On May 15, weapons-maker Northrop Grumman will face a resolution, brought forward by shareholders, that calls for the company to report on how it implements its human rights policy. This move comes after a year of human rights scandals for the company, from providing services (such as maintenance and training) to Saudi security forces involved in controversial bombings in Yemen, to allegations of racial discrimination and defrauding the U.S. government, to selling technology used in surveilling U.S. residents in the immigration context. Now, three congregations of Catholic Sisters have brought forward a resolution asking for a report documenting “Northrop Grumman’s management systems and processes to implement its Human Rights Policy.” Northrop’s human rights policy declares the company has a “strong commitment to human rights” as laid out in the Universal Declaration on Human Rights. It is not clear on how it implements that commitment, however.

The resolution is important—both for the American public, which funds 84 percent of Northrop’s revenues through tax dollars, and for the institutional investors that own 84 percent of its shares. It is in the best interests of those investors, including State Street, Vanguard, T. Rowe Price, BlackRock, and others, to vote in favor of the resolution. Northrop Grumman’s business model and track record threaten human rights and welfare and give rise to certain national security risks that could be mitigated by more transparent and active implementation of its human rights policy. Although national security contracts and operations legitimately involve some level of secrecy, there are also pressing needs for increased transparency for a contractor building weapons and surveillance tools for both domestic and foreign clients.

Risks Generated from Some of Northrop’s New Foreign Contracts

While the business of selling weapons carries inherent human rights risk, Northrop Grumman has taken on additional risks through a 2015 business plan to increase sales to foreign governments. With U.S. involvement in Iraq, Syria, and Afghanistan winding (slowly, haltingly, but surely) down, Northrop has begun courting foreign buyers for its surveillance and weapons technology. Consequently, over the course of the past 4 years, sales to foreign governments have increased by a third, amounting to $4.4 billion in 2018.

A major risk is related to the sale of military equipment to hostile states: Overseas sales can reduce a company’s control over and ability to monitor end-users. They can also heighten the company’s legal liabilities if the final purchasers are sanctioned by the United States or, worse, use technology to harm American safety and security. In recent years Intel, Symantec, and Weatherford, for instance, all faced penalties when their products were found in the hands of Syria’s Bashir al Assad despite U.S. sanctions. Furthermore, companies take the risk of running afoul of U.S. overseas tax law, as Northrop is alleged to have done by surveilling its own employees’ confidential tax filings.

Human rights advocates are particularly alarmed by defense contractors’ presence in Saudi Arabia. The Saudi-led coalition engaged in the conflict in Yemen—directly trained by Northrop Grumman—has unlawfully attacked schools, markets, hospitals, weddings, and funerals. Nearly 5000 civilians have been killed by coalition airstrikes, with estimates of another 50,000 dead from the ongoing famine resulting from a Saudi blockade. UN experts have detailed possible war crimes by Saudis in Yemen – conducting the due diligence necessary to implement its human rights policy would help establish whether or not Northrop is complicit in these activities.

Risks Generated from Surveillance Tools for the United States

The proliferation of risks abroad is not the only reason Northrop Grumman should implement its human rights policy more transparently: There are also risks that the company is violating its policy here on U.S. soil and putting U.S. citizens and residents in harm’s way. One of the clearest risks posed by Northrop’s domestic sales comes from its creation of the Homeland Advanced Recognition Technology (HART) database for the Department of Homeland Security (DHS). HART is a replacement of a Bush- and Obama-era database used in the “Secure Communities Program” to track immigrants on U.S. soil in order to remove residents here without documentation. The previous database – made by a different company but using many of the same data sources as Northrop relies on for HART– was taken out of commission (but reinstated under President Trump) in part because it resulted in the wrongful detention of an estimated 3,600 U.S. citizens without any way of correcting those errors. That problem, however, will persist with HART, as the relationship pattern mining technology it uses remains unreliable. HART may prove even more problematic, as it will augment the database with deeply flawed facial recognition technology.

In fact, a similar biometric database Northrop Grumman built for the Department of Defense for tracking terrorists in war zones, called ABIS 1.2, failed to launch four times between 2010 and 2013 partly because it so severely mismatched biometric data to individuals. Facial recognition and “relationship patterns,” also key features of the HART database, are particularly problematic. MIT has found that women and ethnic minorities are most frequently mis-identified through facial recognition software, with error rates rising to nearly 38 percent for dark-skinned women, compared to 0.8 percent for light-skinned men.

HART also creates a new level of uncertainty by monitoring“relationship patterns” through social media as well as, according to a DHS request, “non-obvious relationships.” Specifically regarding the latter, the Electronic Frontier Foundation has voiced concerns that such relationships could be “based on nothing more than ‘liking’ the same news article, using the same foreign words, or following the same organization on social media.”

Furthermore, DHS has requested that the HART program be exempted from the Privacy Act of 1974, taking away citizens’ and residents’ ability to learn whether they are inaccurately recorded in the database and thereby eliminating the possibility of U.S. residents correcting DHS records about themselves. The privacy exemption requested by DHS would directly affect people suspected of no wrongdoing, because HART intends to use law enforcement’s “encounter data,” rather than just court records, for identifying and removing those suspected of immigration violations. While at least one-third of people arrested for a felony are never chargedor convicted (meaning law enforcement records do not establish that they are linked to crimes), “encounter data” also ropes in individuals who were never even arrested, like witnesses who are mere bystanders.

Lest there is any doubt that people suspected of no wrongdoing will be caught in an immigration enforcement tool like HART, consider its inclusion of gang databases. A 2015 audit report by the state of California found that its gang database included 42 infants less than a year old, 28 of whom were listed as having “admitted” to being gang members.

So far as the public is aware, Northrop has neither the capacity to safeguard against people suspected of no wrongdoing from being caught up in the database, nor the processes in place to flag the human rights risks inherent in a racially biased data gathering system. But this is not impossible to do.  In fact, such processes exist at other companies: On April 24, Microsoft reported that its human rights due diligence process prevented the company from selling facial recognition software to a California law enforcement agency because the proposed use of the technology would put innocent people at risk.

Transparent implementation of Northrop Grumman’s human rights policy could trigger similar processes to address such issues and therefore ensure that technology deployed by government bodies is actually fit-for-purpose and not rights-adverse.

National Security Risks Resulting from Due Diligence Failures

Beyond the previously mentioned debacle of the ABIS 1.2 database, which garnered criticism from both the military and the Government Accountability Office for its controversial data sources and its poor performance, Northrop has a track record of making settlements to resolve allegations of defrauding the government, including by overbilling for underqualified or non-existent personnel, falsifying inspections and testing, and providing defective or sub-standard equipment, thereby creating risks that subpar parts and personnel could compromise performance while simultaneously threatening employee and public welfare.

In one case, Northrop paid a $2.25m penalty for allegedly charging the U.S. Navy for work it was actually conducting for a foreign government. In another, Northrop is being sued by a class of workers claiming the company forced them to sign disclosure agreements of their confidential tax documents so that the company could surveil their tax payments. In a 2014 case involving numerous Northrop personnel, one employee billed 1,208 labor hours over a 12-day period (“that’s more than 100 hours per day!”).

If Northrop is indeed subjecting workers to long overtime, implementation of its human rights policy could flag that. If these are all purely fraudulent charges, regular evaluations of labor terms could catch the problem before the financial liabilities add up.

How the Shareholder Resolution Could Help

The shareholder resolution at issue calls for only a report on Northrop’s management and systems to implement its Human Rights Policy. It further recommends that the report include Northrop’s “human rights due diligence process and indicators used to assess effectiveness,” the Board’s role in “oversight of human rights risks,” and finally, “systems to embed respect for human rights into business decision-making processes for its operations, contracts, and supply chain.” If implemented fully and transparently, such a report could be used to hold Northrop to global best practices in responsible business conduct while also safeguarding employees and communities potentially affected by Northrop’s operations, directly addressing labor, privacy, and national security risks that appear endemic in Northrop’s current operations.

For example, human rights due diligence, as described in the resolution and defined in the UN Guiding Principles for Business and Human Rights, would require Northrop to understand how many hours its workers are laboring and how much they are paid for that work. If the government is being overbilled for fraudulent overtime, human rights due diligence can flag that much more swiftly, and cheaply, than a criminal investigation, just through review of labor data. This is because duly diligent human rights analysis must ensure that workers are receiving adequate rest. A 100-hour workday is obviously an excess of overtime and would be flagged as a human rights risk before being reclassified as a billing failure.

For privacy rights, duly diligent reviews of false-positive identity matches can quickly identify discriminatory outcomes, triggering the company to swiftly address systematic flaws such as those wrongly targeting dark-skinned women.

Addressing national security risks resulting from rights-adverse contracts with foreign states might be the most direct and compelling reason for shareholders to vote yes on the Catholic Sisters’ resolution. When U.S. companies sell weapons to rights-abusing governments who deploy them in third countries (as Saudi Arabia does in Yemen), the company becomes associated with the horrific human toll of those conflicts. Northrop’s Saudi business ties are thus far protected under the Trump Administration, but Congress has made clear that it rejects U.S. military involvement in Yemen. Moreover, it remains possible that the 2020 presidential election could result in a new President less sympathetic to Saudi interests – or Northrop’s business interests. And if Congress were to levy sanctions against the Saudis that implicated Northrop’s arms sales or services contracts, the company could face serious legal compliance problems. Therefore, the company, and its shareholders, would be smart to take action now.

Institutional investors have expressed concerns about human rights risk: BlackRock CEO Larry Fink stated in his 2019 letter that corporate governance was a major BlackRock priority. State Street is a signatory to the UN Global Compact, stating unequivocally, “State Street Corporation supports fundamental principles of human rights, such as those adopted in the United Nations Universal Declaration of Human Rights.” While Vanguard prides itself on being a hands-off index manager, even it has launched a growing number of human rights-aware funds.

Northrop Grumman’s stock has been volatile in 2018 and early 2019. ISS, the world’s leading provider of corporate governance guidance to institutional investors, generally recommends that institutional investors vote yes on human rights-related shareholder resolutions, because they safeguard investors from unanticipated financial and ethical risks. Northrop Grumman’s shareholders should heed them.

IMAGE: The Northrop Grumman logo is seen on a building in Annapolis Junction, Maryland, on March 11, 2019. (Photo by JIM WATSON/AFP/Getty Images)