In March 2004, the Department of Justice (Department), Office of the Inspector General (OIG) issued a report on the United States Marshals Service’s (USMS) judicial security process.7 The OIG found that:
USMS assessments of threats against USMS protectees were often untimely and of questionable validity;
The USMS had a limited capability to collect and share intelligence on potential threats; and
The USMS also lacked adequate standards for determining which protective measures should be used in responding to potential risks.
The OIG conducted this current review to follow up and examine the USMS’s progress since our March 2004 report.
The USMS judicial security operations examined in this report encompass three broad areas: the assessment of reported threats made against USMS protectees; the development of a protective intelligence capability to identify potential threats; and recent measures to improve judicial security and to enhance the USMS’s capability to respond to judicial security incidents.
One of the critical missions of the USMS is to protect the members of the judiciary. The USMS is responsible for protecting approximately 2,200 federal judges and 5,500 other individuals who work alongside the federal judiciary, including prosecutors and jurors, at over 400 court facilities nationwide. The primary duties the USMS performs to ensure the security and safety of its protectees and the judicial process are providing personal protection, providing physical security in courthouses, safeguarding witnesses, and transporting and producing prisoners for court proceedings. USMS protectees can include:
federal judges (magistrate, bankruptcy, district, appellate);
U.S. Attorneys, Assistant U.S. Attorneys, and their staffs;
U.S. Probation Officers;
Pretrial Services Officers;
Tax Court Judges (Article I Judges);
Clerks of the Court;
Federal Public Defenders;
Justices of the Supreme Court of the United States (in cooperation with the Supreme Court Police);
U.S. Trustees; and
jurors and witnesses.
According to the USMS, in performing its judicial security mission in fiscal year (FY) 2006 it:
conducted 215 protective service details for Supreme Court Justices;
conducted 44 protective details for members of the federal judiciary;
provided security for 179 judicial conferences and 26 special events attended by members of the federal judiciary;
coordinated and provided security for 135 high-threat trials;
performed threat assessments on 1,111 reported threats;
trained 210 Deputy Marshals in a 3-day Judicial Protection Training Conference; and
trained 190 Deputy Marshals in a 5-day training seminar on protective investigations.
According to the USMS, the number of reported inappropriate communications and threats against members of the judiciary has continued to increase since FY 2002. The USMS defines an inappropriate communication as any communication directed to a USMS protectee that warrants further investigation. The USMS defines a threat as “any action, whether explicit or implied, of intent to assault, resist, oppose, impede, intimidate, or interfere with any member of the federal judiciary or other USMS protectee, including staff and their family.”8 Inappropriate communications and threats can be delivered in writing, electronically, telephonically, verbally, through an informant, or through some suspicious activity around the protectee. Chart 1 illustrates the number of reported inappropriate communications and threats from FY 2002 to FY 2006. The USMS expects to receive between 1,200 and 1,300 such communications by the end of FY 2007, although this number is not fully comparable to prior years’ numbers because of a procedural change implemented in FY 2007. Office of Protective Intelligence managers told us that in FY 2007 they began coordinating and consolidating investigations involving mass mailings and habitual letter writers across districts, which reduced the number of new investigations recorded in the Warrant Information Network/Justice Detainee Information System (WIN/JDIS) by approximately 100 cases.9
Chart 1: Number of Reported Inappropriate Communications
and Threats, FY 2002 Through FY 2006
|Source: USMS FY 2008 Performance Budget|
Table 1 shows the 10 USMS districts with the largest number of reported inappropriate communications and threats for FY 2006.10
Table 1: Districts With the Highest Number of Reported
Inappropriate Communications and Threats in FY 2006
|7||Southern New York||29|
According to the USMS, of the 1,111 inappropriate communications and threats reported in FY 2006:
46.4 percent came from the 10 districts listed in Table 1;11
64 of the 94 districts reported 10 or fewer inappropriate communications or threats to the Office of Protective Intelligence (OPI) in FY 2006;
684 inappropriate communications or threats were directed towards federal judges, 162 were directed at U.S. Attorneys and Assistant U.S. Attorneys, and 265 were directed at other USMS protectees;
651 inappropriate communications or threats were conveyed in writing, 141 by telephone, 130 through an informant, 79 verbally, and 110 were reported as suspicious activities;
659 inappropriate communications or threats were from identifiable individuals, 132 were anonymous, and 320 were initiated by individuals already incarcerated; and
10 inappropriate communications or threats were relayed in the form of a bomb threat and 2 as a biological-chemical threat.
