deployed to Iraq. He
           stated that such training would help improve U.S. military and
           private security provider coordination.

           Missing or Inaccessible Data May Make Criminal Background Screening 
		   of Private Security Provider Employees Difficult
		   
		   Private security providers and DOD have difficulty conducting
           comprehensive criminal background screening when data are missing
           and inaccessible. When doing such background screenings of those
           living in the United States, background screening firms generally
           use public information available at the county, state, or federal
           level or search commercial databases such as those that collect
           information on incarcerations or arrest records. None of these
           types of searches, however, guarantees a comprehensive background
           screening. Private security firms may find it difficult to
           complete background screenings of their Iraqi and third country
           national employees because of a lack of reliable information. In
           addition, DOD's program to biometrically screen all Iraqi private
           security provider employees as well as most third country
           nationals who are private security provider employees seeking
           access to U.S. installations is not as effective as it could be
           because of the limited number of international and foreign
           databases available for screening. Because of the numerous
           difficulties in screening employees, particularly those who do not
           live in the United States, it may not be possible to know the true
           identities and backgrounds of the thousands of private security
           provider employees working in Iraq. This lack of knowledge
           increases the security risk to U.S. military forces and civilians
           in Iraq.

           Information Is Not Always Available or Accessible When Conducting 
		   Criminal Background Screening
		   
		   Many private security providers that conduct criminal background
           investigations use screening firms. The private security provider
           requesting the screening determines the parameters of the
           background screening. Information is not always available or
           accessible when conducting criminal background investigations of
           U.S. nationals, third country nationals, and Iraqi nationals.
           Another factor that can contribute to difficulties is foreign
           privacy laws that make some criminal information inaccessible
           according to screening firm officials.

           U.S. Nationals: When screening firms conduct background
           investigations of those living in the United States, they
           generally use public information available at the county, state,
           or federal level, search state maintained criminal information
           repositories, and commercial databases such as those that collect
           information on incarcerations. However, none of these actions
           guarantees a comprehensive background check. For example,
           screening companies may not review federal court records if not
           directed to by the client. Furthermore, background screening firms
           generally only check the records of the court that maintains the
           preponderance of criminal data and may miss some records
           maintained by specialized courts such as domestic or family law
           courts. State repositories of information may not include all
           criminal data. For example, one official from a background
           screening firm explained that only 66 of the 88 counties in Ohio
           report crimes to the state repository. Similarly, the State of
           Illinois reported that in 2003 only 59 percent of the computerized
           criminal history records they audited had complete information.
           Furthermore, commercial databases may not provide a complete
           background investigation because the databases may not contain the
           most recent criminal data; certain criminal offenses may not be
           reported; and there are no standards on how data in commercial
           databases should be collected and validated.

           Third Country Nationals: Screening third country nationals
           presents additional challenges according to background screeners
           to whom we have spoken. Officials from international background
           screening firms cited the challenges in verifying criminal
           background information on third country nationals because they are
           relying on the applicant to provide all prior addresses. Since
           some countries, such as India, maintain criminal data at the local
           level, persons doing the background screenings may miss crimes
           that were committed in other locations within the country if the
           applicant did not reveal all previous addresses. Those doing
           screenings face other challenges as well. For example, some
           countries lack criminal records or the records are unreliable
           because of high levels of corruption according to representatives
           of the screening firms we interviewed. Additionally, some
           countries only maintain records for 3 to 5 years which some in the
           background screening industry consider to be insufficient. Also,
           many countries lack national identification numbers, which makes
           it difficult to know if the person being screened was the person
           who committed the crimes cited in the court or police records.

           Iraqi Nationals: Some private security companies have been
           encouraged by their clients to hire Iraqi nationals to put money
           back into the Iraqi economy and to reduce security costs compared
           with the salaries of other employees. However, screening Iraqi
           nationals is very difficult because of a lack of criminal
           information. One firm we spoke with told us that they have
           encountered problems screening Iraqi nationals because the Iraqi
           police lack criminal records or criminal information. Another
           company depends on their Iraqi subcontractors to screen Iraqi
           applicants and may not have a clear understanding of how the
           screening takes place. According to officials from one of the
           private security providers we spoke with, their Iraqi
           subcontractor claims to have a screening process, and the provider
           trusts the company to provide qualified individuals. One company
           we spoke with told us that they rely on local tribal leaders to
           screen their employees. Finally, the Iraqi Ministry of the
           Interior also screens Iraqi private security employees as part of
           the registration and licensing process.

           Privacy Laws: Privacy laws may also make it difficult to complete
           accurate screenings on those who live outside of the United
           States. According to officials from background screening firms,
           some countries do not permit criminal background searches of their
           citizens or limit the type of information that can be released to
           a third party. In other countries, criminal information cannot be
           given to third parties and is only released to the applicant who
           can then determine whether to release the information. According
           to screening company officials, there are often issues related to
           the authenticity of documents provided by applicants.

           The Effectiveness of DODï¿½s Biometric Screening in Iraq Is Limited 
		   Because of Missing Data
		   
		   DOD conducts biometric screening of most non-U.S. private security
           provider employees needing access to installations in Iraq;
           however, the value of the screening process is limited because the
           databases used to screen the applicants have little international
           biometric data. In March 2005, shortly after a dining facility
           bombing at a U.S. installation in Iraq killed 14 U.S. soldiers and
           wounded at least 50, the deputy secretary of Defense issued a
           policy requiring the biometric screening of most non -U.S.
           personnel (including private security provider employees) seeking
           access to U.S. installations in Iraq. The goal of this policy is
           to improve force protection for U.S. and coalition forces in Iraq
           and to provide positive identification of local and third country
           nationals accessing U.S. facilities.13 This policy requires that
           those seeking access to installations in Iraq be fingerprinted,
           photographed, have their irises scanned and be enrolled in one of
           two systems DOD uses to gather the required biometric data. The
           biometric screening is in addition to the in-person interview and
           screening of Iraqis (and some third country nationals) wishing to
           access a base or installation.

           Biometric information from the two installation access systems is
           sent to DOD's Biometric Fusion Center in West Virginia where it is
           merged with other biometric data to form the Automated Biometric
           Identification System (ABIS). The Biometric Fusion Center screens
           the applicant's data against the ABIS system as well as the FBI's
           Integrated Automated Fingerprint Identification System (IAFIS)
           database. The IAFIS database includes the fingerprint records of
           more than 51 million persons who have been arrested in the United
           States as well as information from databases maintained by other
           agencies such as the Department of Homeland Security, the
           Department of State and the International Criminal Police
           Organization (Interpol).14

           While DOD's biometric screening process has successfully
           identified several persons seeking access to bases in Iraq who
           have criminal records in the United States, the lack of
           international biometric data limits its usefulness. According to
           an official from the FBI's Criminal Justice Information Services
           Division, the IAFIS database includes criminal fingerprint data
           from only a limited number of foreign countries because some
           countries are reluctant to share criminal history information and
           others do not have fingerprint repositories or do not collect
           fingerprints in a manner compatible with the FBI's system. In
           addition, although the IAFIS database includes about 50,000
           fingerprint records from Interpol, Interpol does not maintain a
           repository of all criminal offenses committed in the member
           countries. Instead, Interpol's criminal database is composed of
           wanted notices submitted by the member countries and the
           information is only retained for 5 years. Access to international
           criminal biometric information is vital to meeting DOD's goal of
           establishing the positive identification of local and third
           country nationals accessing U.S facilities in Iraq. Without access
           to foreign biometric information, DOD may find it difficult to
           determine if third country nationals may pose a threat to U.S.
           military and civilians in Iraq.

           There Are No Established Standards to Assist Contractors in 
		   Obtaining Suitable Security Providers
		   
		   At the time we issued our report in July 2005, there were no U.S.
           or international standards that would establish security provider
           qualifications in such areas as training and experience
           requirements, weapons qualifications, and similar skills that are
           applicable for the type of security needed in Iraq. Security
           industry associations and companies have discussed the need for
           and desirability of establishing standards, but as of June 2006,
           no such standards have been developed or implemented. As we
           reported in our 2005 report, reconstruction contractors had
           difficulty hiring suitable security providers. Contractors
           replaced their security providers on five of the eight
           reconstruction contracts awarded in 2003 that we reviewed.15
           Contractor officials attributed this turnover to various factors,
           including their lack of knowledge of the security market and of
           the potential security providers and the absence of useful agency
           guidance in this area.

           In our report, we recommended that the State Department, USAID,
           and DOD explore options that would enable contractors to obtain
           security services quickly and efficiently. Such options may
           include identifying minimum standards for private security
           personnel qualifications, training requirements and other key
           performance characteristics that private security personnel should
           possess; establishing qualified vendor lists; and/or establishing
           contracting vehicles which contractors could be authorized to use.
           In response to our recommendation, the State Department noted in
           November 2005 that it had met with representatives from DOD and
           USAID to discuss ways to assist contractors in acquiring security
           services. According to the State Department, all agencies agreed
           that it was not practical to prequalify vendors or establish
           contracting vehicles, in part due to concerns regarding the
           agency's liability if contractors failed to perform. Rather, they
           determined that they could best assist contractors by providing
           access to information related to industry best practices and other
           security-related material.

           Concluding Observations
		   
		   Mr. Chairman, we believe two recommendations we made in our July
           2005 report continue to have merit and should be implemented.
           Specifically, we believe private security provider operations
           would be improved by (1) developing a training package for
           deploying units to Iraq that would provide information on the ROC,
           private security providers operating procedures, and any MNF-I or
           MNC-I guidance on private security providers and (2) further
           exploring options to assist contractors in obtaining suitable
           security providers. Further, U.S. military officials who have been
           in Iraq or who we interviewed during our May 2006 visit stated
           that coordination between the military and private security
           providers should be required. Given the increased risk both
           parties are subject to when private security providers do not
           coordinate their activities with the military, we believe U.S.
           government agencies using private security providers in Iraq may
           want to consider such a requirement utilizing the ROC as the focal
           point for such a requirement. Additionally, based on our
           preliminary observations, incomplete criminal background
           screenings may contribute to an increased risk to military forces
           and civilians in Iraq. The military would benefit by reviewing the
           installation security measures in place in Iraq to ensure that the
           risk private security contractors may pose has been minimized.
           Lastly, as noted in our July 2005 report, our experience in Iraq
           has made us aware that future operations may include
           reconstruction efforts in an unstable or deteriorating security
           environment, thus requiring extensive use of private security
           providers. Given their important role in Iraq, planning that
           includes the use of private security providers will need to be
           incorporated in future military operations and reconstruction
           efforts.

           Mr. Chairman and members of the Subcommittee, this concludes my
           prepared statement. I will be happy to answer any questions you
           may have.

           GAO Contacts and Acknowledgments
		   
		   For questions regarding this testimony, please call William Solis
           at (202) 512-8365. Other key contributors to this statement were
           Vincent Balloon, Carole Coffey, Grace Coleman, Laura Czohara, Gary
           Delaney, Timothy DiNapoli, and Wesley A. Johnson.

           GAOï¿½s Mission
		   
		   The Government Accountability Office, the audit, evaluation and
           investigative arm of Congress, exists to support Congress in
           meeting its constitutional responsibilities and to help improve
           the performance and accountability of the federal government for
           the American people. GAO examines the use of public funds;
           evaluates federal programs and policies; and provides analyses,
           recommendations, and other assistance to help Congress make
           informed oversight, policy, and funding decisions. GAO's
           commitment to good government is reflected in its core values of
           accountability, integrity, and reliability.

