03/29/2011 11:53 am ET | Updated May 26, 2011

Improving the Contractor Control Status Quo

Many critics argue that there is insufficient control over private military and security contracting. While it is true that there is still a way to go in that regard it is also true that some significant steps have been taken. But even improvements can have their own problems. Sometimes it seems like a case of two steps forward and one step back.

A paper "Controlling the Corporate Warrior in Iraq" by David Strachan-Morris of the University of Leicester, presented at the recent conference of the International Studies Association in Montreal, illustrates the point.

As Strachan-Morris writes with typical British reserve:

There were essentially three sets of mechanisms through which attempts were made to control PMSCs in Iraq. The first was the use of legislation and regulations. The second was the use of a monitoring system to track the movements of PMSCs and render assistance when necessary. The third was the provision of intelligence products that enabled PMSCs to plan their movements to avoid potential trouble spots, in the hope that this would reduce the likelihood of armed confrontations with the civilian population. As with most other aspects of the war, though, there was no plan for the presence of so many armed contractors on the battlefield and, therefore, all of these measures were introduced as ad hoc solutions. While the issues created by the presence of PMSCs on the battlefield were resolved to a limited extent, creating solutions in the midst of operations was not ideal.

"Not ideal" is certainly one, polite, way of putting it. Others, recalling the conditions that prevailed back in the early years of the U.S. and other foreign forces in Iraq, would put it more colorfully.

Strachan-Morris starts by examining the Reconstruction Operations Centers (ROC), established in October 2004, and the Contractor Operations Centers (CONOC).

The ROC provided four essential services: it allowed the military to track the movements of contractors on the battlefield; it provided a mechanism for contractors to inform the military of their future movements and report incidents; it was a means of co-coordinating military assistance for contractors in trouble; and, it provided threat information to allow contractors to avoid potential trouble spots and thereby reduce the potential burden on the military.

Strachan-Morris notes, "the Nisoor Square shootings in September 2008 showed up some of the flaws in the system; not all DoD and State Department contractors were monitored because of the nature of their contracts and the ROCs were not physically located within the headquarters of the major commands, so communication was not as effective as it could have been. The system was refined to take account of these flaws, with the introduction of the Contractor Operations Centers (CONOC), but still left a large number of contractors outside the system.

Of course, any system, even with flaws, is still preferable to the ad hoc, make it up as you go along environment that existed when the United States invaded Afghanistan and especially so in Iraq.

With regard to the first mechanism, i.e., legislation and regulations, Strachan-Morris found that, "This was a wholly unsatisfactory arrangement because it was never clear which laws and regulations applied or who had jurisdiction over the contractors." One of the best known examples was Coalition Provisional Authority Order 17, which gave contractors immunity from prosecution under Iraqi law. Remember that contrary to critics claims Order 17 never provided provide complete immunity from prosecution and thus there was nothing unusual with CPA Order 17. But the difficulty it was not supported by a coherent mechanism for exercising judicial control over contractors once immunity from local judicial process was established.

To start with, there were difficulties with even exercising jurisdiction over US citizens working as contractors for the DoD. The two main pieces of legislation that could have been used, the Uniform Code of Military Justice (UCMJ) and the Military Extraterritorial Jurisdiction Act (MEJA), needed some amendment before they could be applied to contractors. Even then, the wording of the subsequent amendments has been imprecise and ambiguous, with lawyers still debating the practicalities of conducting prosecutions under these acts. This problem is exacerbated when it came to contractors from third country nations that did not have any official representation in Iraq. The South African contractors are a case in point; they were not 'sent' by their state in the sense of the definition of 'sending state' in CPA Order 17, nor was South Africa part of the coalition, and there is still no official South African diplomatic representation in Iraq. Therefore there was (and still is) no organization that could provide jurisdiction over a South African contractor in the event of any allegations against them.

In Strachan-Morris's view the problem of controlling contractors was exacerbated by the policies set by their client, i.e., the U.S. government.

A large part of the problem was the fact that shooting at civilian vehicles that came close to PMSC convoys appeared to be justified by the Rules of Engagement (ROE) contained within CPA Order 17, later revised as Rules for the Use of Force (RUF) under Annex C to Multinational Force - Iraq (MNF-I) Order Number 09-109. It became routine for PMSC convoys to fire at civilian vehicles that came too close because of the suicide car bomb attacks that killed a number of PMSC employees, particularly in late 2004 and early 2005. The combined effect of the apparent immunity of CPA Order 17 and the ROE led to a culture in which risk was transferred to the civilian population as the PMSCs emphasized the protection of their client over the potential harm to the local community.

Talk about outsourcing! In this case risk of injury and death was outsourced to the Iraqi civilian population. And what was the thinking of the U.S. government regarding legal jurisdiction over contractors? Who knows?

The attitude of the US government towards the issue of legal jurisdiction over contractors was summed up in a State Department email in response to a request by a reporter who wanted background information on the legal aspects of a story he intended to file on private security details (PSDs):

The reporter wants to have a backgrounder with someone who can explain what legal mechanisms are in place to hold private security contractors accountable in the event of wrongful death or criminal acts, but we should deny the backgrounder. Because as for the legal jurisdiction under which a PSD operates, this is where things get hazy. There is no Uniform Code of Military Justice for PSDs. Private security contractors fall under CPA General Rule 17, which grants private security contractors immunity from prosecution in Iraqi courts. In wrongful deaths where deadly force was authorized, if the PSD is found negligent, the only recourse is dismissal. In cases where there was clear criminal intent, a criminal case could hypothetically be pursued in U.S. federal court, but this has yet to happen out here.

The bottom line regarding regulation was that, "CPA Order 17 was applied without the necessary legislative framework to support it and the unintended consequences were that the PMSCs were seen as totally unaccountable for their actions. The PMSCs contributed to the problem by adopting the same risk-transfer culture as the military. The fact that the US government appeared unaware of the legal situation, or was unwilling to be pro-active on the matter, only exacerbated the situation."

Moving on, how effective was the monitoring system? Between mid-2003 and early 2004 contractors began to suffer casualties throughout Iraq, often due to lack of knowledge of the situation in the areas in which they found themselves. Between April 2003 and April 2004, 42 contractors were killed in 31 incidents. The Department of Defense decided to establish a means of gaining oversight over the movements of PMSCs and providing them with the intelligence assistance they required. In May 2004 a contract was issued by the Pentagon's Project and Contracting Office (PCO) to Aegis Defence Services to establish a network of Reconstruction Operations Centers (ROC) to co-ordinate the reconstruction effort, including PMSC movements, and create a central intelligence dissemination system providing unclassified information to security contractors.

The Reconstruction Operations Center network was formally established in the late summer of 2004. It consisted of a National Reconstruction Operations Center (NROC) in Baghdad and six Regional Reconstruction Operations Centers (RROCs) throughout the country. The operations, communications, and intelligence personnel were provided by Aegis Defence Services (now Aegis Specialist Risk Management) under the PCO contract. In early 2005 the PCO contract was terminated and new one issued, passing responsibility for the ROC system from the PCO to the Gulf Region Division (GRD) of the US Army Corps of Engineers. Aegis was still the contractor and the company also became one of the security providers for the GRD.

The ROC indisputably improved things. Under the ROC system, PMSCs submitted notification of their movements to the ROC, which passed this information on to the coalition forces. The missions were then tracked by the ROC, using transponders that had been placed on one or more vehicles in the convoy. In the event of an emergency, the transponders had an 'emergency button' that, when activated, would alert the ROC. The ROC staff would then coordinate communication between the PMSC and the coalition forces to provide assistance. Between January 2005 and July 2005 the number of daily missions being tracked by the ROCs increased from fewer than 10 to an average of 110. A total of 84 organizations (PMSC, military, diplomatic, and NGOs) used the various ROC services, which included coordination of a quick reaction force and medical assistance to PMSCs in an emergency and intelligence services, which are dealt with in the next section.

On the other hand, "The fact that PMSCs were effectively kept at arm's length ― i.e., by communicating with them through the ROCs ― had a significant impact on the relationship between PMSCs and the military. While it is fair to say that good relations were possible between military units and PMSCs, mainly as the result of individual efforts, there was some institutional hostility towards the contractors."

The source of the tension was the fact that there was still no clear mechanism for PMSCs to be held accountable for their actions.

The problem was that the system in place provided neither coordination nor control, but simply passive monitoring and reaction to incidents. There was no means by which the military and the PMSCs could reconcile their two missions. While the military were trying to fight an active insurgency, the PMSCs had a responsibility toward the clients they were carrying. These clients were often unarmed civilians who needed to be transported to reconstruction sites or to meetings at Iraqi government ministries and these journeys frequently took them through trouble spots. PMSC convoys did not have the capability to stop and deal with any damage they had caused, because they lacked the support available to military units and felt that their responsibility lay in removing the client from the potential threat.

