Criminal Justice & the Rule of Law Democracy & Elections

How Could Law Enforcement Have Investigated Before the Capitol Riot?

Sean Joyce, David Kris
Friday, January 15, 2021, 12:08 PM

As more information becomes public about the violence at the Capitol, it’s helpful to understand the basic rules under which the government collects information in advance of events like those that took place on Jan. 6.

U.S. Capitol Police Headquarters draped in mourning after the death of Officer Brian Sicknick in the Capitol riot. (Flickr/Victoria Pickering,; CC BY-NC-ND 2.0,

Published by The Lawfare Institute
in Cooperation With

The day after what he called “the siege at the Capitol,” FBI Director Christopher Wray vowed that the bureau “will hold accountable those who participated in” the attack. Arrests have already been made, but it is equally clear that the FBI itself, as well as the Capitol Police and other agencies, will face aggressive questions from officials, the press and the public about what transpired.

Some members of Congress have focused on a failure of intelligence in anticipating the violence; others have focused on the apparently inadequate preparation and response. Herb Lin and Amy Zegart have called for a Commission on the Capitol Siege. On Jan. 15, the Department of Justice Office of Inspector General (DOJ OIG) announced that it “is initiating a review to examine the role and activity of [the Justice Department] and its components in preparing for and responding to the events at the U.S. Capitol on January 6, 2021,” and will be coordinating its efforts with those of other inspectors general from other agencies. Among other things, the inspector general announced, its review

will include examining information relevant to the January 6 events that was available to DOJ and its components in advance of January 6; the extent to which such information was shared by DOJ and its components with the U.S. Capitol Police and other federal, state, and local agencies; and the role of DOJ personnel in responding to the events at the U.S. Capitol on January 6. The DOJ OIG also will assess whether there are any weaknesses in DOJ protocols, policies, or procedures that adversely affected the ability of DOJ or its components to prepare effectively for and respond to the events at the U.S. Capitol on January 6. If circumstances warrant, the DOJ OIG will consider examining other issues that may arise during the review.

Without prejudging the results of any upcoming review(s), it may be helpful to understand the basic rules under which the government collects information in advance of events like those that took place on Jan. 6.

Based on our experience in law enforcement and intelligence, there are three important points to understand.

First, the FBI and other agencies enjoy authority and responsibility to anticipate and prevent crimes and threats to national security, not merely to react afterward. Put differently, as its internal guidelines recognize, the FBI is “an intelligence agency as well as a law enforcement agency.” Apart from traditional investigations of crime, therefore, the FBI may also gather information about “an individual, group, or organization that may be involved in criminal or national security-threatening conduct.” Investigations “may also be undertaken for protective purposes,” to shield those who might “be targeted for criminal victimization … terrorist attack or other depredations by the enemies of the United States.” In keeping with these mandates, the FBI very likely discussed and considered the safety of the Capitol in advance of Jan. 6.

Second, to protect the Capitol from possible attack, the FBI has the ability to collect information without any particular suspicion of wrongdoing by any person. As an intelligence agency, its guidelines state, the FBI is “not constrained to wait until information is received indicating that a particular event, activity, or facility has drawn the attention of those who would threaten the national security.” Instead, it “must take the initiative to secure and protect activities and entities whose character may make them attractive targets for terrorism.”

In particular, the guidelines establish that as part of what it calls “assessments,” the FBI could have collected “publicly available information,” including information from “online services and resources (whether nonprofit or commercial).” It had authority to use and recruit human sources in keeping with other, specialized guidelines. And it also could have issued “grand jury subpoenas for telephone or electronic mail subscriber information.” It appears that there was a lot of information on social media and the internet in advance of the Capitol attack, and there may also have been information available from informants or cooperating witnesses.

If the assessment showed that a crime or national security threat might occur, and if potential perpetrators could be identified, the investigative options would have expanded. In such cases, the FBI may open a “preliminary investigation” and use most of its authorities except for electronic surveillance and physical searches that require a warrant. Thus, for example, undercover operations, consensual monitoring and searches, and the use of pen registers and polygraphs—some of which require court approval—would have been available as a matter of internal FBI policy. Had the indications risen to the level of “an articulable factual basis for the investigation that reasonably indicate[d]” a crime or threat, the guidelines establish that the FBI could have opened a “full” investigation and used all of its investigative tools. Certain tools, including electronic surveillance and physical searches, would also typically require judicial approval based on probable cause.

