This is the accessible text file for GAO report number GAO-06-865T 
entitled 'Rebuilding Iraq: Actions Still Needed to Improve the Use of 
Private Security Providers' which was released on June 13, 2006. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony: 

Before the Subcommittee on National Security, Emerging Threats, and 
International Relations, Committee on Government Reform: 

United States Government Accountability Office: 

GAO: 

For Release on Delivery Expected at 2:00 p.m. EDT: 

Tuesday, June 13, 2006: 

Rebuilding Iraq: 

Actions Still Needed to Improve the Use of Private Security Providers: 

Statement of William Solis, Director Defense Capabilities and 
Management: 

GAO-06-865T: 

GAO Highlights: 

Highlights of GAO-06-865T, a testimony before the Subcommittee on 
National Security, Emerging Threats and International Relations, 
Committee on Government Reform House of Representatives. 

Why GAO Did This Study: 

GAO was asked to address (1) the extent to which coordination between 
the U.S. military and private security providers has improved since 
GAO’s 2005 report, (2) the ability of private security providers and 
the Department of Defense (DOD) to conduct comprehensive background 
screenings of employees, and (3) the extent to which U.S. or 
international standards exist for establishing private security 
provider and employee qualifications. For this testimony, GAO drew from 
its July 2005 report on private security providers, and its preliminary 
observations from an ongoing engagement examining contractor screening 
practices. 

What GAO Found: 

Coordination between the U.S. military and private security providers 
still needs improvement. First, private security providers continue to 
enter the battle space without coordinating with the U.S. military, 
putting both the military and security providers at a greater risk for 
injury. Second, U.S. military units are not trained, prior to 
deployment, on the operating procedures of private security providers 
in Iraq and the role of the Reconstruction Operations Center, which is 
to coordinate military-provider interactions. While DOD agreed with our 
prior recommendation to establish a predeployment training program to 
help address the coordination issue, no action has been taken. 

Many private security providers and DOD have difficulty completing 
comprehensive criminal background screenings for U.S. and foreign 
nationals when data are missing or inaccessible. For example, a DOD 
policy requires biometric screening of most non-U.S. private security 
providers accessing U.S. bases in Iraq. Biometric screening (e.g., 
fingerprints and iris scans) measures a person’s unique physical 
characteristics. Biometric screening is not as effective as it could be 
because the databases used to screen contractor employees include 
limited international data. Based on its work to date, GAO believes 
that incomplete criminal background screening may contribute to an 
increased risk to military forces and civilians in Iraq, and the 
military would benefit by reviewing the base security measures to 
ensure that the risk private security contractors may pose has been 
minimized. A report on screening will be issued in Fall 2006. 

No U.S. or international standards exist for establishing private 
security provider and employee qualifications. Reconstruction 
contractors told GAO during its review for its July 2005 report that 
they had difficulty hiring suitable security providers. Contractors 
replaced their security providers on five of the eight reconstruction 
contracts awarded in 2003 that were reviewed by GAO. Contractor 
officials attributed this turnover to various factors, including their 
lack of knowledge of the security market and of the potential security 
providers and the absence of useful agency guidance in this area. In 
our report, we recommended that the State Department, United States 
Agency for International Development, and DOD explore options that 
would enable contractors to obtain security services quickly and 
efficiently. In response to our recommendation, the agencies met in 
November 2005 and agreed that our recommendation was not practical. 
They determined that they could best assist contractors by providing 
access to information related to industry best practices and other 
security-related material. 

[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-865T]. 

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact William Solis at (202) 
512-8365 or solisw@gao.gov. 

[End of Section] 

Mr. Chairman and Members of the Subcommittee: 

I am pleased to be here today to discuss issues related to the use of 
private security providers by U.S. government agencies and the 
contractors that are helping to rebuild Iraq. As you know, because of 
the continued hostilities in Iraq, the United States as well as other 
governments and nongovernmental agencies are relying heavily on private 
firms to provide security for those helping to build a democratic Iraq. 
This is the first time that the United States has depended on 
contractors to provide such extensive security in a hostile 
environment, although it has previously contracted for more limited 
security services in Afghanistan, Bosnia, and elsewhere. 

Because of growing interest by members of Congress in the use of 
private security providers in Iraq, we began a review under the 
Comptroller General's authority and issued a report in July 2005 on the 
use of private security providers in Iraq.[Footnote 1] We reported 
that: 

* Agencies and reconstruction contractors made extensive use of private 
security providers because providing security for these organizations 
is not part of the U.S. military's stated mission. We reported that the 
reconstruction contractors' efforts to obtain security met with mixed 
results as they often found that the security providers they selected 
could not meet their needs. We recommended that the Secretaries of 
State and Defense and the Administrator of United States Agency for 
International Development (USAID) explore options to assist contractors 
in obtaining suitable security providers: 

* The relationship between the U.S. military and private security 
providers is based on cooperation and not control. It appeared that 
coordination between the military and the private security providers 
improved when the Reconstruction Operations Center (ROC) opened to 
coordinate military-provider interactions.[Footnote 2] However, we 
noted that additional actions could be taken to improve coordination 
and recommended that units deploying to Iraq receive predeployment 
training to better understand typical private security provider 
operating procedures and the role of the ROC. 

* Despite the significant role private security providers play in the 
reconstruction of Iraq, none of the principal agencies responsible for 
reconstruction had complete data on costs associated with using private 
security providers. We recommended that the Secretaries of State and 
DOD and the Administrator of USAID establish a means to track and 
account for security costs to develop more accurate budget estimates. 

There has been growth in the private security industry in Iraq. In our 
2005 report, we reported that the Department of Defense (DOD) estimated 
at least 60 private security providers were working in Iraq with 
perhaps as many as 25,000 employees. In March 2006, the Director of the 
Private Security Company Association of Iraq estimated that 
approximately 181 private security companies were working in Iraq with 
just over 48,000 employees. 

Today, my testimony will address some of the issues we raised in our 
2005 report as well our preliminary observations from an ongoing 
engagement on the processes used to screen private security providers. 
Specifically, my testimony today will address: 

* the extent to which coordination between the U.S. military and 
private security providers has improved since our 2005 report, 

* the ability of private security providers and DOD to conduct 
comprehensive background screenings of employees, and: 

* the extent to which U.S. or international standards exist for 
establishing private security provider and employee qualifications. 

My testimony is based on our July 2005 report, a May 2006 visit to 
Iraq, and our preliminary observations from an ongoing engagement 
requested by this subcommittee on the effectiveness of the processes 
used to screen contractor employees in the U.S. Central Command's area 
of responsibility, which includes Iraq. To obtain our preliminary 
observations on the effectiveness of the processes used to screen 
contractor employees in Iraq, we have reviewed relevant documents such 
as contracts, as well as DOD and governmentwide policies; met with DOD 
officials both in the United States and Iraq, and interviewed 
contractors providing services to deployed forces in Iraq as well as 
professional background screeners in the United States and India. This 
work is being done in accordance with generally accepted government 
auditing standards. 

Summary: 

Although we reported in July 2005 that coordination between the U.S. 
military and private security providers had improved since the 
establishment of the ROC in October 2004, interviews with military 
officials we met with in Iraq and with military officials that have 
recently returned from Iraq indicate that coordination is still a 
problem and needs further improvement. First, private security 
providers are still entering the battle space without coordinating with 
the U.S. military, putting both the military and security providers at 
a greater risk for injury. Second, U.S. military units are not trained, 
prior to deployment, on the operating procedures of private security 
providers in Iraq and the mission and role of the ROC. In our 2005 
report, we recommended that a predeployment training program would help 
address the coordination issue. DOD agreed with our recommendation; 
however, DOD has not issued any guidance or conducted training in 
regard to working with or coordinating with private security providers 
on the battle field. 

On preliminary observations on the background screening of contractor 
employees suggests that private security providers and DOD have 
difficulty conducting comprehensive background screening when data are 
missing or inaccessible. When doing background screenings of those 
living in the United States, private security providers use public 
information available at the county, state, or federal level and search 
state criminal information repositories and commercial databases such 
as those that collect information on incarcerations. None of these 
types of searches, however, guarantees a comprehensive background 
screening. Screening host nation and third[Footnote 3] country national 
employees can be difficult because of inaccurate or unavailable records 
in some countries. In addition, officials from some background 
screening firms told us that some foreign laws restrict access to 
criminal records. Finally, DOD's biometric[Footnote 4] screening of 
most non-U.S. contractors (including employees of private security 
providers) accessing U.S. installations in Iraq is not as effective as 
it could be because the databases used to screen contractor employees 
included only limited international data. 

No U.S. or international standards exist for establishing private 
security provider and employee qualifications. During our review for 
our 2005 report, we found that reconstruction contractors had 
difficulty hiring suitable security providers. Contractors replaced 
their security providers on five of the eight reconstruction contracts 
awarded in 2003 that we reviewed.[Footnote 5] Contractor officials 
attributed this turnover to various factors, including their lack of 
knowledge of the security market and of the potential security 
providers and the absence of useful agency guidance in this area. We 
recommended that the agencies explore options that would enable 
contractors to obtain such services quickly and efficiently. Such 
options could include (1) identifying minimum standards for private 
security personnel qualifications, (2) training requirements and other 
key performance characteristics that private security personnel should 
possess, (3) establishing qualified vendor lists, and (4) establishing 
contracting vehicles which contractors could be authorized to use. DOD 
agreed with the recommendation and USAID did not comment on the 
recommendation. The State Department disagreed with our recommendation 
citing concerns that the government could be held liable for 
performance failures, but determined that they could best assist 
contractors by providing access to information related to industry best 
practices and other security-related material. 

Background: 

Prior to the war in Iraq, DOD and the U.S. government agencies 
responsible for the reconstruction of Iraq believed that reconstruction 
would take place in an environment with little threat from insurgents 
or terrorists. By June 2003, the security situation began to worsen, 
and it became clear in August 2003 with the bombing of the United 
Nations complex that insurgents were targeting nonmilitary targets. 

As the Comptroller General testified before this subcommittee in April 
2006, the poor security environment continues to be a concern as 
insurgents demonstrate the ability to recruit, supply, and attack 
coalition and Iraqi security forces, and impede the development of an 
inclusive Iraqi government and effective Iraqi security forces. The 
insurgency intensified through October 2005 and has remained strong 
since then.[Footnote 6] According to a February 2006 testimony by the 
Director of National Intelligence, insurgents are using increasingly 
lethal improvised explosive devices and continue to adapt to coalition 
countermeasures. 

Our July 2005 report on private security providers addressed, among 
other things, the mission of private security providers in Iraq, the 
laws and guidance governing the conduct of private security providers, 
and the cost impact of using private security providers. 

The Mission of Private Security Providers in Iraq: 

The mission of private security providers is to protect government 
agency officials and reconstruction contractors in Iraq's unstable 
security environment. Providers may be U.S. or foreign companies and 
their staffs are likely to be drawn from various countries, including 
the United States, the United Kingdom, South Africa, Nepal, Sri Lanka, 
or Fiji, and may include Kurds and Arabs from Iraq. Generally, private 
security providers provide the following services: 

* Static security - security for housing areas and work sites, 

* Personal security details - security for high-ranking U.S. officials, 

* Security escorts - security for government employees, contractor 
employees, or others as they move through Iraq, 

* Convoy security - security for vehicles and their occupants as they 
make their way into Iraq or within Iraq, and: 

* Security advice and planning. 

Laws and Guidance Governing Private Security Providers in Iraq: 

During its existence, the Coalition Provisional Authority (CPA) issued 
a number of orders or memoranda to regulate private security providers 
and their employees working in Iraq between December 2003 and June 
2004.[Footnote 7] Among these are CPA order number 3, which authorized 
possession, use and registration of weapons used by private security 
providers; CPA order number 17, which stated that contractors 
(including private security providers) will generally be immune from 
the Iraqi legal process for acts performed in accordance with the terms 
and conditions of their contracts; and CPA Memorandum number 17, which 
stated that private security providers and their employees must be 
registered and licensed by the government of Iraq. According to the 
Director of the Private Security Companies Association of Iraq, as of 
June 1, 2006, the CPA memorandum and orders were still in effect. 

