Printer Friendly

The FBI's Communicated Threat Assessment Database: history, design, and implementation.

In January 1999, a gunshot pierced the window of a Pennsylvania house and killed the female resident. Her estranged husband, a wealthy doctor, was the prime suspect, but investigators did not have enough evidence to convict him. Early in the investigation, his attorney received two separate anonymous letters attempting to exculpate the husband. The investigators requested an authorial attribution analysis (i.e., an attempt to determine common authorship between two or more sets of communications) of the two anonymous letters and numerous ones written by the husband. Comparing these with the more than 1,000 letters contained at that time in the FBI's Communicated Threat Assessment Database (CTAD) strengthened the distinctive quality of the two sets of letters and their author. Investigators determined that the husband had sent the recent ones in an attempt to misdirect the investigation. During the interim, he had moved to Washington, and, in December 2002, authorities arrested him and returned him to Pennsylvania for trial. In 2004, FBI personnel provided expert testimony at the husband's trial as to the results of their analyses and the findings derived from CTAD. After a first-degree murder conviction, the judge sentenced him to life without parole.



The FBI's Behavioral Analysis Unit-1 (BAU-1) of the Critical Incident Response Group is a component of the National Center for the Analysis of Violent Crime at the FBI Academy and focuses its efforts on counterterrorism, threat assessment, and other forensic linguistics services. BAU-1 personnel offer services, including behaviorally oriented investigative assistance in counterterrorism matters, threat assessment/textual analysis, WMD, extortions, product tampering, arson and bombing matters, and stalking cases, to the FBI; other international, federal, state, and local law enforcement and intelligence agencies; and the military. In conjunction with these responsibilities, the unit implemented CTAD to serve as the primary repository for all communicated threats and other criminally oriented communications (COCs) within the FBI. It assists with categorizing, analyzing, assessing, and maintaining all communications falling into these two areas.

Some communicated threats and COCs are sent to their respective recipients for personal reasons, whereas others relate directly to criminal enterprises, such as extortion, kidnapping, and other crimes. Some fall under the domain of national security and have intelligence potential contained therein. For example, a communication to a corporation or a government entity could be an attempt to threaten, or actually violate, the security of the company or the United States.

All communicated threats and COCs received at the FBI are entered into CTAD, categorized accordingly, analyzed, and assessed for their respective threat potential. Then, BAU-1 agents search for similarities with other existing communications within the database, make a possible determination of authorship, and notify the submitting agency of their findings.


An increase from only several dozen per year in the mid-1990s to approximately 400 in 2005 alone aptly illustrates the significant rise in the number of threatening communications and COCs received by BAU-1 during the past several years. The advent of e-mail, with its ease of use and accessibility, has played an important role in this growth. Also, the terrorist attacks of September 11, 2001, and the anthrax mailings shortly thereafter, among other cases, have demonstrated the need for the FBI to monitor all of these communications. The agency, therefore, determined that a database would aid in coordinating this expanding number of communications and the requests for BAU-1 personnel to assess and analyze them.

During the early stages of planning, unit members envisioned a corpus with a word capacity exceeding 100 million, an extensive search potential, detailed categorization and classification parameters, and report-writing capabilities. Most important, they wanted a linguistically oriented database, as well as a behaviorally oriented one. If language in a particular communication suggested potentially deadly action, behavioral markers within the text would be identified, cross-checked with other communications, and evaluated. Such a design would combine both linguistic- and behavioral-based concepts in an attempt to not only assess the possibility of a threatened action being undertaken but also assist in the identification of the anonymous author.


Currently, CTAD contains almost 2,500 communicated threats or other COCs that vary in length from several sentences to 20 or more pages. The database divides these into 24 categories of either a general nature, such as terrorism, or a more specific genre, such as WMD, sexual, or militia. The overall theme of a communication denotes the primary category selected, while other ancillary factors, such as the mechanism of a threatened action itself, can place it into a secondary one. For example, the author of an anonymous communication may claim allegiance to a known terrorist group and threaten a city with a radiological device. In that case, the primary category would be terrorism with WMD as the secondary one.

CTAD is divided into four sections. The first, Administrative, includes file numbers, keywords, case title, FBI division information, investigator details, and similar data. The second section, Case Facts, contains information related to the case, including the form of the threat, authorship (if so indicated), means of delivery, target, demands, details about the victim/recipient, media coverage, and other relevant details. The third, Linguistic Profile, requires advanced training and experience in the fields of criminal behavior and forensic linguistics. This section incorporates assessments based on a behavioral and linguistic analysis of the communication, including indications of capabilities, commitment, deception, biographical information (e.g., sex, age, race/ethnicity, education, and native language), and, if necessary, the level of threat (e.g., low, moderate, or high). The last section is Case Facts Confirmed and is completed only when the author of a threatening communication or COC has been identified, making biographical and descriptive data available. This section assists in the identification of anonymous writers of other threatening communications and COCs in CTAD, which may not have been previously linked.

