Technology Update

eGuardian Gains Momentum 

By Colin Durner


With the ever-present threat of another serious terrorist attack occurring on American soil, law enforcement agencies must remain vigilant and resist complacency. The main advantage for law enforcement personnel now, as opposed to before 9/11, is that there are more tools in place to detect and disrupt such an attack from happening. One such tool, eGuardian, has proven an ideal collaborative solution in bridging the gap that formerly existed in the law enforcement information sharing realm.

Information sharing has been discussed extensively at law enforcement conferences and mentioned by several politicians and law enforcement officials, including FBI Director Robert Mueller, Attorney General Eric Holder, and President Barack Obama.1 What exactly is information sharing, though, and how was eGuardian born out of such a vague term?

FBI Terrorism Task Force member and other law enforcement personnel outside an official vehicle.

Sharing Information

Following the 9/11 terrorist attacks, reforms began to take place within the American federal law enforcement community. In 2007, as detailed in the National Strategy for Information Sharing (NSIS), the National Security Council under President George W. Bush directed the FBI to share more information—namely terrorist—with law enforcement agencies.2 In this case, terrorism information includes four main categories: specific threats, actual events that already have occurred, encounters between law enforcement and individuals on a terrorism watch list, and suspicious activity reports (SARs), which document observed behaviors that may indicate the preoperational planning of a terrorist attack.3 As a response to the NSIS, the eGuardian system was created, providing three critical functions that are unprecedented in terms of information sharing.

First, the system allows local law enforcement agencies to put terrorism-related information in a database where it has a direct electronic path to the FBI’s Joint Terrorism Task Force (JTTF). The JTTF then can investigate the incidents in conjunction with state and local authorities.

Second, eGuardian allows the FBI to share its unclassified terrorism information with the rest of the domestic law enforcement community. In the past, the FBI put all of its terrorism-related reports that required further assessment into a classified, in-house system called Guardian. The only people who could see them were FBI personnel and law enforcement officials assigned to the JTTF. Although the FBI still inputs most of its terrorism information directly into Guardian, the majority of it now also is passed electronically to eGuardian. This system feature directly resulted from receiving feedback from local law enforcement agencies. In fact, many of eGuardian’s new system enhancements, which constantly are being added, have resulted from suggestions received from police agencies across the United States.

Third, information entered into eGuardian can be seen nationwide by all law enforcement entities with system access. System users also have the ability to add information to all incidents.  For instance, this would allow a local officer in New York to attach an old police report involving a person who is the main subject of a new incident entered by a police department in California. This type of collaboration within eGuardian can lead to patterns being established and help connect the ever-elusive “dots” with regard to potential terrorism activity.

Having Remarkable Success

The pilot program for eGuardian ended in December 2008, and the system was put to the test during the inauguration of President Barack Obama on January 20, 2009. As eGuardian approaches its third anniversary, its success is evident. Using information received through eGuardian, the FBI has initiated over 106 new terrorism cases and enhanced approximately 388 cases already in existence. The system has allowed federal, state, local, and tribal law enforcement agencies to actively share and exchange terrorism-related information at an unprecedented level.

For example, a woman in California suspected that her son had become obsessed with jihad after he began voicing support for al Qaeda and stockpiling weapons illegally. Based on the mother’s complaint, the local sheriff’s office could justify entering the information in eGuardian based upon the presence of a potential nexus to terrorism. The information passed through one of California’s state fusion centers and to the JTTF. An investigation subsequently was opened.

In another instance, a man was discovered to be in the possession of extensive explosive-making materials after police responded to a report of fire at his residence. The FBI put the incident into eGuardian while simultaneously opening a JTTF investigation. The subject since has been indicted and currently awaits trial.

In the past, quite possibly, no one outside the JTTF would have been privy to either of these incidents until the story appeared on the evening news. eGuardian has changed all that through its collaborative functions.

Gaining Access









“The system has allowed…law enforcement agencies to actively share and exchange terrorism-related information at an unprecedented level.”

