INTRODUCTION

One of the critical missions of the United States Marshals Service (USMS) is to protect the members of the federal judiciary. The USMS is responsible for protecting approximately 2,200 federal judges and 5,500 other individuals related to the work of the federal judiciary at over 400 court facilities nationwide.

In March 2004, the Department of Justice (Department) Office of the Inspector General (OIG) issued a report that concluded that while the USMS had placed greater emphasis on judicial security after the September 11, 2001, terrorism attacks, it needed to take immediate steps to improve its ability to assess and respond to threats to the federal judiciary.¹ The USMS’s assessments of reported threats were often untimely and of questionable validity. The USMS’s capability for collecting and sharing intelligence on potential threats was limited. The USMS also lacked adequate standards for determining which protective measures should be used in response to potential risks. We made six recommendations to improve the USMS’s capacity for protecting the federal judiciary. The USMS concurred with all six and took steps to address them.

The OIG conducted this follow-up review to examine the USMS’s progress since our March 2004 report. In this review, we examined the USMS’s assessment of reported threats made against federal judges or other USMS protectees; the development of a protective intelligence capability to identify potential threats; and recent measures the USMS has taken to improve judicial security and to enhance its capability to respond to judicial security incidents.²

RESULTS IN BRIEF

The OIG found that from the issuance of the OIG’s March 2004 report through early 2007, the USMS’s efforts to improve its capabilities to assess reported threats and identify potential threats languished. During this period, threat assessments took longer to complete, and over half of the assessments were not completed, resulting in a backlog of 1,190 “pending” threat assessments as of October 1, 2006. Also, the USMS was slow in staffing its recently established Office of Protective Intelligence, and it did not collect and analyze information on potential threats.³

In fiscal year (FY) 2007, the USMS assigned additional resources to resolve the backlog of pending threats and began assessing new threats more quickly. The USMS also began enhancing security measures to protect the federal judiciary. For example, the USMS implemented the congressionally authorized home alarm program and, as of July 2007, has installed about 95 percent of the home alarms requested by federal judges. Also, to support the judicial security mission, the USMS is enhancing the use of its Technical Operations Group, which uses sophisticated technologies to provide investigative and intelligence support. In addition, the USMS is developing a Rapid Deployment Team program that will respond to significant incidents involving judicial security around the country.

However, the USMS acknowledges that it needs to further improve its threat assessment process and to more fully develop protective intelligence that identifies potential threats against the judiciary. USMS managers told us that they believe the current headquarters threat assessment process is of limited utility and said that they plan to implement a new process in FY 2008. Moreover, to enable it to collect and analyze information on potential threats, the USMS has identified various protective intelligence initiatives it would like to implement by FY 2010, such as establishing a system for reporting suspicious activities around courthouses and procuring additional analytical tools for evaluating the information. However, the USMS lacks detailed plans that identify the objectives, tasks, milestones, and resources for accomplishing these needed improvements. We believe that the USMS must exhibit a greater sense of urgency in implementing its plans for improving its capability to assess reported threats, developing and sharing protective intelligence on potential threats, and completing the implementation of enhanced security measures for the federal judiciary.

The OIG conducted a survey of all 2,141 federal judges to obtain their perceptions of their safety and security and of the USMS’s efforts to protect them. Federal judges reported that they believe the unknown general danger associated with being a judge (which we term “potential threat”) poses a greater risk than stated or implied threats (which we term “reported threat”). They reported that they believe that risk varies by the type of cases they hear, with gang, terrorism, and organized crime cases posing higher risks. Regarding the USMS’s performance, federal judges reported that they were satisfied with the protection provided by the USMS. Specifically, 87 percent reported that they were either very or somewhat satisfied with its performance, and only 5 percent were somewhat or very dissatisfied.⁴ A majority of the judges also reported that they were satisfied with the USMS judicial security personnel assigned to their districts. In response to questions about what measures the USMS should take to further improve judicial security, the greatest number of judges ranked improving intelligence collection and analysis capability as most important.

