Law enforcement intelligence

RESEARCH ARTICLE

Law enforcement intelligence: implications for self-radicalized terrorism

Jeremy G. Cartera* and David L. Carterb

aDepartment of Criminology & Criminal Justice, University of North Florida, Jacksonville, FL, USA; bSchool of Criminal Justice, Michigan State University, East Lasing, MI, USA

A series of tragic events over the last three years has further strengthened the emerg- ing preventative and proactive philosophies adopted by US law enforcement post-Sep- tember 11, 2001. Law enforcement and the American public now have a heightened awareness of homegrown terrorism. While these terrorist actors operate independent of traditional terrorist networks and groups, they are often influenced by such groups through a process where they enter as a non-violent individual and exit as a violent ‘true believer’. Efforts by law enforcement to mitigate or prevent such threats rely on the implementation of intelligence-led policing practices. Central to these practices is the input of raw information into the intelligence cycle. This paper will discuss the importance and application of suspicious activity reporting as it impacts law enforce- ment intelligence practices to prevent threats from self-radicalized terrorism.

Keywords: self-radicalized terrorism; suspicious activity reporting; law enforcement intelligence; intelligence-led policing; law enforcement partnerships

Since the profile of a would-be terrorist is becoming less and less obvious . . . In that kind of fog, small behaviors necessarily loom large. (Amanda Ripley, Time Magazine, 2007)

Introduction

The terrorist acts of September 11, 2001 demonstrated an evolution1 of tactics utilized by violent criminal extremists to kill, cause damage, and instill fear. Consistent with this evo- lution of tactics are changes in the practices and policies guiding the prevention of such attacks. The USA is now facing another incarnation2 of terrorist behavior – the increased prevalence of the ‘self-radicalized’ terrorist who is ‘homegrown’ and may be a ‘lone wolf’.

Because of these changes in the threat environment, the practices and policies neces- sary for prevention must change to reflect the threats. The Nationwide Suspicious Activity Reporting Initiative (NSI) emphasizes the input of raw information in the form of obser- vable human behavior into the law enforcement intelligence cycle as critical to law enforcement’s counter-terrorism efforts. This raw information is known as ‘Suspicious Activity Reports’ (SARs) and the vehicle by which SARs reach the intelligence cycle is law enforcement’s partnerships with the community. This paper will briefly discuss law enforcement intelligence practices, SARs, and community partnerships and how they

*Corresponding author. Email: jeremy.carter@unf.edu

Police Practice and Research Vol. 13, No. 2, April 2012, 138–154

ISSN 1561-4263 print/ISSN 1477-271X online � 2011 Taylor & Francis http://dx.doi.org/10.1080/15614263.2011.596685 http://www.tandfonline.com

relate to the prevention of homegrown terrorism. The discussion will be supplemented with case studies of the Fort Dix, New Jersey plot and the Fort Hood, Texas attack.

Self-radicalization of terrorists and criminal extremists

The National Strategy for Information Sharing posits that ‘. . . there is increasing concern regarding the potential threat posed by homegrown terrorists. While lacking formal ties to al-Qaeda, these disaffected, radicalized, violent extremists often draw inspiration from al- Qaeda and other global terrorist organizations’ (White House [WH], 2007, p. 17). The significance of lone-wolf terrorism was felt by the USA prior to 9/11. Timothy McVeigh’s 1995 attack on the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma; Eric Rudolph’s bombing at the 1996 Olympic Games in Atlanta, Georgia; and Theodore ‘Ted’ Kaczynski’s – the ‘Unabomber’ – attacks on airlines, universities, and other targets across the country from the late 1970s to the mid-1990s serve as promi- nent examples. Post 9/11, the presence of lone-wolf terrorism has come in various forms. However, in a one-year period in 2009–2010, the pace of lone-wolf actions, representing a diverse array of extremist beliefs, increased significantly with several lone-wolf attacks or attempts. This significant trend includes:

� 31 May 2009: right-to-life extremist Scott Roeder, who had a record of right-wing extremist activity and threats against abortion clinics, killed Dr George Tiller, a Wichita, Kansas physician who performed controversial late-term abortions, for the stated purpose of stopping the physician from performing more abortions.

� 3 June 2009: self-radicalized Muslim convert Abdulhakim Mujahid Muhammad killed a 23-year-old Army private outside of a Little Rock, Arkansas Army recruiting office, telling investigators he wanted to kill as many members of the US military as he could because he was mad at the military for past actions against Muslims.

� 9 June 2009: avowed white supremacist and Holocaust-denier James Von Brunn opened fire inside the US Holocaust Memorial Museum in Washington, killing a security guard who stopped him in the entrance.

� 5 November 2009: Major Nidal Hasan, an Army psychiatrist who had become a self-radicalized Muslim extremist and who had communicated with known terrorist Anwar al-Awlaki, killed 12 people in a shooting attack at Fort Hood, Texas.

� 25 December 2009: Umar Farouk Abdul Mutallab attempted to detonate a bomb on Northwest Airlines flight 253 from Amsterdam, Netherlands as it prepared to land in Detroit, Michigan.

� 4 March 2010: John Patrick Bedell, an anti-government extremist, committed a shooting attack at the Pentagon where he wounded two security guards before being killed.

� 1 May 2010: Faisal Shahzad’s attempt to kill hundreds in New York City by leav- ing a large homemade bomb that included large amounts of shrapnel, in the back of an SUV parked in the middle of Times Square.3

� 20 May 2010: two West Memphis, Arkansas police officers were killed and two Crittenden County, Arkansas Sheriff’s Department deputies were wounded by Jerry Kane and his 16-year-old son Joseph, both of whom had been involved in anti- government activity.

This list of incidents suggests that self-radicalized lone-wolf attacks are the criminal extremists’ methodology of choice.

Police Practice and Research: An International Journal 139

Radicalization is the socialization process of developing political, religious, environ- mental, economic, or other ideological attitudes, values, and beliefs leading to a narrow vision of the ideology that is represented by only a small number of believers who may be characterized as being revolutionary or militant. Hence, the radicalization process develops an individual as an extremist. As an individual is exposed to more of the extremist ideological literature, the process reinforces the beliefs, much like circular logic. It is fundamentally a resocialization process where the individual’s attitudes, values, and beliefs are eventually transformed to be consistent with the ideology, often leading to vio- lence and/or actions that are traitorous to the individual’s previous life. In an ideological context, the person becomes a ‘true believer’. The steps in the radicalization process can vary. Many experts (Gartenstein-Ross & Grossman, 2009; Silber & Bhatt, 2007) believe it involves four primary stages:

(1) Pre-radicalization: an individual’s lifestyle prior to radicalization (relationships, environment, jobs, social life, etc.).

(2) Self-identification: an individual is influenced by internal and external factors attributing to the exploration of extreme philosophies, ideologies, and values.

(3) Indoctrination: an individual intensifies their beliefs and adopts extreme philoso- phies, ideologies, and values with no exceptions.

(4) Soldier: an individual accepts their duty to participate in the struggle as a warrior fighting those who oppose the ideology in an attempt for the ideology to achieve realization.

Others believe the radicalization process involves ‘mentorship’ as a key motivator to influence beliefs and actions (Sageman, 2004; Whitelaw, 2009). Under this theory, the individual proactively researches and consumes information that shapes the radicalization process, however, the person’s ideological direction is influenced by a mentor who rein- forces the belief system. The mentor only provides ideological support, not financial or logistical support. Because the self-radicalized individual typically has no support net- work, any criminal actions they commit which are intended to support or further the extremist ideology are typically planned and executed solely by that individual – this is characterized as a lone-wolf act.

Regardless of the process by which an individual transforms from a non-risk to a vio- lent risk, opportunities exist that lend themselves to law enforcement collecting information that supports intelligence processes. The progression from stage to stage of self-radicaliza- tion requires active exposure to extreme ideologies that are often identifiable in public places – ranging from public statements to extremists’ blogs. It is these outward behavioral signs of self-radicalization that become important for suspicious activity reporting.

Law enforcement intelligence practices

A brief foundation

The emerging law enforcement philosophy for preventing or mitigating transjurisdictional criminal and terrorist risks is intelligence-led policing (ILP). Fundamentally, the intelli- gence process is designed to identify criminal threats and develop operational responses to eliminate the threats. ILP integrates these processes with other police responsibilities such as handling calls for service and criminal investigations. While there are many dimensions of ILP, due to space considerations only a contextual discussion of the con- cept will be provided here.4 ILP can be defined as:

140 J.G. Carter and D.L. Carter

The collection and analysis of information related to crime and conditions that contribute to crime, resulting in an actionable intelligence product intended to aid law enforcement in developing tactical responses to threats and/or strategic planning related to emerging or changing threats. (Carter & Carter, 2009, p. 317)

In short, ILP is the business model of policing that relies upon the analysis of raw infor- mation to guide decision-making that will ultimately influence the actions taken by law enforcement agencies (Ratcliffe, 2008). The process of how ILP is applied varies across law enforcement agencies depending upon geographic responsibility, population, agency size, resources, and other jurisdictional variables. Regardless of the specific model, at the heart of ILP is an information management process that embodies the ‘intelligence cycle’.

This cycle is comprised of six steps: (1) Planning and Direction, (2) Collection, (3) Processing and Collation, (4) Analysis, (5) Dissemination, and lastly (6) Re-evaluation (Global Intelligence Working Group [GIWG], 2003). These six components depict the methodology by which law enforcement assesses and analyzes raw information that is developed into analytic products. These products inform police leaders on variables related to threats which, in turn, aid them in developing prevention strategies. Interwoven within these steps are a variety of informal and formal partnerships for two-way commu- nication between law enforcement and citizens; policies guiding ethical police behavior and the protection of civil liberties; channels for raw information to be routed to the intel- ligence cycle; and methods of critical thinking to provide the analysis of raw information. Figure 1 provides a comprehensive diagram of the intelligence cycle illustrating these processes.

Inherent in the intelligence cycle is giving clarity to suspected threats and the discov- ery of previously unknown threats. Threats may well exist in a community about which law enforcement has no information. Therefore, a method must be in place to solicit, col- lect, assess, integrate, and analyze these diverse data. Having a broad-based, threat-driven information collection protocol is the only way law enforcement may be able to identify and understand threats within a community. The need for this diverse information from citizens is why suspicious activity reporting has become a critical component for threat management.

Suspicious activity reporting

Law enforcement’s utilization of non-traditional sources of information to combat terror- ism has been documented as a key resource for successful threat prevention (Riley, Treverton, Wilson, & Davis, 2005). Suspicious activity reporting is a formalized process to document and share observed behaviors which are indicative of criminal activity. Information – including ‘tips and leads’ – may come from law enforcement personnel, private sector partners, or citizens. This information is placed in written form and pro- cessed through the law enforcement agency, including verifying facts and confirming if the suspicious behavior has a criminal nexus, in order to have the SAR integrated into the analytic process of the intelligence cycle.

There are three types of Suspicious Activity Reports. The first is the financial SAR. This was mandated by the Bank Secrecy Act (1970) wherein financial institutions must report certain types of transactions to the Treasury Department. The suspicious activity most com- monly associated with financial SARs is money laundering or trafficking in unlawful com- modities.5 The second is the all crimes SAR. This is simply the documentation and

Police Practice and Research: An International Journal 141

reporting of suspicious activity related to any crime. The activity may be observed by a law enforcement officer or reported to an officer. This is similar to what many law enforce- ment agencies have used traditionally known by various names such as a Field Intelligence Report, Field Interview Report, or Miscellaneous Investigation Report.

The third type is the Information Sharing Environment – Suspicious Activity Report (ISE-SAR). This is the documentation of suspicious behavior specifically related to terror- ism or crimes that support or facilitate terrorist planning and acts. The reason for having a distinct SAR for terrorism is based on statutory provisions emanating from the Intelli- gence Reform and Terrorism Prevention Act of 2004. At a law enforcement agency, the form and processes for line officers are typically the same for both the ‘all crimes’ SARs and ISE-SARs. However, when the SAR is processed through the intelligence unit or fusion center,6 the ISE-SAR is processed differently and shared much more widely. The reason for the different processing is based on the responsibility of the ISE to deal only with terrorism and crimes supporting terrorism. It is this type of SAR that holds the most important promise for identifying self-radicalized terrorists.

An important caveat for the fundamental implementation of SAR processes is the commitment to protect citizen’s privacy, civil rights, and civil liberties. The Program Manager’s Office for the Information Sharing Environment (PM-ISE) and its federal part- ners examined potential privacy and civil liberties risks associated with SARs and con- sulted privacy and civil liberties advocacy groups to identify effective mitigation strategies. As a result, explicit types of suspicious activities have been identified which

Figure 1. Detailed law enforcement intelligence cycle. Source: Taken from Carter (2009), with permission.

142 J.G. Carter and D.L. Carter

are based on past cases that reasonably indicate the planning of a terrorism incident. These actions are documented in the ISE-SAR Functional Standard for Suspicious Activity Reporting (Program Manager’s Information Sharing Environment [ISE], 2008). By focus- ing on observed behavior, this standard mitigates the risk of profiling based on race, eth- nicity, national origin, or religion. It also improves mission effectiveness by enabling agencies to focus on and address potential threats in a more efficient and standardized manner (ISE, 2008).

Partnerships for law enforcement intelligence

While important knowledge that may forewarn of a future attack may be derived from information reported by patrol officers in the course of routine law enforcement and other activities (WH, 2007), the current discussion focuses on the importance of developing community and private sector partnerships to increase the awareness of suspicious behav- ior within communities. Moreover, based on lessons learned from community policing, that agencies engaged in a SAR program must educate their partners and community members on the purpose of the program, the type of information that is needed, and why they should participate in the program (ISE, 2010a). Simply stated, law enforcement seeks the assistance of community members and the private sector to report suspicious behavior because this significantly increases the probability of criminally related suspicious actively being observed. To be effective, however, community members and private partners must be informed about identifying suspicious behavior that has a criminal nexus.

The promise ILP has demonstrated, especially the heavily emphasized analytic com- ponent (McGarrell, Freilich, & Chermak, 2007), to combat terrorism is not complete without access to raw information to be input into the intelligence cycle. Partnerships forged between law enforcement agencies and their communities serve as the vehicle by which critical raw information enters this cycle. The value of developing partnerships for two-way information flow has been reaffirmed continuously within federal reports and recommendations (GIWG, 2005, 2008; International Association of Chiefs of Police [IACP], 2004; ISE, 2010b). This approach has been recognized by both the Department of Justice and the Department of Homeland Security as an effective counter-terrorism strategy. In response to the 2005 London bombings, the UK developed an initiative referred to as ‘neighborhood policing’ where police officers gained the trust of commu- nity members in order to establish an information exchange dialogue (Innes, 2006). Fur- thermore, in efforts to combat terrorism, Australia has adopted this partnership approach with private sector entities at airports (Wheeler, 2005) and within community businesses – referred to as ‘networked policing’ (Palmer & Whelan, 2006). Similarly, both the Israeli Police and the Turkish National Police have developed ‘community partnership’ programs to gain information from community members about terrorism-related suspicious activity (Carter, 2009). Despite the diverse environments of those initiatives, they have all been met with demonstrable successes.

In a February 2010 Homeland Security Advisory Council (HSAC) meeting, Depart- ment of Homeland Security (DHS) Secretary Janet Napolitano tasked the HSAC to ‘. . . work with state and local law enforcement as well as relevant community groups to develop . . . and provide recommendations regarding how the Department can better sup- port community-based efforts to combat violent extremism domestically’ (Homeland Security Advisory Council [HSAC], 2010, p. 2). In response, the HSAC identified multi- ple such partnerships where law enforcement and the community were successfully engaging in counter-terrorism/extremist information:

Police Practice and Research: An International Journal 143

� Los Angeles, California. Law enforcement joins communities and government agencies to improve quality of life issues and reduce violent crime.

� Austin, Texas. Law enforcement works with community on rapid response teams to mitigate tough issues and work in partnership to reduce violent crime.

� Las Vegas, Nevada. Grassroots community effort led by faith-based organizations that assist in reducing violent crimes and gangs.

� Dearborn, Michigan. Collaborative effort to engage the community in the identifi- cation and resolution of community issues to include combating violent crime.

� State of Maryland. Established an executive level coordinating office within the Governor’s Office to work with community groups, ethnic groups, and faith-based organizations to address quality of life and other issues of concern.

� State of Ohio. Established a community engagement office, which built a collabora- tive and cooperative relationship with the communities based on trust and mutual respect.

� Minneapolis, Minnesota. Designated crime professional specialists who are liaisons between the community and local law enforcement and have safety centers that are funded by the neighborhoods (HSAC, 2010, p. 7).

Moreover, in July 2010 DHS Secretary Napolitano announced the launch of the ‘See Something, Say Something’ program to anchor a new national information-sharing part- nership with Amtrak as part of the Nationwide Suspicious Activity Reporting Initiative. This national program utilizes public education materials, advertisements, and other out- reach tools to engage and educate travelers, businesses, community organizations, and public and private sector employees to identify suspicious behavior on railway systems (Department of Homeland Security [DHS], 2010). These examples of partnerships forged with the community serve as illustrations of the unique approach law enforcement is tak- ing with community members and organizations in efforts to promote two-way communi- cation flow. As mentioned, these partnerships are the essential foundation needed to channel raw information related to suspicious behavior to law enforcement agencies.

Figure 2. Operational assumptions for risk prevention. Source: Taken from Ratcliffe (2010), with permission.

144 J.G. Carter and D.L. Carter

Law enforcement intelligence: determination and prevention

The mission of law enforcement intelligence is to prevent or mitigate crimes/threats/ attacks from reaching fruition. This mission requires, or assumes, certain knowledge to be available to law enforcement – such as information on the criminal actors along with their motives, methods, and targets. Without this information, the probability of law enforcement successfully preventing crimes and terrorism diminishes. This is the impor- tance of gaining raw information in the form of SARs to serve as the ‘bridge’ between intelligence gaps.7 These vital pieces of information, that may seem irrelevant at the time of the report, may be the missing piece necessary to ‘complete the puzzle’ about the pres- ence and nature of a terrorism threat.

Fundamental to this discussion is that the prevention of crime and terrorism is a pro- cess based upon a set of operational assumptions. This process requires a commitment to a philosophy of practice that emphasizes proactive operations even though most law enforcement activities are reactive in nature. Ratcliffe (2010) sums up the operational assumptions – illustrated in Figure 2 – which law enforcement must recognize when determining threats and identifying ways to mitigate or prevent threats from reaching fru- ition. Simply put, in order to prevent crime or terrorism it is operationally assumed that law enforcement must be proactive – such as training community members on the types of suspicious activity to look for and report. Moreover, in order for law enforcement to be proactive they must rely on a certain degree of predictability of criminal and terrorist actions. In the case of SARs, we rely on the predictability of known criminal ‘indicators’ that law enforcement, in turn, informs community members to be aware of. Lastly, for actions to be predictable, a pattern of these actions must be identifiable (Ratcliffe, 2010). In the SARs example, law enforcement looks for the series of indicators representing a pattern of behavior that can be compared with other reported suspicious activity not only within the jurisdiction but also regionally and nationally.

Coupled with these operational assumptions is a scale of opportunity and time that has implications for risk identification and thus prevention. Opportunity and time play different roles in street crimes than in complex (or enterprise8) crimes and pertain differ- ently to terrorism as well. Street crimes, such as robbery and sexual assault, rely upon lit- tle planning and time to carry out the criminal act. Offenders of street crimes rely more heavily on an opportunistic target, hence there is little preparation time and few criminal instruments needed to commit the crime. Complex criminality, such as terrorism or white-collar crime, requires more planning before the criminal act occurs. For example, identifying channels through which money can be laundered and the processes of laun- dering the money through these channels is time consuming. Moreover, the targets avail- able for complex criminality are far more limited than those of street crimes – it is more difficult to skim money from a brokerage house than to rob a liquor store.

Terrorism, both acts by lone wolfs and networks alike, require significant planning prior to an attack. Examples abound, such as the sophistication and logistics of the 9/11 attacks on the USA, the complexity of four significant and deadly attacks in Istanbul, Turkey in November 2003 by the Turkish al-Qaeda, and the detailed planning of the 7 July 2005 coordinated bombings in London, England. All three of these incidents had multiple coordinated attacks, which required significant logistics, preparation, and people to make the attacks a reality. The time and planning required for these attacks was significant because ‘suitable’ targets had to be identified and reconnoitered in consider- ation of the targets’ accessibility, security, and physical and emotional impact. Just as ter- rorism requires preparation time and logistical planning, street crimes are just the

Police Practice and Research: An International Journal 145

opposite – often little planning and the victim is frequently only a target of opportunity. In consideration of these factors, when balanced against the ability of law enforcement to intervene and stop the incident, considerations for crime and terrorism threat control have two intervening factors: as the time and complexity required to plan a criminal act increases, (1) there will be more information (and indicators) that will likely be observed and reported to law enforcement and (2) the greater the likelihood that law enforcement will be able to intervene in the incident’s planning and execution. Figure 3 illustrates the prevention relationship between terrorism/crime opportunity and time.

Perspective

The discussion thus far has identified both an emerging threat paradigm – self-radicalized, homegrown criminal extremists – and a process to manage the threat. The process is intelligence-led policing that relies on the use of suspicious activity reporting from the community and private sector to provide law enforcement with raw information about behaviors that likely have a criminal nexus. The application of these factors will be illus- trated in two brief case studies: the attempted attack on Fort Dix, New Jersey and the Fort Hood, Texas attack.

Case study: Fort Dix, New Jersey

On the evening of 7 May 2007, six men described as homegrown ‘Islamic militants’ (DHS, 2007; New York Police Department [NYPD], 2007) with no apparent connection to international terrorist networks were arrested for conspiring to attack US armed forces

Figure 3. Planning and opportunity for crime and terrorism.

146 J.G. Carter and D.L. Carter

personnel at Fort Dix, NJ. These men had planned to attack the base armed with a vari- ety of firearms in an attempt to kill as many soldiers as possible (NYPD, 2007). Of the six individuals involved in the Fort Dix terrorist plot, three were brothers. Dritan ‘Anthony’ or ‘Tony’ Duka, Shain Duka, and Eljvir ‘Elvis’ Duka, undocumented aliens from the former Yugoslavia, had been living illegally in the USA for more than 23 years and were accepted as Americans by neighbors and friends who had no idea they would scheme to attack a military base (Anastasia, 2007). The Duka brothers entered the USA near Brownsville, Texas, in 1984 when they crossed the border from Mexico (FOX News, 2009). The brothers had no criminal record, however, reports indicate the three accumulated 19 traffic citations, but because they operated in ‘sanctuary cities,’ where law enforcement does not routinely report undocumented immigrants to homeland secu- rity, none of the tickets raised red flags (DHS, 2007). The three brothers operated a roof- ing business together.

The brothers conspired with three other suspects in the plot – Mohamad Ibrahim Shnewer from Jordan; Serdar Tatar from Turkey; and Agron Abdullahu from the former Yugoslavia. Shnewer was a legal US citizen and worked as a taxi cab driver, a construc- tion laborer, and also at his family’s supermarket. Tatar was in the USA legally with a green card and worked as an assistant manager at a 7–11 store in Philadelphia and deliv- ered pizzas for his family’s pizzeria (Stansbury, 2007). Abdullahu was also in the USA legally with a green card and worked as a baker in a supermarket (USA Today, 2008). Five were charged with conspiracy to kill US military personnel while Abdullahu was charged with aiding and abetting illegal immigrants in obtaining weapons. The weapons were reportedly Abdullahu’s personnel weapons and included a SKS semi-automatic rifle, a Beretta Storm semi-automatic rifle, a Mossberg 12-gauge pump shotgun, and a Beretta 9 millimeter handgun (Stansbury, 2007).

During November 2006, the six suspects began planning the attack in more detail. Tatar’s parents owned a pizzeria near Fort Dix where Tatar stated he had made deliveries to the base multiple times. Beyond the normal deliveries, Tatar mentioned that he noticed an increase in business during times when large numbers of troops were stationed on the base on temporary duty or prior to going overseas. Due to the number of deliveries Tatar’s family pizzeria made to Fort Dix, the pizzeria possessed a detailed map of Fort Dix labeled ‘Cantonment Area Fort Dix, NJ’ – a map that Tatar took from the pizzeria and provided to the group for planning.

The plot to attack Fort Dix was prevented through a citizen tip. Specifically, in Janu- ary 2006 the Duka brothers went to a local Circuit City store in Cherry Hill, NJ to get an 8-mm video converted into a DVD (Stansbury, 2007). They were greeted by store clerk Brian Morgenstern who later called the police after becoming troubled by what he saw on the video – 10 long-bearded men of Middle Eastern descent shooting weapons at a fir- ing range and calling for jihad (Inskeep, 2008). The police arrived at Circuit City, watched the video with Morgenstern and determined the video was suspicious enough to call the County Counter Terrorism Coordinator who then contacted the local FBI field office. That same afternoon the Duka brothers returned to pick up their copied video without incident – the FBI received their copy of the video a week later. Despite this video, authorities maintain there was no direct evidence connecting the men to any inter- national terror organizations such as al-Qaeda (Russakoff & Eggen, 2007).

The tip from Morgenstern led to an investigation that included infiltration by a coop- erating witness – Mahmoud Omar, a legal immigrant from Egypt. Omar’s history included a 2001 conviction for bank fraud and a 2004 arrest for a fight with a neighbor. In 2006, the FBI recruited him to infiltrate this group. The group often watched terror

Police Practice and Research: An International Journal 147

training videos, clips featuring Osama bin Laden, a tape containing the last will and testa- ment of some of the September 11 hijackers, and tapes of armed attacks on US military personnel (DHS, 2007). The men trained by playing paintball in the woods in New Jer- sey and taking target practice at a firing range in Pennsylvania’s Pocono Mountains where they had rented a house (Mulvihill, 2008).

In addition to plotting the attack on Fort Dix, the defendants spoke of assaulting a Navy installation in Philadelphia during the annual Army–Navy football game and con- ducted surveillance at other military installations in the region. The group also considered targeting Dover Air Base in Delaware, Fort Monmouth in New Jersey, the Coast Guard Building in Philadelphia as well as the Philadelphia Federal Building (NEFA, 2010). The individuals involved in the terror plot were arrested when attempting to purchase AK-47 assault weapons, M-16s, and other weapons from an FBI informant. It remains unclear when the attack was to take place.

Fort Dix implications for law enforcement intelligence and risk prevention

The Fort Dix case provides an excellent illustration of law enforcement intelligence prac- tices in the prevention of self-radicalized terrorism. The initial awareness of the attack came from an alert citizen working at Circuit City (Morgenstern) who witnessed suspi- cious behavior on the videotape. The existence of this al-Qaeda training video and other terrorism literature in the suspects’ possession demonstrate the ‘Self-Identification’ stage of the radicalization process wherein the individuals began exploring and learning this extreme philosophy and applied it in the form of training and planning for an attack on a US military base. This step in radicalization of the six Fort Dix suspects, which has been specifically endorsed by terrorist experts (Emerson, 2010), serves as a point of opportu- nity for law enforcement to learn of potential attacks through successful partnerships with non-law enforcement entities. This SAR from Circuit City’s Morgenstern is one that came as a result of community partnerships in which community members were educated and aware of such suspicious activity and to inform the police if such suspicious activity was observed. The importance of such partnerships for raw information collection to combat terrorism has been well documented (IACP, 2004; ISE, 2010b; Jenkins, 2010).

This information was then relayed to a local police department and then was turned over to the County Counter Terrorism Coordinator who forwarded it to the FBI. The local field office then initiated the intelligence-led investigation that ultimately connected the information and prevented the attack. Not only was the initial SAR from Morgenstern critical, but the local police department did not stall on the information but rather for- warded it appropriately as envisioned by the ISE-SAR processes. Local, state, and federal agencies then shared information and the follow-up investigation, intelligence collection, and analysis. The case also illustrates what the FBI describes as ‘pre-emptive prosecu- tion’. This relied on an informant to infiltrate and provide information and then a pre- emptive arrest. Despite the success of this approach, it can result in a weaker case from a prosecution standpoint – an issue that has risen on several accounts as many reports argue the suspects had no intention of actually attacking Fort Dix (Piette, 2009).

As aforementioned, terrorism relies on long-term planning and the right opportunity. As a result of the time it took for the six suspects to review maps of the Fort Dix mili- tary base, collect numerous weapons, train with these weapons, and do strategic training with paintball guns, law enforcement agencies had time to gather information and develop strategic and tactical intelligence to prevent the attack on Fort Dix. Moreover, the suspects had multiple targets in mind at the outset of the planning stages. Based upon

148 J.G. Carter and D.L. Carter

a variety of factors – mainly accessibility and potential casualties – the six suspects chose Fort Dix as the target for the attack since it provided the most ideal opportunity for their desired outcome.

Case study: Fort Hood, Texas

On 5 November 2009, Nidal Malik Hasan concealed his FN Herstal 5.7�28 mm pis- tol along with 13 extra ammunition magazines and went to the Soldier Readiness Center at Fort Hood, Texas where hundreds of deploying soldiers were being given shots and eye examinations. Hasan jumped on a table and yelled ‘Alla Akbar!’ (God is Great) in Arabic and began firing (CNN, 2009a). The result was 13 people dead and 31 injured. Hasan’s attack ended when two base police officers shot and seriously wounded him. Born in the USA to Palestinian parents, Hasan graduated from Virginia Tech and joined the US Army against his family’s wishes (Sherwell & Spillius, 2009). The military paid for him to go to medical school and he became one of the few psychiatrists in the military when he was assigned to Fort Hood (Washington Post, 2010). Hasan had asked about resigning his commission and began to doubt his military commitment, a situation thought to have worsened after he received orders to deploy to Afghanistan.

Hasan had met Anwar al-Awlaki, a radical Yemeni-American, while living in the Washington, DC area and later communicated with him via the Internet.9 Al-Awlaki had left the USA for Yemen after being investigated in connection with the 9/11 attacks.10

On 15 July 2009, al-Awlaki had posted a message on his website urging the deaths of US army personnel (Hsu, 2009). Three weeks later, Hasan purchased the weapon used on the 5 November attack at a Killeen, Texas gun store for $1140 (Allen, 2009). Hasan criti- cized the wars in Iraq and Afghanistan. He called himself a Muslim first and an Ameri- can second. He spoke at a seminar at Walter Reed Military Hospital in Washington in June 2007, making a presentation entitled ‘Why the War on Terror is a War on Islam’. During his presentation he said, ‘It’s getting harder . . . for Muslims . . . to morally justify being in a military that seems constantly engaged against fellow Muslims’ (Friedman, 2009). He was reported to have ‘applauded the killing of a US soldier at an Arkansas recruiting center’. Hasan is also believed to have had business cards that contained the abbreviation ‘SoA (SWT),’ which means ‘Soldier of Allah’ and ‘Subhanahu Wa Ta’all’ – or Glory to God (Gibbs, 2009).

In December 2008, Hasan’s emails to al-Awlaki were discovered by the Joint Terrorist Task Force (JTTF) in San Diego. A report stated that the ‘content of those communica- tions was consistent with research being conducted by Major Hasan in his position as a psychiatrist at . . . Walter Reed . . . and nothing else derogatory was found . . . the JTTF concluded Hasan was not involved in terrorist activities or planning’ (Marquise, 2010, p. 22). This information was shared with members of the Washington JTTF. As a result of the consistencies between Hasan’s research at Walter Reed and the content of the email exchanges with al-Awlaki, the investigation was dismissed even despite allegations that his emails to al-Awlaki contained cryptic or coded communications explaining how to transfer money overseas so as to not attract the attention of law enforcement (Marquise, 2010). Based on all that is known, many have concluded that the Fort Hood attack was a terrorist attack against the US military. Despite this, the FBI has said its investigation indicates that the alleged gunman acted alone and was not part of a broader terrorist plot (CNN, 2009b).

Police Practice and Research: An International Journal 149

Fort Hood implications for law enforcement intelligence and risk prevention

The attack on Fort Hood is a tragic and frustrating reminder to the law enforcement community as to the ‘nature of the beast’ when attempting to combat terrorism in the USA. As a harsh reality reminds us, despite the best efforts of dedicated law enforce- ment personnel, preventing every threat is simply beyond reach. As discussed previ- ously, terrorism requires long-term planning and thus instances for law enforcement to identify suspicious behavior. However, terrorism also has limited opportunities. When compared to other complex criminality, such as organized crime, terrorism does not pro- vide law enforcement the ability to pattern certain behavior and methods as a result of a ‘one chance to strike’ approach taken by terrorists. Terrorist methods may be similar; however, they are not consistent enough for law enforcement to identify specific pat- terns of behaviors to implement prevention methods. Law enforcement must then rely upon lessons learned from incidents that do reach fruition in an effort to identify precur- sors to such events and develop mechanisms to get this information into the intelligence cycle.

Even from tragic events such as the Fort Hood shootings, there are lessons to be learned. In this case, future application of intelligence practices – specifically the identifi- cation of an individual’s behavior that may illicit further investigation as it challenges the boundaries of reasonable suspicion. Hasan’s behavior certainly warranted further investi- gation. His views on the US military, his speech at Walter Reed Hospital, and his busi- ness cards identifying him as a ‘Soldier of Allah’ were enough to meet the threshold of reasonable suspicion for an investigation. Further compounding the risk he posed were his access to Fort Hood and access to weapons.

Just as hindsight is 20/20, these facts seem obvious and yet the attack came to fru- ition. However, the information simply was not there to guide law enforcement decision- making. Without the mechanisms in place to identify Hasan’s behavior as suspicious, there was no way for this raw information to be passed along to the necessary actors. Throughout the course of events leading to the attack, if the mechanisms had been in place to identify and report his behavior, these suspicious activities would have been reported at different times and each within its own context. Moreover, as each suspicious behavior made its way into the intelligence cycle, the ‘pieces of the puzzle’ would begin to paint a picture of what may occur. As intelligence analysts continued to input files on Hasan, his behaviors began to shed light on a series of events leading up to what could possibly be a lethal attack. Thus, if the events had been reported through partnerships with personnel at the hospital, personnel on Fort Hood’s military base, and a conscious awareness among citizens of what behaviors are suspicious law enforcement would have had the information necessary to act and prevent the threat.

Conclusions

The Fort Dix and Fort Hood case examples provide real-world context to the application of law enforcement intelligence practices and, more specifically, suspicious activity reporting, as applied to the self-radicalized criminal extremist threat. Law enforcement’s ability to prevent criminal and terrorist risks relies on the availability of raw information that is oftentimes outside the law enforcement purview. Preventing crimes and terrorism relies not so much on the highly sophisticated and technological tools available, but the simple, informal passing of information related to observed behavior that when taken in the context of the totality of circumstances ‘simply doesn’t seem right’. State, local, and

150 J.G. Carter and D.L. Carter

tribal law enforcement agencies must continue their efforts to establish relationships with their communities, businesses, and infrastructure entities to develop channels for raw information to get into the intelligence cycle.

The principles discussed here are not new to law enforcement. The foundation to develop communication channels with the community were instilled, by most US agen- cies, through community policing efforts (Carter & Carter, 2009). Once again it is impor- tance to reiterate that even though SARs are a formal method of documenting behavior, the exchange of this information is highly informal and is seeded in trust and familiarity between law enforcement personnel and the communities they serve. Without raw infor- mation, there cannot be analysis. Without analysis, there cannot be pattern identification. Without pattern identification, there cannot be predictability. Without predictability, there cannot be prevention.

Notes 1. The 9/11 attacks on the World Trade Center and Pentagon demonstrated the detailed and com-

prehensive planning of modern terrorist groups as well as their patience and willingness to invest in methods of attacks that have not been utilized in the past.

2. Terrorist methods have evolved consistently with counter-measures. Historically speaking, ter- rorist groups would often utilize a variety of bombing methods to instill damage and fear. While this approach is still prevalent – especially at the international level – groups and bombings have given way in the USA to individual actors who utilize any available means to cause violence and terror.

3. Shahzad’s attempt to detonate the bomb in Times Square was prevented due to a tip from a community member to a local NYPD police officer.

4. A detailed discussion of ILP can be found in Carter, 2009. 5. The financial SAR deals specifically with financial transactions where financial institutions

must report large cash transactions as suspicious activity. For more information about the financial SAR see http://www.fincen.gov/reg_sar.html

6. For more information on law enforcement fusion centers, refer to Chapter 8 of the Carter, 2009.

7. As a matter of nomenclature, an ‘intelligence gap’ is information law enforcement does not possess about the existence, nature, and/or viability of a threat. An ‘intelligence requirement’ is information that is identified and proactively collected to ‘fill the gaps’.

8. The FBI defines a criminal enterprise as a group of individuals with an identified hierarchy, or comparable structure, engaged in significant criminal activity that often engage in multiple criminal activities and have extensive supporting networks (Federal Bureau of Investigation [FBI], 2010).

9. Hasan’s relationship with al-Awlaki serves as an example of the ‘mentorship’ role within the process of self-radicalization.

10. Al-Awlaki has also been tied to Faisal Shahzad, the man who attempted to detonate a bomb in New York City’s Times Square on 1 May 2010 (Huffington Post, 2010; Shane & Mekhen- net, 2010).

Notes on contributors Jeremy G. Carter, PhD, is an Assistant Professor in the Department of Criminology and Criminal Justice at the University of North Florida. He is a principal investigator for a project funded by the National Consortium for the Study of Terrorism and Responses to Terrorism (START) and is currently engaged with a project funded by the National Institute of Justice to evaluate information sharing practices among law enforcement fusion centers. He also has experience training state and local law enforcement as a part of a training program funded by the Department of Homeland Security. His research interests include law enforcement intelligence, policing, organizational behavior, and policy implementation.

David L. Carter, PhD, is a Professor in the School of Criminal Justice at Michigan State University and Director of the Intelligence Program. He is the principal investigator for a National

Police Practice and Research: An International Journal 151

Institute of Justice-funded national intelligence assessment and Project Director of two DHS- funded law enforcement intelligence training programs. He is the author of the Intelligence Guide for State, Local, and Tribal Law Enforcement. His research interests include law enforcement intelligence, police policy, police investigations, and police behavior.

References Allen, N. (2009, November 9). Fort Hood massacre: Barack Obama would have to sign death warrant.

Telegraph. Retrieved from http://www.telegraph.co.uk/news/worldnews/northamerica/usa/baracko- bama/6531599/Fort-Hood-massacre-Barack-Obama-would-have-to-sign-death-warrant.html

Anastasia, G. (2007, May 13). Fort Dix 6: ‘Good boys’ or terrorists? The Seattle Times. Retrieved from http://seattletimes.nwsource.com/html/nationworld/2003704914_dixprofiles13.html

Carter, D.L. (2009). Law enforcement intelligence: A guide for state, local and tribal law enforcement agencies (2nd ed.). Washington, DC: Office of Community Oriented Policing Services.

Carter, D.L., & Carter, J.G. (2009). Intelligence led policing: Conceptual considerations for public pol- icy. Criminal Justice Policy Review, 20, 310–325.

CNN. (2009a, November 9). Fort Hood soldier: I ‘started doing what I was trained to do’. Retrieved from http://www.cnn.com/2009/CRIME/11/09/fort.hood.foster/index.html

CNN. (2009b, November 10). Investigators look for missed signals in Fort Hood probe. Retrieved from http://www.cnn.com/2009/CRIME/11/09/fort.hood.shootings/

Department of Homeland Security (DHS). (2007). Fort Dix plot illustrates continuing threat posed by homegrown Islamic extremists. Washington, DC: Joint Homeland Security Assessment.

Department of Homeland Security (DHS). (2010, July 1). Secretary Napolitano announces rail security enhancements, launches expansion of ‘See Something, Say Something’ campaign. Press release. Retrieved from http://www.dhs.gov/ynews/releases/pr_1278023105905.shtm

Emerson, S. (2010). Fort Dix terror plot. Investigative Project on Terrorism. Retrieved from http://www. investigativeproject.org/379/fort-dix-islamist-terrorist-plot

Federal Bureau of Investigation (FBI). (2010). Organized crime. Retrieved from http://www.fbi.gov/hq/ cid/orgcrime/glossary.htm

FOX News. (2009, April 29). Fifth man convicted in Fort Dix terror plot sentenced to 33 years in prison. Associated Press. Retrieved from http://www.foxnews.com/story/0,2933,518337,00.html

Friedman, T.L. (2009, November 28). American vs. the narrative. New York Times. Retrieved from http://www.nytimes.com/2009/11/29/opinion/29friedman.html

Gartenstein-Ross, D., & Grossman, L. (2009). Homegrown terrorists in the U.S. and U.K. An empirical examination of the radicalization process. Washington, DC: Foundation for Defense of Democracies Press.

Gibbs, N. (2009, November 11). The Fort Hood killer: Terrified . . . or terrorist? History News Network. Retrieved from http://hnn.us/roundup/entries/119883.html

Global Intelligence Working Group (GIWG). (2003). National Criminal Intelligence Sharing Plan. Washington, DC: Global Justice Information Sharing Initiative. Retrieved from http://it.ojp.gov/docu- ments/NCISP_Plan.pdf

Global Intelligence Working Group (GIWG). (2005). Fusion center guidelines: Developing and sharing information and intelligence in a new era. Washington, DC: US Department of Homeland Security. Retrieved from http://www.it.ojp.gov/documents/fusion_center_guidelines_law_enforcement.pdf

Global Intelligence Working Group (GIWG). (2008). Baseline capabilities for state and major urban area fusion centers. Washington, DC: US Department of Homeland Security. Retrieved from http:// it.ojp.gov/default.aspx?area=home&page=1224#cat_Intell

Homeland Security Advisory Council (HSAC). (2010, Spring). Countering violent extremist working group.

Hsu, S.S. (2009, November 18). Hasan’s ties to radical cleric raise issues for law enforcement. The Washington Post. Retrieved from http://www.washingtonpost.com/wp-dyn/content/article/2009/11/17/ AR2009111703830.html

Huffington Post. (2010, May 13). Faisal Shahzad had contact with Anwar al Awlaki, key figure in Fort Hood, Christmas Day attacks. Retrieved from http://www.huffingtonpost.com/2010/05/06/faisal- shahzad-had-contac_n_566666.html

Innes, M. (2006). Policing uncertainty: Countering terror through community intelligence and democratic policing. The ANNALS of the American Academy of Political and Social Science, 605, 222–241.

152 J.G. Carter and D.L. Carter

Inskeep, S. (2008, October 20). Opening statements to start in Fort Dix plot. National Public Radio. Retrieved from http://www.npr.org/templates/story/story.php?storyId=95891389

International Association of Chiefs of Police (IACP). (2004). National policy summit: Building private security/public policing partnerships to prevent and respond to terrorism and public disorder. Com- munity Oriented Policing Services. Retrieved from http://www.theiacp.org/Portals/0/pdfs/Publica- tions/ACFAB5D.pdf

Jenkins, B.M. (2010). Would-be warriors: Incidents of jihadist terrorist radicalization in the United States since September 11, 2011. Santa Monica, CA: RAND Corporation.

Marquise, R. (2010). Fort Hood attack. The Counterterrorist, Official Journal of the Homeland Security Professional, 3(1), 20–28.

McGarrell, E.F., Freilich, J.D., & Chermak, S. (2007). Intelligence-led policing as a framework for responding to terrorism. Journal of Contemporary Criminal Justice, 23, 142–158.

Mulvihill, G. (2008, March 31). Man sentenced in Fort Dix plot case. USA Today. Retrieved from http:// www.usatoday.com/news/nation/2008-03-31-619191134_x.htm

NEFA. (2010). United States v. Shnewer et al. – Ft Dix trial. The NEFA Foundation. Retrieved from http://www1.nefafoundation.org/ftdixdocs.html

New York Police Department (NYPD). (2007). Threat analysis: Fort Dix, New Jersey terror plot. NYPD Shield, Counter-Terrorism Bureau.

Palmer, D., & Whelan, C. (2006). Counter-terrorism across the policing continuum. Police Practice and Research, 7, 449–465.

Piette, J. (2009, May 10). Meeting exposes Fort Dix 5 frame-up. Workers World. Retrieved from http:// www.workers.org/2009/us/fort_dix_5_0514/

Program Manager’s Information Sharing Environment (ISE). (2008). Information Sharing Environment Functional Standard for Suspicious Activity Reporting. Retrieved from http://www.ise.gov/docs/ctiss/ ISE-FS-00SARFunctionalStandardIssuanceVersion1.0.pdf

Program Manager’s Information Sharing Environment (ISE). (2010a). Final report: Information Sharing Environment (ISE) – Suspicious Activity Reporting (SAR) evaluation environment. Retrieved from http://nsi.ncirc.gov/documents/NSI_EE.pdf

Program Manager’s Information Sharing Environment (ISE). (2010b). Nationwide Suspicious Activity Reporting (SAR) Initiative. Retrieved from http://www.ise.gov/pages/sar-initiative.aspx

Ratcliffe, J.H. (2008). Intelligence-led policing. Cullompton: Willan. Ratcliffe, J.H. (2010). Intelligence-led policing: Anticipating risk and influencing action. In M.B. Peter-

son, B. Morehouse, and R. Wright (Eds.), INTELLIGENCE 2010: Revising the Basic Elements. Richmond, VA: International Association of Law Enforcement Intelligence Analysts.

Riley, K.J., Treverton, G.F., Wilson, J.M., & Davis, L.M. (2005). State and local intelligence in the war on terrorism. Pittsburgh, PA: RAND Corporation.

Ripley, A. (2007, December 6). The Fort Dix conspiracy. Time Magazine. Retrieved from http://www. time.com/time/nation/article/0,8599,1691609-2,00.html

Russakoff, D., & Eggen, D. (2007, May 9). Six charged in plot to attack Fort Dix. The Washington Post. Retrieved from http://www.washingtonpost.com/wp-dyn/content/article/2007/05/08/AR20070 50800465.html

Sageman, M. (2004). Understanding terror networks. Philadelphia: University of Pennsylvania Press. Shane, S., & Mekhennet, S. (2010, May 8). Imam’s path from condemning terror to preaching jihad.

New York Times. Retrieved from http://www.nytimes.com/2010/05/09/world/09awlaki.html Sherwell, P., & Spillius, A. (2009, November 7). Fort Hood shooting: Texas army killer linked to Sep-

tember 11 terrorist. Telegraph. Retrieved from http://www.telegraph.co.uk/news/worldnews/north- america/usa/6521758/Fort-Hood-shooting-Texas-army-killer-linked-to-September-11-terrorists.html

Silber, M.D., & Bhatt, A. (2007). Radicalization in the West: The homegrown threat. New York, NY: Police Department, Intelligence Division.

Stansbury, P. (2007). 98th Range Wing antiterrorism program. Intelligence Threat Assessment. Nellis, NV: US Air Force.

USA Today. (2008, March 31). Man sentenced in Fort Dix plot case. Associated Press. Retrieved from http://www.usatoday.com/news/nation/2008-03-31-619191134_x.htm

Washington Post. (2010, January 1). Clues left by Fort Hood suspect raise haunting question: Should Army have seen it coming? Retrieved from http://www.dallasnews.com/sharedcontent/dws/dn/latest- news/stories/010110dnmethasanclues.3f4b199.html

Wheeler, J. (2005). An independent review of airport security and policing for the Government of Aus- tralia. Canberra: Australian Government.

Police Practice and Research: An International Journal 153

White House (WH). (2007). National Strategy for Information Sharing. President George W. Bush. Retrieved from http://georgewbush-whitehouse.archives.gov/nsc/infosharing/NSIS_book.pdf

Whitelaw, K. (2009, December 16). U.S. ponders how to stop homegrown terrorism. National Public Radio. Retrieved from http://www.npr.org/templates/story/story.php?storyId=121510640

154 J.G. Carter and D.L. Carter

Copyright of Police Practice & Research is the property of Routledge and its content may not be copied or

emailed to multiple sites or posted to a listserv without the copyright holder’s express written permission.

However, users may print, download, or email articles for individual use.