Tag Archives: Government Surveillance

Invasive Police Aerial Surveillance Is Widespread

Standard
Drones Watching

Image ACLU California

‘THE PROJECT ON GOVERNMENT OVERSIGHT (POGO)”

“While the greatest risks posed by drones and aerial surveillance lay ahead as tech continues to advance and becomes more powerful, easier to automate, and cheaper, there are already significant threats.

Drones, which already possess so much surveillance power, are widespread and broadly in use by police departments throughout the country.”


“In recent years, we’ve seen significant efforts to roll back the mass surveillance that technological advances have permitted on an unprecedented scale. In 2015, Congress passed the USA FREEDOM Act to ban bulk collection of sensitive information such as Americans’ communications metadata. And this year, the Supreme Court ruled that tracking an individual’s location from their cell phone required a warrant, creating a privacy protection even though it involved public activities. But amid these victories for privacy rights, another form of surveillance has been quite literally rising up all around us: aerial surveillance. And this snooping from the skies most often comes in the form of police departments across the country deploying powerful drones.

Aerial surveillance and the broad use of drones threaten to undermine the progress made in recent years to prevent unreasonable location tracking and government stockpiling of sensitive, personal information. With existing and emerging technologies, government may be able to use aerial surveillance to track our movements en masse and catalog participation in constitutionally protected activities such as protests, religious ceremonies, and political rallies.

Aerial Surveillance Can Be Incredibly Invasive

Existing technology that is affordable and in wide use allows law enforcement to spy on individuals over huge distances. The most prominent example is the DJI Zenmuse Z30 camera, which can be affixed to commonly used drone models such as the Inspire 2 and the Matrice. Chinese manufacturer DJI, the drone maker most favored by U.S. law enforcement, promotes the Zenmuse Z30 by describing it as “the most powerful integrated aerial zoom camera on the market with 30x optical and 6x digital zoom for a total magnification up to 180x.”

Demonstration of digital and optical zoom capacity with footage claims to be taken at a 3.7 mile distance. (Note: The video claims to use a Matrice 600 drone with a DJI Zenmuse Z30 drone camera)(Source: SkyLink Japan / YouTube)

The implications of this are profound, and frightening. With this technology, law enforcement can use small and inconspicuous drones to snoop on individuals from thousands of feet away, and even watch activities occurring several miles away with a good degree of precision. In an aerial space, these drones can easily move to adjust view and overcome obstacles that make this type of long distance surveillance impossible from ground level.

Invasive Aerial Surveillance is Cheap

In addition to the surveillance powers modern drones possess in terms of long-distance monitoring, automated identification, and automated tracking, technological advances are making aerial surveillance an exponentially cheaper option, and thus something that can be done more broadly and on a larger scale. The Inspire 2 costs around $3,000, and equipping it with the powerful Z30 zoom camera costs an additional $3,000. In comparison, police helicopters cost roughly $500,000 to $3,000,000. The helicopter’s operating costs of $200 to $400 per hour and the maintenance costs increase the expense of this traditional aerial surveillance tool even more.

With this cost differential, a department could potentially purchase a fleet of 500 drones in lieu of a single police chopper—a swarm of devices that can watch individuals without notice from thousands of feet away, use software to identify people in an automated manner, and follow them without human piloting. As technology improves, the potential power of this type of fleet will only increase, creating the possibility of a massive surveillance umbrella permanently buzzing over America’s cities and towns.

Invasive Aerial Surveillance Is Widespread

Map of Inspire 2 and Matrice drones (which can be equipped with the X30) in use by police departments throughout the country. (Source: Google Maps screenshot created based on data from the Center for the Study of the Drones at Bard College)

According to research by the Center for the Study of the Drone at Bard College, as of May 2018, at least 910 state and local public safety agencies have purchased drones (based on Federal Aviation Administration and other records). Of those, 599 are law enforcement agencies. The survey identified the make and model of drones owned by 627 of the 910 agencies. Of the 627, 523 have drones made by DJI. Of those, over 200 agencies fly either the Inspire or Matrice models, which can be equipped with the Z30 zoom camera.

Invasive Aerial Surveillance Can Identify You

With its capacity for precise zooming at short distances, aerial surveillance can, in combination with other automated identification technologies, allow for effortless cataloging of individuals and their activities. There are two prominent automated identification technologies that could allow for easy identification from immense distances: automated license plate readers and facial recognition technology. These technologies are already in wide use by government agencies. U.S. Immigration and Customs Enforcement maintains a nationwide net of automated license plate readers to track individuals, and the FBI already maintains a facial recognition database of fifty percent of American adults and permits law enforcement from dozens of states to use it.

Positive automated license plate reader identification from drone footage claimed to be taken at a 1200 ft distance. (Note: The video claims to use a Matrice 100 drone with a DJI Zenmuse Z30 drone camera) (Source: Sharon Arenhaim /YouTube)

This means that the government could surreptitiously watch sensitive activities and catalog individuals. Everyone entering or exiting a political meeting, union meeting, or lawyer’s office could be identified and catalogued. Or a drone could zoom in on and scan all the cars parked outside a medical facility or church, and create a list of attendees in seconds with no human effort. These fears are not hypothetical. American Civil Liberties Union research efforts exposed the fact that the FBI was deploying aerial surveillance to record the activities of protesters in Baltimore. Vendors marketing drones to police departments highlight their ability to pick individuals out of a public gathering such as a political rally as a feature, not a cause of potential abuse.

FBI aerial surveillance of protests in Baltimore after the death of Freddie Gray in 2015. (Photo: Still from FBI footage / ACLU)

Amplifying these risks is a recent partnershipbetween DJI and Axon, one of the leading producers of police body cameras. Axon also provides cloud computing services designed to allow law enforcement to sync data from a variety of sources, including cameras, and has spent years developing facial recognition technology for its products. With this partnership, which will allow DJI drone footage to sync with the Axon system, police drones with built-in facial recognition technology could soon become the norm.

Invasive Aerial Surveillance Can Track You

Identifying individuals from aerial surveillance footage appears to be on a path to automation and is occurring on a mass scale absent need for human involvement. But is the impact of drones on privacy limited by requiring a person to remotely pilot them and actively work to follow the target being tracked? Unfortunately, the answer is no.

DJI has developed a feature for many of its drones—including models like the Inspire 2 that are commonly used by police—to allow drones to lock onto and automatically follow individuals. This technique, called “Active Track,” enables the drone to automatically follow moving items, including people, absent any human control of the drone. DJI drones in Active Track operate in a mode that allows the drone to travel at roughly 20 miles per hour, more than enough to keep pace with an individual on foot. Some drones are even programmed to automatically avoid obstacles while continuously tracking their locked-on target.

Active Track allows drones to tag and track individuals without human piloting. (Note: The video claims to use a DJI Spark drone with attached camera) (Source: DC Rainmaker / YouTube)

As with automated identification, Active Track technology decreases reliance on human labor in another aspect of aerial surveillance which has traditionally served as an impediment to mass monitoring of individuals. And this technology will only become more powerful over time.

Drones with “swarm capabilities,” which further enhance automated flight power by allowing a single pilot to control multiple drones, are already in development, such as the military’s Low-Cost Unmanned aerial vehicle Swarming Technology (“LOCUST”). In the future, a single officer might be able to command a large swarm of drones, inconspicuously identifying and following many individuals over a long period of time.

Invasive Aerial Surveillance Can Be Limited

With these serious and growing risks to personal privacy, it’s important that lawmakers begin to take the threats of aerial surveillance more seriously. Luckily, drones can be fairly easily regulated. Several states have placed limits on drone-based surveillance. For example, Florida, Maine, North Dakota, and Virginia have all enacted some form of a warrant requirement for police use of drones, and Rhode Island has proposed legislation prohibiting the use of facial recognition on any images captured by drones. To be fully effective, drone regulations should take into account and allow important public safety uses that don’t threaten privacy rights, like natural disaster response and search and rescue.

Unfortunately, as we’ve previously written, the increasing use of powerful manned aerial surveillance programs remains a serious issue that drone regulations will not solve. Reasonable limits on law enforcement drone use is an excellent way to begin setting reasonable limits on all forms of aerial surveillance, but it is also just the first step in addressing larger civil liberties issues looming above.”

https://www.pogo.org/analysis/2018/09/these-police-drones-are-watching-you/

Advertisements

Explaining The Foreign Intelligence Surveillance Act (FISA

Standard

FISA Diagram

“THE PROJECT ON GOVERNMENT OVERSIGHT (POGO)”

“There are two very different main components of this law.

First, there is Title I of FISA requires that the government get a probable cause warrant from the FISA Court. The second main component of FISA surveillance is Section 702  an incredibly broad surveillance system with practically no checks..”


“Last week the government released a redacted copy of the application for a warrant to surveil Carter Page, a former Trump campaign aide who was monitored pursuant to the Foreign Intelligence Surveillance Act (FISA) starting in October 2016, after his tenure with the campaign ended. This surveillance has garnered significant political controversy, notably in a memo written by House Intelligence Committee Chairman Devin Nunes (R-Calif.). The memo alleged that the Department of Justice misled the court by hiding politically motivated funding of the so-called Steele dossier, which alleges coordination between Trump campaign officials and Russia, and was cited in the Page application. The Constitution Project at POGO criticized the Nunes memo when it came out for misrepresenting FISA and privacy risks related to the law. Now that we can directly read the warrant application at issue, we want to dive into more detail about how FISA works, whether any accusations about impropriety hold up, and what the biggest problems with FISA surveillance truly are.

How can intelligence agencies monitor an American’s private communications using FISA?

The process for monitoring Americans’ private communications using FISA, the law governing foreign intelligence surveillance, can vary significantly. This is because there are two very different main components of this law. First, there is Title I of FISA (often called “traditional FISA”), which was passed in 1978. It requires that the government get a probable cause warrant from the FISA Court (this was the process used for monitoring Carter Page) based on suspicion that the target is an agent of a foreign power. The second main component of FISA surveillance is Section 702 (often called “warrantless FISA”), an incredibly broad surveillance system with practically no checks, which I’ll discuss more in a bit.

How hard is it to get a warrant to conduct traditional FISA surveillance on a U.S. person?

Pretty hard. In order to obtain a warrant authorizing surveillance under traditional FISA, the government needs to convince the FISA Court that there is probable cause, the highest standard of proof in U.S. law for investigative measures, that the target is an agent of a foreign power. The law defines an American as an agent of a foreign power if they:

  1. Knowingly engage in clandestine intelligence activities on behalf of a foreign power,
  2. Knowingly engage in sabotage or terrorism on behalf of a foreign power,
  3. Knowingly enter the U.S. under a fraudulent identity on behalf of a foreign power, or
  4. Knowingly aid or conspire with someone else (including a foreigner) in any of the above.

So, if the government wishes to pursue surveillance with traditional FISA, it must demonstrate probable cause to the court that the target has engaged in at least one of these actions, something that requires significant evidence, such as witness statements, financial transactions, or corroborating communications.

What is the FISA Court and how does it function?

The FISA Court was created as part of the Foreign Intelligence Surveillance Act to oversee all applications for surveillance conducted pursuant to the Act. The Court is composed of 11 judges, all of whom must be federal district court judges, who serve for a single seven year term. The Chief Justice of the Supreme Court is solely responsible for selecting FISA Court judges; Chief Justice John Roberts has picked all judges that currently serve on the FISA Court (the Carter Page application was approved by Judge Raymond Dearie, who was nominated to be a federal judge by Ronald Reagan).  After the Edward Snowden disclosures revealed the existence of mass spy programs that the FISA Court authorized using extremely broad interpretations of law, the Court received significant criticism for aiding in the creation of “secret law.”  The USA FREEDOM Act, which The Constitution Project and POGO advocated for and was passed in 2015, solved this problem by requiring public disclosure whenever the FISA Court makes novel or significant interpretations of law.

Does the government have to tell the FISA Court if the information it was using in its application is unreliable?

Yes. Like other courts, the FISA Court has rules of procedure to ensure proper and ethical conduct. One rule, Rule 13(a), states that “If the government discovers that a submission to the Court contained a misstatement or omission of material fact, the government, in writing, must immediately inform the Judge to whom the submission was made” of the misstatement or omission and provide a correction. It’s worth emphasizing “omission” because if the government hid material information (i.e. information that could impact the outcome of the court’s ruling) about how the Steele dossier was developed, as House Intelligence Committee Chairman Devin Nunes alleged and continues to argueeven now, it would violate the FISA Court’s rules.

Did the government hide critical details about the Steele dossier, as Representative Nunes alleges?

No. The FISA application for surveillance of Carter Page uses the Steele dossier as a source of information, but clearly discloses that the dossier had been funded for political purposes. According to the application, even though the individual that hired Steele “never advised [Steele] as to the motivations behind the research into [Trump’s] ties to Russia,” it goes on to state that the person hiring dossier author Christopher Steele was “likely looking for information that could be used to discredit [Trump’s] campaign.”

In order words, the government’s application not only acknowledged the possibility that the Steele dossier was funded for political motives, but also asked the court to assume that the basis for funding Steele’s efforts was political. So, it was simply incorrect (and either highly incompetent or intentionally misleading) for the Nunes memo to claim that “material and relevant information was omitted” from the FISA application concerning the political motivation for the funding of the dossier.

Was there evidence other than the Steele dossier that Page could be an agent of Russian intelligence?

Yes. Although much of the application is redacted, it clearly relied on multiple sources of evidence. The application refers to information provided by Page during an interview, as well as his business dealings with the Russian natural gas company Gazprom. One unredacted section refers to the 2015 arrest and 2016 guilty plea of Evgeny Buryakov for being an unregistered foreign agent of Russia in the United States. A separate Justice Department complaint against Buryakov describes an unnamed U.S. person who Buryakov tried to recruit; the employment details of that U.S. person match with Page’s. And while it is unknown if the FBI cited it in its FISA application, Page wrote in a 2013 letter to the University of Pennsylvania Press that he had served as “an informal advisor to the staff of the Kremlin.”

How will the controversy about the Carter Page application affect future oversight by the House Intelligence Committee?

Significantly. The Congressional intelligence committees are the key bodies designated to oversee and prevent abuse by the intelligence agencies. This naturally entails a somewhat adversarial relationship, but it also requires significant cooperation in reviewing and analyzing sensitive information. Chairman Nunes’ use of sensitive information to present false accusations of impropriety for partisan purposes has damaged the House Intelligence Committee’s ability to engage in this cooperation, and will make it much harder for the Committee and intelligence agencies to interact as needed in the future.

Additionally, the intelligence committees often act as a proxy for direct public oversight, acting on its behalf in examining classified information that cannot be aired publicly. This requires full public trust in the committees to provide thorough review and accuratecritiques of agency activities. That trust has been lost. Chairman Nunes has cried wolf so many times (first with the debunked unmasking controversy that he coordinated with White House staff, and now with multiple iterations of alleged misconduct related to the Carter Page warrant) that it would be incredibly difficult for the House Intelligence Committee to stir proper public outrage if a real scandal occurred.

It will likely take years to restore necessary trust and make the House Intelligence Committee functional, but we should start the process as soon as possible with Chairman Nunes’ resignation from the Committee, as POGO has advocated for previously.

What about snooping under Section 702 of FISA? Are there any limitations on the government in conducting warrantless surveillance?

As detailed above, traditional FISA contains a fairly robust system of independent checks to make sure that surveillance only occurs when there is strong suspicion of wrongdoing. But FISA Section 702 is extremely different.

Section 702 allows warrantless surveillance—no suspicion of wrongdoing is required and the FISA Court has no role in approving the targets of the surveillance. These targets must be non-U.S. persons and outside of the United States, but any conversations these individuals (who numbered over 129,000 as of last year) have with Americans can be freely used by the government. And the NSA, CIA, and FBI can query databases for all communications Americans had that were swept up by Section 702 without a warrant (these queries are commonly called “backdoor searches” because the government is deliberately seeking out Americans’ private communications, but without a search warrant).

So, if the FBI wanted to read an American’s (such as Carter Page or Paul Manafort or Michael Flynn) emails with foreign nationals, Section 702 doesn’t require it to go to the FISA Court and show probable cause. Investigators can simply state a foreign intelligence or law enforcement purpose (which is only reviewed internally by the agency), and query for that person’s communications. All of an American’s texts and emails with Section 702 targets (it is highly likely many Russian intelligence operatives and government officials are Section 702 targets) are then available to the investigators, without any court review. We don’t know how often FBI queries return Americans’ communications, but last year the NSA and CIA conducted over 7,500 queries for Americans that returned communications content collected warrantlessly from Section 702. By comparison, this is almost twice the number of all wiretaps federal and state law enforcement used (3,813) to intercept private communications during the same time period.

Are the lawmakers alleging FISA abuse working to fix warrantless FISA?

Generally no. Chairman Nunes and other Members of Congress alleging FISA abuse actually voted to reauthorize and expand FISA Section 702 earlier this year, and rejected a bill (the USA Rights Act) that would have placed significant checks on how warrantless FISA can be used against Americans. Many of the most prominent backers of the Nunes memo opposed FISA reform and supported an expansion of Section 702.

What should Congress do?

