Trump’s analysts failed to produce any actionable information or issue intelligence bulletins until two days after the Capitol Insurrection. However, they had seen online comments from people threatening to attack politicians and vowing to storm Congress. One case even called for the “shoot-and-kill” of protesters at the upcoming rallies in relation to the presidential election.
DHS’ Office of the Inspector General published a 54-page report that found the department was “unable to provide its many State, Local, and Federal Partners with timely, actionable, and predictive intelligence” despite being the only federal member required by law to share such information.
DHS failed to provide adequate training in open-source collection. This resulted in “inexperienced collectors”, who didn’t adhere to department guidelines and were reluctant to share information. DHS officials instead emailed threat information before the attack to local Washington D.C. partner, choosing not to issue widespread intelligence warnings.
The messages between collectors on January 2, and 3, reveal that DHS employees saw a variety of open-source threats on message boards and social media, but decided not to report them.
After finding an online map of all exits and entrances to Capitol Building, one collector said that “people are going to try to hurt politicians.” “January 6 will be crazy.”
DHS analysts called threats unlikely in a separate message exchange the next day. However, one analyst suggested that he was unsure. In a message to a colleague, the collector stated that people were talking about storming Congress and bringing guns. He also said that he was willing to die for the cause.
Two collectors joked about possible threats to lawmakers in messages from another chat. One DHS employee wrote, “Like there are these people talking about hanging Democrats on ropes like WTF.”
Another replied, “They’d need lots of rope, DC is pretty much all democratic haha.”
A draft of an open source intelligence report, or “OSIR”, was authored by one collector. It warned of threats to the U.S. Capitol in January 2005, the watchdog discovered.
The inspector general found out that a different collector had concluded that the draft report describing threats to legislators and the U.S. Capitol did not meet the reporting threshold. It “contained hyperbolic data.”
The watchdog discovered that “overall, open source collectors explained it to us they didn’t think storming U.S. Capitol possible and therefore dismissed this type of threat as hyperbole.”
The bulletin was ultimately not completed and distributed until January 8, two day after the breach, which rendered it “ineffective.”
The Department of Intelligence and Analysis leadership told the inspector general about the delay. They said that officials weren’t instructed to issue a bulletin prior to the January 6 events, “because there wasn’t enough time.” Instead, the Counterterrorism Mission Center shared threats in briefings with department leaders.
For weeks, however, DHS’ intelligence arm kept pinging tips back and forth between three divisions, failing to provide any useful guidance for its network of state- and local enforcement partners.
The agency’s Field Operations Division shared information with OSCO on December 21st 2020. This was after an individual threatened to kill and shoot protesters at the forthcoming rallies regarding the presidential election. A FOD staffer later admitted to a colleague that OSCO had “slipped away” from her. No report was then written, but the tip was accepted.
DHS’ Counterterrorism Mission Center asked for evidence of open-source intelligence from January 6 to be used to inform the U.S. Capitol Police and Secret Service. Five OSCO collectors provided comments that referenced weapons and targeting law enforcement, and the U.S. Capitol Building. This was shared in a document. Analysts discovered that some people online claimed they would die in the violence.
The inspector general said that there was no evidence that the five collectors had drafted a report about any of these threats.
The watchdog discovered that collectors were “hesitant to issue intelligence products” after being subject to earlier scrutiny of DHS’ Office of Intelligence and Analysis controversial response to protests in Portland, Oregon in the summer of 2020.
A DHS internal review revealed that personnel collected and disseminated intelligence about US journalists after being assisted by poorly trained staff.
DHS inspector general concluded that the Office of Intelligence and Analysis had “hired inexperienced open-source collectors in the month leading to January 6, 2021” and then failed to provide training courses.
The report stated that 16 of 21 collectors had less experience than one year as of January 6, 2021. Some of these new collectors claimed they didn’t receive enough training to determine when it was appropriate to report threat information.
“Collectors were trained informally by working alongside more experienced colleagues,” said the inspector general. This was a result of the difficulty of a spontaneous setup during the pandemic.
The inspector general made five recommendations at the end of the report. These included enhancing training every year and creating a process for requesting and receiving timely open source intelligence bulletins if they are relevant to upcoming events.
DHS agreed to all five recommendations.
John Cohen, the head of the Office of Intelligence and Analysis, stated in a Tuesday memo that he had “fully concurred” and worked with staff to ensure that the suggestions were implemented.
A spokesperson for DHS stated that the agency has “increased intelligence analysis, information sharing and operational preparedness” to prevent violence and keep communities safe.
Tuesday’s report was the result of a 115 page Government Accountability’s Office review of U.S. Capitol Police. This review found that law enforcement had failed to provide adequate intelligence to the officers on the ground. It came ahead of January 6.