Sworn law enforcement officers or persons (e.g., a crime analyst or dispatcher for a police department) working in direct support of a law enforcement agency can use eGuardian. However, they first must obtain a free account from Law Enforcement Online (LEO) at LEO is a secure, unclassified network that not only hosts eGuardian but also is home to many other useful and free law enforcement services and online tools. LEO prompts all potential users to verify their status within the law enforcement community. This is the first check to ensure that only appropriate law enforcement personnel gain access to the system. Users can register for eGuardian access once their LEO account is established. Their law enforcement credentials will be verified again, and they will be placed in a custom account created for their respective agencies. 

The eGuardian system allows law enforcement agencies to combine new suspicious activity reports of incidents with existing (legacy) reporting systems to form a single information repository accessible to thousands of law enforcement personnel and analysts directly supporting law enforcement.

Once users gain access and agree to the terms of use, they will have the ability to search for, read, add to, and create new incidents. Any new incidents will be sent to the agency’s local fusion center or similar entity for approval per policy standards before they are pushed out for systemwide dissemination. Incidents also are electronically passed to the Guardian system, which ensures that they will be sent to and assessed by the appropriate JTTF to determine whether or not they will be converted to an investigation. The FBI’s Guardian system also provides automatic updates to eGuardian users regarding the status of any referred incidents once they are being assessed by a JTTF.

Protecting Civil Liberties

Whenever a U.S. government system is used to collect information on American citizens or U.S. persons, scrutiny may arise from both the public and the media with regard to civil liberties.4 From the day eGuardian was envisioned, it was apparent to the FBI that there needed to be a robust system of checks in place to assure that eGuardian would protect the civil liberties guaranteed by the Constitution.

All eGuardian users must abide by the system user agreement, which contains language specific to civil liberties protection, in keeping with the U.S. Department of Justice’s privacy policies. In addition, all information entered into eGuardian must pass from the entering agency to a state fusion center (or similar approving agency) where policy checks are conducted. FBI JTTF and FBI headquarters personnel also constantly monitor eGuardian incidents to assure policy compliance. Instruction on eGuardian system usage and policy is provided for users via Web-based training.


The eGuardian system began its official program pilot with fewer than 40 law enforcement agencies. After its pilot ended, 95 incidents had been entered and shared within the system. As of November 2011, eGuardian has a customer base of 4,050 individual users representing 1,227 law enforcement agencies. The system contains 10,435 incidents that can be searched, analyzed, and enhanced by any system user. These incidents now come from three different sources: individual eGuardian agencies and fusion centers, the FBI’s internal Guardian system, and the National SAR Initiative’s (NSI) Shared Space tool, which gathers SARs and other terrorism information from 13 fusion center sites across the country.5

The FBI is an official partner of the NSI, a collaborative effort to promote an effective, standardized SAR sharing process.6 The NSI’s efforts are partially reflected in the Web tutorial, which now mandatory for all eGuardian users, addresses the preservation of civil liberties while using an information system, such as eGuardian.

In the future, eGuardian will continue to develop new features that will incorporate geospatial software and allow for even more advanced incident analysis. This continually upgraded technology will aid in discovering trends and patterns of behavior when identifying terrorist threats.

Colin Durner, a staff operations specialist in the FBI’s Counterterrorism Division, prepared this Technology Update.

To learn more about obtaining access to eGuardian, law enforcement personnel can visit


FBI Director Robert S. Mueller III, “The Importance of Partnerships” (speech presented at the International Association of Chiefs of Police Conference, Orlando, FL, October 25, 2009); Attorney General Eric Holder (speech presented at the Bureau of Justice Assistance National Conference, Washington, DC, December 7, 2010); President Barack Obama, “Classified Information and Controlled Unclassified Information,” memorandum to the heads of executive departments and agencies, May 27, 2010, Office of the Press Secretary, Washington, DC.

White House National Security Council, National Strategy for Information Sharing (Washington, DC, 2007).

Program Manager for the Information Sharing Environment, Information Sharing Environment,Functional Standard, Suspicious Activity Reporting, Version 1.5 (Washington, DC, 2009).

American Civil Liberties Union, “Spy Files: More About Suspicious Activity Reporting,” (accessed June 29, 2010).

Nationwide SAR Initiative, “Implementation Map,” February 10, 2011).

Nationwide SAR Initiative, “NSI Overview,” (accessed February 02, 2011).