The search component constitutes one of CTAD's most important elements. BAU-1 personnel can restrict searches to the database itself or other directories within the system. When working on specific authorial attribution projects, employees can create separate directories of the known and the questioned documents and search only those two. Unit members also can search the 24 categories within CTAD for like communications. For example, they could search all sexual communications for all available years or for only one. Other search tools include location, such as readily accessing all communications from a specific FBI office. In addition, personnel can conduct searches relating to the age, sex, and ethnicity of authors. BAU-1 plans to add more advanced search capabilities in the future.


When a new threatening communication case arrives at BAU-1 via an FBI office or a local or state law enforcement agency, an analyst accesses CTAD and obtains all relevant information related to it, including how many threats have been received in the last year in that specific category and whether any similarities exist between the linguistic features in the current communication and others in the database. At this point, based on the receipt of all of the relevant information available at that time, agents can complete their assessment and analysis and provide the most salient opinion as to the potential of the threatened action being carried out and the personality characteristics of the author.

A recent case offers an example of how CTAD can aid investigators. For several years, agents in the FBI's Cleveland office have been investigating a series of threatening and racially insensitive anonymous letters received by numerous people, including college and professional athletes and other celebrities, throughout the United States. Using the database, BAU-1 personnel linked all of the letters to the same author. Subsequently, agents in the Las Vegas office began investigating the receipt of a threatening and racially insensitive anonymous letter to a particular victim. Through a linguistic- and behavioral-based search of the letter, BAU-1 members determined that it originated from the author of the letters in the Cleveland case. While the author remains unidentified, CTAD's advanced search capabilities have ensured that agents will work the case as one investigation, thereby improving the chance of a successful resolution.

Future plans include continually upgrading CTAD in an effort to make it as effective a tool as possible, including an online capability throughout the FBI. Moreover, CTAD offers endless research potential in terms of undertaking studies to determine the type of anonymous individual who composes and sends threatening communications and COCs. From a sociolinguistic perspective, researchers could examine features, such as age, sex, ethnic background, and education level, in these types of communications and determine commonalities among the authors. Follow-up interviews of identified authors may reveal a great deal about them, including those who were "only" threatening, those who really meant what they wrote, and those who actually carried out a threatened action.


The Communicated Threat Assessment Database is a new item within the FBI's arsenal of tools in its effort to combat crime and terrorism. While it has historical precedence in both the government and academic communities, CTAD is unique in its design and purpose.

The database will continue to enhance the threat assessment and textual analysis process within the FBI. Its creators hope that as CTAD and its corpus and capabilities grow, so too will the services provided to those requesting assistance with these critical matters.


(1) Eugene A. Rugala and James R. Fitzgerald, "Workplace Violence: From Threat to Intervention," in Clinics in Occupational and Environmental Medicine, eds. Carol Wilkinson and Corrinne Peek-Asa (Philadelphia, PA: W.B. Saunders, 2003), 778.

(2) Ibid., 780.

(3) BAU-1 personnel coined this term.

Special Agent Fitzgerald serves in the Critical Incident Response Group, Behavioral Analysis Unit-1, at the FBI Academy.


* Communicated threat: verbalized, written, or electronically transmitted message that states or suggests potential harm to the recipient, someone or something associated with the recipient, or specified or nonspecified other individuals. (1)

* Threat assessment: detailed examination of the elemental parts of a verbal or written threat to estimate in terms of high, medium, or low probability the genuineness and overall viability of the expression of intent to do harm. (2)

* Criminally oriented communication (COC): verbalized, written, or electronically transmitted message, usually anonymous, not necessarily threatening a specific action or event but relating to an existing or potential crime.

* Post-offense manipulation of investigation communication (POMIC): (3) communications received by the media or criminal justice entities after the commission of a crime, often a high-profile case. Invariably anonymous, POMICs assert that the person publicly accused, under investigation, in custody, or standing trial for a certain crime is innocent. The author usually claims responsibility for the crime or knows the "real" offender who always remains unnamed. Such communications attempt (usually unsuccessfully) to convince the public, the media, the investigators, or the jury that the accused, the arrested, or the defendant did not commit the crime. As in the case study at the beginning of this article, investigations of POMICs usually reveal that the person accused of the original crime or someone close to that individual authored the letter. In some jurisdictions, writing a COC may constitute obstruction of justice. However, even without separate charges based on POMICs, their presence may serve to strengthen the prosecution of the original crime.
COPYRIGHT 2007 Federal Bureau of Investigation
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2007, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Focus on Technology
Author:Fitzgerald, James R.
Publication:The FBI Law Enforcement Bulletin
Date:Feb 1, 2007
Previous Article:Financing terror.
Next Article:Dealing with hawala: informal financial centers in the ethnic community.

Related Articles
The FBI's critical incident negotiation team.
Historical trends related to bioterrorism: an empirical analysis.
Expert testimony and risk assessment in stalking cases: the FBI's NCAVC as a resource.
FBI dumps information-sharing software.
Risk assessments and future challenges.
The FBI's field intelligence groups and police: joining forces.
Information GAPS: fusion centers aim to connect federal, state, local agencies.

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters