U.S. flag

An official website of the United States government, Department of Justice.

Developing and Testing a Method for Using 911 Calls for Identifying Potential Pre-Planning Terrorist Surveillance Activities

NCJ Number
Date Published
May 2008
121 pages
This project developed and tested an analytical method for identifying useful information from citizen 911 suspicious-behavior reports regarding surveillance of a potential target by terrorists in preparation for an attack.
The project succeeded in developing and testing an analytic process that uses 911 calls-for-service (CFS) data in order to identify potential terrorist threats. This means that jurisdictions are not required to spend scarce resources on new systems for tracking suspicious behavior. Also, the techniques developed to analyze the 911 CFS data are straightforward, such that complex analyses and software tools are not needed in order to develop standards for collecting and analyzing information on suspicious activity reported. The number of cases identified as potentially related to terrorist preparatory surveillance activities constituted only a small proportion of all suspicious calls (less than 1,000 calls out of approximately 1.3 million). The approximately 200 potential terrorist surveillance behaviors reported through 911 differed from other suspicious-person and vehicle calls by time of day and call location. Research also identified multiple clusters around the city and were able to assess the risk-level of these clusters. The risk-rating framework for potential terrorist surveillance events consisted of the following criteria: atypicality of reported behaviors/activities, attractiveness of the target apparently the focus of the surveillance behavior, membership in a cluster, and the presence of a police report. For each of these criteria, researchers selected a score for each of the risk levels assigned to each of the criteria. Criteria for a behavior to reach the various risk levels are also described. The study analyzed just over 1.3 million 911 CFS records using data mining approaches and a threat classification system that identified and prioritized suspicious activity incidents that were potentially related to preattack activities. 28 figures, 13 tables, 40 references, and appended CFS datafile variables, additional analysis of 2007 incidents, methodology implementation guide, and a framework for conducting data fusion

Date Published: May 1, 2008