It was a traffic stop, rather than a nationwide manhunt, that tripped up Timothy McVeigh. Ahmed Ressam’s plot to bomb Los Angeles International Airport was foiled by a Customs inspector who thought he was acting suspiciously. More recently, in July 2011, Naser Jason Abdo’s alleged plot to blow up a restaurant popular with Fort Hood soldiers was foiled by a gun shop owner – a retired police sergeant – who became suspicious after Abdo bought a large amount of smokeless gunpowder and asked: “What’s smokeless powder?”
The anecdotal evidence is incontrovertible: When terrorists are caught, it’s often through a chance encounter. This is one of the founding principles of the Nationwide Suspicious Activity Reporting Initiative (NSI), a federal, state, local, and tribal partnership that trains law enforcement officers to recognize behaviors and other indicators related to terrorism, crime, and other threats; standardizes how such indicators are reported and analyzed; and ensures the sharing of reports with the FBI and Joint Terrorism Task Forces (JTTFs) for further investigation. According to the U.S. Department of Homeland Security (DHS), more than 180,000 federal, state, and local law enforcement personnel have received NSI training through 2011.
The idea that information that could help to foil a terror attack should be shared among local, tribal, state, and federal officials is not new. Information-sharing systems such as LEO (Law Enforcement Online) existed before 9/11, but proliferated widely after the 9/11 Commission first identified a breakdown in information sharing and the failure to “connect the dots” as important factors in the nation’s failure to prevent the 9/11 attacks. A 2006 survey by the Justice Research and Statistics Association (JRSA) found about 266 separate systems in place or under development nationwide that share information about crime, including terrorism.
While the concept of information sharing isn’t new, the NSI – a national umbrella of coordination and standardization for these systems, including the FBI’s eGuardian network – is only a couple of years old, and a recent report by the Congressional Research Service, “Terrorism Information Sharing and the Nationwide Suspicious Activity Report Initiative,” (www.fas.org/sgp/crs/intel/R40901.pdf) raises the question of whether a national system may become overwhelmed by the sheer number of inputs.
The CRS report, in fact, identifies four primary issues that Congress, as the final overseer of the NSI, will face in plotting a course for DHS’ suspicious activity reporting (SAR) programs:
- Too Many Dots. The NSI is designed to increase the amount of information flowing from state and local law enforcement agencies to the federal government, but the goal of “connecting the dots” will become more difficult as the number of dots increase. An avalanche of irrelevant or redundant data will divert law enforcement personnel and other resources from meaningful work. During a 40-month period prior to a 2007 SAR pilot program, for example, the FBI documented about 108,000 potential terror threats, suspicious incidents, and terrorist watchlist hits. The report points to a need for Congress to consider which agency or agencies should handle quality control of SARs to prevent system overload.
- Data Privacy and Access. To achieve the objectives of the program, the report states, agency partners must establish protocols for protecting the privacy and civil liberties of individual citizens. An authorized use standard, including identification/authentication and privilege management, should be developed for users of a system that contains sensitive information, and Congress should examine NSI policies governing data privacy and access.
- Information Technology (IT) Infrastructure. The success of the NSI will depend on the infrastructure that supports it, and funding may fall short at fusion centers in some jurisdictions. As the minder of the nation’s purse strings, Congress will need to consider ways to provide funding to fusion centers for this purpose.
- Metrics. Critics of SAR programs, who claim that a focus on suspicious activity will lead to racial and ethnic profiling and an avalanche of spurious tips, are – much like the DHS in formulating the program – relying on anecdotal or even hypothetical information. The only way to validate the program’s effectiveness is through concrete measurements – of how many of the SARs collected by the program are meaningful intelligence “dots,” or whether the right “dots” are being connected as a result of the program, for example. The report recommends that Congress request the DHS’ Program Management Office for the NSI to develop these metrics.
Metrics are an important first step in determining the NSI’s value – but once those metrics are established, of course, DHS will be faced with the task of achieving these new standards of success. History has shown that SAR reporting has stopped several terrorist attacks. But will a nationwide SAR program increase the likelihood that additional attacks will be stopped? The Department of Homeland Security thinks so – it just can’t prove it yet.