PVS: Flawed Assumptions about Effective Vetting of Humanitarian Activity

Printer-friendlyPrinter-friendly EmailEmail ShareThis
February 1, 2012

The purpose of the Partner Vetting System (PVS) is to vet individuals in nongovernmental organizations (NGOs) who apply for United States Agency for International Development (USAID) or State Department contracts and grants, in order to ensure that USAID-funded activities are not inadvertently providing support to entities associated with terrorism.  Under the proposed PVS pilot program, the U.S. government will collect personal data, including name, government identification number, date of birth, country of citizenship, home address, email address, employer information, and job title, from applicants who wish to use federal money for humanitarian purposes overseas. The certification on the form also states that the NGO official signing the form must take “reasonable steps in accordance with sound business practices” to verify the information without defining what those practices are.  Numerous NGOs oppose its implementation.

This updated Issue Brief provides background information on PVS, explains why humanitarian and peacebuilding NGOs in the U.S. strongly oppose its implementation and recommends that the Department of State and USAID consider alternative approaches to vetting its partners.  Other methods are included in the section: Better Approaches to Vetting.
General Background Information

The Partner Vetting System (PVS) was first proposed in 2007 as a way to “conduct screening to ensure USAID funds and USAID-funded activities are not purposefully or inadvertently used to provide support to entities or individuals deemed to be a risk to national security.” It did not define what constitutes a "risk to national security" or provide any criteria used to deem an individual or group to be such a risk.  

More recently, State and USAID have said implementing a coordinated PVS pilot program is “consistent with the relevant language in the FY 2010 Appropriations Act, made applicable to FY 2011 activities pursuant to the FY 2011 Continuing Resolution.” In 2011 State and USAID issued additional notices in the Federal Register announcing the pilot program (see PVS overview page for all FR notices), inviting comments on the scope and costs of the burdens PVS would create for NGOs. However, these notices did not been provide specifics about the pilot plan.  