In addition to surveying federal judges, we interviewed 29 individuals, including representatives from the USMS, federal judges, and officials in the Administrative Office of the U.S. Courts. We also conducted a survey of 82 Judicial Security Inspectors who oversee judicial security operations in USMS district offices. We attended the 40-hour USMS Protective Investigations Training Program course conducted at the Federal Law Enforcement Training Center in August 2006. We also reviewed relevant USMS Directives, policies and procedures, manuals, training materials, clearance rosters, and examples of Office of Protective Intelligence information products. The following sections provide additional details on our findings.

Assessing Reported Threats

The threat assessment process begins with the receipt or identification of a threat. The USMS takes measures to ensure the protectee’s safety at the district level and then reports pertinent information on the incident to the Office of Protective Intelligence for a threat assessment, which provides data the district uses in determining the appropriate protective response. After the issuance of our March 2004 report on judicial security, the USMS failed to improve the timeliness of its threat assessments in FY 2005 and FY 2006. We reviewed a random sample of 568 of the 2,018 threats reported to USMS headquarters in those 2 years and found that the Office of Protective Intelligence did not assess threats within established timeliness standards in about two-thirds of all cases in our sample. Moreover, the USMS did not complete threat assessments on more than half of all reported threats, which led to a backlog of 1,190 “pending” assessments as of October 1, 2006. We also found that the Office of Protective Intelligence did not monitor the timeliness of threat assessments during FY 2005 and FY 2006. Office of Protective Intelligence management said the poor performance was due to the increasing number of reported threats and its inability to hire additional analytical staff.

In early FY 2007, Office of Protective Intelligence management implemented procedures to manually monitor the timeliness and quality of threat assessments and dedicated additional staff time to assessing threats and resolving the backlog of pending cases. We found that those actions taken by the USMS enabled it to assess reported threats more quickly beginning in FY 2007. Our examination of a random sample of 232 threats from the first half of FY 2007 found that the USMS had conducted assessments on all of them and that 93 percent of the assessments were completed within applicable timeliness standards. Although threat assessments are now more timely, Judicial Security Division managers told us that the assessments produced under the current process are of limited utility because they do not provide sufficient information about the threateners’ behavior. USMS managers told us that they plan to change the threat assessment process in FY 2008.

USMS managers further explained that the Office of Protective Intelligence is starting to employ a more collaborative method of working with the 94 USMS districts on protective investigations, threat assessments, and case management. Although each protective investigation is unique, Office of Protective Intelligence managers told us that they see the new process as an opportunity to standardize, over time, the protective investigation process performed in each of the districts.

The new threat assessment process described to us by Office of Protective Intelligence managers could improve the ability of the USMS to assess and respond effectively to reported threats. However, the Office of Protective Intelligence has not developed formal plans or guidance for the new process, with defined milestones, tasks, and outcomes. The new process needs to be formalized and defined in order for the Office of Protective Intelligence to implement it, provide direction to the districts, and provide training to headquarters and district staff involved in the judicial protection mission.

Identifying Potential Threats

The USMS has made limited progress at implementing a program to collect and analyze information to identify potential threats. In June 2004, the USMS established the Office of Protective Intelligence to provide a centralized function for assessing reported threats and identifying potential threats. Our current review found that 3 years after the USMS established the office, it still lacks the staff needed to gather and analyze information to develop protective intelligence on potential threats. From May 2005 through July 2007, the USMS added staff to the Office of Protective Intelligence, but the additional resources were primarily assigned to the Investigations Branch where they assessed reported threats.

The USMS has made improvements to its capacity for collecting classified information by increasing the number of staff with Top Secret clearances. The USMS also installed additional secure telephones in district offices and built a secure facility for working with classified information at headquarters. While in August 2003 51 of the USMS’s 94 districts had secure telephones to transmit classified information, by April 2005 all 94 districts had them. Also, as of July 2007 the USMS was nearing completion on construction and accreditation of a Threat Management Center housed in a sensitive compartmented information facility. The Threat Management Center will provide the Office of Protective Intelligence with the capacity to electronically receive, access, analyze, and disseminate classified information related to threats to the judiciary.