In September 2005, U.S. Central Command's Staff Judge Advocate issued 
interim legal guidance regarding DOD's use of private security 
providers in Iraq. The September 2005 guidance permitted the use of 
properly licensed private security providers to protect civilians, 
contractors, nonmilitary facilities and equipment as well as static 
military facilities and the military personnel and equipment within 
them. In January 2006, the U.S. Central Command's Staff Judge Advocate 
issued additional guidance which gave commanders in Iraq the authority 
to use private security providers to provide security to convoys 
transporting military supplies and to provide personal security. 
Currently, DOD is using private security providers to guard facilities 
located within U.S. bases and installations, and may expand its use of 
private security providers based on the January 2006 guidance. However, 
it is not clear to what extent DOD plans to make use of this expanded 
authority. 

Although private security providers are generally not subject to 
prosecution under the Uniform Code of Military Justice in the absence 
of a formal declaration of war by Congress, the federal government can 
impose sanctions in response to acts of misconduct. For example, 
private security providers are subject to prosecution by the Department 
of Justice under applicable U.S. federal laws, to include the Military 
Extraterritorial Jurisdiction Act,[Footnote 8] the special maritime and 
territorial jurisdiction provisions of title 18 of the U.S. 
code,[Footnote 9] and the War Crimes Act.[Footnote 10] 

The Cost Impact of Private Security Providers in Iraq: 

Despite the significant role played by private security providers in 
enabling reconstruction efforts to proceed, neither the Department of 
State, nor DOD, nor the USAID--the principal agencies responsible for 
Iraq reconstruction efforts--had complete data on the costs associated 
with using private security providers. As of December 2004, the 
agencies and contractors we reviewed had obligated more than $766 
million for security services and equipment, and by reviewing invoices 
that providers of security services and equipment provided to the 
contractors, we found that security costs had accounted for more than 
15 percent of the contract's costs in 8 of the 15 contracts we 
reviewed. We cautioned, however, that our estimates did not reflect 
security-related costs incurred by subcontractors or lower tier 
suppliers, or attempt to quantify the impact of the security 
environment on the pace of reconstruction efforts caused by security- 
related work stoppages or delays or the costs associated with repairing 
the damage caused by the insurgency on work previously completed. In 
January 2006, the State Department reported to Congress that direct and 
indirect costs of security represented 16 to 22 percent of the overall 
cost of major infrastructure reconstruction projects.[Footnote 11] DOD 
officials acknowledged, however, that the estimate may not have 
accounted for all security costs and that different methodologies and 
methods were used to prepare the estimate. 

Given the expectation of a relatively benign environment that would 
require only a minimal level of security, such costs undoubtedly 
diverted resources and contributed to decisions to cancel or reduce the 
scope of some projects. In our view, the absence of reliable data in an 
area critical to supporting U.S. efforts, limited the agencies' ability 
to assess the impact of and manage security costs on future 
reconstruction efforts. Consequently, we recommended in our July 2005 
report that agencies develop a means to track and account for security 
costs to develop more accurate budget estimates. 

In early June 2006, the State Department issued a procurement 
information bulletin in response to our recommendation. The Department 
noted that DOD, USAID and the State Department had agreed to include 
requirements for reconstruction contractors to report all costs for 
private security supplies and services that the contractor or any 
subcontractor may have to acquire necessary for the successful 
performance of the contract. For example, for all future contracts 
where performance or delivery takes place in Iraq, contractors are 
required to include in their proposal an estimate of all costs expected 
to be incurred by the contractor, or any tier of subcontractor, for 
private security goods or services that the contractor or subcontractor 
obtained as part of contract performance. The contractors will be 
required to report similar information when submitting invoices for 
payment for goods and services provided. If fully implemented, such an 
approach should provide the Department with a clearer picture on the 
impact of security costs on reconstruction contracts. 

Coordination between the U.S. Military and Private Security Providers 
Continues to Be a Problem: 

Despite improvements in coordination between private security providers 
and the U.S military, military officials we met with in Iraq in May 
2006 and those who recently returned from Iraq said that coordination 
continues to be a problem. Coordination between the U.S. military and 
private security providers evolved from an informal coordination based 
on personal relationships to a more structured, although voluntary, 
mechanism--the ROC. U.S. military and contractor officials we spoke 
with prior to issuing our July 2005 report had indicated that 
coordination had improved. 

While the ROC has helped improve coordination between the military and 
security providers, military officials we spoke to during our May 2006 
visit to Iraq and representatives from the 3rd Infantry Division remain 
concerned about coordination. Officials from the 3rd Infantry Division, 
who were located in Baghdad from January 2005 to January 2006, told us 
that (1) they had a difficult time working and interfacing with private 
security providers during their deployment because they had no means to 
communicate with the private security providers, (2) they were 
unfamiliar with the ROC, and (3) private security providers frequently 
entered their battle space without notifying the division. Military 
officials we spoke with stated that private security providers should 
be required to coordinate with the military. Several U.S. military 
officers whom we interviewed who served in Iraq said that they had a 
responsibility to aid contractors who need assistance. If private 
security providers do not coordinate their movements with military 
units, it places both the U.S. military and the private security 
providers at risk. Also, with better coordination, private security 
providers would be informed of areas that were unsafe and either change 
their route or delay the movement. 

At the time we issued our report in July 2005, incidents of U.S. 
military shooting at private security providers were a concern. During 
the 5-month period of January through May 2005, the ROC received 
reports of 20 friendly-fire incidents. It is likely that the number of 
actual incidents during that time period was higher since some 
providers told us they stopped reporting these types of incidents. For 
the 12-month period, from June 1, 2005 to June 1, 2006, 12 incidents 
were reported to the ROC. We spoke with the Director of the Private 
Security Company Association of Iraq about these incidents, among other 
things. He said that he believes the decrease in such incidents is the 
result of better enforcement of the rules of engagement by the U.S. 
military. In addition to better enforcement of the rules of engagement, 
which require that U.S. troops determine whether a person's intent is 
hostile before the military uses deadly force, the director of the ROC 
believed that our 2005 report led to increased awareness of the issue. 

We recommended in 2005 that the Secretary of Defense develop a training 
package for units deploying to Iraq to improve coordination between the 
U.S. military and private security providers. The training package 
would include information on the ROC, typical private security provider 
operating procedures, and any guidance or procedures developed by Multi-
national Force-Iraq (MNF-I) or Multi-national Corps-Iraq (MNC- 
I)[Footnote 12] applicable to private security providers. Although the 
Department of Defense agreed with our recommendation and tasked the 
Joint Staff to develop the training package, no action had been taken. 
Early this year, we contacted officials from the 10th Mountain Division 
(who deployed to Iraq in early 2006) to determine if their 
predeployment training had included any information on working with 
private security providers. Division officials advised us that they had 
received no information on working with private security providers. 
While in Iraq, we met with Army officials at Camp Anaconda who told us 
that they received little guidance regarding private security providers 
in Iraq prior to deployment and stated that they needed better guidance 
regarding the military's responsibility to private security providers. 
Finally, in May 2006 while in Iraq we met with the director of the ROC 
who told us that military units should receive some training regarding 
private security providers before the units deployed to Iraq. He stated 
that such training would help improve U.S. military and private 
security provider coordination. 

Missing or Inaccessible Data May Make Criminal Background Screening of 
Private Security Provider Employees Difficult: 

Private security providers and DOD have difficulty conducting 
comprehensive criminal background screening when data are missing and 
inaccessible. When doing such background screenings of those living in 
the United States, background screening firms generally use public 
information available at the county, state, or federal level or search 
commercial databases such as those that collect information on 
incarcerations or arrest records. None of these types of searches, 
however, guarantees a comprehensive background screening. Private 
security firms may find it difficult to complete background screenings 
of their Iraqi and third country national employees because of a lack 
of reliable information. In addition, DOD's program to biometrically 
screen all Iraqi private security provider employees as well as most 
third country nationals who are private security provider employees 
seeking access to U.S. installations is not as effective as it could be 
because of the limited number of international and foreign databases 
available for screening. Because of the numerous difficulties in 
screening employees, particularly those who do not live in the United 
States, it may not be possible to know the true identities and 
backgrounds of the thousands of private security provider employees 
working in Iraq. This lack of knowledge increases the security risk to 
U.S. military forces and civilians in Iraq. 

Information Is Not Always Available or Accessible When Conducting 
Criminal Background Screening: 

Many private security providers that conduct criminal background 
investigations use screening firms. The private security provider 
requesting the screening determines the parameters of the background 
screening. Information is not always available or accessible when 
conducting criminal background investigations of U.S. nationals, third 
country nationals, and Iraqi nationals. Another factor that can 
contribute to difficulties is foreign privacy laws that make some 
criminal information inaccessible according to screening firm 
officials. 