There are plenty of problems with FISA, but the biggest one isn’t with the warrant process. It’s the fact that warrant requirements don’t exist more broadly for FISA surveillance that impacts Americans, an issue we have and will continue to advocate for reform on. And currently we lack basic information about how warrantless FISA surveillance operates. If Congress has problems with FISA, it should start by demanding answersabout how many Americans are swept up in Section 702 surveillance, and how many “backdoor searches” the FBI conducts to deliberately seek out Americans’ communications without any suspicion or court approval.”

http://www.pogo.org/blog/2018/07/explaining-secret-surveillance.html

 


 

IT Contracts Worth Billions Lack Proper Oversight, GAO Reports

Standard
IT Contracts Lack Oversight

(Photo: Shutterstock; Illustration by POGO)

“THE PROJECT ON GOVERNMENT OVERSIGHT (POGO)”

After 16 years of development and a cost of $5 billion the White House stopped a tri-agency environmental satellite system project because of ineffective management, cost hikes, and scheduling delays.

 In FY 2017 alone the IT budget for federal agencies was $89 billion; such large-scale spending means that mismanagement of this spending will have serious repercussions for taxpayers.”


“This is particularly concerning considering the problematic trend of federal agency IT projects notoriously exceeding cost expectations and failing to meet productivity goals.

The Federal Information Technology Acquisition Reform Act (FITARA), passed by Congress in 2014, was meant to remedy this large-scale waste. The law requires the federal agencies identified in the Chief Financial Officers (CFO) Act of 1990 to properly classify IT contracts and to have qualifying contracts reviewed and approved of by the agency’s Chief Information Officer (CIO). Additionally, IT developments now have to happen in an incremental way instead of over long time frames and with broad scopes. These measures ensure someone is accountable for these IT contracts and increase the likelihood that potential problems will not go unnoticed or unaddressed.

For its report, GAO evaluated CIO involvement in IT acquisitions at 22 of the 24 CFO Act agencies, excluding the Department of Defense (DoD) because it is exempt from the relevant provision and the Department of Homeland Security (DHS) because GAO had just recently reviewed it.

$4.5 Billion in Federal IT Contracts Escaped Mandated Oversight

The 22 agencies being evaluated were asked to identify all of their IT contracts while GAO created an independent list of the agencies’ IT contracts. The agency-provided total was 76,599 contracts worth $14 billion for FY 2016, while GAO found 108,092 worth $18.5 billion. That means 31,493 IT contracts worth $4.5 billion were not being flagged for the FITARA oversight process.

Eight of the reviewed agencies—the Departments of Health and Human Services (HHS), the Interior, Transportation, and the Treasury, as well as the National Science Foundation (NSF), the U.S. Agency for International Development (USAID), the General Services Administration (GSA), and the Office of Personnel Management (OPM)—were the worst offenders, failing to identify over 40 percent of their IT contracts.

Part of this discrepancy can be explained by disagreements over what contracts qualified as IT and what was required to be reported. For example, GSA did not think that products and services coded as maintenance-related and rebuilding-related should be categorized as IT. Additional discrepancies came from disparities in which types of contracts had to be identified. For example NSF, which was in compliance with OMB guidelines and CIO certification requirements, did not identify IT contracts worth less than $150,000, and at OPM a spokesperson explained “OPM only submitted information related to new IT contract and not contract modifications,” adding, “OPM overall percentage of identified contract obligations will be greater with the inclusion of information related to contract modifications.”  It is not clear, however, what other factors contributed the high number of unreported IT contracts. Four of the agencies—the Departments of the Interior, Transportation, and the Treasury, and USAID—did not respond to the Project On Government Oversight’s request for comment.

Federal Agencies Failed to Properly Review $23.8 Billion in IT Contracts

GAO also reviewed 96 randomly selected IT contracts, checking for CIO review and approval. The contracts came from the ten agencies that obligated the most funding to IT in FY 2016: the Departments of Agriculture, Commerce, HHS, Justice, State, Transportation, the Treasury, and Veterans Affairs, as well as the National Aeronautics and Space Administration and the Social Security Administration. Of the 96 contracts, only 11 had been CIO-reviewed and approved; the remaining 85 un-reviewed contracts were worth an estimated $23.8 billion in the long run.

The Office of Management and Budget (OMB) has issued guidelines that agencies should follow to properly comply with FITARA, including a requirement that agencies develop their own guidelines for assisting officials in identifying IT investments that require CIO review. According to the GAO report, however, 7 agencies have not established any guidelines and 14 haven’t established guidelines that fully satisfy OMB requirements. If there is no established methodology in place, the likelihood is high that the oversight of IT contracts will keep falling through the cracks.

FITARA was passed to codify better oversight and prevent massive government waste on expensive IT projects. A CIO is accountable for agency IT investments and is responsible for tracking IT performance, but how can a CIO oversee an IT investment without knowing it exists? Compliance with OMB guidelines could help remedy this break in communication and ensure better use of taxpayer dollars.”

http://www.pogo.org/blog/2018/01/it-contracts-worth-billions-lack-proper-oversight-gao-reports.html

6 Year Extension of Section 702 – Foreign Surveillance Intelligence Act Becomes Law

Standard
Gov Surveillande wamsincdot com

Image:  Wamsinc.com

“WASHINGTON TIMES”

“Under the new law, if the government has an official investigation into an American, it cannot go through his or her 702 data without a warrant.

A coalition of conservatives and liberals warned that the FBI could circumvent that requirement by delaying the opening of an investigation. They pushed for a more robust warrant requirement, but failed in showdown votes in both the House and Senate.”


“President Trump on Friday signed into law a six-year extension of the government’s chief foreign intelligence collection powers, saying the updated version protects Americans’ rights while still allowing the FBI to go through their communications in key national security cases.

Mr. Trump said he was disappointed the extension only lasts six years, saying he would have preferred permanent renewal of Section 702 of the Foreign Intelligence Surveillance Act. But he said an extension was better than letting the program lapse.

“We cannot let our guard down in the face of foreign threats to our safety, our freedom, and our way of life,” the president said in a statement.

Section 702 authorizes the government to collect phone calls, emails and other communications of foreign targets overseas. But Americans’ data can be scooped up in the dragnet if they are communicating with the targets. ”

https://www.washingtontimes.com/news/2018/jan/19/trump-reauthorizes-foreign-surveillance-law-despit/

 

 

Military Kills Recruiting Contracts for Hundreds of Immigrant Recruits

Standard

Thirty-seven service members from 22 different countries take the Oath of Allegiance during a naturalization ceremony held at Bagram Air Field, Afghanistan on July 4, 2013. (Army/Sgt. Anita VanderMolen)  

“WASHINGTON POST”

“Many of these enlistees have waited years to join a troubled recruitment program designed to attract highly skilled immigrants into the service in exchange for fast-track citizenship.

U.S. Army recruiters have abruptly canceled enlistment contracts for hundreds of foreign-born military recruits since last week, upending their lives and potentially exposing many to deportation, according to several affected recruits and former military officials familiar with their situation.

Now recruits and experts say that recruiters are shedding their contracts to free themselves from an onerous enlistment process, which includes extensive background investigations, to focus on individuals who can more quickly enlist and thus satisfy strict recruitment targets.

Margaret Stock, a retired Army officer who led creation of the immigration recruitment program, told The Washington Post that she has received dozens of frantic messages from recruits this week, with many more reporting similar action in Facebook groups. She said hundreds could be affected.

“It’s a dumpster fire ruining people’s lives. The magnitude of incompetence is beyond belief,” she said. “We have a war going on. We need these people.”

The nationwide disruption comes at a time when President Trump navigates a political minefield, working with Democrats on the fate of “dreamers” — undocumented immigrants brought to the country as children — while continuing to stoke his anti-immigrant base. It was not immediately clear whether Pentagon officials have taken hard-line immigration stances from the White House as a signal to ramp down support for its foreign-born recruitment program.

Stock said a recruiter told her there was pressure from the recruiting command to release foreign-born recruits, with one directive suggesting they had until Sept. 14 to cut them loose without counting against their recruiting targets, an accounting quirk known as “loss forgiveness.”

The recruiter told Stock that the Army Reserve is struggling to meet its numbers before the fiscal year closes Sept. 30 and that canceling on resource-intensive recruits is attractive to some recruiters, she said.

On Friday, the Pentagon denied ordering a mass cancellation of immigrant recruit contracts and said there were no incentives to do so. Officials said that recent directives to recruiters were meant to reiterate that immigrant recruits must be separated within two years of enlistment unless they “opt in” for an additional year.

But some recruits among half a dozen interviewed for this article said they were not approaching that two-year limit when their contracts were canceled, sowing confusion about the reason they were cut loose. The Pentagon declined to address whether messages to recruiters contained language that could have been misinterpreted.

Lola Mamadzhanova, who immigrated to the United States from Kyrgyzstan in 2009, said she heard that Army recruiters in Evanston, Ill., texted immigrant recruits last week asking whether they still wanted to enlist, with an unusual condition: They had 10 minutes to respond. She never received the text message.

“The recruiters did some dirty trick just to get me out so I won’t be trouble anymore,” Mamadzhanova, 27, told The Post on Thursday. Her active-duty contract was canceled Sept. 7, according to a separation document obtained by The Post that said she “declined to enlist.” She later learned the recruiters used a wrong number to text her.

The senior recruiter at Mamadzhanova’s station contacted by The Post declined to comment and called Mamadzhanova seven minutes afterward to reverse previous guidance, saying her unlawful immigration status was the reason she was released. She enlisted in December 2015, which puts her three months outside the two-year limit.

Mamadzhanova was assured by other recruiters that her status would not be an issue and that she would ship for training soon after her immigration status slipped, around her enlistment date. Mamadzhanova, who is fluent in Russian, said the shifting and unclear rules have blindsided her.

“Joining the Army was a dream of mine since America has treated me so well,” she said. She applied for asylum in April, joining other recruits who have sought asylum or fled.

Some anti-immigration sentiment has swirled in the Pentagon for years, former staffers have said, with personnel and security officials from the Obama administration larding the immigrant recruiting process with additional security checks for visa holders already vetted by the Departments of State and Homeland Security.

“Immigrant recruits are already screened far more than any other recruits we have,” Naomi Verdugo, a former senior recruiting official for the Army at the Pentagon, told The Post.

“It seems like overkill, but there seems to be a sense that no matter what background check you do, it’s never enough,” she said. Verdugo, along with Stock, helped implement the recruitment program.

One Indian immigrant, a Harvard graduate and early recruit who is now a Special Forces soldier, was called back to undertake the updated security checks, she said.

“Even though you’re in the Army, even though you’re naturalized, these policies say ‘we’re not going to treat you like any other soldier,’” Verdugo said of the concerns over immigrants held by some at the Pentagon.

Internal Pentagon documents obtained by The Post have said the immigrant recruitment program, formally known as the Military Accessions Vital to National Interest (MAVNI) program, was suspended last fall after the clearance process was paralyzed and officials voiced concern over foreign infiltrators, though it remains unclear whether any threats have ever materialized.

Experts say the relatively small number of recruits in the MAVNI program possess skills with outsize value, such as foreign languages highly sought by Special Operations Command. The program has rotated 10,400 troops into the military, mostly the Army, since its inception in 2009.

Although the military says it benefits from these recruits, they can generate a disproportionate amount of work for recruiters who must navigate regulations and shifting policies. The layered security checks can add months or years to the enlistment process, frustrating recruiters who must meet strictly enforced goals by quickly processing recruits.

In a summer memo, the Pentagon listed 2,400 foreign recruits with signed contracts who are drilling in reserve units but have not been naturalized and have not gone to basic training. About 1,600 others are waiting to clear background checks before active duty service, the Pentagon said.

The document acknowledges 1,000 of those troops waited so long that they are no longer in legal status and could be exposed to deportation. That number probably has climbed since the memo was drafted in May or June. Lawmakers have asked Trump and Defense Secretary Jim Mattis to intervene on behalf of those recruits.

Sens. Kamala D. Harris (D-Calif.) and Richard J. Durbin (D-Ill.) filed an amendment in the defense authorization bill Tuesday to retain MAVNI recruits until their lengthy background investigations are finished.

“These brave men & women enlisted & the Administration turns its back on them,” Harris tweeted Friday. “We must pass Sen. Durbin’s & my bill to protect these recruits.”

During July 19 testimony in a lawsuit filed by recruits who said the federal government unlawfully delayed their naturalizations, Justice Department attorney Colin Kisor assured a district court in Washington that recruits would see their contracts canceled only if “derogatory” information was found in extensive background investigations.

Mamadzhanova and others said their screenings, which take months to complete, have begun recently and could not have returned results.

Meanwhile, confusion reigned for recruits in multiple states.

At one office in Illinois, a senior recruiter restored a contract less than two hours after The Post inquired about a case. In Texas, a recruiter did the same 12 minutes after a call seeking to confirm whether a recruit’s contract was canceled.

An immigrant recruit who came to the United States in 2006 and enlisted in Virginia said her contract was canceled Tuesday after she had waited for two years, just as her legal immigration status expired. She asked to opt-in for another year, but her contract was dissolved days later, she said.

Recruiters had assured her, saying her contract was a shield from federal immigration authorities, she said. She spoke on the condition of anonymity for fear of retribution.

She now fears deportation to her native Indonesia, which strips native-born people of citizenship if they enlist in a foreign military or pledge loyalty to another country, as she has done.

“I feel devastated,” she said. “The Army was my only hope.”

Letting Government Contractors Pick Their Own Auditors is a Bad Idea

Standard
Hand in Jar istockphoto by Getty

Image: istock photo by Getty

“THE PROJECT ON GOVERNMENT OVERSIGHT”

“The law in question is the 2017 National Defense Authorization Act (NDAA) passed late last year.

When it comes to contract auditing, giving audit responsibilities to a company working directly for a contractor hampers the government’s ability to negotiate good deals for taxpayers.

Section 820 of the law states that “contractors with the Department of Defense may present, and the Defense Contract Audit Agency shall accept without performing additional audits, a summary of audit findings prepared by a commercial auditor” of contractors’ indirect costs (with some exceptions). This section is scheduled to go into effect on October 1, 2018.

Last year, in annual legislation setting defense policy, Congress gave military contractors the authority to hire their own auditors to review the bills those contractors send to the government. For decades, the Pentagon’s own Defense Contract Audit Agency (DCAA) has helped government contracting officials negotiate better deals by examining a contractor’s charges. But last year’s legislation, which goes into effect next year, diminishes the DCAA’s oversight authority to the detriment of taxpayers.

The topic was broached in an important, but under-the-radar Congressional oversight hearing in April.

Most of the hearing centered on the cost of government versus private auditors, with two conflicting tales being told. But a bigger issue went largely unaddressed: whether allowing contractors to pick their own auditors creates inherent conflicts of interest since the auditors would be in the position of serving contractors—their client—rather than taxpayers. There is a reasonable fear that these private sector auditors, in an effort to keep their client happy and win repeat business, would be reluctant to disclose to the government that the contractor is overcharging taxpayers.

New legislation pending before Congress would rescind Section 820, but it would also allow “contractors to engage commercial auditors to perform incurred cost audits,” according to a Department of Defense (DoD) analysis. The analysis also states that the new provision creates “several unintended consequences that will negatively impact the Department and industry.” The DoD opposes both Section 820 and the new Congressional language. The DoD’s proposed alternative keeps the power to conduct these audits in DCAA’s hands with an option allowing the government (rather than the contractors) to hire private sector auditors on a case-by-case basis. After analyzing the issue, POGO supports the Department’s proposed alternative.

DCAA’s Role

DCAA is responsible for auditing the financial side of certain defense contracts to “ensure that warfighters get what they need at fair and reasonable prices,” according to  its website. DCAA looks for whether contractor costs are “allowable, allocable, and reasonable,” and it performs other audits to ensure contractors have adequate business and accounting systems and adhere to federal cost and accounting principles. DCAA’s report for fiscal year 2016 notes that it audited $287 billion in contract costs that year. These audits are not usually intended to uncover fraud, although DCAA sometimes finds indicators of criminal activity and participates in law enforcement investigations.

What Are “Indirect Costs” and Why Do They Matter?

Contractors charge the government for two types of costs: direct costs that specifically relate to the contract, such as labor and materials, and indirect costs that exist apart from specific work on the contract, such as the rent a contractor pays for its office or fringe benefits for employees.

But there’s nothing fringe about these costs. Within incurred cost audits, indirect costs make up the majority of all questioned costs, according to DCAA Director Anita Bales. Because they are less clear-cut than direct audits, audits of indirect costs can be contentious—especially when auditors want more access to contractor information than the contractor is willing to provide—and quite technical. For instance, contractors are allowed to charge the government for indirect costs associated with litigation under some circumstances, but not in other situations. Contractors can easily pad their profits at taxpayers’ expense if these costs are not carefully examined.

An example of indirect cost overbilling made the news in February 2016 when the Justice Department announced that Centerra Services International (formerly known as Wackenhut Services LLC) agreed to pay $7.4 million to resolve a whistleblower lawsuit alleging the company had defrauded taxpayers. According to the Justice Department, Centerra double billed its labor costs while providing firefighting services on a military base in Iraq. The government alleged Centerra “inflated its labor costs by billing the salaries of certain managers as direct costs under the subcontract, when those salaries had already been charged as indirect costs.”

