Learning From the Past in Addressing Domestic Terrorism

By Steve Stransky
Friday, April 12, 2019, 8:00 AM

Recently, Lawfare published a compelling article by leading former national security officials on the similarities between international terrorism and domestic terrorism, and the problems caused when governments seek to draw an overly rigid distinction between the two. The article was written against the backdrop of the mass shooting at two mosques in Christchurch, New Zealand: The suspected shooter, Brenton Tarrant, stated online that he was influenced by the actions of domestic terrorists in their home countries around the world. According to the authors, “so-called domestic terrorists have gone global: they’ve become transnational in influence and impact.”

The article put forth several recommendations on how to better address the threat of domestic-based actors, including expanding the mission of the National Counterterrorism Center (NCTC) beyond its traditional focus on international terrorism to include “threat analysis, information sharing, and strategic operational planning for the domestic terrorist threat.” Notably, Congress has already vested the Department of Homeland Security with such a mission and responsibilities—though this is not to say that expanding the NCTC’s role to combating domestic terrorism would be without merit. While the Department of Homeland Security has the authority and the responsibility to develop and provide strategic intelligence on both international and domestic terrorists, it is subject to budgetary limitations and its own competing departmental priorities. In fact, some media outlets are reporting that Homeland Security-produced intelligence reports on domestic terrorists have “dropped significantly” in recent years, but the department has refuted this claim.

Any congressional effort to expand the mission of the NCTC should begin with a review of how the Department of Homeland Security has engaged and evolved in addressing domestic terrorism since its inception in 2003. Examining the department’s experience, and identifying gaps in the current approach to domestic terrorism, will better position Congress to restructure the NCTC to produce intelligence on domestic terrorism while upholding privacy protections and adhering to the rule of law. In particular, Congress should analyze the current legal framework for authorizing the collection and analysis of information pertaining to domestic terrorists, assess the efficiency and effectiveness of current programs and information-sharing forums designed to combat domestic terrorism, and review the appropriate oversight mechanisms to satisfy the unique and sensitive concerns raised within the context of collecting intelligence domestically.

Defining Terrorism

The Department of Homeland Security has two intelligence elements—the Office of Intelligence and Analysis (I&A) and the U.S. Coast Guard Intelligence (CG-2) unit. The under secretary for I&A serves as the “chief intelligence officer” for the department and is responsible for discharging several functions related to both domestic and international terrorism. More specifically, the Homeland Security Act of 2002, as amended, mandates that I&A access, receive, analyze and integrate law enforcement information, intelligence information and other information to detect, identify and assess the nature and scope of terrorist threats against the United States. Similarly, the act mandates that I&A “integrate relevant information, analysis, and vulnerability assessments ... in order to identify priorities for protective and support measures regarding terrorist and other threats to homeland security .... ” To satisfy these (and similar legal requirements), I&A is required to access and receive information and intelligence from a broad range of sources, including the following:

  • Any other Homeland Security component (e.g., Secret Service, Cybersecurity and Infrastructure Security Agency)
  • Other federal government agencies and departments (e.g., CIA, FBI, NSA)
  • State and local government agencies (e.g., New York Police Department, Los Angeles Police Department)
  • Foreign governments
  • International organizations (e.g., INTERPOL)
  • Private-sector entities
  • Open-source platforms (e.g., social media)

Perhaps most important to this discussion, however, is how “terrorism” is defined in the context of I&A’s strategic and tactical intelligence mission. Here, the applicable provision in the Homeland Security Act defines “terrorism” as

[A]ny activity that (A) involves an act that (i) is dangerous to human life or potentially destructive of critical infrastructure or key resources; and (ii) is a violation of the criminal laws of the United States or of any State or other subdivision of the United States; and (B) appears to be intended (i) to intimidate or coerce a civilian population; (ii) to influence the policy of a government by intimidation or coercion; or (iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping.

Accordingly, Congress did not limit I&A’s intelligence mission to analyzing only international terrorism but mandated that it focus more broadly on all the activities described in the law, which clearly encompasses domestic terrorist activities.

This framework is reinforced by Executive Order 12333 and its implementing procedures governing the manner in which all intelligence community elements (including I&A) may collect, retain and disseminate information on “U.S. persons,” which is defined to include U.S. citizens and lawful permanent residents. Unlike other intelligence community elements that are limited to collecting foreign intelligence, or information pertaining to international terrorist organizations, the executive order and its implementing procedures reinforce I&A’s mission to address both domestic and international terrorism. On the former, I&A’s implementing procedures specifically permit it to process information on U.S. persons that are “reasonably believed to relate to the existence, organization, capabilities, plans, intentions, means of finance or material support, or activities of domestic groups or individuals involved in domestic terrorism.” In turn, I&A defines “domestic terrorism” simply as “[t]errorism that is not international terrorism.”

In short, I&A has been vested with the authority to collect, analyze and disseminate strategic information and intelligence on any terrorist threat—regardless of geographic jurisdiction or location in which the activities occur. If Congress were truly looking to expand the NCTC’s authorities to provide it greater responsibility to collect and analyze information pertaining to domestic terrorist activities, the Homeland Security Act, Executive Order 12333 and I&A’s implementing procedures provide Congress with an example for how such a comprehensive legal framework could operate.

Domestic Terrorism Programs

The manner in which the Department of Homeland Security has implemented its responsibilities to counter domestic terrorism has evolved since its inception in 2003. A statement on the department’s website provides a detailed description of the programs it currently maintains to “prevent terrorism at home,” a goal that encompasses its mission to prevent domestic terrorist activities. Here, the department touts its Office for Community Partnerships, which provides local communities with “targeted briefings, exercises, workshops, and training” on terrorism. The website also addresses the role of I&A, stating that I&A “works closely with state and local authorities and the private sector to ensure they are up-to-speed on domestic terrorist trends, tactics, and situations so that they can respond quickly and effectively.” According to the site, I&A also “facilitates information from the local level back to Washington to make sure national-level decision-makers can respond quickly to emerging terror threats.”

Last, the website describes the information-sharing architecture that Homeland Security (including I&A) leverages to collect and share information from, and to, other federal agencies, state and local governments and the private sector. This architecture includes fusion centers, the Nationwide Suspicious Activity Reporting (SAR) Initiative, the National Terrorism Advisory System and the Homeland Security Information Network. Yet these programs and information-sharing forums have received mixed reviews from Congress and others: Critics have focused on the poor quality of source reporting, inefficiencies in the federal government’s internal and external information-sharing processes, and low value in analytic products disseminated to the department’s state and local partners.

Before Congress seeks to expand the NCTC’s mission into this space, it should carefully evaluate which of these programs and forums have succeeded at the Department of Homeland Security and deserve replication at the NCTC, or which could succeed in a new agency with appropriate funding and support. Of course, this issue is complicated by the fact that terrorist organizations—domestic and foreign alike—evolve and adjust to changing circumstances and operational environments. As such, whatever solution Congress develops should permit large bureaucratic organizations the flexibility needed to respond quickly to changes and developments by adversaries and threat actors.

Domestic Terrorism and Oversight

Combating domestic terrorism involves difficult calculations regarding the level of oversight needed to balance timely and effective intelligence against the rights and privileges afforded those in the United States. As noted above, most intelligence community elements concentrate on foreign intelligence operations, where there is a low probability that individuals protected by domestic law will be implicated. This is not the case for matters involving domestic terrorism, which naturally involves individuals granted protection under federal and state laws. For example, the Foreign Intelligence Surveillance Act sets forth specific requirements and restrictions related to how the government can undertake surveillance, or otherwise collect information, where legal privacy interests are heightened. As referenced above, Executive Order 12333 creates additional limitations on how intelligence community agencies can collect, use and retain information on U.S. persons and collect information within the United States.

The Privacy Act of 1974 creates additional challenges to how intelligence community elements may collect information on U.S. citizens and lawful permanent residents. More specifically, the act prohibits certain federal agencies from maintaining electronic records “describing how any individual exercises rights guaranteed by the First Amendment unless expressly authorized by statute or by the individual about whom the record is maintained or unless pertinent to and within the scope of an authorized law enforcement activity.” As stated by the U.S. Court of Appeals for the D.C. Circuit in Nagel v. United States Dep’t of Health, Educ. & Welfare, “[t]he mere compilation by the government of records describing the exercise of First Amendment freedoms creates the possibility that those records will be used to the speaker’s detriment, and hence has a chilling effect on such exercise.” This provision provides unique challenges because individuals who engage in suspicious activity related to domestic terrorism, such as posting propaganda online, may be protected by the First Amendment and intelligence community elements may not be able to leverage the “law enforcement activity” exception within the Privacy Act.

To address these, and other similar, legal issues, the Department of Homeland Security created a comprehensive intelligence oversight program through a vast array of internal procedures and policies. For example, according to a 2017 inspectors general report, the department has its Privacy Office, Office of Civil Rights and Civil Liberties (CRCL), Office of the General Counsel and I&A Intelligence Oversight Program review and approve I&A intelligence reports prior to their dissemination. In fact, according to the CRCL, the office “reviewed more than 1,000 [intelligence] products in FY 2017, ensuring that the intelligence delivered to state and local partners was appropriately sensitive to and protective of civil rights and civil liberties.” Although the CRCL frames its review of intelligence products as an integral part of the oversight process, the inspectors general report noted that the department’s internal review process “often delayed” the timely dissemination of such intelligence.

This type of internal oversight is not common to those elements of the intelligence community that focus on foreign-based governments, organizations and actors. Moreover, because Homeland Security’s policies and procedures are not based in law, they are subject to change with new administrations. Like the issues addressed above, to the extent Congress is considering expanding the NCTC’s mission to address domestic terrorism, it should consider the important legal and policy oversight mechanisms needed to ensure that domestic laws, rights and privileges are followed, while providing the NCTC with the ability to collect and distribute intelligence in a timely fashion. This is an area where Congress can look at both the successes and the failures of the Department of Homeland Security to determine how such an oversight framework can be implemented in another intelligence community element.


According to some statistics, domestic terrorism in the United States has increased steadily in the past several years. Although (fortunately) no domestic terrorist activity has been as severe as the 9/11 attacks, there continue to be calls to treat domestic terrorism “with the same commitment and resources as the international terrorist threat” and to “properly prioritize” the domestic terrorism threat. Congress can benefit from assessing I&A’s experiences to determine which of its legal frameworks, programs and oversight mechanisms can best serve the domestic intelligence mission.