           Obtaining Copies of GAO Reports and Testimony
		   
		   The fastest and easiest way to obtain copies of GAO documents at
           no cost is through GAO's Web site ( www.gao.gov ). Each weekday,
           GAO posts newly released reports, testimony, and correspondence on
           its Web site. To have GAO e-mail you a list of newly posted
           products every afternoon, go to www.gao.gov and select "Subscribe
           to Updates."

           Order by Mail or Phone
		   
		   The first copy of each printed report is free. Additional copies
           are $2 each. A check or money order should be made out to the
           Superintendent of Documents. GAO also accepts VISA and Mastercard.
           Orders for 100 or more copies mailed to a single address are
           discounted 25 percent. Orders should be sent to:

           U.S. Government Accountability Office 441 G Street NW, Room LM
           Washington, D.C. 20548

           To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax:
           (202) 512-6061

           To Report Fraud, Waste, and Abuse in Federal Programs
		   
		   Contact:

           Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail:
           [email protected] Automated answering system: (800) 424-5454 or
           (202) 512-7470

           Congressional Relations
		   
		   Gloria Jarmon, Managing Director, [email protected] (202) 512-4400
           U.S. Government Accountability Office, 441 G Street NW, Room 7125
           Washington, D.C. 20548

           Public Affairs
		   
		   Paul Anderson, Managing Director, [email protected] (202)
           512-4800 U.S. Government Accountability Office, 441 G Street NW,
           Room 7149 Washington, D.C. 20548

1 GAO, Rebuilding Iraq: Actions Needed to Improve the Use of Private
Security Providers, GAO-05-737 (Washington, D.C.: July 28, 2005).

2 The national ROC is located in Baghdad with six regional centers
collocated with the military's major subordinate commands. Participation
is open at no cost to all U.S. government agencies, contractors, and
nongovernmental organizations operating in Iraq. The ROC and the regional
centers are staffed with a combination of military, U.S. government
civilian, and contractor personnel and provide such services as
disseminating unclassified intelligence information and specific threat
assessments on future building sites and planned vehicle routes to
contractors; recording information about incidents and threats to
coalition forces; facilitating military assistance, such as a quick
reaction force or medical services, to contractors in need; and
facilitating communication between contractors and U.S. military units.

3 A third country national is a person working for a contractor who is
neither a citizen of the United States nor the host country.

4 A biometric measures a person's unique physical characteristics (such as
fingerprints, hand geometry, facial patterns, or iris and retinal scans)
or behavioral characteristics (voice patterns, written signatures, or
keyboard typing techniques) and can be used to recognize the identity, or
verify the claimed identify, of an individual.

5 On one additional 2003 contract, the contractor provided its own
security.

6GAO, Rebuilding Iraq: Governance, Security, Reconstruction, and Financing
Challenges,  GAO-06-697T (Washington, D.C.: April 25, 2006).

7 The CPA served as Iraq's interim government from April 2003 to June 28,
2004, and was responsible for overseeing, directing, and coordinating
rebuilding efforts.

8 Military Extraterritorial Jurisdiction Act 18 U.S.C. 3261.

9 Special maritime and territorial jurisdiction provisions of 18 U.S.C.
7(9).

10 War Crimes Act 18 U.S.C. 2441.

11 Department of State, Report to Congress, Section 2207 Report on Iraq
Relief and Reconstruction, January 2006.

12 Multi-National Force-Iraq is responsible for counter-insurgency
operations to isolate and neutralize former regime extremists and foreign
terrorists and for organizing, training, and equipping Iraq's security
forces. Multi-National Corps-Iraq is the tactical unit of MNF-I
responsible for command and control of operations in Iraq.

13 At the time of our visit to Iraq in May 2006, only a limited number of
bases were using the biometric information to verify the identities of
contractor employees accessing the base on a daily basis.

14 States voluntarily provide fingerprint records to the FBI for inclusion
in the IAFIS database. According to FBI officials, not all persons
arrested and convicted of crimes in the U.S. are included in the IAFIS
database.

15 On one additional 2003 contract, the contractor provided its own
security.

(350882)

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

*** End of document. ***