A Comprehensive Suspicious Activity Reporting (SAR) System Requires Action

Report Homeland Security

A Comprehensive Suspicious Activity Reporting (SAR) System Requires Action

January 12, 2012 12 min read Download Report

Authors: Matt Mayer and Scott Erickson

Abstract: A robust, comprehensive, and integrated suspicious activity reporting (SAR) system, linking the unique observations of law enforcement personnel from around the nation, is a necessary component of a 21st-century policing strategy predicated on the increasing role of state and local law enforcement in the battle against domestic radicalization and homegrown terror. While many state and local agencies have embraced their roles in the development of SAR, far too many have yet to do so. The Department of Justice, under which the initiative to expand the nationwide adoption of SAR operates, should vigorously promote the use of SAR within federal, state, local, and public agencies.

Police officers have long been the first line of defense against criminal activity across America. Throughout their daily patrols, officers are repeatedly confronted with suspicious behavior, their training and experience providing the necessary filter for distinguishing the abnormal and dubious from the mundane and perfunctory. Since 9/11, law enforcement personnel have been able to obtain a diverse data set of information through a process known as suspicious activity reporting (SAR). SAR has provided police officers with a greater understanding of the potential nexus between traditional criminal activity and terrorism.

The intersection of international terrorist movements and the protection of the U.S. homeland render the collection, analysis, and development of intelligence obtained in the field a critical aspect of protecting America in the 21st century. Formalizing the process of collecting and understanding the diverse information presented to public safety personnel is at the heart of the Nationwide Suspicious Activity Reporting Initiative (NSI).

A team of experts, working under the aegis of the Information Sharing Environment–Suspicious Activity Reporting (ISE–SAR) Functional Standard Development Team, and in conjunction with the Los Angeles Police Department’s (LAPD) Counterterrorism and Criminal Intelligence Bureau, developed a set of standard operating procedures (SOPs) that could assist personnel across the country with cultivating close working relationships in their communities. The creation of SOPs has been a laudable move toward ensuring that vital information is being collected and matched against other information to which a nexus of criminality and terrorism may exist.

In promoting the SAR protocols across the approximately 18,000 state and local law enforcement agencies within the United States, Congress and the Obama Administration should:

  • Ensure that consistent training is provided to the nation’s law enforcement communities;
  • Lead by example. Federal agencies should ensure that the robust and efficient nature of their SAR protocols demonstrates an exemplar for similarly situated state and local agencies;
  • Interact with state and local law enforcement leaders to convey a full appreciation for the importance of broadly adopted SAR procedures across all strata of law enforcement; and
  • Target homeland security grant funding for the training of SAR at state and local law enforcement agencies, especially those in high-risk jurisdictions.

Standardization and Consistent Application

The SOPs developed though ISE–SAR led to the SAR Information Exchange Packet Documentation (IEPD) in 2007,[1] which standardized and defined semantic congruity, so that terms associated with suspicious activity could be understood by all participating SAR agencies. Law enforcement, health, energy, and transportation sectors could now aggregate information based on a common terminology. This simple, but necessary, function of SAR standardization greatly improved the communication of information among agencies and allowed suspicious trends to be observed across a variety of platforms, such as federal, state, local, and private agencies.

The ISE–SAR team also provided a common definition of “suspicious activity”—“Observed behavior reasonably indicative of pre-operational planning related to terrorism or other criminal activity,”[2] thereby reducing a potential conflict of interpretations.

As agencies began to adopt the IEPD guidelines, the office of the Program Manager of the Information Sharing Environment (PM–ISE) established the Nationwide Suspicious Activity Reporting Initiative (NSI)[3] in March 2010 as a means of monitoring and evaluating the program’s continued evolution.

The effort to evaluate and enhance the evolution of SAR protocols ultimately linked the NSI to the Department of Homeland Security (DHS) and the eGuardian system, an online network administered by the FBI that links all levels of government to data related to activity and information with a potential nexus to terrorism.[4]

The creation of a nationwide SAR system formalized a process of information-gathering that has been a core function of domestic law enforcement since August Vollmer ushered in the era of modern policing in the early 20th century.

As the domestic terror threat grows, the accumulation of information, gathered and analyzed into actionable intelligence, becomes a necessity across the national law enforcement community.

Even a perfunctory examination of cases in which SAR protocols have staved off potential terrorist attacks underscores just how necessary their widespread adoption has become. As police departments struggle to contend with the difficulties of budgetary constraints and a diminution of resources, however, committing to integrated SAR protocols are often not top priorities. A number of agencies that have been at the forefront of adopting SAR protocols have proven the protocols to be an important element in their ability to inhibit criminal and terrorist activity.

A Proven Strategy for Thwarting Terror

A 2010 report by the Institute for Homeland Security Solutions (IHSS) starkly revealed the extent to which both state and local law enforcement officers, and their vigilant counterparts in the public, have uncovered and inhibited terrorist activities in the U.S. and against American interests abroad.

The report collated and analyzed 86 terror plots through the 10-year period of January 1, 1999, to December 31, 2009, 18 of which were executed. Each of the 68 failed plots analyzed had a nexus to terrorism, the majority of which were related to al-Qaeda or al-Qaeda-associated movements (AQAM), or al-Qaeda–inspired incidents (often committed by the proverbial “lone wolf” terrorist).[5]

Revealingly, over 80 percent of the 68 thwarted cases were the subject of full criminal investigations that resulted from the initial observations of federal, state, and local law enforcement officers conducting routine police work, and through the vigilant observations of the public.[6]

Reports of suspicious activity, tips from the public, and the investigation of seemingly unrelated “ordinary”[7] criminal activity accounted for a substantial number of lead-ins to full investigations that would ultimately frustrate the terrorist intentions of those apprehended.

A well-informed and capable infrastructure of law enforcement personnel, coupled with a vigilant citizenry, has proven to be an important shield against the machinations of diverse and disparate groups of organizations and individuals with terrorist inclinations.

At the Vanguard

Several agencies have been at the vanguard of adopting and implementing robust and comprehensive SAR protocols. The LAPD, whose Counterterrorism and Criminal Intelligence Bureau offered the foundation for the ISE–SAR team’s recommendations for SAR standardization, has been very successful in developing and making use of information obtained through the LAPD’s SAR system.

The Boston Police Department’s Regional Intelligence Center, established in 2005, serves as a dedicated resource for the collection, analysis, and dissemination of information obtained by local law enforcement. The center’s model for information collection and analysis has served as a bulwark against criminal and terrorist plots in the Boston area.

Additionally, the New York Police Department’s Intelligence Division offers an example of one of the world’s most comprehensive intelligence and counterterrorism efforts by any state or local law enforcement agency. After 9/11, Police Commissioner Ray Kelly created a stand-alone Counterterrorism Bureau wholly committed to using intelligence-gathering to protect New York City from all manners of threats.

The L.A., Boston, and New York police departments have many cases in which the use of SAR protocols helped to uncover criminal intent much larger in scope than would have been recognized through more superficial observations. The interruption of a planned attack against synagogues and military targets in Southern California underscores this reality as well as the importance of establishing coordinated and universal SAR conventions.

Case Study: The LAPD’s Jam’yyat al-Islam al-Saheeh (JIS) Case

In summer 2005, LAPD investigators uncovered a terrorist conspiracy to attack U.S. military installations, synagogues and Jewish offices, and other targets in the Los Angeles area. The information that led to the uncovering of this terror plot emphasizes the often tenuous nexus between traditional street-level criminal activity and terrorism. How this plot unraveled also highlights the importance of a robust and integrated counterterrorism infrastructure within the machinations of traditional policing.

While serving a 10-year prison sentence for robbery and assault charges, Kevin James converted to Islam. James’s inclinations toward radicalization intensified and, while in prison, he established the group Jam’yyat al-Islam al-Saheeh (JIS), Arabic for “Assembly of Authentic Islam.”

James began to convert other inmates, drawing them in with his radical descriptions of jihad. Soon, JIS members found themselves paroled and living in society, while carrying out the JIS mandate of plotting terror attacks.

JIS grew to a core of four committed followers—James, Levar Washington, Gregory Patterson, and Hammad Samana. Although James remained behind prison walls, others members of JIS carried out his terrorist conspiracies.

To finance their undertakings, JIS members robbed gas stations and engaged in traditional street crimes—criminal activity that often brings individuals with more destructive end goals directly into the purview of street-level law enforcement. This obvious intersection of terrorism and traditional criminal activity stresses the importance of SAR within all state and local jurisdictions.

JIS operatives tipped their hand while engaging in a robbery in Torrance, California. As one of the perpetrators dropped his identification card while committing the robbery, investigating officers quickly identified the suspect and obtained a search warrant of the suspect’s residence, ostensibly investigating a classic robbery case. What officers found during their search led them to a plot far more destructive in nature and in scope.

Literature espousing the virtues of radical Islamism, as well as documents appearing to outline the details of a terrorist plot against local military and Jewish establishments, aroused the suspicions of investigating officers. This information was quickly forwarded to local and regional investigators. What had begun as an investigation into traditional, local criminal activity had quickly evolved into an investigation with implications of homegrown terror and radicalization. The four JIS members were quickly identified, and a collaboration of federal and local law enforcement officers arrested them.[8] James was sentenced to 16 years in prison. Washington, Patterson, and Samana received sentences of 22 years, 151 months, and 70 months, respectively.

When interviewed following the successful prosecution of JIS members, Thomas P. O’Brien, U.S. Attorney for the Central District in California, commented on the evolution of the case and emphasized the important role that local law enforcement played in bringing this investigation to light. “This investigation worked because street cops recognized the value of that material. We were up within hours with a command post, and we had at least 25 agencies and over 500 investigators, analysts and prosecutors at the local, state and military levels. We seized and analyzed thousands of documents. We realized quickly that they were planning on attacking U.S. military and Jewish sites, perhaps in the extreme near future. I think that we did this one right.”[9]

O’Brien further commented on the imminent threat of the JIS terror plot. “We believe based on all the evidence gathered they were within several months of conducting an operation.... They were out conducting a string of about a dozen armed robberies in order to gather money to fund the terrorist attacks. They had conducted surveillance and come up with a list of jihad-type targets around Los Angeles.”[10]

The JIS case typifies how important it is to have both well-informed officers at the local level, as well as an outlet for observed suspicious activity to be funneled for further analysis. Had SAR protocols not been entrenched into the culture of the LAPD and surrounding jurisdictions, the prospect for transforming a traditional criminal investigation into one that most likely prevented a terrorist attack in the Los Angeles area is doubtful.

Moving Forward

The incident involving the uncovering of the terrorist objectives of JIS is an important model for demonstrating the importance of the relationship between line officers and their intelligence counterparts at the federal level.

In attempting to prevent future acts of terrorism against Americans, leaders at the federal level must not only engage the more than 18,000 state and local law enforcement agencies across the nation—they must also empower those agencies to adopt comprehensive and fully integrated SAR protocols in their jurisdictions. Such SAR adoption can be accomplished by taking the following steps:

  • The Department of Justice and DHS should ensure that SAR training and implementation standards are uniform and comprehensive. Given the idiosyncratic political and budgetary constraints faced by local jurisdictions, it is important that local consideration is given to the specific implementation of SAR procedures. However, the federal government can expedite the broader implementation of SAR across the nation by ensuring that all state and local law enforcement agencies employing SAR protocols are trained in curriculum and procedures proffered through the NSI.
  • The Department of Justice, under which the Program Management Office oversees implementation of the NSI, should strongly encourage state and local law enforcement agencies that currently employ unique SAR protocols in their jurisdictions to update their training and standards through participation in the NSI training courses. Although any codified system for recognizing and reporting suspicious activity is preferable to none, a unified system based on common terminologies and understanding across all SAR-participating agencies is far more desirable.
  • The federal government should lead by example. Federal agencies that are currently tasked with responsibilities that frequently afford them close interaction with the public should ensure that their own policy standards are uniform and comprehensive. Agencies such as the Transportation Security Administration and U.S. Customs and Border Protection can serve as exemplars for state and local law enforcement in how to cultivate a culture of awareness among line officers, as well as how to implement rigorous SAR standards.
  • Federal partners should interact with state and local law enforcement leaders. Any effective implementation of SAR protocols begins with acceptance of their necessity by a jurisdiction’s executive leadership. While the NSI does include executive-leadership training in its curriculum, greater outreach—to agencies and personnel not already involved in NSI training—must take place to convey a true sense of urgency regarding the adoption of SAR procedures across the country.
  • Congress and DHS should target homeland security grants for SAR training consistent with desired outcomes. While the cost of participation in NSI-administered SAR training is not borne by the participating states and local agencies, a dedicated source of funding for such training would nonetheless enable a higher level of participation among interested agencies. Lack of adequate funding should not inhibit the dissemination of such a crucial and timely training regime. Congress and DHS should target homeland security grants for SAR training.

The homeland security enterprise must continue to vigilantly defend the country against the ever-present threat of terrorism, homegrown extremism, and myriad other dangers. Doing so requires both a full comprehension of the breadth of threats facing the nation as well as a willingness to take the necessary steps to ensure that the nation’s frontline defenders are equipped to combat them. Educating law enforcement officers across the nation in the recognition of suspicious activities potentially linked to terror as well as standardizing the process by which such information is collected and transmitted to other homeland security stakeholders is a long-overdue and necessary step toward enhancing the protection of the United States and its citizens.

The creation of the NSI has been a laudable step toward improving the efficacy of America’s law enforcement infrastructure and maximizing its potential as frontline defenders against homegrown extremism and terror. The recognition of this important program must be realized, and its full implementation met. Both the Obama Administration and Congress can assist in this process and ensure that a fully integrated and comprehensive system of SAR protocols is realized—sooner rather than later.

Scott G. Erickson has worked in law enforcement for the past decade, and has studied the proliferation of homegrown terrorism and the response by domestic law enforcement. He holds a master’s degree in criminal justice studies from the University of Cincinnati. Matt A. Mayer is a Visiting Fellow at The Heritage Foundation, and president of the Buckeye Institute for Public Policy Solutions in Columbus, Ohio. He has served as counselor to the Deputy Secretary and Acting Executive Director for the Office of Grants and Training in the U.S. Department of Homeland Security.

[1] Office of the Program Manager, Information Sharing Environment, “Suspicious Activity Reporting: From a Portfolio of NIEM Success Stories,” at http://www.ise.gov/sites/default/files/SAR-Brochure_20110705.pdf (December 15, 2011).

[2] Office of the Director of National Intelligence Program Manager, Information Sharing Environment, “Release of the Information Sharing Environment (ISE) Functional Standard for Suspicious Activity Reporting, Version 1.5 (ISE–FS–200),” May 21, 2009, at http://www.ise.gov/sites/default/files/ISE-SAR_Functional_Standard_V1_5_Program_Manager_Memo.pdf (December 15, 2011).

[3] Information Sharing Environment, “Nationwide SAR Initiative,” 2011, at http://www.ise.gov/nationwide-sar-initiative (December 15, 2011).

[4] Office of the Program Manager, Information Sharing Environment, “Suspicious Activity Reporting.”

[5] Kevin Strom et al., “Building on Clues: Examining Successes and Failures in Detecting U.S. Terrorist Plots, 1999–2009,” Institute for Homeland Security Solutions, October 2010, at https://www.ihssnc.org/portals/0/Building_on_Clues_Strom.pdf (December 15, 2011).

[6] Ibid.

[7] Ibid.

[8] Press release, “Man Who Formed Terrorist Group that Plotted Attacks on Military and Jewish Facilities Sentenced to 16 Years in Federal Prison,” Federal Bureau of Investigation, March 6, 2009, at http://www.fbi.gov/losangeles/press-releases/2009/la030609ausa.htm (December 15, 2011).

[9] “Thwarting Terror,” Newsweek, December 14, 2007, at http://www.thedailybeast.com/newsweek/2007/12/14/thwarting-terror.html (December 15, 2011).

[10] Ibid.


Matt Mayer

Scott Erickson

Senior Policy Analyst on International Economics