On Sept. 8, 2011, State and USAID held a briefing to present the outline plan for a pilot PVS program in five countries. In the materials provided at the briefing, it says the “pilot activities are expected to commence in the first quarter of FY2012.” Additionally, the handout says State and USAID present expansion of the pilot program as a foregone conclusion, stating that a projected, “expected outcome” is the “validation of [the] risk-based model.”
Many NGOs who filed comments at State and USAID note that there is no evidence that USAID funds have been diverted to terrorist organizations through NGOs. In fact, many aid groups describe PVS “as a solution in search of a problem.” The USAID Office of the Inspector General has reported that it “did not identify any instances where terrorist organizations received USAID funds" [p. 18] when exercising its oversight of programs in USAID's sensitive West Bank/Gaza portfolio for 2006 and 2007. Nor has it reported finding such diversions elsewhere.
Before it proposed PVS, USAID had already taken action to prevent diversion of its funds to terrorists. In March 2002 it began including a clause in grant agreements reminding grant applicants of the prohibition on transactions with terrorist organizations in Executive Order 13224. This bars transactions with organizations on a list of Specially Designated Global Terrorists (SDGT) published by the Department of the Treasury's Office of Foreign Assets Control (OFAC). In December 2002 USAID began requiring all grantees to certify that funds do not assist terrorist activity, and in November 2005 it issued a bulletin reminding USAID officers of their responsibility to check the SDGT list during the grant award process. USAID now says these procedures are insufficient, and that “merely checking names against the OFAC master list and requiring self-certification may not constitute adequate due diligence in certain situations.”
The USAID handout on the PVS pilot says it will "screen key contract and grant personnel and organizations against national security databases."  While the intention is to prevent U.S. government funds from being diverted to terrorists, in practice this means that NGOs will be seen as reporting to the U.S. government on their contacts in the field. This puts the NGOs in an extraordinarily difficult position with their own local staff and implementing partners. It violates the neutrality of NGOs by effectively turning USAID grantees into investigative arms of U.S. intelligence agencies. Foreign organizations will become hesitant to work with U.S groups that forward their personal information to the U.S. government. This will add to the perception that grantees are acting as agents of the U.S. government, undermining the basic principles of neutrality and trust upon which NGOs rely to preserve the safety of their staff in dangerous regions or in politically sensitive environments, and could lead to retaliation against aid workers by terrorist organizations, militias and foreign governments. Rather than “enhancing” security, requiring NGOs to collect and submit personal information to the U.S. government increases the risk of violence against aid workers.
InterAction, the largest alliance of U.S.-based humanitarian and international development non-governmental organizations (NGOs), said in its comments to USAID in January 2012, “PVS is not adequately designed to protect NGO workers and partners and represents an unwelcome redefinition of the relationship between our community and the federal government, endangering critical aid and development work and consequently harming U.S. national interests.”
In their Jan. 18, 2012 response, State said there can be no guarantee that collecting this data will not create suspicion and hostility toward NGOs. “[State] cannot, of course, control the perceptions of other parties about U.S. government activities and must acknowledge the possibility of such a view; however, those organizations relying on U.S. government funding for their operations already face such suspicions among hostile parties.” This statement demonstrates a disturbing lack of understanding of the independent nature and, more often than not, dangerous working environment of NGOs by USAID. It also fails to acknowledge that "aid workers who choose to work in conflict zones have always exposed themselves to banditry, crime and violence. But the assaults, kidnappings and killings of humanitarians have more than doubled in the past five years — precisely when independent humanitarian, reconstruction and development assistance has been urgently needed in places like Afghanistan and Iraq." (Oped in New York Times by Samantha Power)
Even the Department of Defense (DoD) understands the significance of NGO principles of neutrality and independence are essential for conducting their humanitarian operations in unstable environments. In a July 2011 guide for military personnel who are engaged in foreign disaster relief operations, it says, “While close proximity between partners can facilitate greater opportunities for information sharing and building relationships, [it] can lead to the perception that NGOs are affiliated with military personnel. This perception can have adverse security implications for the civilian humanitarian agency staff and beneficiaries.” [B-2]
Elizabeth Ferris, a Senior Fellow at the Brookings Institution focusing on refugees and responses to humanitarian crises, says systems like PVS compromise the principles that have enabled NGOs to provide life-saving assistance to civilians in some of the world’s most dangerous places. “[T]hese principles have come under increasing threat as policy-makers try to use humanitarian assistance in support of the struggle against terrorists and insurgents,” she wrote on her blog. "Rather than aid being seen as a response by the U.S. population to suffering people in need,” Ferris said, “it [will be] increasingly seen as another tool of U.S. foreign policy."
USAID says the Foreign Assistance Act gives it authority to impose PVS, noting that its requirement to prevent assistance from reaching terrorists is similar to requirements that the agency prevent assistance to narcotics traffickers and human rights violators. U.S. NGOs do not question USAID's goal of preventing resources from reaching terrorists, narcotics traffickers or human rights violators. But NGOs do question whether the USAID grant application process is an appropriate context for using screening procedures based on terrorist databases, which are much broader and larger than the SDGT list.
The ACLU's comments on PVS said these databases "raise serious due process concerns….in light of the fact that the lists are error-filled and unreliable, with many false positives, and there is no effective means for challenging the fact that one is on the list." ACLU research has uncovered numerous instances where people have been put into terrorism-related databases because of activities supporting human rights, the environment, peace and other causes. (See examples in Collateral Damage Chapter 8: Counterterrorism Measures Used to Limit Dissent and Public Debate on Issues.)
If one such activist works for an NGO and his or her name triggers a match in the PVS process, the NGO could lose its opportunity to get USAID funds without ever knowing why, and without having any connection to terrorism.
In its 2007 comments, OMB Watch expressed concern that PVS could result in the creation of a secret USAID blacklist of ineligible grant applicants based on PVS results. Organizations and individuals erroneously listed as having ties with terrorism will have no way of knowing they are deemed as such. However, the problem is not whether USAID keeps a list of PVS matches to intelligence databases. The problem is with using these databases in the first place. There are many lists and databases, all with different standards for why people are listed and how the information is intended to be used. A match could mean someone has a relative or neighbor suspected of associating with a terrorist organization or they have a similar name as someone else on the list.
"There are numerous reports of cases of mistaken identity or 'false positives' on government watch lists...One of the better known terrorist watch list errors includes the listing of the alias of Anthony Romero (Antonio Romero), the executive director of the ACLU, on the OFAC listing in 2004. But there are many more lesser-known cases. According to a March 2007 report released by the Lawyers' Committee for Civil Rights of the San Francisco Bay Area (LCCR), one of the major shortcomings of the OFAC list is its extensive inclusion of common Muslim or Latino names, such as 'Mohammed Ali' or 'Carlos Sanchez," OMB Watch said. The LCCR report also provides examples of several ordinary citizens who were flagged as suspected terrorists when attempting to purchase homes, apply for jobs or health insurance.
These problems are exacerbated by expanding the list-checking beyond lists of designated supporters of terrorism to include a wide variety of government intelligence databases. The thresholds for intelligence gathering and entry of information into files are extremely low and are not limited to those under suspicion of terrorist or criminal activity. Problems with information sharing among local, state and federal law enforcement authorities have been documented by the ACLU in the December 2007 report What's Wrong With Fusion Centers. The report explains how the Justice Department's 2006 Guidelines on information collection and database entry standards go well beyond targeting people under suspicion of illegal activity, saying:

"The inevitable result of a data-mining approach to fusion centers will be:

  • Many innocent individuals will be flagged, scrutinized, investigated, placed on watch lists, interrogated or arrested, and possibly suffer irreparable harm to their reputation, all because of a hidden machinery of data brokers, information aggregators and computer algorithms.
  • Law enforcement agencies will waste time and resources investing in high-tech computer boondoggles that leave them chasing false leads—while real threats go unaddressed and limited resources are sucked away from the basic, old-fashioned legwork that is the only way genuine terror plots have ever been foiled." 
OMB Watch's comments noted that this type of screening “denies a grant applicant the right to know when anyone associated with it is flagged by the watch lists, and the opportunity to present information that could eliminate a false positive. This secrecy is not necessary to protect national security." Other groups have expressed concern that data on innocent people submitted with grant applications could end up being stored in intelligence databases.
Despite NGOs raising red flags about the lack of procedural details since 2007, State and USAID have yet to offer any specifics. In State’s January 2011 response to comments filed by U.S. NGOs, it says they plan on “incorporating such procedures” and that NGOs “will be allowed to challenge the decision,” but no additional details are provided and State has not said who will oversee the appeals process. In the same response, State said that information collected “will be used for screening the key personnel of a particular contract or grant and will not prejudice an organization’s eligibility to bid on other projects. The only information about any individual being vetted that would be retained by other agencies beyond USAID would be if those individuals were already identified in the data holdings of the other agency.”  
The State and USAID’s failure to address the serious concerns is troubling. For the PVS pilot program to provide adequate due process protections, the system must be transparent and includes basic due process procedures. In other words, if an applicant is denied access to USAID funds because of a match to a U.S. government database, the applicant should (1) receive an explanation stating the reason for denial and (2) have a meaningful opportunity to challenge the results of the vetting.
For years NGOs have voiced concerns that State and USAID underestimate the bureaucratic red-tape, increase in costs, and other burdens PVS will impose on their humanitarian and development activities around the world. For example, mobilizing an effective relief effort in the wake of a disaster requires expediency from all parties involved, but NGOs trying to meet the vague requirements for PVS, with no assurances of a timely response from USAID, will have to endure unnecessary delays.  PVS will discourage small NGOs from applying for grants because they lack the necessary staff and resources to comply. Save the Children, a prominent international charity, says that the costs of PVS are not limited to financial ones. “Legal, reputational and administrative burdens associated with processing personal information of individuals…are significant and are often not covered as an allowable grant expense.”
Complicating it further, Save the Children says PVS will require NGOs to institute potentially discriminatory practices against foreign individual and partners:
“For example: if Save the Children is required to provide the personal information of a Belgian citizen heading up a local non-profit partner to the U.S. government for its non-public databasing, Save the Children will need to obtain consent from that individual to waive the privacy protections afforded to them under the Belgian personal information privacy statutes. Given that individual may choose not to waive their privacy protections, Save the Children may be required to decline making the award to the organization. The legal and reputational implications for U.S. NGOs working with individuals and organizations protected by varying legal framework (e.g the European Union Data Directive) cannot be understated. U.S. NGOs are faced with a choice of intolerable options: (i) disclose to potential employees and/or grant recipients that personal information is being transferred to the U.S. government for non-public databasing to obtain consent and risk losing otherwise qualified partners and candidates; or (II) contravene foreign privacy laws to satisfy USAID”s vetting requirements.”
This lack of understanding of the complicated environment in which NGOs work is reflected by the form State made available after the September 2011 briefing. Much of the information required is difficult to find, let alone verify. And it is this last requirement that renders the form legally deficient. It requires the grantee representative to certify that he/she has “taken reasonable steps (in accordance with sound business practices) to verify the information contained in (the) form….” Many groups who submitted comments echo this expert’s comments:
“The standard of a “reasonable step,” particularly with respect to obtaining personal information from often unwilling sources in difficult and potentially dangerous circumstances, is vague at best, even meaningless. It is at best highly questionable, as a matter of law, for the USG to require an individual representing a grantee to certify to something that he/she cannot practically know to be true.”
Despite promises made by DOS and USAID to provide information regarding “methodology and assumptions” used in the pilot, little if any such information as been made available. While the handout and information sheet from the September 2011 briefing provides some clarification, too many issues, procedures and definitions have yet to be determined. For example: 
  • How does USAID define a "threat to national security"?
  • What is "derogatory information"?
  • Will USAID have deadlines for completion of its vetting process?
  • How will the appeal process work?
  • Has USAID considered alternative vetting strategies? 
David A. Steele, a professor at Brandeis University and a conflict mediator for over 20 years, says that questions persist even about the accuracy of the lists of terrorists which will be used to assess individuals. “The very fact that Nelson Mandela used to be on such a list,” Steele says, “is but one example of the questions that need to be raised.”
The NGO sector has pooled its expertise on numerous occasions to develop standards and programs that protect the integrity of their operations. In addition to careful planning and implementation practices, and thorough documentation of financial transactions, a principle shared among these approaches is an emphasis on strong ties and relationships in the communities where programs operate.
For grantmakers, it is called “Know Your Grantee.” For operating charities the same principle applies. Frequent site visits, research on the local community and maintenance of long term relationships with key local contacts provide in-depth knowledge about the people running local organizations and their place in the community.  As Evan Elliott of InterAction stated at a March 2009 panel, “It’s almost silly to think that an FBI analyst here in the United States, sitting at a computer looking at a list, is going to be more effective in screening a potential employee than an NGO would be that has years of experience working in a particular community.”
The following are some of the many guidelines and best practice standards developed by charitable and philanthropic organizations.  They reflect due diligence practices that protect charitable assets to be used solely for charitable purposes.
Ethical principles are also brought to bear on operations. For example, the International Committee of the Red Cross Code of Conduct requires that “the humanitarian imperative comes first” and bans discrimination in aid eligibility determinations. The Do No Harm Handbook provides methods for avoiding negative impact for assistance programs in conflict areas. It recognizes that “assistance is often used and misused by people in conflicts to pursue political and military advantage,” and offers tools to understand how this occurs and prevent it.
The Partner Vetting System, as conceived and designed by the Department of State USAID, is built on flawed assumptions about how effective vetting is conducted. The agencies have pursued a strategy that relies on secret governed databases rather than on-the-ground experience and personal relationships developed over time. It fails to take advantage of the experience and expertise of the NGO sector. The narrow focus on intelligence databases fails to consider how USAID resources are actually used. Finally, it ignores the universal warnings from the NGO sector that data gathering for PVS will create a perception that NGOs are arms of the U.S. government. This creates safety hazards for aid workers and undermines program effectiveness.
U.S. nonprofits strongly support smart and effective due diligence and vetting procedures to make sure their assets are used exclusively for charitable purposes, and are not diverted to terrorism or any other illegal use. To make this happen, USAID must engage in good faith collaboration with the NGO sector to develop a vetting system that is effective and workable.