U.S. Nationals: When screening firms conduct background investigations 
of those living in the United States, they generally use public 
information available at the county, state, or federal level, search 
state maintained criminal information repositories, and commercial 
databases such as those that collect information on incarcerations. 
However, none of these actions guarantees a comprehensive background 
check. For example, screening companies may not review federal court 
records if not directed to by the client. Furthermore, background 
screening firms generally only check the records of the court that 
maintains the preponderance of criminal data and may miss some records 
maintained by specialized courts such as domestic or family law courts. 
State repositories of information may not include all criminal data. 
For example, one official from a background screening firm explained 
that only 66 of the 88 counties in Ohio report crimes to the state 
repository. Similarly, the State of Illinois reported that in 2003 only 
59 percent of the computerized criminal history records they audited 
had complete information. Furthermore, commercial databases may not 
provide a complete background investigation because the databases may 
not contain the most recent criminal data; certain criminal offenses 
may not be reported; and there are no standards on how data in 
commercial databases should be collected and validated. 

Third Country Nationals: Screening third country nationals presents 
additional challenges according to background screeners to whom we have 
spoken. Officials from international background screening firms cited 
the challenges in verifying criminal background information on third 
country nationals because they are relying on the applicant to provide 
all prior addresses. Since some countries, such as India, maintain 
criminal data at the local level, persons doing the background 
screenings may miss crimes that were committed in other locations 
within the country if the applicant did not reveal all previous 
addresses. Those doing screenings face other challenges as well. For 
example, some countries lack criminal records or the records are 
unreliable because of high levels of corruption according to 
representatives of the screening firms we interviewed. Additionally, 
some countries only maintain records for 3 to 5 years which some in the 
background screening industry consider to be insufficient. Also, many 
countries lack national identification numbers, which makes it 
difficult to know if the person being screened was the person who 
committed the crimes cited in the court or police records. 

Iraqi Nationals: Some private security companies have been encouraged 
by their clients to hire Iraqi nationals to put money back into the 
Iraqi economy and to reduce security costs compared with the salaries 
of other employees. However, screening Iraqi nationals is very 
difficult because of a lack of criminal information. One firm we spoke 
with told us that they have encountered problems screening Iraqi 
nationals because the Iraqi police lack criminal records or criminal 
information. Another company depends on their Iraqi subcontractors to 
screen Iraqi applicants and may not have a clear understanding of how 
the screening takes place. According to officials from one of the 
private security providers we spoke with, their Iraqi subcontractor 
claims to have a screening process, and the provider trusts the company 
to provide qualified individuals. One company we spoke with told us 
that they rely on local tribal leaders to screen their employees. 
Finally, the Iraqi Ministry of the Interior also screens Iraqi private 
security employees as part of the registration and licensing process. 

Privacy Laws: Privacy laws may also make it difficult to complete 
accurate screenings on those who live outside of the United States. 
According to officials from background screening firms, some countries 
do not permit criminal background searches of their citizens or limit 
the type of information that can be released to a third party. In other 
countries, criminal information cannot be given to third parties and is 
only released to the applicant who can then determine whether to 
release the information. According to screening company officials, 
there are often issues related to the authenticity of documents 
provided by applicants. 

The Effectiveness of DOD's Biometric Screening in Iraq Is Limited 
Because of Missing Data: 

DOD conducts biometric screening of most non-U.S. private security 
provider employees needing access to installations in Iraq; however, 
the value of the screening process is limited because the databases 
used to screen the applicants have little international biometric data. 
In March 2005, shortly after a dining facility bombing at a U.S. 
installation in Iraq killed 14 U.S. soldiers and wounded at least 50, 
the deputy secretary of Defense issued a policy requiring the biometric 
screening of most non -U.S. personnel (including private security 
provider employees) seeking access to U.S. installations in Iraq. The 
goal of this policy is to improve force protection for U.S. and 
coalition forces in Iraq and to provide positive identification of 
local and third country nationals accessing U.S. facilities.[Footnote 
13] This policy requires that those seeking access to installations in 
Iraq be fingerprinted, photographed, have their irises scanned and be 
enrolled in one of two systems DOD uses to gather the required 
biometric data. The biometric screening is in addition to the in-person 
interview and screening of Iraqis (and some third country nationals) 
wishing to access a base or installation. 

