New Bill Incorporates Private Sector Into Terrorism Monitoring and Reporting

Internet service providers and other essential entities to the nation’s cyber-infrastructure may be required to take a more active role in terrorism prevention. A new bill aims to assimilate the private sector into the monitoring and reporting of “suspicious terrorist activity.”

 H.R 5094, also known as the ‘Enhancing Suspicious Activity Reporting Act,’ passed in the house on June 25th, 2018. The two primary purposes of the bill are to develop a strategy “to improve the operations and activities of the Department of Homeland Security related to training, outreach, and information sharing for suspicious activity reporting to prevent acts of terrorism,” and to establish a working group to “provide advice to the Secretary [of Homeland Security] regarding improvements to the operations and activities related to suspicious activity reporting to prevent acts of terrorism.”   

This includes training and outreach to entities in the private sector, and requiring the private sector to share information on suspicious targets. In theory, these provisions from law enforcement would help the private sector to quickly identify and report possible acts of terrorism.

New York representative and bill sponsor, Peter King, sits on the House Committee on Homeland Security Subcommittee on Counterterrorism and Intelligence, which also proposed the ‘Terrorism Prevention and Critical Infrastructure Protection Act of 2017’ in February. This bill also suggested that the Department of Homeland Security strengthen and protect ‘critical infrastructure’ by sharing information/training with the private sector and establishing a research task force to provide the Secretary of Homeland Security with “the cyber preparedness of suppliers, contractors, or service providers of critical infrastructure.” As several of the same committee members are backing this bill, it may be safe to assume that H.R 5094 is, simply speaking, a rework of the earlier bill, with similar intentions.

Employing the concept of terrorism prevention as a means for government collusion in the private sector has become a platitude among officials since 9-11, through the Snowden revelations and up to now. But could this be a hazardous preface for more warrantless monitoring of citizens? And furthermore, what will be the criteria for determining whether or not someone can be suspected of “terrorist activity?”

The committee report on H.R 5094 references another report titled “Preventing Another Boston Marathon Bombing: Reviewing the Lessons Learned from the 2013 Terror Attack,” in discussing the background and need for this legislation. The report specifies that educating the public and empowering them to speak out when they notice potential signs of terrorism is a long term solution for preventing events such as the Boston Bombing. It suggests that had there been stronger communication between people that could have identified Tamerlan Tsarnaev and authorities, law enforcement may have been able to apprehend Tsarnaev before he was able to take the life of MIT Police Officer Sean Collier,

“As this Committee has often highlighted, the public can be a powerful ally in identifying potential terrorist activity. Law enforcement’s ability to build a strong partnership with the
public, based on trust and transparency is crucial to obtaining information that will prevent violent attacks like Boston in the future. In order for the community to assist in preventing
terrorist attacks, it is incumbent upon the federal government to provide the public with mechanisms to facilitate communication with law enforcement and to educate them on the threat posed by homegrown violent extremists.”

But would this information be given to or taken by law enforcement? Much like HR 5094, the report on the Boston Bombing references reaching out to the private sector for the collection of useful information in preemptively striking against acts of terrorism,

“According to the Department, it has evolved its CVE [Countering Violent Extremism] strategy over recent months to become a more comprehensive prevention model that allows it to work with communities and recognize at-risk individuals before violent extremism takes root. A pilot program has been developed that encourages local partners to develop mechanisms for engaging various resources including the private sector and social service providers.”   

Participants in the pilot program, titled the Federal Joint Terrorism Task Force, include the Austin Police Department, The Texas Department of Public Safety and the University of Texas at Austin Police Department, among New York and Boston law enforcement agencies.

In April of 2017, APD, with the JTTF pilot program, apprehended Steven Boehle, after they were informed of a mass shooting plot by a “confidential human source.” Authorities discovered the presence of 13 firearms, over 1,100 rounds of ammunition and a letter that was used to determine Boehle’s plan. Though Judge Mark Lane initially released Boehle on bond, due to what he claimed to be prosecutors’ failure to prove Boehle a threat to the community and claiming that his letter was “marijuana-induced gibberish,” he was later returned to police custody.


  1. I have long predicted that the current trend of legislation “encouraging” and “facilitating” reporting from the private sector would end and be replaced by mandatory reporting.

    So, while I anticipate it will come at some point, and figure Rep. King will be among those who embrace it, I don’t see where this bill does, in fact, contemplate or provide for any *mandatory* “sharing” of information on suspicious targets by the private sector. Would appreciate where Hensley thinks that is in H.R. 5094. Section 2(b)(4) hints at the goal but does not mandate.

    1. Hello Scott! My concerns on mandatory info sharing stem primarily from the fact that several of the sponsors of this bill also sponsored H.R 945 (which I thought I referenced in the post, but am now seeing that I didn’t) that required information sharing between ISPs and other ‘providers’ and authorities on subjects sucgph as security measures.

      1. I don’t see it there either. HR 945 does not call for a *requirement* that any private sector participant to report suspicious threats. The closest it comes is in §8(c)(1)(B), but even that part says nothing about anything being mandatory. At least not yet. I grant that one could read it in strained fashion to allow the Homeland Security Secretary to find (after input from the other agencies and “researchers” that mandatory sharing is a necessary baseline requirement. But this is a stretch. And any such proposal would be a substantive rule that would have to be proposed, published and put out for comment. Many would oppose, and have good legal grounds to get it overturned if it were ever promulgated.

        Again, don’t get me wrong. There will ultimately be a push for a statute or rule that requires private sector providers to surveil and report all sorts of things deemed or found to be suspicious. Voluntary could well become mandatory, despite huge opposition from the privacy and civil liberties community along with many providers. But these don’t do that.

        1. Valid points! My aim was to discuss the bill as more of a gateway than anything, but that was probably lost in my describing the bill. But I will definitely be sure to be more clear on the future. Thanks for the feedback, please keep it coming!

          1. My recommendation is that advocates not claim bills like this impose mandatory reporting when they do not in fact expressly do so. Instead we should recognize they “encourage” voluntary action, but express concerns about the potential that “voluntary” reporting will nonetheless lead to privacy violations and false positives despite all the precatory language about privacy these bills always have. A voluntary incursion can be just as harmful as one that is compelled; indeed it could be worse in some instances. One could also question the extent to which it will be truly voluntary, especially given the incentives being created to “voluntarily” report.
            But my primary advocacy point is more of a warning. I’m not big on slippery slope arguments, but one may be appropriate here. These could just be vehicles to get the camel’s “voluntary” nose in the tent, for now. The secret goal could be to ultimately insert the entire mandatory surveillance and reporting beast as soon as it appears politically feasible, probably in response to some major event. Every time one of these comes up it is imperative to get the sponsors to emphasize voluntariness and more important get them to expressly disclaim any intent to *ever* make it mandatory.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.