Standard updated for reporting suspicious activity

The federal government has updated its standard for how law enforcement organizations from different levels of government should report on, and share electronically, observations on activities considered suspicious concerning terrorist activity. Officials say the changes incorporate feedback from police along with privacy and civil liberties advocates.

The new version of the functional standard for suspicious activity reporting (SAR) defines suspicious activity as “observed behavior reasonably indicative of pre-operational planning related to terrorism or other criminal activity,” a change from the previous definition. Civil liberties advocates worried the earlier description of suspicious activity, released in January 2008, was too broad and created possibilities for abuse.

The changes from the Office of the Director of National Intelligence’s Program Manager for the Information Sharing Environment (PM-ISE) come as that office continues a pilot program for the SAR information sharing program at sites around the country. The program uses state and local intelligence fusion centers as a node for verifying and disseminating data on suspicious activity through information technology systems.

John Cohen, a senior adviser to the PM-ISE, said the changes are intended deal with concerns from privacy and civil liberties advocates, as well as state and local law enforcement officials. Cohen said the changes are meant to ensure the SAR process “helps effort to fight crime, but at the same time is protective of both privacy and civil liberties.”

The updated standard, signed May 21, separates behaviors that could be observed as suspicious into two categories: defined criminal activity with a potential link to terrorism, and others that are potentially criminal or non-criminal activity that requires additional support to be considered a SAR. The guidance also says the latter are generally activities protected by the First Amendment that require additional support to be described as SARs.

Defined criminal activity includes attempting to or actually entering restricted areas, cyberattacks or vandalism. Meanwhile, activity that requires additional support to be included as a SAR includes taking pictures or video of facilities in a way that arouses suspicion, having unusual amounts of weapons or explosives or demonstrating unusual interest in buildings or infrastructure.

After a report is determined to be a SAR for the information sharing environment (ISE-SAR) it can then be shared through using IT systems with various agencies that are involved in counterterrorism.

Michael German, national security policy counsel for the American Civil Liberties Union and a former FBI agent, praised the changes. German was one of the civil liberties advocates that met with PM-ISE to provide input for the new version of the functional standard.

German said the key changes included the narrowing of the definition to ensure that the SAR program doesn’t change the rules that police must follow when stopping or questioning people, as well as a reiteration that race or ethnicity can’t be used as a factor for suspicion. In addition, he said the ISE also laid out a two-part review process to determine whether a report meets the ISE-SAR threshold and can be shared through the system.

According to the new guidance, officials at a fusion center or from a federal agency review the reported suspicious activity against the criteria for an ISE-SAR. If the report meets the criteria, then an analyst or law enforcement officer needs to determine if that information has a potential nexus to terrorism before it is classified as an ISE-SAR and then shared accordingly.

German said while he was pleased with the changes, the real test will come on how agencies put in place the new standard and that oversight is required.

“We’re hopeful that the way that that is implemented will ensure that innocent people and innocent activity isn’t being collected and isn’t being put into a shared system,” he said. “The test will be how these policies are implemented and whether other agencies adopt the same standards.”