Meet the Agents Who Staff the Secret Service Internet Threat Desk

Ben Curtis/AP

A team tasked with protecting the president of the United States is constantly sifting through hateful online comments to find would-be assassins or terrorists.

When President Obama launched his Twitter account in May, people noticed his rapid accumulation of followers, a silly back-and-forth with President Clinton, but also something more serious: the number of hostile and threatening messages directed at the president.

Sifting through those messages to determine which, if any, need to be taken seriously is the responsibility of the Secret Service Internet Threat Desk, a group of agents tasked with identifying and assessing online threats to the president and his family. The first part of this mission—finding threats—is in many ways made easier by the Internet: all you have to do is search! Pulling up every tweet which uses the words “Obama” and “assassinate” takes mere seconds, and the Secret Service has tried to make it easier for people to draw threats to its attention by setting up its own Twitter handle, @secretservice, for users to report threatening messages to.

But if the Internet makes it easier to find threats directed at the president, it can also make it harder to figure out which ones should be taken seriously. The sheer volume of threatening messages online, the lack of context, and the ease with which users can shield their identities all contribute to the challenges of assessing online threats. One series of tweets addressed to @POTUS that caught the Secret Service’s attention—at least enough to warrant an in-person visit from an agent—came from a user with the handle @jeffgully49 and included a picture showing a doctored version of the president’s campaign posters with his head in a noose and the word “HOPE” changed to “ROPE.” The messages were apparently posted by Jeff Gullickson of Plymouth, Minnesota, who was later visited at his home by a Secret Service agent. “The agent from the secret service was cordial,” Gullickson wrote in an email to MPR News, adding that the agent just wanted to be sure his tweets were not serious threats.

Making sure that Gullickson was not a threat required more than just an analysis of his online comments—it called for offline contact, an in-person visit, an assessment of who he was and what he was like face-to-face, not just on the Internet. Context is crucial for evaluating the seriousness of threats—both digital and analog—but online threats offer a slightly different set of contextual clues than their offline counterparts. And while much of the hate-filled commentary on the Internet is routinely written off as hyperbole and ranting, threats directed at the president are not so easily dismissed. So, every day, the Secret Service Internet Threat Desk is faced with the unenviable task of taking seriously some of the most extreme online rhetoric and trying to identify potential assassins or terrorists in the deluge of venomous messages directed at the president and his family.

Though most of the public cases involving the Internet threat desk have to do with threats made via Twitter or Facebook, the desk actually predates both platforms. Founded in 2000, the desk was reportedly expanded in 2009 around the same time that threats against President Obama spiked in the early months of his first term. Ronald Kessler, author of In the President’s Secret Service, said that when he visited the Internet threat desk several years ago it was “just a small room with a few people,” but added, “I’m sure it’s much bigger now.” Secret Service spokesman Robert Hoback declined to comment.

Since the Internet threat desk’s founding, Kessler said, more of the threats the Secret Service assesses have originated online, but the overall number of threats directed at the first family that require investigation has stayed relatively steady at about 10 per day—except for the period when Obama was first elected, when the Secret Service had to follow up on roughly 50 threats per day. “That includes threats on Twitter,” Kessler said. “It makes no difference to [the Secret Service] how a threat is communicated,” he added. “They can’t take that chance of assuming that because it’s on Twitter it’s less serious.”

The Secret Service categorizes all threats, online and offline alike, into one of three categories, according to Kessler. Class 3 threats are considered the most serious, and require agents to interview the individual who issued the threat and any acquaintances to determine whether that person really has the capability to carry out the threat. Class 2 threats are considered to be serious but issued by people incapable of actually follow up on their intentions, either because they are in jail or located at a great distance from the president. And Class 1 threats are those that may seem serious at first, but are determined not to be.

Classifying threats into these categories is partly a matter of wording and specificity—whether the speaker has developed a detailed plan, whether they state that they will kill the president or just that someone should kill the president—but also depends largely on the background of the people who issue them. “The Secret Service looks at whether this person has expressed similar plans previously, whether this person has a criminal record, or is mentally ill,” Kessler said. Presumably, that’s why an agent showed up at Gullickson’s house—to assess the person who issued the Twitter threat, not just the threat itself.

At a 2011 hearing before the House Subcommittee on Counterterrorism and Intelligence, then-Secret Service Director Mark Sullivan emphasized the importance of identifying the people who threaten the president for Secret Service investigations. “When I was a new agent, a lot of times if you got a threat, it would come in the mail, and if the person who was making the threat was very courteous, they would put their return address on there. You would know who to go out and talk to,” Sullivan said. “But regardless of whether it is by mail or over the internet, our people are extremely aggressive with [figuring out who issued threats] … when we do identify that individual who has made that threat or that inappropriate interest that they are displaying, whether it is 2 o'clock in the morning or 2 o'clock in the afternoon, our people are out there looking for that individual to interview them.”

But the Secret Service can’t very well interview everyone who directs hostile comments at the president online—there are just too many of them—especially as the government’s embrace of social media platforms creates an increasing number of channels for lashing out at the president. “What you’ve done with the POTUS Twitter account is created a one-stop shopping for people who don’t like the president to blow off steam and convey their view that they don’t like the president,” said University of Maryland law professor Danielle Citron. “That could perfectly well be political protest: ‘I hate you and I want to throw you in the river’ could mean ‘I hate your ideas and want to throw them in the river,’ or it could mean ‘I’m a neo-Nazi and I want to kill you because you’re a black president.’ For the president, [the Secret Service] is going to err on the side of over-inclusion and more false positives.”

Paring down those false positives may be even more of a challenge online than off. The Internet threat desk “comb[s] the internet” and has people “working 24 hours a day just going through the Internet looking for any type of buzzwords or any type of threatening or inappropriate activity out there that we may see that involves any of our protectees,” Sullivan said at the 2011 hearing.

In other words, the Secret Service is actively seeking out threats made online, rather than waiting for others to report them, or for the people issuing threats to contact the White House directly. “Online threats are much more findable—I can set up some structured queries and find out who’s making threats in real time,” said Andy Sellars, a fellow at Harvard’s Berkman Center for Internet & Society. “You can essentially have a column on TweetDeck for every time someone says ‘president’ and ‘kill’ in the same tweet. A lot of tools being sold to law enforcement are basically just glorified versions of TweetDeck.”

Finding the threats is the easy part, though. “It’s a lot easier to figure out the context of speech in the physical world than in the online world,” said Hanni Fakhoury, a senior staff attorney at the Electronic Frontier Foundation. “You need that context in order to see what that speech really means.”

The cases that the Secret Service has pursued in recent years offer some clues as to which types of threats they seem to take most seriously. Repeat offenders, unsurprisingly, seem to come in for particular attention. For instance, Jarvis Britton of Birmingham, Alabama, was arrested and sentenced to a year in prison in 2013 after posting a series of tweets over the course of several months. In a 2012 affidavit, Secret Service Special Agent Phillip Holly described the series of events that led up to Britton’s arrest, beginning with two tweets on June 28, 2012, that read: “Free speech? Really? Let’s test this! Let’s kill the president!” and “I’m going to finish this, if they get me, they get me! #ohwell. I think we could get the president with cyanide. #MakeItSlow.” The next day, Britton tweeted “Barack Obama, I wish you were DEAD!”

Following the June tweets, the Secret Service spoke with Britton and advised him of “the seriousness of the matter,” according to Holly, but “no further action was taken” until Britton resumed tweeting threats several months later. On September 14, 2012, he posted the message “Let’s kill the president. F.E.A.R.” After learning of the September threats from the Internet Threat Desk, Holly concludes: “Based upon the foregoing, I have probable cause to believe that Jarvis M. Britton did knowingly and willfully threaten to take the life of, kidnap, or inflict bodily harm upon the President of the United States.”

Donte Jamar Sims of Charlotte, North Carolina, was also sentenced in 2013 to serve jail time for a series of threatening tweets directed at the president. Sims’ tweets, posted during the 2012 Democratic National Convention, included the messages: “Ima Assassinate president Obama this evening!” and “The Secret Service is gonna be defenseless once I aim the Assault Rifle at Barack’s Forehead.”

The Internet Threat Desk’s investigations are not limited to Twitter. One 2012 investigation centered on a Facebook photo of several young men from Arizona posing with guns and a T-shirt with the president’s face on it riddled with bullet holes. A 2008 case focused on a series of pseudonymous comments made by the user californiaradial on the Yahoo Finance website, including “Shoot the nig. Country fkd for another 4 years+, what nig has done ANYTHING right???? Long term???? Never in history, except sambos.” And “Fk the niggar, he will have a 50 cal in the head soon.” In court documents, Special Agent Gregory Becker identified californiaradial as Walter Edward Bagdasarian after the Internet Threat Desk “obtained the IP address from which the messages had been sent, as well as the subscriber information for that account.”

When people who issue online threats are identified, they sometimes try to provide context for those threats that might excuse their behavior. Sims, for instance, claimed he was high on marijuana when he threatened the president. Britton’s lawyer similarly insisted his client had no intentions to actually harm the president. Other times, the real world context of online threats makes them seems more concerning—when the Secret Service searched Bagdasarian’s house, they found a .50 caliber rifle among his possessions, which appeared to lend credence to the prediction “he will have a 50 cal in the head soon.”

Ultimately, however, it is the content of the threat itself—not the context—that seems to matter most in court. Sims, Britton, and Bagdasarian all allegedly issued multiple violent threats at the president in online forums. But Sims and Britton were sent to jail, regardless of the claims both made about their respective mental states when they issued the threats—while Bagdasarian’s conviction was ultimately reversed by a federal appeals court in California because he had not specifically said that he himself would kill the president but, rather, suggested more generally that someone should do so.

Making these distinctions between the people who really intended harm—the people who, in legal language, issued threats that they should have reasonably foreseen would be interpreted as “serious expressions of intent to inflict bodily harm upon that person”—and the people who were merely venting political frustrations or indulging in some hyperbolic anger is a very murky area of law, particularly when it comes to online threats. “It is harder to separate the wheat from the chaff online,” said Fakhoury, the Electronic Frontier Foundation lawyer, of distinguishing “true threats” from speech that is protected by the First Amendment. “Part of that is the speed with which people can communicate online, part of it is that people are somewhat removed from what they say online, part of it is the breadth of the audience that exists online,” he explained.

The ease with which anyone can fire off a threat to the president’s Twitter account does not necessarily make such threats less concerning, Citron noted. “Sometimes people say online threats are never to be taken seriously because we’re behind a screen and we tend to just kind of mouth off without thinking, but on the other hand when someone writes something down then there’s the perception that its thoughtful—someone took the time to write this down,” she said.

“The anonymous part doesn’t make it less threatening, but it makes it harder for us to gauge whether it’s a joke or not.”

Many online threats are not even anonymous, Sellars pointed out. “People are making a shocking number of these threats posting on Facebook using their real names,” he said, calling to mind Sullivan’s comment about the letter writers who included their return addresses.

In a recent decision for the case Elonis v. United States, about a man accused of threatening his wife on Facebook, the Supreme Court avoided establishing any clear test for how to identify true threats online. Their decision to dodge the issue leaves not just the Secret Service but everyone who is the victim of online harassment to figure out how to draw the line between true threats and free speech on the Internet.

When it comes to protecting the president, however, that distinction may not be so vital, either online or offline. Kessler noted, “Actual assassinations are usually not preceded by threats.”