The Centerra case isn’t a one-off. In 2015, a DCAA audit questioned $14.6 million in costs that a contractor charged the government, according to a DoD Inspector General report to Congress. The vast majority—$14 million—involved wrongly billed indirect costs.

Lessons from the Recent Past

We don’t have to look very far back in history to see that allowing profit-motivated companies to hire their own profit-motivated auditors can lead to problems.

The Enron scandal showed that accountants and auditors aren’t immune from conflicts of interest. “Obviously the history of Enron and the financial crisis suggest we have to be very careful in this situation,” Representative Seth Moulton (D-MA), Ranking Member of the House Armed Services Oversight and Investigations Subcommittee said during his opening statement at the April hearing. Arthur Andersen, Enron’s auditor, had conflicts of interest. It was simultaneously employed as internal and external auditor, meaning that the supposedly independent external auditor could cover up the inaccuracies of the internal audit team.

More recently, during the fallout of the Great Recession, the government required banks to conduct mortgage foreclosure reviews. Banks were allowed to hire for those reviews their own “independent consultants” who proved to be not so independent. The New York Department of Financial Services (NYDFS) punished several of these consultants, including Promontory Financial Group, Deloitte, and PricewaterhouseCoopers, for “misconduct, violations of law, and lack of autonomy.” Settlements generally included multi-million dollar fines and temporary bans from consulting.

“A consultant’s allegiance too often goes to the client that pays the bills,” former NYDFS General Counsel Daniel Alter wrote in a 2015 piece for American Banker. Laws like Sarbanes-Oxley, which create criminal liability for misrepresenting financial statements, have helped to prevent future Enrons by balancing that pressure. However, criminal liability doesn’t apply to other types of financial reporting, such as the consulting work done in the aftermath of the housing crisis and the proposed contract audits.

Counting the Costs  

At the April Congressional hearing, DCAA Director Anita Bales testified that third-party auditors would cost an estimated 30 percent more than DCAA auditors. David Berteau, President and CEO of the Professional Services Council, a contractor lobbying group, countered in his testimony that when civilian agencies have used private auditors, they have in some cases paid significantly less than they used to pay DCAA.

Bales’ claim that DCAA auditors were 30 percent cheaper was based on a comparison of hourly billing rates, according to emails provided to POGO through the Freedom Of Information Act (FOIA). Berteau and other employees of the Professional Services Council did not respond to emails requesting evidence supporting their claims.

Other members of the federal auditing community have told POGO that the comparison of auditing costs is not clear cut. DCAA has more specialized experience and might charge lower costs per auditor hour, but they may also take longer to conduct audits (which may be a good thing in the long run, as more thorough audits may save even more money). Pricing for private auditors can also vary widely from company to company and even year to year, making a comprehensive analysis difficult.

And although cost was the most-discussed factor at the hearing, it isn’t the only factor that needs to be examined. A federal source, not authorized to speak on the record, who is familiar with both DCAA and private contract audits for civilian agencies said the work of private auditors still has to be closely checked, even when they are hired directly by the government. Both last year’s NDAA and a recent proposal for this year’s NDAA prohibit DCAA from examining the work of private auditors before accepting the results.

There is also concern over how the records generated by private auditors would be handled: Will they be subject to FOIA? How would the discovery of potential fraud be handled? Would private sector audits be incorporated into the DCAA’s “Management Information System” that tracks audit data so that auditors can spot trends and look at the bigger picture?

What About Incurred Costs?

New Congressional language would rescind Section 820 but would allow contractors to hire auditors to audit incurred costs. The argument for this is DCAA’s lower rate of return when it audits incurred costs. However, DCAA’s other auditing work with the same contractor and on the same contracts benefits from its incurred cost audits, and vice-versa. For instance, DCAA conducts audits of contractors’ billing, accounts, and internal control systems. The insights DCAA gains from those audits assists DCAA when it audits a contractor’s incurred costs. According to a DoD analysis of the impacts of the recently proposed legislation, keeping incurred cost audits in the hands of DCAA:

…allows for the continuation of many initiatives that DCAA has put in place to more efficiently and effectively perform audits (e.g., the use of the low risk sampling process, the coordination of subcontract assist audits, and the process for obtaining and determining adequacy of incurred cost proposals). Without one group coordinating the need for commercial auditors, the Department will lose many of these efficiencies and will lose adequate oversight over the complete incurred cost audit process. [emphasis added]

One of the primary motivations for the new Congressional language on incurred cost audits is DCAA’s incurred cost audit backlog, which was relatively large until a few years ago and has recently become more manageable according to DCAA’s most recent annual report. The agency said it was on track to eliminate the backlog by next year, although with the hiring freeze it may have to re-evaluate that goal. Regardless of whether the backlog is eliminated one or three or even five years from now, Congress is proposing a rather drastic solution to a problem that is no longer drastic itself.

This is not a backyard experiment with few consequences for failure. Billions of taxpayer dollars are on the line every year. While DCAA has room for improvement, privatizing the agency’s work would most likely make it harder to crack down on contractor overbilling.

Given the large risks and the unclear benefits or privatizing contract audits, Section 820 should be repealed. If DCAA needs a temporary boost, it should be given authority to hire more staff on a temporary basis, or perhaps even hire private sector auditors on a short-term basis. The Defense Department proposes the latter, calling it “much more effective” while ensuring “that a function that is inherently governmental in nature continues to be performed by Government auditors when feasible, but allows for the use of commercial auditors when necessary to address incurred cost backlog.”

POGO does not often agree with the Defense Department, but its proposal makes sense. Let’s learn from our past mistakes rather than repeat them.”

http://www.pogo.org/blog/2017/06/letting-contractors-pick-own-auditors-bad-idea.html

The US Military’s Iran Connection?

Standard
Military and IRAN

(Photo: KGL Logistics logo, Iran rials by Serova / Flickr)

“THE PROJECT ON GOVERNMENT OVERSIGHT”

“The chairman of a key US military contractor in the Middle East was recently charged with multiple felonies in a major fraud, money laundering, and public corruption scheme.

Fraud and money laundering charges are only the latest in a string of KGL controversies in recent years.

There have been accusations of business ties to Iran in violation of US sanctions, and of systematic leaking of sealed and privileged federal court documents and other sensitive material to KGL’s Washington lawyers by the Defense Logistics Agency (DLA), the DoD component that oversees KGL’s US military contracts.

According to court papers in Kuwait, where the charges were filed, misappropriated investor money so far totals more than $160 million, a figure that could go higher, the Project On Government Oversight (POGO) has learned. The contractor, Kuwait and Gulf Link Transport, better known as KGL, is a publicly traded conglomerate with hundreds of millions of dollars in US military contracts. The criminal charges, together with other court documents and unreported revelations made by former executives of a KGL affiliate in a US lawsuit, involve KGL’s possible violation of US sanctions against Iran, and accusations of potentially illicit flows of cash from Russia, Iran, and Syria. Taken together, the allegations raise troubling questions about the American military’s heavy reliance on the firm.

The 2017 criminal indictment by Kuwaiti prosecutors points specifically to a KGL affiliate, called KGL Investments (KGLI), as the alleged nexus of fraud and money laundering inside company headquarters from 2007 to 2015.

Two former KGLI executives have also made related allegations in little-noticed 2013 sworn statements filed in a US lawsuit. One executive said he was told by his KGLI boss that Iran’s state-owned shipping company, sanctioned by the United States in 2008 as a nuclear proliferator, was “KGL’s vehicle to Iran and she further told me that…[it] made a lot of money for KGL.”

The executive also said, “Specifically, it appeared to me that KGLI was engaged in money laundering, and presenting false financial information to investors.”

A spokesperson for KGL told POGO that, “Notwithstanding the name, KGL Investments is neither owned nor controlled by any of the KGL group of companies. No KGL entity is a party to the legal proceedings in Kuwait. The Kuwait courts will address and resolve the disputed allegations.” KGL has long denied it has ever violated US sanctions in any way.

However, KGL Investments, KGL, and many of its subsidiaries are co-located in the same office building and directed, in part, by KGL’s just-indicted chairman, who is also a director of KGLI, according to court papers. The indictment says that a portion of the embezzled funds was channeled to KGL component companies.

Also targeted in the criminal complaint against KGL’s chairman is the Vice-Chairman of KGLI. Convictions could result in jail sentences. Court documents list victims of the alleged fraud as key government departments: Kuwait’s Public Institution for Social Security and its Ports Authority. The Ports Authority serves as a staging area for America’s ongoing military involvement in Iraq, and was indispensable to US Central Command (CENTCOM) in both the first and second Gulf Wars and occupation of Iraq.