To their credit the military and contractors worked to improve the situation. Following the Blackwater shooting incident at Nisoor Square in September 2007, the Departments of Defense and State agreed to formulate a joint policy on control of PMSCs in Iraq. Contractor Operations Centers (CONOC) were established which were co-located with the headquarters of the divisions operating in Iraq, to coordinate the movements of PMSCs under contract to the Department of Defense and the Department of State. The orders also established an Armed Contractor Oversight Division (later the Armed Contractor Oversight Branch), putting responsibility for PMSC oversight into a single agency within the military command for the first time. The 2007 order was updated by further orders in 2009 and 2010, which put greater responsibility upon the division headquarters and incorporated a set of clauses that were to be inserted into all DoD contracts to ensure compliance with the improved co-ordination and accountability mechanisms for PMSCs. Perhaps the most significant change was that local commanders had an input into the decision making process. PMSC movement notification requests now go through the chain of command to the tactical unit on the ground, which decides whether or not to grant the request and allow the PMSC into their area of responsibility. The tactical unit also has an input into the route, so it can help the PMSC avoid potential trouble spots.

As far as the PSCs were concerned, the services provided by the CONOCs were essentially the same as the ROC. They did, however, expect some benefit in closer integration with the military, particularly with improved response times in the event of an incident. The major change was the improvement in military monitoring and oversight of their activities.
Perhaps even more significantly, however, the latest orders have also formally established a mechanism for holding PMSCs accountable for their actions on the ground. All PMSCs are now required to report serious incidents in their entirety within 96 hours to the US military and to report the incident to the Iraqi Police. The contracting agency is also required to carry out a full investigation, which can result in a number of outcomes that can range from a Letter of Concern to the PMSC all the way to a full criminal investigation. This does not preclude investigations by the tactical commander or any other commander in the chain of command.

While the system still has problems, in regard to recording everything in the proper databases and using common definitions of incidents it is inarguable that since the end of 2004 monitoring of PMSCs has improved considerably.

The final mechanism, the military providing intelligence to contractors, is the clearest success story. The establishment of an intelligence interface between the US military and PMSCs was one of the most heavily regulated aspects of the relationship between the military and PMSCs but also provided a model of cooperation between the two 'communities,' given the level of trust that developed.

The ROC provided a daily graphical intelligence report each morning, a written intelligence summary with more in depth analysis each evening, and the basic data on incidents over the previous 24 hours in a spreadsheet format that PMSCs could import into their own databases or mapping software. While this in itself was not quite enough for PMSCs to plan their missions in detail, it was enough for their own intelligence analysts to do this for them. The ROC also provided a wider intelligence function by allowing reconstruction agencies to submit requests for information and obtain in depth reports on the security situation in areas where reconstruction sites were located. This information was provided via a website, to which PMSCs, non-governmental organizations, and reconstruction agencies were granted access after their bona fides were established - as the information was still technically owned by the DoD it could not be distributed to unauthorized users outside Iraq.

While in the beginning there were difficulties, given a lack of guidance on how the interface should work, reliance on local ad hoc arrangements, and giving information to non-U.S. contractors who lacked required clearances by mid-2005 the interface was firmly established: the ROCs were being provided with information by the military and the NROC was able to disseminate useful intelligence products to the PMSC community and a growing number of military organizations that had no direct intelligence access themselves.

Strachan-Morris concludes that "Creation of the intelligence interface between the military and PMSCs achieved a number of things. First, it provided the PMSCs with the information they needed to avoid trouble spots, which should have reduced the number of shooting incidents and reduced the burden on the military. Second, it proved that proper oversight and control mechanisms could be put in place over PMSCs. Third, and most importantly, it provided a means by which the concerns and interests of those on both sides of the fence could be communicated."

For those keeping score the final tally works out to about 1.5 points each for the good and bad aspects of the three mechanisms Strachan-Morris examines; essentially a tie. On the bright side the military and contractors know clearly know what works brilliantly and what needs improvement. That gives both sides time to fix things before the next war, oops; I mean "stability operation." In other words, as Morris concludes the time for action is now, not later.

But the piece that is still lacking is the integration of the PMSCs' mission with that of the military. It is still important to ensure that the PMSCs do not interfere with the efforts of the military to conduct their operations, whether they are fighting a full scale war, conducting counterinsurgency operations, or executing a peacekeeping mission. The need for commanders to be fully aware of contractors operating in their area is addressed in the US Army/Marine Corps Counterinsurgency Manual (FM 3-24) but arguably it is too late to do this when the unit has arrived in country. The greatest lesson of Iraq is that all agencies need to work together before the contingency arises. Not only do there need to be legal and contractual frameworks in place but the military and PMSCs need to make the most of opportunities to interact, possibly even engaging in joint training, and find way to integrate their operations. Initiatives like the ROC in Iraq need to become preventions rather than cures.