However, the Office of Protective Intelligence still does not systematically collect and analyze information about potential threats to the judiciary from its districts, other federal, state, and local law enforcement agencies, or courts to produce protective intelligence. For example, we found that:

• The Office of Protective Intelligence does not analyze information it already receives on reported threats to detect national or regional patterns. Analyses that identify trends in the types of USMS protectees receiving threats, threat delivery methods, and the types of people who threaten the judiciary could help the districts allocate resources and identify areas that need improvement.

• The USMS has not issued guidance on the type of judicial security information to be reported by district office personnel to the Office of Protective Intelligence.

• The Office of Protective Intelligence does not analyze data on courthouse incidents that the Judicial Security Division collects from the districts to identify trends or patterns in suspicious activities that may indicate potential threats. Judicial Security Division managers stated that they plan to develop a Suspicious Activity Report database between FY 2007 and FY 2009 (depending on funding and staff availability) to identify potential threats.

• The Office of Protective Intelligence does not collect and analyze judicial security-related information from federal, state, or local court databases to identify cases that may pose a risk to the federal judiciary.

We also found that the USMS has not assigned full-time representatives to all Federal Bureau of Investigation Joint Terrorism Task Forces to improve access to information and intelligence related to judicial security. From FY 2004 through FY 2007, the USMS reduced the number of full-time Joint Terrorism Task Force representatives from 25 to 17 and reduced the number of part-time representatives from 25 to 23. During this period, USMS districts also began assigning liaisons to Joint Terrorism Task Forces. Unlike full- or part-time representatives, these liaisons do not work on a Joint Terrorism Task Force and do not have direct access to Federal Bureau of Investigation databases. As of July 2007, USMS districts have assigned 39 liaisons.

In a March 30, 2007, memorandum to the OIG, the USMS Assistant Director of the Judicial Security Division listed numerous initiatives that the USMS plans to accomplish by FY 2010 to improve the protective intelligence capabilities of Office of Protective Intelligence, such as establishing a system for reporting suspicious activities around courthouses and procuring additional analytical tools. (See Appendix I for details.) We believe that these initiatives would help the USMS identify potential threats, but as with our review of the threat assessment process discussed previously, we note that the Office of Protective Intelligence has not developed formal plans with defined milestones, tasks, and outcomes to achieve these goals.

Implementing Enhanced Security Measures

Since our March 2004 report, the USMS has implemented additional security measures to protect the federal judiciary, such as the installation of home alarms, the enhancement of its Technical Operations Group, and the creation of a Rapid Deployment Team program to respond to significant judicial security incidents. We describe the status of these initiatives below.

Home Alarms. On June 14, 2005, the Administrative Office of the U.S. Courts asked all federal judges whether they wanted an alarm system installed in their homes. Approximately 1,600 of the 2,200 judges requested alarm systems. In December 2005, the USMS awarded the contract to install the home alarms. After conducting several pilot installations, between March 2006 and July 2007 the USMS contractor installed alarms in 1,531 judges’ residences. As of July 2007, the USMS reported that it had 67 outstanding requests for alarm systems. Of the 67 requests, approximately 30 of the judges are undecided and have yet to arrange for the home inspection or installation. The other 37 were requests for which installation was proceeding.⁵

The USMS is not directly notified of events that trigger the federal judges’ home alarms. Initially, the USMS Communications Center was included on several judges’ Emergency Contact List which identifies individuals who may be called prior to the notification of the authorities. However, according to a JSD manager this presented a problem because the Communications Center is unable to provide immediate physical responses to alarms in the residences across the country. Therefore, the USMS decided that it should not be included on this list. Now, when an alarm is received, the contractor utilizes the judge’s Emergency Contact List. If contact cannot be made, the contractor then notifies local law enforcement. Although the USMS told all districts to ask local law enforcement agencies to notify it of any emergency response to a judge’s residence, as of July 28, 2007, the USMS did not know how many alarm events had occurred at judges’ residences or how many times local police made emergency responses.

We have several concerns regarding the USMS’s lack of awareness about alarm events at judges’ residences. We agree that the contractor should immediately notify local law enforcement agencies of all unresolved alarms so that they can respond quickly. We believe, however, that the contractor should also notify the USMS (after it calls the local law enforcement agency) so that the USMS can determine whether a protective investigation is warranted.

Technical Operations Group. The USMS is enhancing its Technical Operations Group support of the judicial security mission. In response to requests from district offices, the Technical Operations Group uses sophisticated technologies to provide investigative and intelligence support, primarily for the USMS fugitive apprehension mission. Our follow-up review found that the USMS made some initial resource enhancements to the Technical Operations Group and plans to provide further resource enhancements in FY 2008.⁶ However, at the time of this report the USMS had not yet issued guidance on requesting Technical Operations Group assistance or criteria for when Technical Operations Group resources should be deployed in support of the judicial security mission. The USMS has identified the need for such written requirements and provided a draft of the document to the OIG in May 2007.

Rapid Deployment Team. The Judicial Security Division recently initiated a Rapid Deployment Team program to respond to significant incidents, such as an assault on a judge or a disruption of a U.S. courthouse’s operation. In March 2007, the Deputy Assistant Director for Judicial Operations told the OIG that the Judicial Security Division had assigned a working group to draft the operating methodology and plans for the Rapid Deployment Team program by the end of May 2007. As of July 2007, the Rapid Deployment Team program was still in development, and no deployments had occurred. In July 2007, the Deputy Assistant Director stated that the operating methodology and plans for the program would not be completed until September 2007.

CONCLUSION AND RECOMMENDATIONS

We found that from the issuance of the OIG’s March 2004 report through early 2007, the USMS’s efforts to improve its capabilities to assess reported threats and identify potential threats languished. Threat assessments took longer to complete, and over half of the threats reported by USMS districts remained pending as of October 1, 2006. Also, the USMS did not implement an effective program to develop protective intelligence that identifies potential threats against the judiciary. The USMS acknowledges these deficiencies and plans to revise its threat assessment process. During this review, the USMS also informed the OIG of numerous initiatives it plans to implement by FY 2010 to enable it to better collect and analyze information on potential threats to the judiciary.

Also, since our March 2004 report, the USMS has implemented several security measures to protect the federal judiciary. The USMS has implemented a congressionally authorized home alarm program and worked with a contractor that installed about 95 percent of the home alarms requested by federal judges. The USMS is also enhancing its Technical Operations Group and developing a Rapid Deployment Team program to support the judicial security mission.

We believe that to fulfill its critical mission of protecting the federal judiciary, the USMS must exhibit a greater sense of urgency in implementing its plans for improving its capability to assess reported threats, creating and sharing protective intelligence on potential threats, and completing the implementation of enhanced security measures.

To improve the USMS’s capacity to protect the federal judiciary, we recommend that the USMS take the following actions:

1. Develop a formal plan that defines objectives, tasks, milestones, and resources for the new threat assessment process.

2. Create a workload tracking system for threat assessments.

3. Develop a formal plan that defines objectives, tasks, milestones, and resources for implementing a protective intelligence function to identify potential threats.

4. Modify USMS databases to support the new threat assessment process and protective intelligence function to identify potential threats.

5. Require the home alarm contractor to notify the USMS of alarm events after notifying the local law enforcement agency.

6. Issue operational guidance for requesting and deploying Technical Operations Group resources and Rapid Deployment Teams.

---

1. Department of Justice, Office of the Inspector General, Review of the United States Marshals Service Judicial Security Process, Evaluation and Inspections Report I-2004-004 (March 2004).

2. Reported threats are incidents, situations, activities, or communications that are brought to the attention of the USMS by the recipient of the threat or by other law enforcement or intelligence agencies. Potential threats are individuals or groups that pose a threat to a USMS protectee but have not communicated a direct threat to their targets or to law enforcement or intelligence agencies.

3. The Office of Protective Intelligence was established in June 2004. It is a component of the Judicial Security Division, which is responsible for the USMS’s federal judicial security programs.

4. Seven percent were neither satisfied nor dissatisfied.

5. Some judges’ alarm systems were not installed because the judges have indicated to the USMS that they no longer want the system, are no longer federal judges, or did not work with the USMS and the contractor to design and install the system.

6. In September 2006, the Judicial Security Division transferred three personnel to the Technical Operations Group and, in its FY 2008 budget submission, requested funding for six positions to assist in the enhanced Technical Operations Group support of the judicial security mission. The USMS also requested $890,000 for Technical Operations Group equipment and technology.