A video created by the Bureau of Justice Assistance to train line officers on what to look for and how to report suspicious activity. For a full transcript of the video, see:
The video was made by the Bureau of Justice Assistance and the International Association of Chiefs of Police. It is designed to inform law enforcement “line officers” of standards for reporting suspicious activity in furtherance of the Nationwide Suspicious Activity Reporting Initiative (NSI). The video and transcript were obtained from the website of the Department of Public Safety in New Mexico. Interestingly, the transcript includes multiple paragraphs at the end referring to the role of fusion centers and the Joint Terrorism Task Force (JTTF) in the suspicious activity reporting cycle that are not mentioned in the video.
SAR Line Officer Training Transcript
Suspicious Activity Reporting—Line Officer Training
This training is designed to:
- Increase your awareness of the Nationwide Suspicious Activity Reporting or (SAR) Initiative (NSI).
- Enhance your understanding of the behaviors associated with pre-incident terrorism activities.
- Convey the significance of your role in documenting and reporting suspicious activity.
- Emphasize the importance of protecting privacy, civil rights, and civil liberties as you document and share information.
You are the nation’s strongest force in the fight against terrorism. As a frontline law enforcement officer, you are trained to recognize behaviors and activities that are suspicious, and your daily duties position you to observe and report these suspicious behaviors and activities.
Like other criminals, terrorists engage in precursor actions to carry out their plot for destruction. They make plans, acquire materials, engage in intelligence collection, and often commit other criminal activities in support of their plan. These actions produce activities or behaviors that may be suspicious, indicators of what may lie ahead, or possible pieces to a larger puzzle. By identifying, documenting, and sharing information regarding suspicious behaviors and activities that have a potential terrorism nexus, we will all be better prepared to prevent future terrorist attacks in our communities.
The NSI establishes a capacity for sharing terrorism and related criminal activity SARs. The SAR process focuses on what law enforcement has been doing for years—gathering, documenting, processing, analyzing, and sharing information regarding suspicious activity. The NSI is designed to share and analyze the information you observe and report each day with other information gathered across the nation in an effort to detect and disrupt terrorist activity.
How do you identify terrorism behavior? Anyone can be a terrorist. The key is NOT to focus on Who—the race, ethnicity, gender, or religious beliefs of those we think might be involved in suspicious activities—but rather to focus on identifying the behaviors. When observing behaviors, officers need to take into account the totality of circumstances—such as What, Where, When, and How.
SARs focus on observed behaviors and incidents reasonably indicative of preoperational planning related to terrorism or other criminal activity. These activities are suspicious based upon:
- What—the observable behaviors
- Where—the location of specific activities
- When—the timelines of events
- How—the tools and methods
Previous terrorism events have been reviewed and analyzed for commonalities. The result is a compilation of indicators and behaviors that were present in previous terrorist events. Although these behaviors do not mean that someone is definitely engaged in criminal or terrorist activity, they do provide justification for further analysis. The following types of suspicious activity are examples of potential terrorism-related behaviors that should be documented when observed.
- Breach or attempted intrusion of a restricted area by unauthorized persons, such as using false credentials to access government buildings or military installations.
- Misrepresentation or presentation of false documents or identification to cover illicit activity, such as stolen or counterfeit identification or fraudulent warrants, subpoenas, or liens.
- Theft, loss, or diversion of materials associated with a facility or structure, such as stolen badges, uniforms, or emergency vehicles that are proprietary to a facility.
- Sabotage, tampering, or vandalism of a facility or protected site, such as arson or damage committed at a research or industrial facility.
- Expressed or implied threat to damage or compromise a facility or structure, such as written or verbal threats against individuals, groups, or targets.
- Eliciting information beyond curiosity about a facility’s or building’s purpose, operations, or security, such as attempts to obtain specific information about personnel or occupants, equipment, or training related to the security of a facility.
- Testing or probing of security to reveal physical, personnel, or cyber security capabilities, such as repeated false alarms intended to test law enforcement response time and rehearse procedures.
- Material acquisition or storage of unusual quantities of materials, such as weapons, cell phones, pagers, fuel, chemicals, toxic materials, and timers.
- Photography, observation, or surveillance of facilities, buildings, or critical infrastructure and key resources beyond casual, tourism, or artistic interest, to include facility access points, staff or occupants, or security measures.
Photography and other similar activities are protected activities unless connected to other suspicious activities that would indicate potential terrorism. This may cause the officer to conduct additional observation or gather additional information—again taking into account the totality of circumstances.
Protecting the privacy, civil rights, and civil liberties of Americans is critical to preserving our democratic principles and to building trust between law enforcement and the people we serve. Only by building trust will we achieve a level of citizen cooperation with law enforcement that will maximize our ability to keep our communities and our nation safe and secure from crime and terrorism.
As you document and report these or other types of suspicious activity, protection of privacy, civil rights, and civil liberties is paramount. Just as you do in your other daily law enforcement duties, you must:
- Collect information in a lawful manner.
- Protect the rights of the individual.
- Avoid collecting information protected by the Bill of Rights.
- Ensure information is as accurate as possible.
Profiling of individuals based on their race, color, national origin, or religion is not acceptable in reporting terrorism-related suspicious activity, just as it is not acceptable in other law enforcement actions. Remember, First Amendment rights to free speech, religion, assembly, and so forth ensure that people can express their beliefs and take other protected actions without government intrusion. Protection of privacy, civil rights, and civil liberties is a fundamental principle that underlies the Nationwide SAR Initiative.
The Nationwide SAR Cycle starts with you and depends on involvement from all levels of law enforcement to ensure that information gathered on the street reaches all appropriate stakeholders.
Every state and many major metropolitan areas have developed intelligence fusion centers to make sure that terrorism and other criminal information is analyzed and forwarded to the appropriate jurisdiction for follow-up investigation.
When you collect and document suspicious activity information, that information is routed to your supervisor and others for evaluation in accordance with your departmental policy. SAR information is then entered into a local, regional, state, or federal system and submitted to a fusion center for review by a trained analyst or investigator. The reviewer determines whether the information has a nexus to terrorism and meets the criteria for sharing nationwide. If so, it is forwarded to the Federal Bureau of Investigation Joint Terrorism Task Force (JTTF) for investigative follow-up.