USMS Headquarters Operations
Judicial Security Division
The USMS Judicial Security Division (JSD) is responsible for the USMS’s federal judicial security programs, including protective intelligence operations, physical protection of judicial facilities, personal protection, and technical security operations for the judiciary. The JSD’s strategic plan for 2007-2011 states that the JSD:
provides proactive deterrence to threats against the federal judiciary;
develops and implements innovative protective techniques;
provides state-of-the-art equipment and new technologies for all physical and personal security requirements; and
ensures rapid and safe responses to emergency situations as well as unobtrusive counter-surveillance and expert protection during routine judicial security operations.
The JSD consists of two operational components – Judicial Services and Judicial Operations – and an Office of Management and Administration (see Figure 1).
Source: USMS 12-16-06
The Judicial Services component has oversight for the USMS judicial security programs, which are funded by the Administrative Office of the United States Courts’ (AOUSC) court security appropriation. This funding provides for the Court Security Officer program, security equipment and systems for space occupied by the judiciary, and for USMS employees to administer the daily functions. The Judicial Services component is responsible for overseeing four areas:
the Office of Court Security, which is responsible for the daily operations and personnel management of the Court Security Officer program;
the Office of Financial Management, which has the daily oversight responsibility for a $300 million budget;
the Office of Security Contracts, which performs the daily contract responsibilities with the private contractors and the district Contracting Officers’ Technical Representatives, and
the Office of Security Systems, which is responsible for all security and monitoring systems for judicial space.
The Judicial Operations component utilizes a national network of operational personnel (Inspectors) and physical security specialists to manage personal and facility security issues for the judiciary. The Judicial Operations component is responsible for overseeing three areas:
The Office of Courthouse Management serves as the center of expertise concerning prisoner movement and detention facilities within federal courthouses. This office also has oversight of the home intrusion detection system installation program for judges’ personal residences.
The Office of Protective Operations comprises four branches. The Policy and Operations Coordination Branch manages the Special Assignment Fund that assists districts with high-threat trials, terrorist trials, protection of the judiciary and other government officials, and any other unusual missions. The Dignitary Protection Branch supervises the Deputy Attorney General and the Director of the Office of National Drug Control Policy protection details. The Office of Protective Operations has a total of 33 inspectors and managers, including the 12 inspectors assigned to each of the 12 judicial circuits. The East and West Region Branches supervise their assigned inspectors who are responsible for protecting the Supreme Court Justices when they travel outside Washington, D.C. They also supervise all judicial conferences, supervise judicial and government officials under protection in the field, and assist the districts with the supervision and management of high-threat and terrorist judicial hearings in the field.
The Office of Protective Intelligence is responsible for collecting, analyzing, producing, and disseminating threat analysis information and protective intelligence about groups, individuals, and activities that pose a potential threat to the judiciary and persons and property protected by the USMS. It is also responsible for providing this information to the districts, protective details, and USMS senior leadership. The Office of Protective Intelligence (OPI) is a central resource for guidance, oversight, and coordination for protective investigations and protective intelligence. Because the threat analysis and protective intelligence operations of the OPI are a major focus of this report, the OPI’s operations are discussed in greater detail below.
The Office of Protective Intelligence
On June 1, 2004, the USMS Director realigned existing resources and established the OPI within the JSD.12 The goals of the OPI are to:
provide information and intelligence for the planning and execution of USMS operations;
develop and maintain a comprehensive repository of protective intelligence and information;
provide information and data for allocation and management of resources, and data for the development and implementation of policies and procedures;
provide a fusion center for all classified and unclassified information collected for analysis and development of protective intelligence products for applicable dissemination in support of USMS missions; and
incorporate intelligence and information gathered from other agencies into comprehensive products that support USMS missions.13
The OPI comprises three components: the Investigations Branch, the Intelligence Branch, and the Threat Management Center (see Figure 2). The JSD requested six Inspector positions for FY 2008 for the Threat Management Center. In the interim, the JSD plans to staff the Threat Management Center with personnel from the Investigations Branch.
Source: USMS June 2007
The Investigations Branch’s primary duty is to provide investigative oversight and analysis of inappropriate communications and threats reported by the districts to the OPI. Investigations Branch staff also produce and disseminate judicial security-related information to the districts, including alert notices, information bulletins, and foreign travel briefs. The Investigations Branch staff comprises six circuit teams.14 Each team is responsible for 2 of the 12 judicial circuits and the respective USMS districts that fall within the circuit court structure.
The Intelligence Branch is responsible for the collection and review of information and intelligence from USMS districts, through its liaisons with other federal law enforcement entities, and from other sources. Additionally, this branch is responsible for oversight of the USMS program involving its representatives assigned to the Federal Bureau of Investigation’s (FBI) Joint Terrorism Task Forces (JTTF).15
As of July 2007, the Intelligence Branch had six full-time staff assigned. One Branch Chief and a JTTF Program Coordinator operate out of USMS headquarters. In addition, four Inspectors were assigned as full-time liaisons with other federal law enforcement entities. These Inspectors coordinate with the FBI’s National Joint Terrorism Task Force; the FBI Washington Field Office’s JTTF; the Federal Bureau of Prisons’ Sacramento Intelligence Unit; the Supreme Court Police; the U.S. Capitol Police; the District of Columbia Metropolitan Police Department; and the Department of Homeland Security Office of Intelligence and Analysis.16
In addition to assigning full-time liaisons to these law enforcement agencies, the USMS also has established other contacts and working relationships to obtain and share information with the U.S. Secret Service; the Central Intelligence Agency; the National Security Agency; the Department of State’s Diplomatic Security Service; the Defense Intelligence Agency; the Pentagon Force Protection Agency; the Drug Enforcement Administration; the Bureau of Alcohol, Tobacco, Firearms and Explosives; the Federal Air Marshal Service; the Transportation Security Administration; Immigration and Customs Enforcement; Customs and Border Protection; and numerous state and local fusion centers, such as those in Virginia, New York, and Texas.17
Threat Management Center
At the time of the OIG review, the Threat Management Center was not yet operational, but was scheduled to initiate operations on September 14, 2007. It is organizationally located in the JSD and will eventually be staffed 24 hours a day. The Threat Management Center will initially be staffed by Investigations Branch personnel, but six Inspector positions have been requested for FY 2008 to permanently staff the Threat Management Center. The Threat Management Center is housed within a sensitive compartmented information facility so that information classified as Top Secret can be analyzed and retained. The Threat Management Center will serve as the single point of entry for the reporting of all threats, inappropriate communications, incidents and suspicious activities from the 94 USMS districts and 12 judicial circuits as well as from other law enforcement agencies. According to the USMS, the Threat Management Center will conduct record checks and provide recommendations for protective investigations to the districts. Once the Threat Management Center is operational, the USMS will internally review and assess its capabilities, then create, revise, and formalize the necessary policies and procedures to ensure its effective operation.
USMS District Operations
When a USMS district has either identified or had an inappropriate communication or threat reported to it by a member of the judiciary, the initial information gathered during the protective investigation is entered into WIN/JDIS and forwarded electronically to the OPI for research and analysis. The districts are responsible for conducting protective investigations and determining the threat management strategy needed to reduce or control any potential risk to protectees. The district offices are also responsible for making the final assessment of the level of risk.
In the districts, Judicial Security Inspectors oversee the protective investigations, which are conducted by District Threat Investigators.
Judicial Security Inspectors
In FY 2002, Congress appropriated funding for hiring 106 new Judicial Security Inspector positions within the 94 judicial districts and the 12 circuit courts.18 Judicial Security Inspectors are senior-level Deputy Marshals that:
investigate or supervise protective investigations conducted by District Threat Investigators involving threats to the judiciary;
assist the district in planning for all high-threat trials and events;
assist in the preparation of operational plans and security at district off-site judicial events;
conduct security briefings and training for members of the judiciary;
conduct off-site security briefings and reviews for members of the judiciary; and
act as the USMS contracting officer’s technical representative for the Court Security Officer contract to monitor compliance and performance standards in their respective districts.
District Threat Investigators
The District Threat Investigators, in consultation with the district Judicial Security Inspectors, conduct protective investigations into inappropriate communications or threats made against USMS protectees. The District Threat Investigator’s primary goal is to devise and implement a threat management strategy to mitigate any potential risk to the protectee.
According to the USMS, as of March 2007 there were 338 Deputy Marshals who had been designated as District Threat Investigators in the 94 districts. The number of District Threat Investigators in a district ranges from 1 to 10 with an average of 4 per district. Because of staffing levels, multiple USMS missions, and variations in the number of reported threats in a district, in some districts the District Threat Investigator duty is a collateral duty. Of the 338 District Threat Investigators, 55 have been designated as full time, and 283 performed the District Threat Investigator function as a collateral duty.
USMS Threat Management Program
Upon being notified of a suspicious activity, event, or communication, the District Threat Investigator makes the initial determination whether it meets the criteria of an inappropriate communication or threat. If it meets the criteria, the district Judicial Security Inspector and District Threat Investigator work as a team to implement the USMS’s threat management program, which involves three elements:
A protective response – The threat management process begins with the district determining and taking the necessary measures to ensure the protectee’s immediate safety.
A protective investigation – During a protective investigation, the District Threat Investigator and Judicial Security Inspector attempt to identify the subject, assess the threat, and mitigate the risk of harm to the protectee. The districts make the operational and tactical decisions involving the protection and management components of each threat case.
A threat assessment – The district notifies the OPI of inappropriate communications and threats by opening a case file in WIN/JDIS and entering information gathered during the protective investigation. Based on the investigative information provided, the OPI conducts research and analysis to compare and evaluate the current inappropriate communication with the characteristics of similar types of closed threat cases. The resulting OPI threat analysis provides data to assist the district in determining the appropriate threat level and protective response. The district makes the final threat assessment.
Interim Protective Measures
While an inappropriate communication is being assessed by the OPI, the district determines what level or type of protective response is appropriate based on the information known. Some steps the district may take are:
briefing the protectee (and family) on security awareness issues;
updating or completing a judicial personal profile with details about the protectee that the district may need to provide protection;
initiating or updating a residential security survey;
installing electronic security measures; or
arranging for local law enforcement to conduct or increase patrols around the protectee’s residence.
After assessing the risk and using risk-based standards, USMS district officials also may initiate a protective detail. The districts are responsible for providing Deputy Marshals, administrative support, and any other resources needed during the first 72 hours of a protective detail. If the protective detail lasts longer than 72 hours, the districts may request additional staffing and funding from the JSD’s Office of Protective Operations. The office reviews protective detail funding and staffing requests to ensure the appropriate protective and investigative measures are maintained.
A protective investigation is the systematic collection and assessment of available information to determine the individual’s or group’s true intent, motive, and ability to harm or pose a threat to a USMS protectee. A protective investigation begins immediately at the district upon receipt of an inappropriate communication or threat.
The USMS and the FBI both have responsibility for assessing and investigating threats. The USMS directives state that the USMS reports all threats to the FBI, which has the primary responsibility for conducting criminal investigations of threats to USMS protectees for the purpose of prosecution.19 The USMS conducts protective investigations that focus on mitigating the potential for harm to a protectee, regardless of the possibility for prosecution. If a protective investigation determines that a threat is likely to be carried out, the district develops a plan that incorporates a range of tactics and strategies designed to identify, assess, and mitigate any potential risk of harm to a protectee. Tactics may include:
arresting the individual,
having the individual committed for psychiatric care or observation,
ensuring the individual is taking prescribed medications,
obtaining a restraining order, or
monitoring the individual through frequent contact (in-person or telephonic).
