FLETCHER SECURITY REVIEW
The Security Studies Journal of the Fletcher School, Tufts University
Article from Vol.2 No.1: Money & War
Dr. Ian Ralby 12 January 2015
On 16 September 2007, the accountability of private armed contractors became a global concern. A team of armed guards from the US company Blackwater Worldwide, operating on a US State Department contract, opened fire that day in Baghdad’s Nisor Square, killing seventeen Iraqi civilians and injuring an additional twenty. It took more than seven years before four of the individuals responsible were ultimately convicted of either first degree murder or voluntary manslaughter by a jury in a U.S. Federal District Court. A fifth member of the Blackwater team had previously pleaded guilty to manslaughter. The initial lack of consequences and the slow speed of justice provided the watchful world with strong evidence that armed contractors operate in a zone of legal twilight, devoid of accountability.
The rise of private armed contracting was one of the most distinctive operational developments of the wars in Iraq and Afghanistan. Erik Prince, founder of Blackwater, famously stated: “Our corporate goal is to do for the national security apparatus what FedEx did to the postal service.” Throughout both conflicts, the hiring policies of several Western governments, particularly those of the United States, helped Blackwater and numerous other companies move toward that goal. By December 2008, for example, 69% of the United States’ total force in Afghanistan was comprised of private contractors, roughly 15% of which were armed. While there are no reliable statistics on the size of the global private armed security industry, there is little doubt that it has grown and contracted with the surge and decline of Western engagement in armed conflict. New conflicts on the horizon, however, suggest the possibility of a resurgence of the industry, reigniting concerns about accountability.
The proliferation of private armed security companies has coincided with a proliferation of initiatives aimed at developing accountability for the industry. Numerous codes, standards, mechanisms and proposals – developed by governments, international organizations, civil society groups, private companies, trade associations, individuals, academics and multi-stakeholder bodies – have sought to address different issues surrounding armed contractors. Most of them, however, have been developed in response to incidents that already occurred. This reactive approach to accountability, while useful for addressing past problems, may leave the industry exposed to future problems. In other words, a code, standard or mechanism set up to prevent another Nisor Square incident may be very effective in doing so, but may fail to prevent a different and even more worrying incident in the future.
This article begins with a brief overview of the most credible accountability initiatives, suggesting that the resulting collection forms a patchwork, rather than a framework for governing the conduct of armed contractors. The analysis then focuses on the process of selecting contractors, with a particular emphasis on the US Government. While cost has been a key factor in determining selection, the various initiatives discussed have made it possible for accountability and quality to be added as essential metrics. Ultimately, however, the failure of the accountability initiatives to remain current, much less forward-looking, means that the objective determinants of ‘accountability and quality’ may not be fit for purpose as the US and other Western powers begin to engage the services of armed contractors for assistance in new conflicts.
The Montreux Document
On 31 March 2004, the global public had never heard of Blackwater Worldwide and was largely unaware that private armed contractors were operating across Iraq and Afghanistan. That day, however, four ex-US servicemen working for Blackwater on a State Department contract were ambushed in Fallujah. They were killed, their bodies were dragged through the streets and burned, and their corpses were hanged from a bridge. The next day, the gruesome images of the ill-fated contractors shocked the world. There was a huge amount of sympathy for these Americans who met such a horrific demise, but many began questioning what they were doing there in the first place and whether their presence was legal. Eventually, the international community began to try to answer those questions.
By the time Blackwater’s Nisor Square incident occurred in September 2007, the “Swiss Initiative,” led by the International Committee for the Red Cross (ICRC) and the International Law Division of the Swiss Foreign Ministry, was already working to develop international guidance for private armed contracting. The first output of that initiative was the Montreux Document on Pertinent International Legal Obligations and Good Practices for States related to Operations of Private Military and Security Companies during Armed Conflict. Following a series of intergovernmental and expert meetings, seventeen initial states established the Document on 17 September 2008. It sets forth 27 paragraphs restating international legal obligations relevant to private security contracting and an additional 73 paragraphs detailing “good practices” for states (and potentially other entities) as they interact with the industry.
Currently, fifty-one countries, the European Union (EU), the North Atlantic Treaty Organization (NATO), and the Office for Security and Cooperation in Europe (OSCE) have endorsed the Montreux Document, making it the most widely supported international instrument specifically concerning private security companies. While the Document neither creates nor alters international legal obligations, its “good practices” section, if implemented, could aid in the development of a new body of customary international law. This means that, if states conform to the principles expressed in the Document, those principles will, over time, become obligatory rather than voluntary.
