In Depth: Databases to Support Threat Assessments

There is no master database of suspected mass shooters or other mass attackers, which requires law enforcement to work the threat in front of them. To do that most effectively requires access to information. There are hundreds of information sources, but the challenge is to know which ones exist and how the information can be pulled for investigative purposes. Perhaps most important is to develop close relationships with the partners who manage the systems to which law enforcement cannot gain access directly. Local law enforcement still might have to share information with those database managers to find out whether there are any related records. The only way that these systems will be valuable is if local agencies contribute data and use the systems, either directly or indirectly.

Most-Commonly Used Data Systems to Support Assessing a Threat

These include DOJ, ATF, DHS, fusion centers, and state and local databases.

U.S. Department of Justice

FBI-run databases: These databases provide for submitting information to the FBI and have some ability to transmit information back to local agencies. Fusion centers can help local agencies access FBI-stored information. These databases can be very useful in helping local agencies search for key information about subjects across the country.

  • eGuardian is the core system for local agencies to submit suspicious activity reports (SARs) that are potentially related to terrorist activities (FBI, undated b). SARs are automatically forwarded to the relevant Joint Terrorism Task Force, reviewed, and then distributed to field offices and fusion centers as circumstances warrant. The system supports custom queries and searches run on names or other details, but it will not return comprehensive information. Once information is input, the threat is assessed and sent to the field offices.
  • National Data Exchange (N-Dex): N-Dex is a nationwide investigative database of case and corrections records submitted by participating agencies (FBI, undated h). It permits searching for names and related entity information across all those cases, returns matching case records, and shows relationships between those records on link-analysis charts and maps.
  • National Crime Information Center (NCIC): NCIC is the FBI's central database for tracking time-sensitive crime-related information, such as warrants, whether a person is a known or suspected terrorist, and stolen vehicles (FBI, undated g). NCIC also identifies whether a person has recently been denied a gun purchase as a result of the National Instant Criminal Background Check System (NICS). Local law enforcement can enter information that the FBI can enter into eGuardian if it is applicable.
  • Law Enforcement Enterprise Portal (LEEP): LEEP is a portal for authorized agency users to access multiple databases and resources, including eGuardian (FBI, undated f). As noted above, local agencies may need to rely on fusion centers or authorized personnel within the region to search eGuardian and related databases.

Bureau of Alcohol, Tobacco, Firearms and Explosives

  • NIBIN maintains a database of intelligence information from ballistic imaging technology to help law enforcement link firearms to individuals or crimes (ATF, undated).
  • All ATF investigations and prosecutions are retrievable in NCIC. Fusion center analysts or investigators can access these data via N-Dex.

U.S. Department of Homeland Security

  • Homeland Security Information Network (HSIN): Although it is not a traditional database, the different communities, such as HSIN Intel, are places to post and download bulletins, track critical incident information, and post requests for information (DHS, 2021).

RISS: RISS consists of six regional information centers and a national technology support center, which collectively provide a variety of information-sharing capabilities to support investigations and officer safety. Key databases are

  • RISSIntel, which provides for the federated searching of more than 60 RISS-managed and partner databases on individuals, criminal organizations, vehicles, numbers, and weapons (RISS, undated c)
  • RISSafe, which is a deconfliction system to protect officer safety and ensure local awareness of related efforts (RISS, undated b).

Fusion centers: Fusion center personnel have access to many federal, state, and local databases. Many also have social media research units. Local law enforcement can make requests to search on an individual or a situation of concern.

State and local databases: As noted earlier, states, regions, and localities often maintain their own data systems. Threat assessment teams need to be familiar with what is active in their areas, what capabilities and uses exist, and who the points of contact are. Below are just a few examples:

  • LA Clear (undated)
  • Silicon Valley Regional Data Trust is an example of a regional system that includes administrative records from education, health and human services, and juvenile probation from among three counties in Silicon Valley (Center for Collaborative Research for an Equitable California, undated).

Commercial Systems

  • COPLINK is an investigative tool and connects and integrates agencies' databases
  • LexisNexis
  • Accurint

Next Page in the Prevent Phase

Threat Assessment - Further Reading