Of particular relevance to the Capitol attacks, a full investigation may be opened on any “enterprise” or other organization or group that “may be engaged in planning or preparation for … furthering political or social goals wholly or in part through activities that involve force or violence and a violation of federal criminal law.” The same authority extends to groups engaged in “domestic terrorism,” which is defined in 18 U.S.C. § 2331(5) to include dangerous, criminal acts that, among other things, “appear to be intended … to influence the policy of a government by intimidation or coercion; or … to affect the conduct of a government by mass destruction, assassination, or kidnapping.” It will be important to assess whether and when the FBI and other agencies had information that the Capitol attacks would or did satisfy these requirements.

Third, when the FBI learns things as a result of its investigations, it can and should share the information with other agencies. With respect to domestic threats to national security, as opposed to foreign ones, the role of the U.S. intelligence community is much reduced, and the First Amendment and other constitutional and statutory protections are much more significant. But the need to share information, even about domestic threats, remains strong—at a minimum, for the purposes of “securing targets” and “providing threat information and warnings to other federal, state, local, and private agencies and entities.” Reports in the news media, which may or may not turn out to be accurate, suggest that the FBI may not have provided adequate intelligence about threats to the Capitol and members of Congress.

In practice, the government prepares for major events well in advance. Typically, the inauguration of the president and the Super Bowl, for example, are formally designated National Special Security Events (NSSEs) under federal law. Other events, even if not formally designated as NSSEs, might merit standing up a unified command post at which multiple agencies can be co-located, and/or perhaps a secure video conference among very senior agency officials who remain at their individual headquarters. This can be done under the auspices of interagency partnerships like the National Capital Response Squad (NCRS). Memoranda of understanding can be exchanged with specific agreements and protocols for possible contingencies.

The key is to establish interagency communications, plans for joint operations and overall cooperation in advance. This helps reduce the need to improvise, coordinate across jurisdictions and chase authorities under pressure, and therefore makes it easier for different agencies to work together.

One question about the Capitol attacks concerns the role of the NCRS or other interagency partnerships. But there are a lot of other hard questions that will also need to be answered. For example, was intelligence actively sought and appropriately collected? Was the intelligence properly assessed and the risks understood? Were those risks reported in a timely manner and effectively to other relevant agencies? If so, did those agencies—including the Capitol Police—appreciate and act on the intelligence? Why weren’t the Capitol Police better prepared—and were enough officers on duty and available on Jan. 6? What other resources were or were not sought or made available, and on what terms? Why were the attackers in some cases apparently allowed in and then allowed to leave the Capitol? Finally, what are the unique challenges that may arise if the president of the United States tolerates, approves or encourages some of the relevant conduct?

We are sure, based on our experience in government, that the FBI itself is asking these same questions—as are many other federal, state and local agencies. Regardless of the political, economic, or social environment, the men and women in these agencies work hard to live up to their oaths to uphold the Constitution. It’s a collective responsibility, shared by public servants and private citizens, to work together and ensure that all Americans can enjoy democracy and its values for years to come.

Sean Joyce served for 26 years in the FBI, including as Deputy Director. He was also the Executive Assistant Director at the FBI’s National Security Branch and lead intelligence official of the FBI, Assistant Director of International Operations, Section Chief of the Counterterrorism Division's International Terrorism Operations Section, Joint Terrorism Task Force Supervisor, SWAT Team Leader, and Hostage Rescue Team Operator. Sean spearheaded several strategic initiatives, including "next generation cyber," which was a cross-organizational initiative to maintain the FBI’s world leadership in law enforcement and domestic intelligence. A Boston native, he holds degrees from Boston College and Dartmouth’s Amos Tuck School of Business.
David Kris is a founder of Culper Partners, with more than 30 years of experience in the private sector, government, and academia. He has been a corporate director, general counsel, deputy general counsel, and chief compliance officer; assistant attorney general for national security, associate deputy attorney general, and a trial attorney at the Justice Department. He serves on advisory boards for several government agencies and as a FISA Court amicus curiae. He is the author or co-author of several works on national security and teaches national security law. He is a member of the board of directors of Lawfare.

Subscribe to Lawfare