Biometric information from the two installation access systems is sent 
to DOD's Biometric Fusion Center in West Virginia where it is merged 
with other biometric data to form the Automated Biometric 
Identification System (ABIS). The Biometric Fusion Center screens the 
applicant's data against the ABIS system as well as the FBI's 
Integrated Automated Fingerprint Identification System (IAFIS) 
database. The IAFIS database includes the fingerprint records of more 
than 51 million persons who have been arrested in the United States as 
well as information from databases maintained by other agencies such as 
the Department of Homeland Security, the Department of State and the 
International Criminal Police Organization (Interpol).[Footnote 14] 

While DOD's biometric screening process has successfully identified 
several persons seeking access to bases in Iraq who have criminal 
records in the United States, the lack of international biometric data 
limits its usefulness. According to an official from the FBI's Criminal 
Justice Information Services Division, the IAFIS database includes 
criminal fingerprint data from only a limited number of foreign 
countries because some countries are reluctant to share criminal 
history information and others do not have fingerprint repositories or 
do not collect fingerprints in a manner compatible with the FBI's 
system. In addition, although the IAFIS database includes about 50,000 
fingerprint records from Interpol, Interpol does not maintain a 
repository of all criminal offenses committed in the member countries. 
Instead, Interpol's criminal database is composed of wanted notices 
submitted by the member countries and the information is only retained 
for 5 years. Access to international criminal biometric information is 
vital to meeting DOD's goal of establishing the positive identification 
of local and third country nationals accessing U.S facilities in Iraq. 
Without access to foreign biometric information, DOD may find it 
difficult to determine if third country nationals may pose a threat to 
U.S. military and civilians in Iraq. 

There Are No Established Standards to Assist Contractors in Obtaining 
Suitable Security Providers: 

At the time we issued our report in July 2005, there were no U.S. or 
international standards that would establish security provider 
qualifications in such areas as training and experience requirements, 
weapons qualifications, and similar skills that are applicable for the 
type of security needed in Iraq. Security industry associations and 
companies have discussed the need for and desirability of establishing 
standards, but as of June 2006, no such standards have been developed 
or implemented. As we reported in our 2005 report, reconstruction 
contractors had difficulty hiring suitable security providers. 
Contractors replaced their security providers on five of the eight 
reconstruction contracts awarded in 2003 that we reviewed.[Footnote 15] 
Contractor officials attributed this turnover to various factors, 
including their lack of knowledge of the security market and of the 
potential security providers and the absence of useful agency guidance 
in this area. 

In our report, we recommended that the State Department, USAID, and DOD 
explore options that would enable contractors to obtain security 
services quickly and efficiently. Such options may include identifying 
minimum standards for private security personnel qualifications, 
training requirements and other key performance characteristics that 
private security personnel should possess; establishing qualified 
vendor lists; and/or establishing contracting vehicles which 
contractors could be authorized to use. In response to our 
recommendation, the State Department noted in November 2005 that it had 
met with representatives from DOD and USAID to discuss ways to assist 
contractors in acquiring security services. According to the State 
Department, all agencies agreed that it was not practical to prequalify 
vendors or establish contracting vehicles, in part due to concerns 
regarding the agency's liability if contractors failed to perform. 
Rather, they determined that they could best assist contractors by 
providing access to information related to industry best practices and 
other security-related material. 

Concluding Observations: 

Mr. Chairman, we believe two recommendations we made in our July 2005 
report continue to have merit and should be implemented. Specifically, 
we believe private security provider operations would be improved by 
(1) developing a training package for deploying units to Iraq that 
would provide information on the ROC, private security providers 
operating procedures, and any MNF-I or MNC-I guidance on private 
security providers and (2) further exploring options to assist 
contractors in obtaining suitable security providers. Further, U.S. 
military officials who have been in Iraq or who we interviewed during 
our May 2006 visit stated that coordination between the military and 
private security providers should be required. Given the increased risk 
both parties are subject to when private security providers do not 
coordinate their activities with the military, we believe U.S. 
government agencies using private security providers in Iraq may want 
to consider such a requirement utilizing the ROC as the focal point for 
such a requirement. Additionally, based on our preliminary 
observations, incomplete criminal background screenings may contribute 
to an increased risk to military forces and civilians in Iraq. The 
military would benefit by reviewing the installation security measures 
in place in Iraq to ensure that the risk private security contractors 
may pose has been minimized. Lastly, as noted in our July 2005 report, 
our experience in Iraq has made us aware that future operations may 
include reconstruction efforts in an unstable or deteriorating security 
environment, thus requiring extensive use of private security 
providers. Given their important role in Iraq, planning that includes 
the use of private security providers will need to be incorporated in 
future military operations and reconstruction efforts. 