The ICoC and the ICoCA
The Montreux Document is focused on states, but in instances such as the Nisor Square shootings, it is the actions of the contractors at issue. Consequently, some of the experts and government officials involved in the Montreux drafting process recognized that it was also necessary to develop guidance that would raise the standard of the industry itself. Without the participation of the ICRC, the Human Rights Division (rather than the International Law Division) of the Swiss Foreign Ministry led a multi-stakeholder process from 2009 to 2010 to develop a code of conduct for private security providers. Three states – Switzerland, the US and the UK – an unspecified number of civil society organizations, and most of the major private security companies from Western states, as well as a few from the developing world, worked together with a number of experts, academics and clients of the armed contractors, to develop a code that would raise the bar for the industry. The resulting International Code of Conduct for Private Security Service Providers (ICoC) was signed into existence on 9 November 2010 by an initial fifty-eight companies. That number ultimately swelled to 708 signatories before signature was replaced by membership in the Association discussed below. While many signed in order to commit to the Code’s principles, signature also became a prerequisite for procurement and for membership in trade associations, thereby driving up the numbers.
Understanding the Code’s significance requires a basic understanding of human rights law. International human rights laws apply to states, not directly to individuals. States are required to implement, through domestic legislation, the human rights principles contained in those laws. By signing the Code, private security companies voluntarily agree to abide by the principles of international human rights law, regardless of whether the relevant jurisdiction has incorporated them domestically. In addition to these human rights elements, the ICoC mandated two follow-on processes: the development of formal standards and the establishment of oversight mechanisms.
The Swiss continued to serve as the convener and facilitator for the development of what became a unitary oversight mechanism. Following several years of work by a Temporary Steering Committee comprised of three governments – the US, UK, and Australia – three civil society groups – Human Rights First, Human Rights Watch and the Geneva Centre for Security Policy – and four private security companies – Triple Canopy, Drum Cussac, Garda World and Aegis – the International Code of Conduct Association (ICoCA), launched on 19 September 2013. It is responsible for certifying companies under the ICoC, monitoring compliance with the ICoC, and hearing grievances concerning violations of the Code. The ICoCA is overseen by the Montreux Document Forum, a collection of interested states already participating in the Montreux Document. The Association, however, has yet to become fully operational. Signature of the ICoC alone has ceased, as the emphasis is now on companies participating in the Association. So far, 140 companies have become members.
The multi-stakeholder initiatives that created the ICoC and ICoC Association were essentially self-governing ad hoc processes. Standards, on the other hand, are developed and implemented through formal procedures situated within an extensive set of national and international institutions. Following completion of the ICoC in 2010, the United States Department of Defense contracted ASIS International, the premier security-related standards drafting organization, to develop formal standards for private security companies in line with the ICoC. ASIS determined that the standards would be best developed under the rules of the American National Standards Institute (ANSI) and then converted into international standards under the International Organization for Standardization (ISO) – a process that essentially involves different national bodies working together to make sure the standard is as good as possible and not slanted toward any one state. Four standards were developed in the series, but only two are relevant to the present analysis.
The ANSI/ASIS PSC.1 Standard, developed by a Technical Committee of over two hundred people from twenty-six different countries, is by far the most detailed instrument relevant to the regulation, governance and oversight of the private security industry. It is the flagship Standard of the ANSI/ASIS PSC Standards Series which seek to operationalize the ICoC within a formal structure familiar to businesses. That structure, with both national and international supervision, provides auditable procedures for the development, certification, and monitoring of ongoing compliance. PSC.1 pushes the envelope with regard to business standards as the first to incorporate human rights requirements. The ICoC’s purpose was primarily to commit signatories to human rights principles regardless of whether they were so obligated by law. The PSC Standard Series takes that voluntary commitment a step further and requires companies, in order to be certified, to have adequately incorporated compliance with international human rights principles into their operating policies and procedures. The PSC.1 Standard is currently in the process of being converted into a full international Standard, ISO 18788.
Given the unusual nature of the PSC.1 Standard, it was understood from the outset that a second Standard would be needed to set forth the requirements for auditing PSCs. A conformity assessment standard, PSC.2 is based on ISO 17021 – the general standard for auditors – but tailored specifically to the unique needs of the PSC industry and the PSC.1 Standard. This Standard focuses on the expertise required to assess companies operating in the most challenging environments on Earth. Traditional auditors, accustomed to examining more conventional businesses, typically lack the discernment and expertise necessary to understand the legal, human rights, and operational requirements of the PSC Standards. PSC.2 therefore provides an extensive list of competencies such as familiarity with the “Terminology, practice, and understanding of the rule of law and use of force … human rights impact assessment … methods for personal security and protection of persons … [and] methods and practices for continuity, emergency and recovery management.” Given the breadth of skills needed, it suggests the use of audit teams, as few individuals would be able to address all the issues competently. So PSC.1 sets out what companies need to do and PSC.2 sets out how to audit those companies and their activities.
UN Guiding Principles on Business and Human Rights
In addition to the industry-specific elements of the Montreux Document, the ICoC, the ICoC Association, and the PSC Standards Series, a number of general business and human rights initiatives are relevant to the operation of private security companies. The most significant is the UN Guiding Principles on Business and Human Rights, a set of thirty-one principles that stipulate how businesses incorporate human rights considerations into their operations – regardless of whether applicable law actually imposes human rights obligations (much like the ICoC). Conceptually, the Guiding Principles espouse a tripartite framework of “Respect, Protect, Remedy.” The elements are: “the State duty to protect against human rights abuses by third parties, including business; the corporate responsibility to respect human rights; and the need for more effective access to remedies.” While non-binding, the Guiding Principles are increasingly informing the dialogue surrounding businesses, including private security companies, that operate transnationally. Some governments, including the UK, are beginning to incorporate them into national policy.
The Patchwork Problem
This rather brief overview of the most credible accountability initiatives paints a rather disjointed picture. While there are certainly connections between the Montreux Document, the ICoC, the ICoC Association, PSC.1, PSC.2 and the UN Guiding Principles, those connections are not always clear or explicit. Furthermore, the various initiatives do not seamlessly fit together. For example, what relationship is there between the independent certification of companies under PSC.1 and the certification of member companies of the ICoC Association? Do auditors of private security companies need to ensure compliance with the UN Guiding Principles? These unanswered questions hinder the potential effectiveness of the patchwork of initiatives. While efforts are ongoing to make the various elements of accountability work together, there may be a growing urgency to that need.
The US and its allies are increasingly engaged in military activities to combat ISIS, and several other conflicts seem to be bubbling in different parts of the world. On 22 September 2014, popular American commentator Bill O’Reilly proposed the creation of a private army of 25,000 specially trained contractors to address the situation in the Middle East. While the proposal has not gained serious traction, it is an indication that private armed contractors are seen as a means of avoiding a serious military engagement. Consequently, contractors may be asked to take on new responsibilities and become involved in new ways.
While legal concerns certainly restrict how contractors can be used, private security companies are already encountering issues that are not addressed in the accountability patchwork. For example, contractors are increasingly being hired to direct and oversee the activities of foreign military or police personnel. What responsibility do such contractors have if the foreign personnel violate international law or commit human rights violation under their watch? Many new issues also arise with regard to the use of remotely operated technology. Does a contractor, employed by a state, operating a drone or weapons system, for example, have responsibility for killing civilians? These are just some of many complex and unanswered questions not addressed by regulatory initiatives to date.
Selecting Private Security Today
Despite the volume of accountability initiatives and the involvement of various governmental bodies in them, it is still unclear what will guide the selection of armed contractors for future conflicts. In May 2012, for example, the then US Deputy Assistant Secretary of State for Democracy, Human Rights, and Labor, Daniel Baer, gave a speech at a conference in London hosted by the UK Foreign and Commonwealth Office and the Security in Complex Environments Group (SCEG). In the question and answer period, he was asked directly whether the United States Department of State, on whose contracts most of the major scandals of the Iraq and Afghanistan wars had occurred, had any intention of using the various regulatory initiatives in which it was participating as a prerequisite for its own procurement. He could not respond in the affirmative and was unable to shed light on how the State Department would proceed to incorporate accountability measures. Two years later, following extensive internal and external discussions, the State Department has said it will incorporate PSC.1 compliance and ICoCA membership into its next major contract, but it has not yet done so.
In contrast, the 2011 US National Defense Authorization Act (NDAA) mandated that the Department of Defense develop and implement business and operational standards for private security contractors. Given that the Department funded the ANSI PSC Standards Series, it is not surprising that conformance to the Standards is now a prerequisite for procurement.
This is a significant change from the approach of the last decade. Lowest Price Technically Acceptable (LPTA) is the regulatory requirement often invoked for selecting contractors on government contracts. In many ways, LPTA contracting is the bureaucratic response to concerns about waste in government expenditure. Ironically, it restricts the focus to cost, rather than quality or accountability, under the guise of “value.” The great advantage of the NDAA 2011 requirement that private security companies be certified to a standard in order to be eligible for procurement is that it mitigates the LPTA requirements. Prior to that requirement, if fifty companies bid on a contract, under the LPTA metric the government might have been forced to choose the contractor technically able to perform most cheaply, but likely to perform badly on other important but harder-to-measure dimensions, such as incorporation of international law and human rights norms into operating procedures. Today, on an identical contract, there may only be three or five companies that have managed to go through the certification process to even be able to bid. The legal requirement of NDAA 2011 has infused quality and accountability into the procurement process while still emphasizing “value.”
This schism between US State Department and Defense Department contracting brings up the first issue that the next wave of wartime contracting will face. Governments are not homogeneous entities. So while a country may be participating in the Montreux Document, may hold a spot on the Montreux Document Forum, may hold a seat on the ICoCA and may publicly advocate the UN Guiding Principles, differences of process and priority among different government departments may lead to a cluttered battlefield with higher price, higher quality, more accountable contractors alongside low cost, low quality, unaccountable contractors working for the same government.
The second issue, as has been noted, is that these initiatives do not comprehensively address all the issues that have arisen to date. The various initiatives have been and will continue to be extremely helpful in raising the professionalism, quality, accountability and reliability of the industry, but they will not resolve murky areas of legal twilight. Even under the accountability initiatives, there is still a chance that issues will arise that are simply not covered. There is the potential, therefore, that incidents involving “certified” contractors will carry substantial backlash against all the accountability initiatives. Legal issues not addressed by the regulatory initiatives could lead to some or all of the initiatives being tarnished or even abandoned for ineffectiveness, reverting the process of selection back to a simple determinant of lowest cost.
Finally, many of these regulatory initiatives were designed to address what happened in Iraq and Afghanistan between 2001 when the Coalition entered Afghanistan and 2010 when the ICoC was completed. They do not address future issues that may arise. As noted, the current initiatives form a disconnected patchwork plagued by gaps and uncertainties. As new operations unfold, the initiatives will need to be revisited to make sure that the standards being set match the operation of the industry. Otherwise, a government may be selecting based on quality, but quality for the wrong job.
The proliferation of private armed contractors in zones of armed conflict was followed by a proliferation of initiatives aimed at establishing accountability for the industry. Some of those initiatives, paired with new procurement rules for government departments in several countries, have shifted the focus from cost to accountability in selecting companies to provide armed security. As the world faces a likely upsurge in this sort of contracting, it remains to be seen whether the extensive regulatory, governance, and oversight efforts of the last decade will prove effective in ensuring higher quality, more responsible armed contractors, or whether gaps in the system will lead to the rejection or circumvention of those accountability measures in favor of the lowest priced contractors. Failing to address these foreseeable complications may prove detrimental to the private security industry, to the credibility of governments employing armed contractors, and to the overarching aims of international security.
About the Author: Dr. Ian Ralby is a recognized expert on the regulation, governance and oversight of private security companies and has been advising governments on the subject for over five years. As a lawyer, he advises clients on a range of international law, international relations and transnational security matters. He holds a J.D. from William & Mary Law School and a Ph.D. in Politics and International Studies from the University of Cambridge.
 Matt Apuzzo, Blackwater Guards Found Guilty in 2007 Iraq Killings, N.Y. Times, 22 Oct. 2014, available at http://www.nytimes.com/2014/10/23/us/blackwater-verdict.html?_r=0.
 Jeremy Scahill, Blackwater: The Rise of the World’s Most Powerful Mercenary Army, 55 (2007).
 Moshe Schwartz, Department of Defense Contractors in Iraq and Afghanistan: Background and Analysis, CONGRESSIONAL RESEARCH SURVEY, 14 (2 July 2010), available at www.fas.org/sgp/crs/natsec/R40764.pdf.
 The Montreux Document on Pertinent International Legal Obligations and Good Practices for States related to Operations of Private Military and Security Companies during Armed Conflict, U.N. doc. A/63/467-S/2008/636, ¶ 1 (2008) available at http://www.eda.admin.ch/psc
 Participating States of the Montreux Document, International Committee of the Red Cross, available at, http://www.eda.admin.ch/eda/en/home/topics/intla/humlaw/pse/parsta.html
 The International Code of Conduct for Private Security Service Providers (2010), available at http://icoc-psp.org/
 Articles of Association of the International Code of Conduct Association (2013), available at http://www.icoca.ch/en/articles_of_association.
 ANSI PSC.2 7.3.5 (f), (i), (n), (r).
 CBS News, Bill O’Reilly Proposes Mercenary Army to Fight Terror, 23 Sept. 2014, available at http://www.cbsnews.com/news/bill-oreilly-on-creating-mercenary-army-with-troops-from-across-world-to-fight-terror/.
 48 CFR 15.101-2