Federal Agencies Leaned on Open-Source Data for 6 January Intelligence Products

“Congress needs to hear glass breaking, doors being kicked in, and blood… Get violent… Go there ready for war.” This was just one of many pieces of online open-source intelligence that the FBI reviewed ahead of the riot at the U.S. Capitol Building on 6 January 2021, according to a report from the U.S. Government Accountability Office (GAO).

In its report Capitol Attack: Federal Agencies’ Use of Open Source Data and Related Products Prior to January 6, 2021, published 2 May 2022, the GAO assessed what open source data that 10 U.S. federal agencies obtained and shared in advance of the riot. It found that of 38 election-related threat products produced by these agencies, 26 were related to the planned events of 6 January.

The 26 products included warnings about the potential for violence between opposing groups, that groups or individuals could be armed or use improvised weapons like explosives, that extremist groups may commit or incite violence at demonstrations, and that groups may attack the Capitol or Congress. Agencies began producing intelligence reports that included open-source data about these threats as early as 3 November 2020, and the reports ramped up significantly in late December.

Information on 6 January-related threat products included protest locations, dates, and the estimated number of attendees, as well as risks of extreme actions.

“To develop these products, the selected federal agencies in our review used open-source data on potential criminal activity, human sources, observed outcomes of prior demonstrations, and other investigative tools and methods,” the GAO noted. “Agencies used threat products in various ways, including to inform agency planning efforts and situational awareness.”

While the GAO does not deny the value of using open-source data—such as social media posts and other publicly available information—it cautions that law enforcement agencies must also “consider the protection of privacy, civil rights, and civil liberties when collecting and sharing this information.”

According to the Real-Time and Open Source Analysis Resource Guide, published in 2019 by multiple U.S. federal agencies, publicly available information includes pieces that have been published or broadcast for public consumption; are available to the public on request, online, or by subscription or purchase; could be seen or heard by a casual observer; are obtained by visiting any place or event that is open to the public; or are made available at a meeting that is open to the public.

While social media posts and activity count as protected speech, the right to free speech does not extend to credible threats, the guide said, and agencies can use open-source data to assess the credibility of a threat when there is a risk to public safety.

“In some cases, it may be difficult to make a determination about the credibility of a threat identified in open-source data,” the GAO wrote. “However, information about that potential threat may still be communicated to other agencies via reports, such as situational awareness reports.”

The GAO report is the fifth in a six-part series assessing preparedness and response to the 6 January riot at the U.S. Capitol. The final report will assess how threat intelligence—including from open sources—was shared across agencies in the lead-up to the attack. A release date for that report has not been announced.