According to an official in Kuwait, senior US military personnel at the American embassy and at Camp Arifjan, a large American base in Kuwait, were officially informed of the criminal indictment, and received written copies of the details. This was done, the official said, because the indictment targets executives related to a major US military contractor, allegedly involved in stealing from important Kuwaiti institutions. In a separate dispute, the Ports Authority recently banned KGL from operating in the port. It remained unclear what action, if any, the US military might take in response. Spokespersons at CENTCOM, the Department of Defense, and the US Army’s Contracting Command all declined to comment.

What Happens Next?

Further revelations about KGL or its subsidiaries, or a conviction of one or both of the indicted executives, could call into question the conglomerate’s grip on sizable US military contracts, and its eligibility to receive future awards. Beyond the large contracts it already has, KGL is currently in line for a sizable share of the new so-called Heavy Lift VIII (HL8), a $200 million transportation-services deal that the US military could assign by August. But there is the possibility the award could run afoul of federal contracting rules, which require ethical conduct and the avoidance of serious crimes.

According to contracting rules, officially known as the Federal Acquisition Regulation (FAR): “Purchases shall be made from, and contracts shall be awarded to, responsible prospective contractors only.” The FAR goes on to specify that, “… To be determined responsible, a prospective contractor must … have a satisfactory record of integrity and business ethics.” The regulation notes that contractors may be subject to debarment, suspension, or ineligibility if they are convicted or face a civil judgment for fraud, embezzlement, or “any other offense indicating a lack of business integrity or business honesty that seriously and directly affects the present responsibility of a Government contractor or subcontractor.”

In December, the Iran Sanctions Act was extended by 10 years on a 99-0 vote in the Senate, and a 419-1 vote in the House of Representations. The law states that the federal government “shall terminate a contract with such person or debar or suspend such person from eligibility for Federal contracts for a period of not less than 2 years” if they are found to have falsely certified to be in compliance with US sanctions against Iran.

KGL has repeatedly said it complied with provisions of the FAR.

A Hearing in Court

The criminal charges against KGL executives are the result of a four-year probe by Kuwait’s national security police. A court hearing on the matter in Kuwait was held on May 21, and another is scheduled for June 11. Among other records, POGO obtained a 21-page copy of a charge sheet dated May 9, 2017 (in Arabic).

The document names three defendants. Saed Dashti, 61, is chairman of KGL. Maria [Marsha] Lazareva, 44, is Vice-Chairman and Managing Director of KGLI, where Saed Dashti also serves as a director. A third defendant, Mohamed Al-Asfour, 71, is a senior public official: the executive vice-chairman of Kuwait’s Ports Authority.

Documents describe Lazareva as a Russian national. She was educated at the Wharton business school and public records associate her with real estate ownership in the Philadelphia area. According to news accounts, she showed up in court for the May 21 hearing, protesting her innocence.

The indictment says Dashti and Lazareva transferred large sums of investors’ money to their own private accounts and to a variety of KGL subsidiaries or related companies between 2007 and 2015. They did this, court documents say, partly using a network of financial institutions including the Hong Kong and Shanghai Banking Corporation (HSBC) and one of its branches in the Cayman Islands. The bank also has branches in the United States, Kuwait, Asia, and other parts of the world. It’s unclear whether any of the allegedly embezzled funds passed at some point through the American financial system, which could trigger a US investigation.

A civil lawsuit involving KGL in Pennsylvania has brought to light accusations that could bear directly on the alleged fraud and money laundering scheme in Kuwait. The lawsuit, brought by KGL, charges the firm’s principal competitor, Agility Public Warehousing Co., with defaming KGL’s reputation by falsely claiming it had ties to Iran.

Saed Dashti and Marsha Lazareva

Saed Dashti and Marsha Lazareva (Source: Instagram)

 

Testimony in the Pennsylvania case—which is ongoing—includes declarations sworn in 2013 by a pair of former executives of KGL Investments, as part of Agility’s defense. Both said Dashti and Lazareva misinformed investors about KGLI’s financial condition, and one of the executives reported they had made repeated trips to Russia, Iran, and Syria in an apparent attempt to shore up KGLI’s faltering finances.

The two former KGLI executives testified that Dashti and Lazareva occupied offices on the same floors and hallways at KGL’s headquarters in Kuwait along with other subsidiaries.

One of the executives who testified, Ahmed Mabrouk, is an American citizen currently employed in the US financial industry. Court records identify him as former KGLI Vice-President Investments, a job where he testified he spent 18 months in 2008 and 2009 (a period covered by the 2017 criminal indictment) helping to analyze KGLI’s so-called “Port Fund,” an entity that invested in marine facilities around the Middle East and elsewhere. Under oath, Mabrouk said:

“Ms. Lazareva described to me the Islamic Republic of Iran Shipping Lines (IRISL) as KGL’s vehicle to Iran and she further told me that IRISL made a lot of money for KGL. When I was employed at KGLI, I observed Ms. Lazareva in her office reviewing documents related to IRISL, which bore the logo of IRISL, as well as the Iranian emblem.”

The declaration of Mabrouk, who could not be reached for comment, did not include documentary or other evidence to support his statement.

The United States, European Union (EU), and United Nations (UN) have all imposed sanctions on IRISL, Iran’s state-owned shipping company and a former joint-venture partner with KGL. Referring to US sanctions, applied in 2008, then-Treasury Under Secretary for Terrorism and Financial Intelligence Stuart Levey explained:

“Not only does IRISL facilitate the transport of cargo for U.N. designated proliferators, it also falsifies documents and uses deceptive schemes to shroud its involvement in illicit commerce. IRISL’s actions are part of a broader pattern of deception and fabrication that Iran uses to advance its nuclear and missile programs.”

In his declaration, Mabrouk said, “I reviewed KGLI’s internal financial statements and observed that KGLI consistently had a negative cash flow.” Mabrouk also testified that he looked at “…financial statements that had been provided to investors. The financial statements provided to investors consistently, and in bad faith, misrepresented financial data regarding KGLI and its portfolio companies’ actual financial condition.”

Concern about KGLI’s financial condition, according to Mabrouk, caused KGLI’s banks to stop lending it money, creating a cash squeeze. And that led to “fundraising” trips by Dashti and Lazareva, he said:

“I understood that Ms. Lazareva and Saeeed (sic) Dashti took a number of trips on private planes to, among other places, Iran, Syria and Russia. Following each trip, I observed in KGLI’s internal financial statements an influx of funds into KGLI’s accounts. Ms. Lazareva told me and others at KGLI that these trips were for ‘fundraising;’ however, to my knowledge, such fundraising was not tied to any formalized investment process.”

Mabrouk did not say what, if anything, KGL Investments did in exchange for the money it allegedly received, or that he knew specifically that inflows had come from Iran, Syria, and Russia, even though he said the pair had travelled there.

Mabrouk did specify that Lazareva at one point asked him to travel to Syria to “review a potential investment in a port,” but he refused because that country was under US sanctions. Because Mabrouk also holds an Egyptian passport, he said Lazareva told him to use that travel document instead of an American passport. When he refused a second time, it set off a chain of events which, he said, led to his departure from the company.

Another KGLI executive also offered testimony in the same Pennsylvania court case. Wael Salam, an American citizen who worked for KGLI both in Kuwait and in Atlanta, said he was the firm’s Chief Investment Officer. He said both Dashti and Lazareva were directly and deeply involved in decision-making at the firm. He also reported that KGL funded KGLI with money from its subsidiaries as well as seeking contributions from outside investors.

Salam said that, from his perspective as an insider at the company, making profits did not appear to be KGLI’s principal goal, at least given its decision to sink its money and assets from its “Port Fund” into a variety of failing or near-bankrupt facilities in Egypt, Pakistan, and other countries.

Four years before the criminal indictments in Kuwait, Salam testified that he wanted to leave KGLI “…because I believed it was engaging in illicit activities … Specifically, it appeared to me that KGLI was engaged in money laundering, and presenting false financial information to investors.” His statements also show that Salam was trying to raise money to start his own investment fund after he left KGLI, which the company cited as one of the grounds for his dismissal. He could not be reached for comment.

Salam said Lazareva asked him on multiple occasions to visit Iran, sometimes without explanation and at other times to evaluate a port investment. When he refused because Iran was under US sanctions, she suggested that he, too, use his Egyptian passport. He again refused to go and, following a series of disputes and alleged high-pressure tactics by the company, was fired.

A KGL representative declined to comment to POGO on the testimony of Mabrouk or Salam.

More Ties to Iran

The Pennsylvania court case recently provided additional information about KGL’s relationship with Iran, a controversy that stretches back into the Obama Administration. As evidence emerged indicating possible sanctions violations by KGL in its joint ownership of ships with IRISL, Ashton Carter, then Under Secretary of Defense for Acquisition, Technology and Logistics and later Secretary of Defense, wrote to US lawmakers who had inquired about the situation.