Mr. Chairman and members of the Subcommittee, this concludes my 
prepared statement. I will be happy to answer any questions you may 
have. 

GAO Contacts and Acknowledgments: 

For questions regarding this testimony, please call William Solis at 
(202) 512-8365. Other key contributors to this statement were Vincent 
Balloon, Carole Coffey, Grace Coleman, Laura Czohara, Gary Delaney, 
Timothy DiNapoli, and Wesley A. Johnson. 

FOOTNOTES 

[1] GAO, Rebuilding Iraq: Actions Needed to Improve the Use of Private 
Security Providers, GAO-05-737 (Washington, D.C.: July 28, 2005). 

[2] The national ROC is located in Baghdad with six regional centers 
collocated with the military's major subordinate commands. 
Participation is open at no cost to all U.S. government agencies, 
contractors, and nongovernmental organizations operating in Iraq. The 
ROC and the regional centers are staffed with a combination of 
military, U.S. government civilian, and contractor personnel and 
provide such services as disseminating unclassified intelligence 
information and specific threat assessments on future building sites 
and planned vehicle routes to contractors; recording information about 
incidents and threats to coalition forces; facilitating military 
assistance, such as a quick reaction force or medical services, to 
contractors in need; and facilitating communication between contractors 
and U.S. military units. 

[3] A third country national is a person working for a contractor who 
is neither a citizen of the United States nor the host country. 

[4] A biometric measures a person's unique physical characteristics 
(such as fingerprints, hand geometry, facial patterns, or iris and 
retinal scans) or behavioral characteristics (voice patterns, written 
signatures, or keyboard typing techniques) and can be used to recognize 
the identity, or verify the claimed identify, of an individual. 

[5] On one additional 2003 contract, the contractor provided its own 
security. 

[6] GAO, Rebuilding Iraq: Governance, Security, Reconstruction, and 
Financing Challenges, GAO-06-697T (Washington, D.C.: April 25, 2006). 

[7] The CPA served as Iraq's interim government from April 2003 to June 
28, 2004, and was responsible for overseeing, directing, and 
coordinating rebuilding efforts. 

[8] Military Extraterritorial Jurisdiction Act 18 U.S.C. 3261. 

[9] Special maritime and territorial jurisdiction provisions of 18 
U.S.C. 7(9). 

[10] War Crimes Act 18 U.S.C. 2441. 

[11] Department of State, Report to Congress, Section 2207 Report on 
Iraq Relief and Reconstruction, January 2006. 

[12] Multi-National Force-Iraq is responsible for counter-insurgency 
operations to isolate and neutralize former regime extremists and 
foreign terrorists and for organizing, training, and equipping Iraq's 
security forces. Multi-National Corps-Iraq is the tactical unit of MNF- 
I responsible for command and control of operations in Iraq. 

[13] At the time of our visit to Iraq in May 2006, only a limited 
number of bases were using the biometric information to verify the 
identities of contractor employees accessing the base on a daily basis. 

[14] States voluntarily provide fingerprint records to the FBI for 
inclusion in the IAFIS database. According to FBI officials, not all 
persons arrested and convicted of crimes in the U.S. are included in 
the IAFIS database. 

[15] On one additional 2003 contract, the contractor provided its own 
security. 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts 
newly released reports, testimony, and correspondence on its Web site. 
To have GAO e-mail you a list of newly posted products every afternoon, 
go to www.gao.gov and select "Subscribe to Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office 441 G Street NW, Room LM 
Washington, D.C. 20548: 

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 
512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. 
Government Accountability Office, 441 G Street NW, Room 7125 
Washington, D.C. 20548: 

Public Affairs: 

Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 
U.S. Government Accountability Office, 441 G Street NW, Room 7149 
Washington, D.C. 20548: