Suspicious Activity Reporting
Suspicious Activity Reports are defined as "official documentation of observed behavior reasonably indicative of pre-operational planning related to terrorism or other criminal activity." The Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI) is a "unified process for reporting, tracking, and accessing [Suspicious Activity Reports]." The NSI operates within the National Criminal Intelligence Resource Center, which is within the Bureau of Justice at the Department of Justice. The NSI is also supported by the Information Sharing Environment (ISE). ISE is comprised of "major urban area fusion centers" and their federal, state, local, and tribal law enforcement. ISE defines "suspicious activity"to include vandalism, photography, and questioning individuals "at a level beyond mere curiosity" about facility purpose or security procedures. The nationwide ISE-SAR process involves 12 intricate steps that are separated into 5 distinct phases: (1) planning; (2) gathering and processing; (3) analysis and production; (4) dissemination; and (5) reevaluation.
- The planning phase involves "production and dissemination of information products about terrorist plans, intentions, and capabilities" made available to ISE participants. These threat assessments are often made by Federal agencies based upon various unspecified information sources.
- The gathering and processing phase begins with observations or reports of suspicious activity. Both private citizens and government officials can make these observations. The suspicious activity is then reported to local law enforcement or to local, regional, or national offices of a federal agency. Local or federal agency officials then review the suspicious activity information. After this review, agencies make suspicious activity reports available to state or major urban area fusion centers.
- In the analysis and production phase, fusion centers or federal agencies conduct analytical reviews on the suspicious activity report and evaluate the existence of potential terrorist threats. In the event that no potential terrorist threat is found, the suspicious activity report can still be retained in local fusion centers or federal agency files in accordance with retention policies and rules.
- In the dissemination phase, potential terrorist threats become official ISE-SARs. ISE-SARs are then stored in fusion centers or ISE Shared Spaces where they can be accessed by law enforcement, homeland security personnel, and other ISE participants.
- The reevaluation phase provides feedback to organizations that create ISE-SARs. This feedback is designed to inform organizations their initial suspicions have "some validity" or conversely, to notify when the ISE-SAR was incorrectly designated.
EPIC has a longstanding interest in the privacy implications of domestic surveillance and fusion centers. SAR presents privacy, civil liberties, and civil rights concerns. In particular SAR could be the basis for detaining and arresting people who pose no threat to public safety and who have engaged in no criminal activity. Additionally, SAR does not adhere to well-established legal parameters of probable cause and reasonable suspicion. Moreover, uncorroborated, adverse judgments about individuals are added to federal record systems without the clear protections of the Privacy Act. To the extent that this becomes a widely adopted policing techniques, there are significant implications for Constitutional and statutory rights.
- Information Sharing Environment (ISE) Functional Standard (FS) Suspicious Activity Reporting (SAR) Version 1.5 (May 21, 2009)
- Nationwide SAR Initiative (NSI)
- Information Sharing Environment (ISE): Nationwide SAR Initiative
- Information Sharing Environment (ISE) Functional Standard (FS) Suspicious Activity Reporting (SAR) Version 1.5: ISE-SAR Criteria Guidance
- Nationwide Suspicious Activity Reporting Initiative (NSI) Concept of Operations, Version 1 (Dec. 2008)
- EPIC: Domestic Surveillance
- EPIC: Information Fusion Centers and Privacy
- EPIC: The Privacy Act of 1974
- Jamie Ross, L.A. Sheriff Calls Photojournalism a 'Suspicious Activity,' Photogs Say, Courthouse News Service, Oct. 31, 2011
- Laura Yuen, Access to ‘Suspicious-activity’ Reports Now Restricted after MOA Security Details Revealed, Minnesota Public Radio, Sept. 16, 2011
- Mark Reilly, Mall of America’s ‘Suspicious’ List Mostly Minorities, Minneapolis / St. Paul Business Journal, Sept. 8, 2011
- Alicia Cypress, Stephanie d’Otreppe, and Margot Williams, Database: 125 Suspicious Activity Reports from Mall of America, America's War Within, Sept. 7, 2011
- Andrew Becker, G.W. Schulz, and Daniel Zwerdling, Mall of America Visitors Unknowingly End Up in Counterterrorism Reports, America's War Within, Sept. 7, 2011
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
by Ryan Calo, A. Michael Froomkin,