The Police Chief, the Professional Voice of Law Enforcement
Advanced Search
August 2016HomeSite MapContact UsFAQsSubscribe/Renew/UpdateIACP

Current Issue
Search Archives
Web-Only Articles
About Police Chief
Law Enforcement Jobs
buyers Your Oppinion

Back to Archives | Back to October 2009 Contents 

ILP Abbreviations for the ISE and NCISP Can Spell Trouble

By Thomas J. Martinelli, Adjunct Professor, Wayne State University, Detroit, Michigan; and Lawrence E. Shaw, Inspector, Florida Department of Law Enforcement, Investigations and Forensic Science Program, Tallahassee, Florida

Editor’s Note: For the purpose of this article, all abbreviations, initialisms, and acronyms will be referred to as abbreviations.

he nomenclature involved with intelligence-led policing (ILP), the intelligence-sharing environment (ISE), and the National Criminal Intelligence Sharing Plan (NCISP) can be overwhelming and confusing at times. Those working in the intelligence field continue to generate abbreviation after abbreviation in an attempt to facilitate networking communications between members of the ISE. But to others who are not prepared to easily decipher all of the abbreviations, it makes the world of ILP that much more challenging and frustrating.

For example, there are the everyday abbreviations—DOJ, BJA, DEA, CIA, FOIA, and LEIN—that even citizens may recognize. But also on this list there are the more involved abbreviations such as GJXDM (Global Justice Extensible Markup Language Data Model), IRTPA (Intelligence Reform and Terror Prevention Act), NIPRNET (Non-classified Internet Protocol Router Network) and SWBSADIS (Southwest and Border States Anti-Drug Informant System). These terms are not as easily recognizable.

There are, so far, at least five types of intelligence: COMINT (communications intelligence), HUMINT (human intelligence), IMINT (imagery intelligence), SATINT (satellite intelligence), and SIGINT (signal intelligence). There are the abbreviations that sound like Greek gods—OCONUS (outside the continental U.S.), for instance—or the mundane CONOPS (concept of operations), and then the more digestible FIG (field intelligence group). Abbreviations such as LEIU (Law Enforcement Intelligence Unit), MATRIX (Multistate Antiterrorism Information Exchange), SBU (sensitive but unclassified), and FOUO (for official use only) may be more familiar to those in law enforcement.

Additionally, there are jurisdictional networking systems referred to as RISS (Regional Information Sharing Systems) or RISS.NET (Regional Information Sharing Systems-Secure Intranet). There is WSIN (the Western States Information Network), RMIN (the Rocky Mountain Information Network), MOCIC (the Midstates Organized Crime Information Center), ROCIC (the Regional Organized Crime Information Center), and the Scottish-sounding MAGLOCLEN (Middle Atlantic-Great Lakes Organized Crime Law Enforcement Network). There is considerable value to knowing the local RISS’s abbreviation and its liaison officers.

Finally, there are those abbreviations that linguists would equate to sight words, meaning that you must know what the letters of the abbreviation stand for, by sight only, because you will not be able to guess what they stand for.

There are the Star Wars-types of abbreviations: P3I (public-private partnerships for intelligence), PCII (protecting critical infrastructure information), C3 (command, control, and communications), and its twin, C3I (command, control, communications, and information).

Abbreviations are often audience specific, which will add even more confusion in the law enforcement field. IC means the intelligence community, and CI traditionally meant counterintelligence. But the Department of Homeland Security is using CI to mean critical infrastructure. The confusion continues with the reuse of traditional designations for new things. IRS, for instance, is being used to identify an intelligence resource specialist as well as the Internal Revenue Service.

It is possible then that at an ILP training seminar a CI officer or IRS may deliver a lecture on the critical importance of forwarding SARs (suspicious activity reports) to the closest RISS, strictly adhering to the GJXDM to facilitate SBU intelligence data necessary for PCII to be disseminated to the ISE pursuant to the NCISP philosophy. Looking at the bigger picture may help reduce some of the anxiety associated with understanding intelligence-led policing.

A Comfort Zone Template

From a historical and legal perspective, ILP is in its embryonic stages still, and traditional law enforcement procedures now have to apply a template to intelligence gathering, retention, and dissemination. A good metaphor is like walking through your second floor hallway, late at night, without any lights on. You know where bedroom doorways begin and end, where the bookshelf begins and ends, and where the shared bathroom is located. You don’t need to turn on the hallway light because of your comfort zone, knowing the little nooks and crannies of your own house. But rent a summer cottage and you will not experience that same comfort level, traversing its darkened hallways, unfamiliar with their risks. Most likely you would seek out some illumination to be on the safe side.

The same can be said for embracing the intelligence-led policing philosophies. Veteran officers have had years of training in defining probable cause, articulating the facts of an arrest, and following Fourth Amendment search and seizure policies related to street-level policing, narcotics raids, and even homicide investigations. The Supreme Court’s application of the exclusionary rule, or “fruits of the poisonous tree,” have provided a clear template of police procedures that are legal and those that are not. This familiarity allows officers to perform their jobs in their own intellectual comfort zones without the need for much second guessing.

In the intelligence field, officers are also tasked with the duty to investigate any and all tips, leads, and suspicious activity to decipher whether or not there is a potential criminal nexus related to that suspicious activity. Yet certain ostensibly legal activities, such as purchasing large amounts of fertilizer or pool chemicals or photographing major infrastructures, might be a sign of something more sinister. Combined with other preoperational pieces of the puzzle, any one of these legal activities may very well be part of the next terrorist threat. Intel personnel and supervisors must decide, at this very early stage, what further police actions, if any, warrant sharing this information with those in the ISE.

Suspicious Activity Reports

The ILP function begins with tips, leads, raw information, and officer intuitions and are documented through the use of SARs, or suspicious activity reports.1 Many times these are simply field interview reports, street-level officers’ observations, instincts, and experiences that focus on suspicious behaviors. The focus of suspicious activity reports is behavior. This is why it is highly recommended that intelligence-led policing training is addressed throughout an agency. From street-level officers to the detective bureau and above, recognizing suspicious behavior that could be associated with terrorism is key to prevention.2 Once each SAR is vetted and determined to have a potential terrorism nexus, it becomes an ISE-SAR—an Information-Sharing Environment Suspicious Activity Report.3

The key is the recognition of the continuum of proofs necessary to safeguard the privacy rights afforded everyone, especially targets. It is no different from any other continuum, such as the use-of-force continuum, wherein law enforcement decisions are made in response to someone else’s behavior.

In this specific instance, the fewer articulable facts obtained relating to someone’s suspicious behavior, the higher, or greater, the threshold of privacy protections that person is afforded by the Constitution. The weaker the facts or nexus, the greater the protections. No longer can police use their sixth sense to commence a criminal investigation. Articulable facts, such as credible tips and leads and a targets’ associates, hangouts, ideologies, and prior contact with the criminal justice system, can all be used as criminal predicate criteria when combined. Any court reviewing the constitutionality of law enforcement procedures looks to the totality of the circumstances. So too, then, police chiefs and intelligence commanders must use this same criteria to focus manpower and resources toward a preliminary investigation with a potential for terrorist activity.

Yet the lines are blurred when, as in the past, law enforcement has used political, religious, and social views of potential targets to justify their investigations. This is where intelligence liability issues arise. Training, education, and experience in the field of intelligence gathering will enhance the decision-making skills of the organization’s leaders in relation to the legal handling of SARs and how manpower deployment is managed.

The Key Acronym: CAP

In this new embryonic environment of local police developing terrorist intelligence, the key acronym is CAP, which stands for common sense, audits, and purges. As there is very little case law that provides legal guidance in addressing today’s evolving intelligence field, a risk management philosophy of common sense and accountability is the formula for success.

A CAP philosophy regarding the agency’s handling of suspicious activity reports demonstrates to ILP critics, reviewing judges, external auditors, and the general public that the organization embraces the nuances, standards, and guidelines set forth in this post 9/11 networking strategy. That the department’s goal is to zealously endorse proactive investigative tactics to combat terrorism and offset this with an equal vigilance toward protecting the privacy rights of innocent people and suspects alike.

Not all tips and leads will result in the detection of terrorism-related activities. More often than not, tips and leads go nowhere. It is critical that intelligence investigations meet the national minimal standards of accountability to protect the privacy rights of those investigated. More importantly, adoption of a mandatory policy for annual internal and external audits of the organizations’ criminal intelligence system demonstrates to all a professional, good faith commitment toward this end.

Common sense implies a demand for a reasonable officer standard in the field of intelligence gathering. When judging the legality of an officer’s actions, the law dissects the totality of the circumstances confronting that officer, in any given situation. Mirroring case law regarding police use-of-force standards, the quantifying guidelines in intelligence gathering should prompt an auditor to ask, “Did this intelligence investigation employ common sense and articulable facts that would justify a conclusion there may be a potential toward terrorism? Or were personal prejudices, biases, perceptions, and values used, devoid of any tangible criminal nexus, in gathering personal identifying information on these targets?" Common sense, in policing, will always reduce, or eliminate, liability.