In letters to Senators Claire McCaskill, Robert Menendez, Mark Kirk, Robert Bennett, and others in 2011, Carter wrote that DoD could find “no substantial information” that KGL had continuing ties to Iran that would prevent it from holding US military contracts. By that time, the company had publicly announced its decision to end all business dealings with Iran in compliance with US law.

Since then, however, as part of legal discovery in the Pennsylvania court case, KGL has divulged emails and documents, and offered testimony from one of its former executives that appear to show it did have business with IRISL—at a time when Under Secretary Carter was telling Congress just the opposite. At least that is the argument set forth in an extensively documented summary of KGL’s own internal records filed by KGL’s adversary in the Pennsylvania case. Among other things, the summary cites those KGL records showing that its joint venture with IRISL made “at least 63 financial transactions” with the Iranian shipper after US sanctions had been imposed. In another example from the summary, a former KGL executive, Allan Rosenberg, gave the court a statement describing how he set up a “ghost structure” email system that resulted in the concealment of KGL’s continuing business with the Iranian-owned company.

A KGL spokesperson declined to comment on the summary or on Rosenberg’s statement.

Airplane Parts for Iran?

In May last year, Fuad Dashti, a brother of the recently indicted Saed Dashti—both members of the wealthy Kuwaiti family that controls KGL—was arrested at San Francisco International Airport. He was charged with involvement in illegally selling aircraft parts to Iran, according to a senior US official, and brought to Washington, DC, apparently for questioning by the FBI. One official at the time described him as, “singing like a bird” while in US custody. Fuad Dashti has since been allowed to leave the United States and was photographed some months ago in Doha, Qatar. At the time of his arrest, a KGL spokesman told POGO that “the alleged conduct [of Fuad Dashti] does not involve KGL or any of its affiliates and that Mr. Fuad Dashti was not acting as a KGL employee or representative.”

However, Fuad Dashti maintains ongoing financial ties to KGL, and has been listed as a top executive and part owner of National Cleaning Company, which is partly owned by KGL. According to the recent indictment in Kuwait, Saed Dashti also owns a share of National Cleaning, though it is unclear whether misappropriated funds were diverted to the company. There was no reply to POGO’s repeated attempts to reach Fuad Dashti, including a message left at a California house where he is listed as owner.

Key Questions Remain

The criminal indictment of KGL’s chairman adds to a growing roster of unresolved issues swirling around the company and its role as a contractor with hundreds of millions of dollars in business with the US military. Questions surrounding the company’s possible financial ties to Iran, and even Syria and Russia, raise national security concerns at a time when those countries are actively engaged in confronting American interests.

America’s federal acquisition regulations require ethical conduct from companies and their leaders. The large body of evidence in Kuwait’s extensively documented fraud and money laundering case raises doubts whether that requirement is being met.

So, too, does the arrest of Fuad Dashti, long a key figure in KGL’s controlling dynasty, on charges of commercial dealings with Iran. Yet the US government has made virtually no public statements about the matter. The fact that KGL, as long ago as 2011 and perhaps earlier, has been the focus of a probe led by the FBI into its ties with Iran only adds to the doubts. Again, no result of that investigation has ever been made public. And the same is true of the US official response to a well-documented pattern of leaks to KGL’s Washington lawyers by the Defense Logistics Agency. Senior US officials have told POGO that the DoD’s Office of General Counsel and its Defense Criminal Investigative Service have looked at or been made aware of the matter. Yet neither has made a public statement about the issues.

Indeed, years of requests for information about KGL from agencies ranging from DoD to the Treasury’s Office of Foreign Assets Control have been met with incomplete answers and, on occasion, with apparently inaccurate information. Given that result, Congress needs to clear up what is going on with KGL and its huge government contracts, because federal agencies appear unable or unwilling to shed light on the issue, or credibly resolve it.

Given the new criminal charges lodged against KGL’s chairman, the American public needs to know whether the company is a responsible and deserving recipient of US taxpayer funds. To find out, Congress should look into what the FBI and other agencies have learned after years of investigating the company’s conduct, and inform the public of what it learns.

Of course KGL is not the only logistics contractor the US military could rely on. Its principal competitor, and one of the largest single US contractors in the Iraq war, is Agility Public Warehousing Company. Yet Agility, too, has faced its share legal problems: the Department of Justice recently settled criminal, civil, and administrative charges against it. In the criminal case, which began in 2009, DOJ sought hundreds of millions of dollars in compensation for alleged overcharging.  In the end, Agility was only required to “pay a maximum of $551…in restitution.” In the civil case, the company agreed to pay $95 million, ending its suspension and allowing it to bid once again on US government contracts.

Taken together, Agility’s recently resolved legal problems and the new criminal charges against KGL’s chairman highlight the need for Congress and the Defense Department to reevaluate a contracting framework that has made America’s military the captive of two giant companies in one of the most strategic parts of the globe, an area where US forces cannot operate without extensive logistical support. As an alternative to this dysfunctional system, Congress and the Defense Department should examine how to foster more competition by explicitly encouraging the Pentagon to make deals with a wider variety of market participants.”

http://www.pogo.org/our-work/articles/2017/us-top-militarys-iran-contracting.html

 

First-ever Audit At The Department of Defense

Standard

First Ever Audit at the Pentagon

“DEFENSE ONE”

“The Department of Defense is preparing for its first-ever audit.

The nation’s most sprawling and expensive bureaucracy and the world’s largest employer—has yet to undergo a formal, legally mandated review of its finances.

[It] has become a preoccupation for members of Congress intent on demonstrating their fiscal prudence even as they appropriate more than $600 billion annually to the Pentagon.

“Like Waiting for Godot,” one Democratic senator, Jack Reed of Rhode Island, quipped about the absent audit at a recent hearing. The lack of formal accountability has left unanswered basic questions about how the military spends taxpayer money, like the precise number of employees and contractors its various branches have hired. Cost overruns have become legendary, none more so than the F-35 fighter-jet program that has drawn the ire of President Trump. And partial reports suggest that the department has misspent or not accounted for anywhere from hundreds of billions to several trillion dollars.

After years of missed deadlines, the mounting political pressure and a renewed commitment from the Trump administration might finally result in an audit. For the first time last year, both major political parties called for auditing the Pentagon in their campaign platforms. That unites everyone from Hillary Clinton and Elizabeth Warren to Ted Cruz and the House Freedom Caucus. And last week, Trump’s nominee to serve as comptroller for the Pentagon, David Norquist, testified at his Senate confirmation hearing that he would insist on one whether the department could pass it or not. “It is time to audit the Pentagon,” Norquist told members of the Senate Armed Services Committee in his opening statement.

As comptroller for the Homeland Security Department a decade ago, Norquist, the brother of the anti-tax advocate Grover Norquist, undertook the first successful audits of that much younger federal agency. The Defense Department is unlikely to meet a statutory deadline to be “audit-ready” by the end of September. But Norquist said he would begin the process even if the Pentagon’s financial statements were not fully in order, and he committed to having the report completed by March 2019.

What has prevented the Pentagon from being examined this way before? The answer lies somewhere “between lethargy and complexity,” said Gordon Adams, a distinguished fellow at the Stimson Center who was the top budget official for national security in the Clinton White House. “It hasn’t been done ever,” he told me, “partly because it’s incredibly complicated to do and also because there’s not a great, powerful will in the building to do it.”

The complexity of the project dates back to the Civil War, Adams said, when the Army and the Navy set up their own separate accounting systems. The Air Force also went its own way after its creation following World War II, and the military build-ups of the last four decades scrambled the department’s financial records many times over. The explosion of military contractors since 9/11 has made scrubbing the books harder still. Adams estimated that an audit would have to account for 15 million to 20 million contracting transactions each year. The Pentagon has spent several billion dollars over the last seven years just trying to consolidate its accounting systems in preparation for a potential audit.

Despite the ramp-up costs, the project has never risen to be a top priority; the Pentagon has simply been too busy fighting wars. “The military has repeatedly argued that they need to focus on the war effort and accountability can come later,” said Kori Schake, a fellow at the Hoover Institution who previously served in a variety of national-security positions in the government. That excuse carried more weight with lawmakers in the years when the United States had hundreds of thousands of troops fighting in Iraq and Afghanistan.

Now, top Republicans like Senator John McCain of Arizona, chairman of the Armed Services Committee, are pressing for an audit with more urgency. “This has been a very public continuing failure for the Department of Defense, in large part due to the failure of senior management to make this a priority for the department and invest the necessary time and will to get it done,” McCain said at the outset of Norquist’s hearing. “This must end with you,” he told the president’s nominee.

Yet those fiscal hawks hoping that the long-awaited report will spur substantial reforms to defense spending are just as likely to be disappointed. An audit by itself won’t dismantle the “military industrial complex” that former President Dwight Eisenhower famously warned about, nor will it lead members of Congress to stop fighting to protect the bases and weapons systems that are manufactured in their districts—and the jobs that come with them. Several times in recent years, it has been congressional lobbying that has kept up production of weapons and equipment that the military no longer considers necessary.

“An audit does not raise the big issues,” Adams said. “It doesn’t tell you that we’re not getting the right bang for the buck. It doesn’t tell you anything about whether we’re getting the right forces for the threat. It doesn’t tell you how well the forces perform. It doesn’t tell you where we are wasting capability that we don’t need.”

“What it allows a member of Congress to do,” he continued, “is to look tough on defense and spend a lot on defense at the same time.”

Spending a lot on defense is what the Trump administration wants to do, even as it pledges its support for a Pentagon audit. The White House has asked Congress for a $54 billion increase in the military budget over the next year and secured about $15 billion of that in the recent spending deal. “It’s harder when there’s a big inflow of cash to focus on something like the audit,” said William Hartung, director of the arms and security project at the Center for International Policy. “There’s still that incentive to just push the money out the door.”

There’s some hope among audit advocates that the administration’s demand for more money will give congressional spending hawks leverage to insist on progress toward the accounting milestone in exchange for a budget increase. But they also don’t believe leverage should be necessary to demand that a department with a workforce pegged at more than 3 million people commit, at long last, to some basic bookkeeping. “We would never accept the argument that the Department of Education is too big and too complicated to be accountable,” Schake argued. “Why do we accept that for Defense?”

http://www.defenseone.com/politics/2017/05/white-house-vows-audit-pentagon-which-would-be-first/137928/?oref=d-channeltop

 

Navigating Defense Department Cyber Rules

Standard

Cyber Rules

“NATIONAL DEFENSE MAGAZINE”

“Defense contractors by Dec. 31 are expected to provide “adequate security” to protect “covered defense information” using cyber safeguards.

Thousands of companies who sell directly to the Defense Department, and thousands more who sell to its suppliers, are or will be, subject to the rule.

This obligation arises from a Defense Acquisition Regulation System Supplement clause, “Network Penetration Reporting and Contracting For Cloud Services,” that was finalized last October and described in the National Institute of Standards and Technology (NIST) Special Publication 800-171.

The Pentagon is well-justified to seek improved cyber protection of sensitive but unclassified technical information. Hackers have exploited network vulnerabilities in the defense supply chain for the unauthorized exfiltration of valuable and sensitive defense information. Senior defense officials have expressed alarm at this persistent and pervasive economic espionage. 

Since 2013, the Defense Department has used acquisition regulations to protect controlled technical information significant to military or space. Other forms of information may not have direct military or space significance, but loss of confidentiality through a cyber breach can produce serious, even grave national injury. 

The Defense Department is the leader among federal agencies in using its contractual power to cause its vendors to improve their cybersecurity. The principal instruments are two contract clauses, DFARS 252.204-7008, “Compliance with Safeguarding Covered Defense Information Controls,” and DFARS 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting.” Both were the subject of final rulemaking released Oct. 21.

Where the -7008 “compliance” clause is included in a solicitation, the offeror commits to implement the SP 800-171 safeguards by the end of this year. Defense Department contracts will include the -7012 “safeguards” clause, which defines the types of information that must be protected, informs contractors of their obligation to deliver “adequate security” using SP 800-171 controls, and obligates reporting to the department of cyber incidents.  

Every responsible defense supplier supports the objectives of these cyber DFARS rules. But the requirements are complex and are not currently well-understood. Outside of a few of the largest, dedicated military suppliers, many companies in the defense supply chain view these rules with a mix of doubt, concern and alarm. This recipe serves neither the interests of the Defense Department nor its industrial base.

A technology trade association, the IT Alliance for Public Sector, released a white paper that examines the Defense Acquisition Regulation System Supplement and other federal initiatives to protect controlled unclassified information. The goal was to assist both government and industry to find effective, practical and affordable means to implement the new cyber requirements. The paper examines these five areas: designation, scope, methods, adoption and compliance.

As for designation, the department should accept that it is responsible to identify and designate the covered defense information that contractors are obliged to protect. It should confirm that contractors only have to protect information that it has designated as covered, and that such obligations are only prospective — newly received information — and not retrospective.

In regards to “scope,” the Defense Department should revise the rule to clarify that contractors must protect information that it has identified as covered and provided to the contractor in the course of performance of a contract that is subject to the rule. The definition of “covered defense information” should be revised to remove confusing language that can be interpreted to require protection of “background” business information and other data that has only a remote nexus to a Defense Department contract.

The October 2016 revision now allows defense contractors to use external cloud service providers, where covered information is involved, only if those vendors meet the security requirements of FedRAMP Moderate “or equivalent.” The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.

The regulation fails to explain what is meant by “or equivalent” and who decides. The Defense Department needs to explain what it expects from cloud services to satisfy SP 800-171 and the DFARS rules. A security overlay should be prepared by NIST to add cloud-specific controls. But it is unnecessary to impose the whole of the FedRAMP process and federal-specific controls on commercial cloud providers.

The Defense Department continues to depend on small business for many needs, and seeks their innovative ideas. The supplements are an obstacle and burden on smaller businesses, and yet security is just as important at the lower levels of the supply chain as at the top. The department can improve the ability of small business to implement the required security controls. Several specific recommendations are made as to how it can reach and assist the small business community. One recommendation is to make increased use of the NIST voluntary cybersecurity framework.

As far as compliance, contractors are required to represent that they will deliver “adequate security” and fully implement the SP 800-171 controls by the year-end deadline. The Defense Department needs to better inform its contractors how they can be confident their security measures will satisfy the requirements should they come under scrutiny following a cyber incident. The white paper explores different ways to create a safe harbor for compliance. A key component is contractor documentation of a system security plan, which was added as a 110th requirement to SP 800-171.        

The White Paper is available here. The Defense Department is hosting an industry day on the cyber DFARS, June 23 at the Mark Center in Alexandria, Virginia. Information and registration details available here. ”     

http://www.nationaldefensemagazine.org/articles/2017/4/21/navigating-defense-department-cyber-rules

Intelligence Watchdog Finds Contractor Abuses

Standard

contractor-waste-fraud-and-abuse

“POGO”

“Dozens of instances when contractor employees fudged their timesheets, billing the government for time they were not at work or when they engaged in activities either personal in nature or outside the scope of the contract.

38 substantiated cases  – loss to the government of more than $2.5 million.

Last week brought news that another Booz Allen Hamilton employee was accused of improperly removing sensitive material from the National Security Agency (NSA). Harold Thomas Martin III was charged with theft of government property and unauthorized removal and retention of classified materials. The government alleges Martin took documents and digital files containing information that, if disclosed, “reasonably could be expected to cause exceptionally grave damage to the national security of the United States.”

It was another black eye for Booz Allen, which was NSA surveillance program whistleblower Edward Snowden’s employer. It was equally embarrassing for the U.S. intelligence community, which pays contractors like Booz Allen billions of dollars each year to help run its global operations and keep a tight lid on our country’s more sensitive secrets.

Just days after the Harold Martin story broke, U.S. intelligence contractors were again in the spotlight. On Sunday, VICE News reporter Jason Leopold posted hundreds of pages of Intelligence Community Inspector General (ICIG) investigative reports. The documents contain the juicy—and occasionally disturbing—details of misconduct investigations conducted by the ICIG, the watchdog office that oversees the federal intelligence agencies. Most of the cases involved employees of Booz Allen and other prominent contractors.

Specifically, the documents contain dozens of instances when contractor employees fudged their timesheets, billing the government for time they were not at work or when they engaged in activities either personal in nature or outside the scope of the contract.

The ICIG also found that some contractor employees, while working on extremely sensitive intelligence programs and operations, risked exposing classified information by using non-secure networks and computers. They did so while working for some of the government’s most trusted private sector partners: Booz Allen and SAIC are among only a handful of private firms that collectively employ nearly all of the intelligence community’s contractor workforce.

The implications of the VICE News revelations are enormous. Not only did the contractor employees rip off taxpayers, they also compromised national security. The ICIG reports bolster POGO’s concern that contractor timesheet fraud is especially rampant among intelligence programs due to a lack of transparency and insufficient contract oversight. However, they also give us a reason to be optimistic: they show that the intelligence watchdog takes its role seriously and doggedly pursues allegations of wrongdoing.”

http://www.pogo.org/blog/2016/10/intelligence-watchdog-finds-contractor-abuses.html