The district prepares an investigative report on a USM-550 form and forwards it to the OPI for research and analysis to assist the district in making an assessment.20 District personnel also create a case record and enter investigative information and any details, including any supporting documentation (such as photographs), directly into WIN/JDIS. Once the initial case information is in WIN/JDIS, the district uses the system to manage and monitor the progress of the case. District management can also use the system to track and generate reports of how many inappropriate communications have been received, investigated, and closed. Any subsequent information gathered by the district during the protective investigation is entered into the WIN/JDIS record and is also provided to the OPI on a USM-11 form.21
OPI staff may be asked to confirm that the communication meets the criteria required for an inappropriate communication. If the criteria are met, the OPI begins its analysis (see Figure 3). The process starts with queries of specific agencies and databases, including the U.S. Secret Service’s threat database (called TAVISS), to determine whether the individual or group has made previous threats or has any law enforcement records. These queries may provide information about the individual’s or group’s possible intent, motive, or ability to carry out the threat.
JSD managers told us that for cases that are “more serious or threatening,” they have established a “major case category.” Some of the criteria for these cases are (1) the threatener continues to demonstrate intent, motive, and ability; (2) the threatener is being released from custody following a conviction for threats, stalking, or assault on a USMS protectee; or (3) the threat involves mass mailings crossing over several districts. For major cases, the district closes the case in WIN/JDIS, and OPI staff reopen the case using a new case code and assume management of the case. OPI staff routinely notify other districts of threateners that send mass mailings and that are active in multiple districts.
The OPI conducts two computer-based analyses using the information from the district and its database queries. The first analysis is a comparative analysis that compares the case’s known characteristics with previous threat cases maintained in the USMS’s historical threat database. This database contains inappropriate communications and threat cases that have been closed and assigned an outcome of false, enhanced, or violent. The result of the comparative analysis is expressed in a score that indicates how closely the characteristics of the case being assessed match those of prior cases.
The second analysis is called a MOSAIC assessment. Using the investigative information to answer established questions about the case being assessed, the OPI applies the MOSAIC proprietary software to produce a numerical rating and information quotient. The numerical rating is expressed on a scale of 1 to 10. The higher the rating, the more the case under review resembles past cases that have escalated or resulted in violence. The information quotient, which is expressed on a scale of 0 to 200, is based on the number of questions that have been answered by the investigation at that point. The more questions that have been answered, the more reliable the result.
Once the two analyses have been completed, the record in WIN/JDIS is updated with the scores, and the results are sent to the district. The two analyses should have similar outcomes. If the comparative analysis score indicates low risk, then the proprietary analysis score should indicate low risk as well. When the two analyses do not show a similar outcome, the OPI can attempt to resolve the disparity by requesting additional investigative information from the district and reassessing the threat, or it can provide possible explanations for the disparity to the district.
The district can use the scores to help determine if the necessary protective measures have been taken and if the protective investigation is on the correct path. If significant new information on the case is collected during the course of the protective investigation after the assessment scores have been disseminated, the district can request that the OPI reassess the threat. The USMS has indicated that both scores are viewed as “tools” to assist the district in making a determination of the potential risk the threat does or does not present to the protectee.
The OPI expects to depart from reporting only the scores that result from this process at the end of FY 2007. OPI officials said that beginning in October 2007, they will work more collaboratively with the districts on assessing threats over the length of the protective investigations through an ongoing exchange of information between the District Threat Investigator and the investigator/analyst team in the OPI.
March 2004 OIG Report on Judicial Security
In our March 2004 report, we evaluated the USMS’s efforts after September 11, 2001, to improve its protection of the federal judiciary. We focused specifically on the USMS’s ability to assess threats and determine appropriate measures to protect members of the federal judiciary during high-threat trials and when they are away from the courthouse. We found that:
The USMS had placed greater emphasis on judicial security by hiring 106 Judicial Security Inspectors and increasing courthouse security.
The USMS assessments of threats against members of the federal judiciary were often untimely and of questionable validity.
The USMS had a limited capability to collect and share intelligence on potential threats to the judiciary from USMS districts, the FBI’s JTTFs, and other sources.
The USMS lacked adequate risk-based standards for determining the appropriate protective measures that should be applied to protect the judiciary against identified potential risks during high-threat trials and when protectees are away from the courthouse.
Consequently, the OIG made six recommendations to the USMS:
Ensure that all threats to the judiciary are assessed within established time frames.
Update the historical threat database or develop a new database to perform comparative assessments.
Assign full-time representatives to all 56 FBI field office JTTFs and ensure effective USMS liaison with other intelligence agencies.
Create a centralized capability to identify, collect, analyze, and share intelligence.
Ensure that all Chief Deputy Marshals and all JTTF representatives have Top Secret clearances and ensure that each district has operational secure communication equipment.
Revise USMS guidance to establish risk-based standards and require after-action reports for high-threat trials and protective details.
The USMS concurred with all six of the recommendations and during the next 2 years reported to the OIG the steps it had taken to implement them. The USMS stated that it had revised its established time frames for assessing threats; updated the historical threat database; increased the number of liaisons with other law enforcement and intelligence agencies and requested additional resources to increase representation on the JTTFs; established an OPI; increased the number of Top Secret security clearances and secure communications equipment in the districts; and issued revised judicial security directives that included risk-based standards and after action reports.
WIN/JDIS consolidates judicial threat data with warrant, criminal history, prisoner scheduling, and booking information in a single database. As the USMS’s central law enforcement information system, WIN/JDIS is used to manage records and information collected during fugitive investigations and protective investigations involving potential threats made against the federal judiciary. WIN/JDIS contains current and historical case data for all USMS investigations. It is also used to access the National Law Enforcement Telecommunication System and National Crime Information Center systems to obtain criminal record information from other federal, state, local, and foreign law enforcement agencies.
Based on information contained in the USMS’s Warrant Information Network (WIN/JDIS) system that was provided to the OIG for analysis in November 2006, there were 1,059 reported threats in FY 2006. The USMS explained that the data it provided to the OIG does not match the 1,111 threats it reported to Congress in January 2007 (Chart 1) because WIN/JDIS allows case records to be updated or deleted and, therefore, the number of threats recorded in WIN/JDIS changes on a regular basis.
The USMS reported the date of June 1, 2004, to the OIG in response to a recommendation in the OIG’s March 2004 report, Review of the United States Marshals Service Judicial Security Process. On other occasions, the USMS has also cited July 1, 2005, as the date the OPI began operations, which is when the threat analysis and protective investigation functions were transferred from the Investigative Services Division’s Analytical Support Unit to the OPI.
In September 2006, the USMS formalized its JTTF Program to collect and disseminate pertinent and timely intelligence to best support USMS core missions and programs. There are currently over 100 FBI JTTFs operating throughout the United States. Each JTTF includes members from federal, state, and local law enforcement organizations. The JTTFs are intended to enhance the collection and sharing of information and intelligence, and to work on specific FBI domestic and international terrorism investigations. The USMS began participating on JTTFs in July 2001 when it entered into a Memorandum of Understanding with the FBI.
Fusion centers blend relevant law enforcement and intelligence information analysis and coordinate security measures to reduce threats in local communities. According to the Department of Homeland Security, fusion centers provide critical sources of unique law enforcement and threat information and facilitate sharing information across jurisdictions and function.
The 94 district Judicial Security Inspectors report directly to the U.S. Marshal or Chief Deputy U.S. Marshal in their assigned district. The 12 Circuit Court Inspectors report to the Chief, Office of Protective Operations, Judicial Security Division. The Judicial Security Inspector Program became operational in May 2003.
A criminal investigation focuses on the collection of evidence that shows that the individual made a threat. The FBI conducts the criminal investigations, though in some instances, it may decline to proceed and the USMS conducts the investigation. A protective investigation by the USMS can run concurrently with a criminal investigation and can continue after the criminal investigation is closed. The goal of a criminal investigation is to prosecute, and the goal of a protective investigation is to mitigate the threat.
The USM-550 Preliminary Threat Report is a form is submitted by the district in conjunction with a WIN/JDIS entry during the process of initiating a protective investigation. The USM-550 supplements the data in WIN/JDIS so that the OPI can conduct a more thorough threat analysis.