Most critical to liability issues in ILP are the audit and purge recommendations found in the minimal national standards. Whether it be 28 C.F.R. Part 23, the LEIU,4 the Minimal Criminal Intelligence Training Standards from the DOJ, or the IACP model policies on criminal intelligence,5 all demand adherence to a system of accountability. This system incorporates annual or biannual internal audits of an agency’s criminal intelligence system. Audits are reviews of the system, the files, and the procedures conducted to be sure the agency comports with the established national guidelines for the handling and dissemination of personal identifying information of targets. Some agencies conduct annual external audits, employing retired judges, prosecutors, or intelligence experts to review their intelligence handling system at arm’s length to avoid any allegations of improprieties.

With SARs, the continuum of review must be even more stringent. As mentioned earlier, suspicious activity reports are mere suspicions, potential pieces of criminality, and targets are afforded greater protections at this stage. Their suspicious activity may turn out not to be criminal at all or may lead to dead ends. This is observed in everyday policing investigations. Critics of ILP ask, what happens to the sensitive data in that suspicious activity report and the agency’s file?

Tips and leads that are unsubstantiated, unreliable, unverified, or no longer active must be purged from these files. Timely auditing and review of SARs files will dictate what the status is of the investigation, and if nothing new has been added to bring current a follow-up investigation of that tip or lead, the file must be purged from the criminal intelligence system. Just as 28 C.F.R. Part 23 dictates that agencies must audit (and purge when mandated) their criminal intelligence files every five years, in this case, a stricter SARs audit policy is mandatory for adherence to respecting privacy safeguards.6 Retaining an innocent person’s dossier indefinitely, with no additions or follow-up leads, violates the spirit of intelligence-led policing tenets and may give rise to constitutional privacy violations liability.

The intelligence-sharing environment continually refines the tools, dictates, and policy modifications necessary for constitutional intelligence-led policing. Training in the intelligence field is mandatory, but just as important is monitoring updated policy recommendations associated with the ISE. Remember, everything taught in ILP training can and will be used against the agency and officers in a civil court of law. Adherence to the spirit of the law regarding privacy protections in intelligence provides an organizational comfort zone that will produce positive results for the agency. ■

1The ISE (Information-Sharing Environment) Functional Standard for Suspicious Activity Reporting, version 1.5 (ISE-FS-200), May 21, 2009, defines suspicious activity as “observed behavior reasonably indicative of preoperational planning related to terrorism or other criminal activity.” For purposes of this discussion, only criminal predicate with a nexus toward terrorism is addressed.
2There is an ongoing debate about whether SARs must be considered part of an organization’s criminal intelligence records (CIRs) and are subject to the de facto minimal national standards related to the handling of such sensitive data (28 C.F.R. 23) or are pre-CIRs and not subject to these standards. That is a topic for future discussions.
3ISE-Functional Standard for Suspicious Activity Reporting.
4Law Enforcement Intelligence Unit, Criminal Intelligence File Guidelines (March 2002), (accessed August 27, 2009).
5IACP Model Policy “Criminal Intelligence.”
6Florida has a review-and-purge policy, solely addressing tips and leads, that requires that within 90 days a review of a SAR file shall determine the status of that investigation, and if nothing new has surfaced, it must be purged.

About the Authors

Thomas J. Martinelli, J.D., M.S., is an adjunct professor at Wayne State University in Detroit, Michigan. He is a practicing attorney and trains law enforcement in the field of police ethics and liability and intelligence-led policing issues. He is a member of the IACP Police Image and Ethics Committee.

Lawrence E. Shaw is an inspector with the Florida Department of Law Enforcement (FDLE) Investigations and Forensic Science Program. He coordinates the flow of criminal information and intelligence between federal, state, and local law enforcement agencies using automated information systems. He has more than 23 years of diversified law enforcement and criminal investigative experience and seven years of emergency response experience.



From The Police Chief, vol. LXXVI, no. 10, October 2009. Copyright held by the International Association of Chiefs of Police, 515 North Washington Street, Alexandria, VA 22314 USA.

The official publication of the International Association of Chiefs of Police.
The online version of the Police Chief Magazine is possible through a grant from the IACP Foundation. To learn more about the IACP Foundation, click here.

All contents Copyright © 2003 - International Association of Chiefs of Police. All Rights Reserved.
Copyright and Trademark Notice | Member and Non-Member Supplied Information | Links Policy

44 Canal Center Plaza, Suite 200, Alexandria, VA USA 22314 phone: 703.836.6767 or 1.800.THE IACP fax: 703.836.4543

Created by Matrix Group International, Inc.®