CHAPTER 7
DOMESTIC COUNTERTERRORISM
Investigating, Preventing, and Responding to Terrorist Plots

If there is one key tactical lesson the war on terror has taught us so far, it is that we are faced with an enemy who is highly flexible and adaptable… For the New York City Police Department, all of this means that we must be prepared to face any scenario, and structure our organization to be ready to survive and respond to multiple forms of attack.

New York City Police Commissioner Raymond W. Kelly testifying before the 9/11 Commission, May 18, 2004

CHAPTER OVERVIEW

Homeland security involves more than dealing with terrorist threats, but few missions are as important and complex. As the 2004 quote from New York City Police Commissioner Raymond W. Kelly illustrates, the 9/11 attacks created a new focus for federal, state, and local officials on preventing and responding to terrorism. State and local officials man the front lines of homeland security, and in many cases, local police have the first opportunity to detect and prevent terrorism, from routine traffic stops to dramatic SWAT missions. For this reason they are often called “first preventers.” Many organizations, systems, and programs described in Chapter 6 are also discussed here, because along with processing intelligence, they are often responsible for conducting operations against terrorist threats. Combatting terrorism usually involves two major activities: antiterrorism, generally used to describe passive or defensive measures against terrorism, and counterterrorism, which usually includes proactive measures, including targeting terrorist personnel and supporters.

This chapter focuses on both categories of combating terrorism, plus the domestic organization, missions, and practices behind them. Not included are overseas operations and programs conducted by agencies such as the CIA, the U.S. military, and the Treasury and State departments. Though often coordinated and integrated with domestic operations, such foreign missions are not part of the homeland security enterprise and so not addressed here. Other important measures that contribute to the defense against terrorism (such as the Terrorist Watch List), are addressed in detail elsewhere. This chapter provides an overview of significant domestic counterterrorism operations at all levels of government.

CHAPTER LEARNING OBJECTIVES

After reading this chapter, you should be able to

1. Explain the purpose of domestic counterterrorism.

2. Distinguish between the counterterrorism functions of the FBI and Department of Homeland Security.

3. Describe requirements for ensuring unity of effort among various federal, state, and local efforts.

4. Identify the most significant issues confronting effective counterterrorism operations.

5. Describe the components of counterterrorism operations.

THE FRONT LINES OF TERRORISM

As the 9/11 hijackers prepared for their mission, they managed to avoid the FBI, CIA, and other federal agencies often viewed as America’s front line of defense against terrorism. But some of them were stopped beforehand—by local law enforcement for traffic violations. While these stops did not disrupt the terrorist plot, similar incidents have led to the capture of terrorists. In 1988 a hardened Japanese Red Army terrorist, transporting bombs in his car as part of an apparent plot against New York City, was captured at a New Jersey Turnpike rest stop by a trooper who thought he was acting suspiciously. While Timothy McVeigh was not stopped before his attack, he was arrested soon after—by an Oklahoma Highway Patrol trooper who pulled him over for missing a license plate, speeding, and failing to wear his seat belt. In other cases, investigations by local officials have uncovered organized crime and other support activities linked to terrorist groups. However, in the past many of these cases were broken by luck rather than by a specific strategy.

Clearly, after 9/11 things were different. In today’s environment, federal, state, and local officials have developed specific, proactive plans and programs to prevent and respond to terrorist acts in their jurisdictions. As of 2011, U.S. authorities at all levels of government had thwarted dozens of terrorist plots aimed at the U.S. homeland (see the Appendix for more information.). This record, however, was not unblemished. Three of these attacks were foiled mostly by luck. In December 2001 Richard Reid hid explosives inside his shoes before boarding an international U.S.-bound flight. Reid was caught in the act and apprehended aboard the plane by passengers and flight attendants. In December 2009 Umar Farouk Abdulmutallab attempted to detonate his “underwear bomb” on a flight to the U.S. The device ignited but did not detonate, and passengers quickly stopped him. In May 2010 Faisal Shahzad, attempted to detonate explosives in an SUV parked in Times Square, but the bomb failed to detonate. In addition to these “near” misses, between 2001 and 2009 there were at least 91 “homegrown” terrorist attacks of all kinds against the United States.1

JURISDICTIONS, RESPONSIBILITIES, AND ORGANIZATIONS

U.S. law defines the federal crime of terrorism as “an offense that is calculated to influence or affect the conduct of government by intimidation or coercion or retaliate against government conduct.”2 Intent is an important criterion in determining whether a crime is an act of terrorism. Material support to terrorism is also a federal crime; this includes providing support (training, expert advice or assistance, financial resources or equipment, or personnel) to groups designated by the U.S. government as terrorist organizations.3

The Department of Homeland Security is the lead agency for protecting the American homeland with a central mission to “prevent and deter terrorist attacks and protect against and respond to threats and hazards to the nation.”4 DHS is assisted by numerous other federal agencies, most notably the FBI, which provides law enforcement, intelligence, and hostage rescue/special operations capabilities. The FBI is the lead federal agency for investigating the federal crime of terrorism.5 If any federal agency identifies suspected terrorist activity, it is required to notify the FBI.

State, territorial, tribal, and local governments have jurisdiction over most aspects of daily life where public safety is a concern. State criminal codes and state and local law enforcement agencies make up the bulk of the criminal justice system. It is up to governors, county supervisors, and mayors to protect the citizens in their jurisdictions. Many of the nation’s critical infrastructures and key assets are either controlled by state and local governments (such as airports and ports) or regulated by them (such as building codes governing skyscrapers and utilities). Combating terrorism, as part of the homeland security enterprise, is thus part of their responsibility for ensuring public safety.

Prosecution of terrorists and those providing material support to them is related to but not part of the homeland security enterprise. The decision to prosecute and the incarceration and trial of suspects is the responsibility of other components of the criminal justice system at federal, state, and local levels. At the national level the decision is made by federal prosecutors serving under the U.S. attorney general. Some states have also established terrorism as a statutory crime. In many cases, terrorism investigations may lead to indictments for other crimes. In either case, these activities are conducted under state criminal justice systems.

Principal National Counterterrorism Operations

At the federal level major counterterrorism activities are directed under the Office of the Director of National Intelligence’s National Counterterrorism Center (NCTC), the FBI, and the DHS.

National Counterterrorism Center

In addition to its intelligence functions, the NCTC has significant counterterrorism responsibilities. It was established in part to “break down the wall” between overseas and domestic counterterrorism efforts. This mission was defined in the center’s statutory charter, part of the Intelligence Reform and Terrorism Prevention Act of 2004. By law, while the center is not authorized to direct operations, it is responsible for conducting “strategic operational planning” such as determining “the mission, objectives to be achieved, tasks to be performed, interagency coordination of activities, and the assignment of roles and responsibilities.”6 The center maintains a National Implementation Plan for the National Strategy for Combating Terrorism, which lists activities to be accomplished by federal agencies.

As with many counterterrorism activities, there is both overlap and debate concerning precise roles and missions. Prior to the establishment of the NCTC, the CIA served as the lead-federal agency for global counterterrorism operations. That mission was performed by the agency’s Counterterrorism Center. A 2011 Congressional Research Service Report suggests the division of responsibility may still be unclear, though all agree the CIA does not have oversight of domestic counterterrorism operations. Likewise, cases such as that of Umar Farouk Abdulmutallab demonstrate the NCTC failed to “connect the dots” to ensure all potential terrorist threats were identified and tracked. Derogatory information on Abdulmutallab was known to some federal agencies but not shared, nor were disparate bits of information collated to reveal and disrupt the plot before the perpetrator boarded a plane bound for the United States.

Federal Bureau of Investigation

Bureau counterterrorism operations are managed by the Counter-terrorism Division. The division includes the Investigative Branch, which manages terrorism-related investigations, and the Operational Support Branch, which is responsible for overseeing the Terrorist Screening Center, the Joint Terrorism Task Forces, the National Joint Terrorism Task Force, and “fly teams,” groups of specially trained terrorism “first responders” that can be dispatched for specific missions. The division also includes a number of analytical support activities.

Many different sources can prompt an FBI investigation. These include information or intelligence provided by the intelligence community and other federal agencies, state and local law enforcement, fusion centers, other ongoing FBI investigations, foreign governments or FBI legal attaches stationed overseas, or the public (the agency, for example, maintains a Public Internet Tip Line).

The manner in which the organization conducts investigations, including counterterrorism, is governed by the attorney general’s “Guidelines for Domestic FBI Operations.” In turn, the Bureau maintains a “Domestic Investigations and Operations Guide.” These guidelines must be consistent with U.S. laws and executive directives. They can, however, be revised at the discretion of the attorney general and the FBI director. As of 2011, the guidelines established three standards for investigations. Assessments are the lowest level, authorized to (1) check leads, (2) collect information in order to analyze potential threats, (3) gather information to support intelligence analysis or planning, (4) vet informants, and (5) collect foreign intelligence. Furthermore, the “Domestic Investigations and Operations Guide” states that assessments cannot be founded on “arbitrary or groundless speculation, nor can an assessment be founded solely on the exercise of First Amendment protected activities or on the race, ethnicity, national origin or religion of the subject.” Assessments may include a number of activities, such as the public surveillance of persons of interest and the use of informants.

The next level of activity is a preliminary investigation. To open a preliminary investigation, the guide requires an “allegation or information indicative of possible criminal activity or threats to national security.” These activities may also be conducted to identify and determine the suitability of informants. Preliminary investigations regarding national security must be approved by the special agentin charge (the SAC, the official in charge of an FBI field office). Investigative techniques allowed include interviews, searches, consensual monitoring of communications and computers, the use National Security Letters, and grand jury subpoenas.

A full investigation requires “specific and articulable facts” of a criminal or national threat. A SAC or FBI headquarters can authorize a full investigation. All lawful investigative techniques, including electronic surveillance, may be used.

One form of a full FBI investigation in counterterrorism operations is known commonly as a “sting” or the “Al Capone.” Undercover agents or informers offer suspects support to facilitate their activities. In June 2006, for example, authorities arrested seven men in Miami and Atlanta for plotting to blow up commercial and government buildings around the country. The arrests resulted from an investigation involving an FBI informant. In order for the results of such investigations to be used in a prosecution, the operations must be lawful and not constitute entrapment (inducing a suspect to commit a criminal act he or she would otherwise not have been likely to perform).

The FBI’s Joint Terrorism Task Forces (JTTFs) are the agency’s main tool for integrating investigative resources of federal agencies and state and local law enforcement, in total representing more than 50 federal entities and 600 state and local agencies. The National Joint Terrorism Task Force is based at FBI headquarters in Washington, DC. It manages large-scale multijurisdictional investigations. The JTTFs around the country are responsible for identifying and targeting for arrest and prosecution individuals and groups involved in terrorism.

JTTFs unite state and local law enforcement officers, FBI agents, and representatives from other federal agencies to work on common terrorist cases. They also provide an additional forum for intelligence sharing and coordination. As of 2011, the agency had established about 100 JTTFs, including at each of the FBI’s 56 main field offices. A typical JTTF includes two divisions, one for intelligence collection and analysis and the other for investigations.

JTTF investigations are significant components of federal counter-terrorism efforts. For example, Najibullah Zazi was the subject of an investigation that included several FBI field offices and their associated JTTFs. Zazi was arrested in 2009 and pled guilty to plotting to bomb New York subways; the attacks were stopped only days, or even hours, before they were planned to launch.

Department of Homeland Security

While not the lead agency for domestic counterterrorism operations, DHS does provide resources. In recent years, the department has provided critical support to several high-profile counterterrorism cases. For example, DHS provided information that aided the investigation and arrest of David Headley. Arrested in 2009 for providing material support to a foreign terrorist organization, he pleaded guilty to a role in the 2008 Mumbai, India, terrorist attacks and was charged with planning an attack again a Danish newspaper that published cartoons of the Prophet Muhammad. In the case of Najibullah Zazi and the plot to bomb New York subways, DHS provided information that proved Zazi belonged to a terrorist network and was a threat to be taken seriously. It was also DHS, not the FBI, that apprehended the would-be Times Square bomber Faisal Shahzad before he fled the country.

The undersecretary for the National Protection and Programs Directorate is designated as the counterterrorism coordinator for DHS and chairs the department’s Counterterrorism Advisory Board. Each operating agency within the department has entities and programs for counterterrorism and antiterrorism activities. In addition to these activities, some operational elements have specific offices that coordinate counterterrorism programs and policies. The U.S. Coast Guard, for example, has the Office of Counterterrorism and Defense Operations. Immigration and Customs Enforcement maintains the Counterterrorism and Criminal Exploitation Unit to prevent terrorist exploitation of the U.S. immigration system.

Federal Support for Counterterrorism

There are dozens of statutory federal law enforcement authorities in the United States. In addition, virtually every federal department and agency can support counterterrorism activities by providing personnel, technical expertise, information, or other resources. Some federal agencies have offices that provide policy or manage programs, activities, or research related to counterterrorism. The U.S. Food and Drug Administration, for example, has the Office of Counterterrorism and Emerging Threats. The Environmental Protection Agency through its Office of Criminal Enforcement, Forensics, and Training maintains National Counter-Terrorism Evidence Response/Counter-Terrorism Response Team(s), which provide technical support to other federal agencies. Many federal entities participate in the JTTFs and other federal task forces. Internal Revenue Service Criminal Investigation special agents, for example, provide financial expertise and counterterrorism investigative assistance to the National JTTF and other joint efforts.

State and Local and Counterterrorism

After 9/11 many states created homeland security offices and most have developed specific homeland security plans. This model has been followed by local jurisdictions such as counties and cities. Because there are far more state and local first responders than federal ones, these state and local plans, and detailed operational and enforcement strategies, direct the majority of America’s domestic counterterrorism activities. States, territories, major metropolitan areas, local communities, and tribal authorities organize domestic security efforts in accordance with their laws, needs, and preferences. In most cases, for example, state-level counterterrorism operations are managed by the state’s chief law enforcement officer.

While law enforcement agencies may not be the only entities involved in state and local counterterrorism efforts, they are without question be the backbone of such efforts. Policing in the United States, unlike many other countries, is highly decentralized. There is not even a single authoritative count of all law enforcement agencies at the state, territorial, local, and tribal level, but the number likely exceeds 20,000 independent organizations. The vast majority, about 75 percent, are at the local level (major metropolitan areas, smaller cities, towns, and counties). These municipal agencies perform the lion’s share of policing activities in the United States and handle the greatest diversity of tasks. Sheriff’s departments, for example, often support the three functions usually grouped under criminal justice—policing, the court system, and corrections (jails, probation services, etc.). On the other hand, police departments just perform policing functions. At the state level, policing functions are often separated into law enforcement on highways; general law enforcement activities; specialized law enforcement, such as fish and wildlife service departments; and agencies that guard state facilities. This diversity of activities, capabilities, and governance creates challenges in organizing a national counterterrorism effort.

The federal government has attempted to coordinate state and local efforts, including through DHS, which provides billions of dollars in funding, along with training, planning, exercise, and technical assistance programs, to state and local jurisdictions. To gain this support, states must develop and submit homeland security assessments and strategies. For example, in 2002 the Commonwealth of Massachusetts developed a plan based on intelligence and warning, transportation security, domestic counterterrorism, protecting critical infrastructures and key assets, defending against catastrophic threats (WMD), and emergency preparedness and response.

While they vary from jurisdiction to jurisdiction, state and local strategies include many common elements. They are driven by requirements, plans, training, assessments and evaluations, and corrective actions. They often include prevention, protection, response, and recovery components and an emphasis on coordination, communication, and interoperability among jurisdictions.

FROM THE SOURCE: PUTTING IT ALL TOGETHER

COOPERATIVE COUNTERTERRORISM INVESTIGATION

Excerpted from the Department of Justice “Counterterrorism White Paper,” July 2006

Classic Criminal Investigative Approach

On March 28, 2001, Mohamad Hammoud and several co-defendants were indicted in the Western District of North Carolina in a RICO [Racketeer Influenced and Corrupt Organizations Act] and material support to terrorism case that alleged their involvement in a Charlotte-based Hizballah cell that engaged in a cigarette tax evasion scheme and in military procurement ordered by Hizballah leaders in Lebanon.

The criminal conspiracy involved the smuggling of untaxed and low-taxed cigarettes between Michigan, North Carolina and the Cattaraugus Indian Reservation near Irving, New York, resulting in the evasion of more than $3.5 million in Michigan state cigarette taxes, as well as the procurement and use of fraudulent credits cards to purchase contraband cigarettes and other merchandise in Michigan, New York, North Carolina, Florida, Canada, the United Arab Emirates and Italy.

The RICO conspiracy had two established connections to the designated foreign terrorist organization, Hizballah: one of the largest suppliers of contraband cigarettes to the racketeering conspiracy was Mohamad Hammoud of the Charlotte, North Carolina Hizballah cell; and Hassan Makki, who pled guilty to RICO conspiracy and providing material support to Hizballah in the Eastern District of Michigan and was sentenced to 57 months in prison, [and] admitted that the money he sent to Hizballah from cigarette trafficking was intended to support Hizballah’s “orphans of martyrs” program, which compensates the families of those killed in Hizballah terrorist operations or by Hizballah’s enemies.

The Hammoud case was initiated by a tip from a state police officer who observed suspicious activity in the mass purchase of cigarettes in North Carolina.

Brothers Mohamad and Chawki Hammoud were convicted in June 2002 and sentenced in February 2003. The Fourth Circuit, sitting en banc, affirmed the convictions, rejecting First Amendment-based challenges to the convictions on the material support counts. United States v. Hammoud, 381 F.3d 316 (4th Cir. 2004) (en banc), vacated and remanded for re-sentencing, 543 U.S. 1097, reinstated in part, 405 F.3d 1034 (4th Cir. 2005). United States v. Hammoud was the first trial in the nation alleging the provision of material support to a foreign terrorist organization (18 U.S.C. § 2339B).

ISSUES IN COUNTERTERRORISM

Common issues in counterterrorism include the allocation and adequacy of resources, the efficacy of operations, and the impact of activities on civil liberties, including fears of racial or religious profiling, violations of individual privacy (such as unlawful search and seizure), creation of a “chilling” affect on the practice of free speech, and alienation of minority communities.

In particular, interagency counterterrorism activities, such as the JTTFs, face the challenge of maintaing sufficient qualified personnel, adequate clearances (discussed in Chapter 6), and facilities. With continuing pressure on resources as well as the strains of dealing with other local law enforcement priorities, state and local agencies in particular may have a difficult time assigning qualified personnel on a long-term basis.

Sometimes local leaders are reluctant to provide personnel or participate in joint activities for lack of resources or other reasons. In 2005, for example, the city of Portland, Oregon, withdrew from the JTTF in its geographic area, citing concerns that participation might violate state laws banning investigations based on religious or political beliefs. The city alleged it could not adequately monitor JTTF activities for potential civil liberties abuses.

Another issue is determining which jurisdiction should lead an investigation. Federal, state, and local investigators have different authorities and investigative guidelines. In some cases, for example, state investigators may have wider latitude in conducting a local investigation than the FBI. Case management may also be different, depending on which agency or activity is involved, and affects how information is shared.

Sorting out jurisdictional responsibilities can be particularly problematic when effective structures for interagency coordination are lacking. For example, in November 2010, Mohamed Osman Mohamud, a 19-year-old Somali American, was arrested after attempting to detonate a car bomb at a Christmas tree lighting ceremony near the Portland, Oregon, Pioneer Courthouse Square. The bomb was composed of inert explosives given to him by undercover FBI agents. City leaders did not know about the FBI’s investigation until after the arrest, though the city had signed a letter of understanding with the agency on information-sharing after Portland ceased participating in the local JTTF.

Finally, even when systems work as planned, there is the challenge of how and when to pursue “actionable” leads produced from an intelligence product, an ongoing investigation, or some other early warning. Intelligence or information that is directly actionable may not be suitable for use under the U.S. criminal justice system.7

A number of factors complicate the ability of counterterrorism operations to act on what they know. Information may be provided by a foreign government, but only on condition that it never be publicly disclosed. Using this knowledge (even in the controlled setting of a criminal trial governed by the Classified Information Procedures Act) may mean the foreign government will not provide more leads in the future, denying the United States sources that could be vital for counterterrorism intelligence.

Information of unquestioned veracity may have come from sources and methods that are classified. Public disclosure might compromise the source or method and render it useless. During the first World Trade Center bombing trial, the U.S. government disclosed that it had the capacity to intercept Usama bin Ladin’s satellite phone calls. Not long after, he reportedly ceased using those phones.

Evidentiary rules requiring disclosure of evidence can conflict with national security needs. During the trial of Zacarias Moussaoui (suspected of participating in the 9/11 plot), trial rules required that he have access to al-Qaida operatives (reportedly Khalid Sheikh Mohammed and Ramzi binal-Shibh) as potential witnesses. Yet the government argued it could not allow Moussaoui or his lawyers such access if it compromised vital intelligence assets.

The rules of evidence in a court of law also strictly limit the admissability of information. Documents and photographs, for example, must be authenticated. Hearsay is not allowed. The best, most useful intelligence information often cannot meet legal standards. Certain intelligence may be enough to raise substantial suspicion (and thus warrant turning someone away at the border), but it may (and often does) fall far short establishing someone’s terrorist intent beyond a reasonable doubt.

As a result of such issues, agencies conducting counterterrorism may have solid actionable intelligence of a terrorist threat but face difficult choices about what to do. They might simply expose the plot, preventing the immediate threat but allowing the terrorist to escape and strike another day. Or they might seek to develop evidence for an arrest and prosecution, although that would risk giving the terrorist more time to act or alerting him that he had been detected. One controversial tactic is the use of material witness warrants, used to arrest and detain witnesses to criminal events when it is anticipated they would flee to avoid giving testimony. Detaining suspected terrorists as material witnesses to their own crimes when authorities lack probable cause of a crime may prevent a terrorist act, but it also violates the intent of material witness warrants and could be prone to abuse.

ISSUE:

THE BEST USE OF RESOURCES?

Excerpted from “Difficult Decisions: FBI Priorities” by Darrel W. Stephens, Chief of Police, Charlotte-Mecklenburg, NC, in Protecting Your Community from Terrorism: Strategies for Local Law Enforcement, vol. 1, Police Executive Research Forum, March 2003

Since 9–11, Homeland Security responsibilities have been added to the long list of expectations for law enforcement at the federal, state and local levels. Few would say that any law enforcement agency possessed adequate resources to address these expectations prior to 9–11, and most would agree they are still lacking. But for the FBI, the challenge is particularly onerous, as their number-one priority is to “Protect the United States from terrorist attack…”

The simple answer is they cannot achieve that priority without at least three reforms—and even then there are no guarantees.

These three reforms are

• stronger and more effective working relationships with state and local police,

• significant enhancements in technological capabilities, and

• more focused efforts on a much narrower list of responsibilities and priorities.

The focal point of this commentary is on the last.

In the wake of 9–11 and the appointment of Director Robert Mueller, the FBI identified and announced on May 2, 2002, 10 priorities. A reorganization plan announced the same day indicated that 3,718 agents (34% of the 11,000 special agents) would be assigned to antiterrorism investigations. Of these, 518 were moved from other criminal investigative assignments (most from drug investigations, violent crime and white collar crime), and the plan included hiring an additional 900 agents. Nevertheless, the priorities continued to encompass virtually everything the FBI was doing prior to 9–11, albeit fewer resources would be devoted to non-terrorism investigations. This is a good start to be sure, but [it] simply does not go far enough because the priorities continue to suggest the FBI can do it all.

The debate continues across the nation about whether the FBI should move away from bank robberies and violent crime and drug investigations (areas in which there is concurrent jurisdiction with local law enforcement). In most cases the FBI gives the impression it will continue doing all the things it has done before—just, perhaps, in fewer cases than before and more selectively. The time is long overdue—well before 9–11 for the FBI (and other federal law enforcement agencies)—to resolve the strategic question of what activities the FBI should sustain to provide the greatest value for America, given its unique capabilities and authority. Local law enforcement can be supportive of these decisions, particularly if they are based on collaborative problem solving between municipal and county police executives and their area SACs [special agents in charge]. These are decisions that need national direction but require some flexibility at the SAC and local level. It is not entirely the FBI that causes priorities to include everything—many chiefs like having them involved with drugs, bank robbery, violent crime and more. The chief executives have just as much, perhaps more, difficulty establishing priorities than the FBI. We want it both ways—that is part of the reason why we have the dilemma of the FBI having to be everything to everyone.

The question of federal jurisdiction and involvement was not given sufficient thought when the drug enforcement authority of the DEA was also given to the FBI. Nor did the country engage in thoughtful discourse in the late 1980s and early 1990s, when many violent crimes were federalized. These significant policy changes were made for political expediency—not thoughtful responses to how these national problems might be most effectively addressed using the full range of law enforcement and other resources available to the nation. Though decision makers seem to be a little more thoughtful on terrorism, they are frightfully close to following the same course.

Does the FBI need to be engaged in violent crime, drugs or bank robbery investigations? What capabilities do they bring to these investigations that do not exist at the local level? If there is a role, what should that be? The most appropriate role would be to focus on supporting the investigations of those cases that cross state boundaries. There is an enormous void in local law enforcement’s tracking and analysis capabilities for crimes that are committed by offenders who move from one part of the country to another—such as federal agencies’ critical role in the D.C. sniper shootings [during which two snipers terrorized the Washington, D.C.-area in 2002, killing ten people.] As with terrorism intelligence, connecting the dots among the cases proved to be very difficult. The same may also be true in more rural areas where local law enforcement resources are limited.

Is there a federal role in creating a system for tracking unsolved homicides on a national basis or other crimes like bank robbery, identity theft or money laundering? There are examples already—NCIC [National Criminal Information Center] and IAFIS [Integrated Automated Fingerprint Identification System]—in which the unique capability of federal law enforcement has enhanced the ability of police agencies across the nation to deal more effectively with crime.

There is no easy answer to determining FBI priorities and resource allocations. But we must recognize—just like local police agencies—that the FBI has limited means and that they must be effectively applied to those areas in which they will have the greatest impact on domestic security and on filling gaps where local law enforcement’s resources and authority do not exist. To do that, it is important that the FBI and political leaders reengage in a national dialogue that asks the tough questions about what the most strategic and best use of their critical and unique resources should be.

1. Does the FBI’s current organization for counterterrorism make the best use of resources?

2. How does current FBI strategy square with the “broken windows” theory of law enforcement discussed in previous chapters?

3. Is there a role for state and local law enforcement in setting FBI priorities?

4. Have national leaders really “asked the tough questions about what the most strategic and best use of their critical and unique resources should be”?

COMPONENTS OF COUNTERTERRORISM OPERATIONS

Operations conducted by single agencies or on a joint basis must all address common tasks and requirements.

Resources and Deployment

Obtaining sufficient resources to conduct both counterterrorism operations as well as other missions is always a challenge. Before 9/11, most state and local jurisdictions did not have substantial (if any) counterterrorism budgets. While counterterrorism became more prominent after September 11, allocating resources for these missions, particularly for nonfederal activities, remained a challenge. To sustain counterterrorism programs, state and local agencies must reallocate existing resources or find new ones. This has proven extremely challenging, especially given budget shortfalls that hit many government entities in recent years.

This effort has often involved creating and equipping new security units and upgrading the capabilities of old ones. In some cases, the units have been funded by federal grants; in others, existing functions have been reduced to support new security requirements. Some jurisdictions have also refocused the efforts of current programs. For example, intelligence units that once followed a wide variety of organized crime now spend more time on terrorism, and motor vehicle departments devote more resources to preventing applicants from falsely obtaining driver’s licenses.

With the creation of DHS, an effort was made to consolidate most federal assistance involving domestic security under the department. Included in these grants are programs formerly administered by the Department of Justice to provide training and equipment assistance to state and local law enforcement for domestic counterterrorism operations.

Legal Preparation

States have also moved to increase the focus of their criminal justice and legal systems on terrorism. In the wake of 9/11, New York, Pennsylvania, Virginia, and several other states enacted statutes to define terrorist crimes and provide enhanced law enforcement authorities. Legislation provided additional penalties for terrorist acts. The New York law, for example, allows the death penalty for murder committed during a terrorist act. In some cases, states have passed new laws to toughen regulations on gun and explosives possession. Additional legal measures have included establishing standards for action against suspected terrorists under existing laws, such as conspiracy statutes.

Organization, Planning, Coordination, and Information Sharing

In the wake of 9/11, local officials stepped up their coordination and information sharing with other government organizations. This includes sharing among different agencies in the same jurisdiction (for example, the police department with the fire department with the private sector in the same city), different jurisdictions within the state (for example, cities with counties with the state), different states within a region (for example, New York and New Jersey), and states with the federal government.

Organizing Counterterrorism Efforts

The JTTFs are not the only instruments for statewide coordination. Some states have established statewide offices to manage counterterrorism activities and regional state activities. In other cases, such as Florida, local counterterrorism task forces have been collocated or even integrated with federal task forces. Many local governments have developed unique measures. In the Los Angeles area after 9/11, for example, efforts were organized through the South Bay Police Chiefs Advisory Group.

Data Repositories.

Beyond polished intelligence products (discussed in Chapter 6), other kinds of information and data exchanges may be required to support counterterrorism operations. State and local enforcement agencies can obtain information from federal sources. DHS, for example, distributes information to the major cities and state homeland security offices through its Homeland Security Operations Center. Most of this information deals with day-to-day activities. For information directly relevant to a particular investigation, law enforcement services can query the National Criminal Investigation Center (NCIC), a computerized index of criminal justice information maintained by the FBI and available to federal, state, and local law enforcement and other criminal justice agencies. The database includes the agency’s Interstate Identification Index (criminal history information), Wanted Persons File, Missing Persons File, Unidentified Persons File (to cross-reference unidentified bodies against records in the Missing Persons File), Foreign Fugitive File, and Violent Gang/Terrorist File (used to identify criminal gangs and their members). The database also includes the U.S. Secret Service (now part of DHS) Protective File, which maintains names and other information on individuals believed to pose a threat to the president.

Federal Centers.

In addition to the NCIC, other federal assets are available to state and local governments. The El Paso Intelligence Center (EPIC), staffed by 14 federal agencies, has cooperative information-sharing agreements with every state regarding drug movement and immigration violations, data that might also be useful for related counter-terrorism investigations. The Terrorist Screening Center is a one-stop point of contact for law enforcement agencies to query all federal terrorist watch lists. DHS’s Law Enforcement Support Center provides immigration status and identity information to local, state, and federal law enforcement agencies regarding aliens suspected, arrested, or convicted of criminal activity.

Information-Sharing and Collaboration Systems.

Many of the data-sharing systems described in Chapter 6 also provide tools that can directly support counter-terrorism investigations and other operations. National, regional, state, and local law enforcement Internet-based networks provide means for sharing information and collaborating on activities. Increasingly, many of these systems are becoming “interoperable,” meaning they can interface with one another. The National Law Enforcement Telecommunications System is one of the largest. Another example is Minnesota’s CriMNet, which supports the state’s criminal justice system.

Systems particularly important for counterterrorism operations include the Joint Regional Information Exchange System (JRIES). This began in December 2002 as a pilot program to share counterterrorism information between state and local law enforcement and the Department of Defense. It came out of the Defense Intelligence Agency–led Joint Intelligence Task Force—Combating Terrorism (JITF-CT). The first participants included the New York Police Department’s Counter Terrorism Bureau and the California Department of Justice Anti-Terrorism Information Center; the number of states, localities, and federal agencies participating in the network steadily increased.

In 2004 DHS started the Homeland Security Information Network. It used the JRIES infrastructure but expanded both its capabilities and the categories of users.

The Regional Information Sharing System (RISS) program comprises regional centers that share intelligence and coordinate efforts against criminals who may operate in multiple jurisdictions. The program supports the prosecution of traditional crimes like drug trafficking, but also targets terrorism, violent crime, cybercrime, gang activity, and organized crime. There are member agencies in every state and the District of Columbia, U.S. territories, and internationally. The program supplies information-sharing resources, analytical services, specialized equipment loans, training, and technical assistance.

The Department of Justice developed the RISS program in 1974 to assist police departments in the southern United States exchange information via computers. RISS has six regional centers: Mid Atlantic–Great Lakes Organized Crime Law Enforcement Network (MAGLOCLEN), Mid Atlantic Organized Crime Information Center (MOCIC), New England State Police Information Network (NESPIN), Rocky Mountain Information Network (RMIN), Regional Organized Crime Information Center (ROCIC), and the Western States Information Network (WSIN).

The primary information-sharing tool is RISSNET, a secure intranet, which allows members to share sensitive but unclassified information. Participants can have either a single computer attached to the intranet or act as a node to give access to other law enforcement personnel in their agency. RISSNET participants use a virtual private network (VPN) connection over the Internet to access the RISSNET gateway firewall, whereupon the user’s identity is authenticated and access is granted. The secure intranet is a dedicated network carried over frame relay circuits (a guaranteed amount of bandwidth over public telephone lines) connecting the RISS centers to the database resources. Data on the intranet are protected by encryption, smart cards, and other security protocols.

RISS also includes the Anti-Terrorism Information Exchange (ATIX). This RISS subcomponent became operational in 2003. The ATIX communities differ from typical RISS users; they include state, county, local, tribal, and federal government; law enforcement; emergency management; disaster relief; utilities; and, among others, the chemical, transportation, and telecommunications industries. The system includes secure ATIX web pages, a bulletin board, a real-time communication tool, and e-mail. RISSNET is also connected to the FBI’s Law Enforcement Online.

The Intelligence Reform and Terrorism Protection Act of 2004, commonly known as the 9/11 Reform Bill, mandated that the president establish an information-sharing environment (ISE) to distribute intelligence regarding terrorism to appropriate federal, state, local, and private entities. This effort is managed under the DNI.

Case Management

Investigations are a central component of counterterrorism operations. Case management includes the process of assigning or referring cases for investigations; establishing and monitoring tasks; and managing investigation data, warrant requests, interviews, reports, and other information. For investigations that may lead to criminal prosecution, effective case management is key. Investigators must be able file, store, retrieve, and update case information. They have be able to produce information required for attorneys preparing cases for prosecution. Counterterrorism cases present additional challenges in that they may deal with classified material. There is often a requirement to share relevant information from an investigation to support other cases or intelligence products. In addition, as with all counter-terrorism operations, investigators and supervisors must maintain operational security.

Training and Equipment

Counterterrorism operations can require specialized training, facilities, and equipment. States and local governments can sometimes obtain training and equipment support through DHS grants programs or from the Department of Justice.

Many jurisdictions share conducted basic counterterrorism and response training; some have even added it to basic in-service training programs. The federal government has provided support for local training efforts, alongwith courses and curricula provided by residential training facilities, such as the National Emergency Training Center (NETC). The Federal Law Enforcement Training Center’s Counterterrorism Division offers local institutions such as community colleges counterterrorism training for first responders.

Intelligence Gathering and Exploitation

The aim of these activities, which must be established with careful reference to state and federal law, is to discern the capabilities and intents of terrorists. Intelligence support for homeland security (as described in Chapter 6) provides products that aid in investigations and other counterterrorism activities. Counterterrorism operations should be designed both to exploit intelligence and generate requirements for the intelligence cycle.

Collecting and Analyzing Intelligence

To get the raw data needed for analysis, jurisdictions create specific “intelligence requirements” for officers and others in the field. Departments may use community policing techniques to drive collection, reaching out to citizens and private sector groups. There is often a focus on creating a clear line from the collector in the field to the intelligence center; more sophisticated organizations also find ways to reward collectors for providing information, which may require little more than giving them feedback on its value.

Officers should also be trained on specific clues of terrorist activities. For example, an officer who understands that castor beans are used to create the deadly poison ricin may be able to tell an improvised biological weapons project from a methamphetamine lab. An agent who knows commercially available components used in chemical weapons may report them more quickly if he or she sees them at a crowded stadium.

Officers can also use traditional methods to generate intelligence, such as common policing practices such as seat-belt and sobriety checkpoints. These efforts may be increasingly effective as the federal government updates the NCIC, adding subjects of terrorism investigations who can then be recognized during routine law enforcement situations.

Targeting scams used by terrorist fund-raisers is an excellent intelligence-gathering tactic for state and local authorities. Some agencies also harness their own managementsystems for intelligence. For example, the theft of police uniforms or emergency vehicles could be key information.

Finally, state and local authorities, often working with federal officials, may use advanced sensing and surveillance equipment to gather intelligence.

Once the intelligence is collected, it may be graded for reliability and other factors. Then it must be analyzed, as discussed in Chapter 6.

Dissemination and Warnings

Once the data are received, analyzed, and turned into “intelligence products” such as reports and warnings, the information must be disseminated. This is a critical step in the process; ineffective information-sharing procedures and networks can waste even the best intelligence.

Jurisdictions should also develop an understanding of indications and warnings (I&W), red flags that signal the potential for an imminent attack. These red flags should trigger a planned response from the jurisdiction. For example, if police officers spot a suspicious person surveilling a chemical plant a week after explosives have been stolen from the local quarry, the plan should respond with an automatic increase in security levels, which might include warnings to key members of the private sector.

Disrupting and Interdicting Terrorism

The most effective way for state and local authorities to prevent terrorism is to understand terrorist phases and operations and direct specific efforts. Terrorist phases are discussed in Chapter 13.

Officer survival training should also include scenarios based on the different threats posed by terrorists during varying phases of their operations. When some 9/11 hijackers were stopped for traffic violations during their training and rehearsal stages, they did not resist. However, had they been pulled over on their way to the airport on September 11, their reaction might have been quite different.

Terrorists and their supporters in the United States may be especially vulnerable to detection during certain of these phases and operations, including surveillance and fund-raising.

Countersurveillance

Every jurisdiction has more critical facilities than could ever be protected simulataneously; the best way to prioritize is by letting the terrorists identify which potential target is most important. Al-Qaida and other terrorist groups have a record of meticulous surveillance of targets; according to the FBI, terrorists often prepare “targeting packages” using photographs, CAD/CAM (computer-assisted design/computer-assisted mapping) software, and notes. They gather information from vehicles or by loitering near targets, perhaps in the guise of tourists or vendors. Jurisdictions with aggressive countersurveillance programs are in a position to detect such activities. Countersurveillance can include undercover observation or technical equipment such as video surveillance systems. Encouraging private security personnel and the public to watch for surveillance increases the chances of detecting it before an attack.

Fund-raising and Organized Crime

The FBI has stated that operatives from such terrorist groups as Hizballah, Hamas, and the Palestinian Islamic Jihad (PIJ) are conducting fund-raising and support activities in the United States. Terrorist groups must have money to operate. Their funding sources can include fake charities, counterfeit apparel, robberies, blackmail, kidnapping for ransom, legitimate businesses, support from wealthy individuals, and money from foreign governments. Operatives in the United States have also been linked to shoplifting, stealing luggage, picking pockets, and credit card fraud. However, organized crime and scams, often combined with money laundering, are leading activities linked to terrorist supporters. In 2002 more than 500 Arab- and Muslim-owned small businesses across the United States, many of them convenience stores, were reportedly under investigation to determine if they were involved in such activities.8 Terrorist supporters in the United States are accused of employing a range of criminal activities to raise funds.

Baby Formula Diversion

Texas authorities have estimated that criminal rings steal millions of dollars of formula per year in that state alone. Scammers exchange the formula for federal vouchers provided to poor mothers. The customer and baby may end up with improperly stored and outdated formula; the criminals get a hefty profit that, according to investigators, has sometimes been shipped to shadowy bank accounts in the Middle East. In 2003 Arizona’s Joint Terrorism Task Force brought charges in connection with a baby formula case and related criminal activity estimated to have generated $22 million.9

Drugs

Arab-American criminal groups active in New York, Michigan, and Canada were implicated in a huge federal investigation called Operation Mountain Express. According to prosecutors, the group arranged for pseudoephedrine to be trucked from Canada into the United States, where it was sold to Mexican gangs who used it to create methamphetamine. The scheme made millions, some of it traced to Hizballah accounts.10

Coupon Fraud

Those tiny coupons can add up to millions of dollars in fraud. In the typical case, crooks clip coupons and deliver them to store employees with whom they are in cahoots. The employees redeem the coupons without selling the products. Coupon fraud has been connected to terrorism in several cases, according to congressional testimony and news reports. Mahmud Abouhalima, an Islamic extremist also known as Mahmud the Red for his hair, allegedly ran a coupon scam before being arrested and convicted in the 1993 World Trade Center bombing.11

Cigarette Smuggling

A federal investigation called Operation Smokescreen uncovered a group of Lebanese men who had entered the United States with illegal visas, engaged in marriage fraud to remain in the country, and pursued organized crime, including credit card fraud and money laundering. They sold millions of dollars in smuggled cigarettes bought in North Carolina, where taxes were low, and resold them in Michigan at a hefty markup. Part of the proceeds was sent to Hizballah; the plot also helped supply the terrorist group with laser range finders, night vision devices, stun guns, mine detection equipment, and other devices. The ringleader was sentenced in 2003, but several charged suspects, including the alleged chief of Hizballah procurement, escaped apprehension.12

Document Fraud

Terrorists and other criminals often travel with fake or illegitimate documents. Detecting such documents, or uncovering their sources, can help uncover terrorist activity. Tools and skills required to reveal fake documents need not be complex. First, investigators must know what real ones look like; important types are birth certificates, Social Security cards, driver’s licenses, U.S. Citizenship and Immigration Services documents (especially I–551s, or “green cards,” and I–94s, or arrival/departure records), State Department documents (U.S. passports and visas), and foreign passports. By using magnifying glasses, officers can check pertinent documents for microlines, the tiny print found on Social Security cards, passports, and many driver’s licenses. Because microlines require sophisticated printing, they are difficult for most criminals to counterfeit. The same is true for images on many documents that can be detected only under ultraviolet lights.

Many of the 9/11 hijackers used legitimate documents, such as Virginia driver’s licenses, they had obtained through the use of fraud. Government investigators believe they employed the licenses to board their flights in order to avoid suspicions raised by showing a foreign passport.13 Terrorists may use bogus IDs such as fake birth certificates—known as breeder documents—to obtain real documents. In this case, careful examination and questioning can expose the subterfuge. In some cases, criminals have actually traveled with identification under multiple names, a dead giveaway if detected. Investigators can ask suspicious people for multiple forms of identification, checking data from one against the other, asking questions, and “peeling back the onion” to trip up even trained terrorists.

Response

If prevention fails, state and local law enforcement will be called to the scene. This can include tactical responses to suspected terrorists and terrorist attacks. Specialized units such as SWAT teams must be prepared to engage terrorists, but as discussed earlier, street officers also need a basic awareness of terrorist tactics. For example, domestic and international terrorists are known to use ambushes as a tactic. But many, perhaps most, police officers have not been trained to respond to a vehicular ambush, in which the natural reaction of many people may play right into the hands of the attacker.

More attention has been paid to training for WMD scenes. While similar in some ways to hazmat (hazardous materials) accidents for which first responders have traditionally prepared, WMD attacks present dramatic new challenges to law enforcement. Not only do they need detection capabilities, protective equipment, decontamination equipment, and the plans and training to use them, but they must also be prepared to enter scenes in which criminal evidence, secondary explosive devices and booby traps, and even resisting terrorists may be found. The capabilities now recommended for law enforcement stretch the resources of many jurisdictions.

Recognizing a WMD Attack

Most importantly, law enforcement or fire personnel must be able to identify potential threats at the scene. This can be challenging, given the range of potential WMD attacks and the general confusion of most emergency situations. In some cases, terrorist violence may not be initially suspected. Responders—equipped with handheld detection devices and/or decision support software in more advanced jurisdictions—must recognize “signs and symptoms” or “indicators and effects” quickly or face the prospect of becoming victims themselves.

Following Self-Protection and Protection Measures

On the scene, counterterrorism personnel must be concerned with their safety, the safety of other responders, and citizens at the scene, as well as dealing with present threats. Those on the scene may need to address other components of the attack, such as secondary devices, bombs timed to go off after responders gather at the scene. On the other hand, if a WMD attack has been confirmed, officers must take action to protect themselves and those in the area. This may require donning personal protective equipment (PPE), which if done improperly can lead to contamination and when done correctly causes an immediate decrease in mobility, visibility, and effectiveness. An important step is to identify the hot zone, where the greatest danger exists; the cold zone, a safe area; from and the warm zone, where decontamination can occur.

Reporting Incidents and Initiating Command Systems

Communicating the existence of an attack or providing other critical information as rapidly as possible is critical to successful response. Responders must know how to communicate, what to communicate, and to whom to communicate. They must also understand the procedures for establishing incident command.

Securing and Controlling the Scene

The nature of WMD attacks, including the potential of continued lethality and dispersion of agents to other locations, demands immediate and tight control of the scene. Law enforcement personnel need to establish perimeters, command posts, staging areas, medical monitoring stations, and isolation zones. They must also launch an immediate and effective media management operation.

Protecting the Crime Scene

In order to allow investigation and prosecution of the terrorists, plus preserve valuable intelligence information, responders must be able to recognize, protect, and collect evidence—from foot prints to weapons containers—to the greatest extent possible while saving lives and preserving public safety and order.

Officials must be prepared with detailed plans to initiate “shelter in place” orders or evacuations. Aside from the normal emergency management component of such decisions, officials must be prepared to deal with crowds or disobedience of public safety directives.

Should a major nuclear, chemical, or biological attack occur, the challenge to public order may be significant, and panic may pose the risk of additional loss of life.

After the Incident

While recovery is not typically considered part of counterterrorism, state and local officials will be required to address the health, economic, social, logistical, and other dimensions of an attack long after it occurs. This also includes critiques of their response to gain “lessons learned” that may help prevent or respond to future attacks.

CHAPTER SUMMARY

Counterterrorism operations are a cornerstone of homeland security and crucial to achieving the goal of preventing terrorist acts before they occur. These activities are complex, resource intensive and sometimes legally sensitive. Counterterrorism operations in the United States after 9/11 have been marked by efforts to improve multijurisdictional cooperation and information sharing. Ensuring these activities are effective remains an enduring challenge, as is maintaining adequate personnel, training, and resources. While substantial progress has been made, outside of major cities, many of those on the front lines of counterterrorism still have limited preparation.

CHAPTER QUIZ

1. Explain why state and local agencies play a central role in counterterrorism.

2. Why are investigative guidelines important in counterterrorism investigations?

3. Why is the Department of Homeland Security an important counterterrorism asset?

4. Provide examples of organized crime linked to terrorism funding.

5. What is case management?

NOTES

1. David Muhlhausen and Jena Baker McNeill, “Terror Trends: 40 Years’ Data on International and Domestic Terrorism,” Special Report No. 93, May 20, 2011, http://www.heritage.org/Research/Reports/2011/05/Terror-Trends–40-Years-Data-on-International-and-Domestic-Terrorism; Jena Baker McNeill, James Carafano, and Jessica Zuckerman, “39 Terror Plots Foiled Since 9/11: Examining Counterterrorism’s Success Stories,” Backgrounder 2556, May 10, 2011, http://www.heritage.org/research/reports/2011/05/39-terror-plots-foiled-since–911-examining-counterterrorisms-success-stories.

2. 18 U.S.C. §2332B(g)(5)(A).

3. 18 U.S.C. §2339B.

4. Department of Homeland Security, “The DHS Strategic Plan—Securing Our Homeland,” February 24, 2004, www.dhs.gov/dhspublic/theme_home1.jsp.

5. 28 CFR 0.85(10).

6. Section 119(j)(2) of the National Security Act of 1947, as amended by P.L. 108–458, Section 1021, 50 U.S.C. §402 (j)(2).

7. This section is adapted from Paul Rosenzweig and James Jay Carafano, “Preventive Detention and Actionable Intelligence,” Legal Memorandum No. 13, September 16, 2004, www.heritage.org/research/reports/2004/09/preventive-detention-and-actionable-intelligence.

8. John Mintz and Douglas Farah, “Small Scams Probed for Terror Ties Muslim, Arab Stores Monitored as Part of Post-Sept. 11 Inquiry,” The Washington Post, August 12, 2002, p. A1.

9. Dennis Wagner. “Security, rights butting heads,” The Arizona Republic, September 14, 2003, [http://www.azcentral.com/specials/special21/articles/0914terrorchase14.html]

10. Department of Justice, “President Bush Requests Substantial Funding Increases to Fight Illegal Drug Trafficking and Reduce Substance Abuse,” (January 24, 2003), [http://www.usdoj.gov/opa/pr/2003/January/03_ag_038.htm].

11. Hudson, “The Sociology and Psychology of Terrorism,” p.77

12. Various, see: David E. Kaplan, “Homegrown Terrorists: How a Hezbollah Cell Made Millions in Sleepy Charlotte, N.C.,” US News and World Report, March 23, 2002 [http://www.usnews.com/usnews/news/articles/030310/10hez.htm]

13. Statement of Paul J. McNulty, United States Attorney Eastern District of Virginia, Before the Committee on the Judiciary, United States Senate. October 21, 2003 [http://judiciary.senate.gov/testimony.cfm?id=965&wit_id=2742]

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset