Software Requirement Specifications for a Social-Media Threat Assessment Tool

Craig Barnett


Police officers are often the subjects of threats. Investigations of these threat cases follow a framework similar to one published in 2006 by the Association of Threat Assessment Professionals (ATAP).[1] The framework provides behavioral indicators and risk factors gleaned from information of a known suspect, which is analyzed and applied during threat management activities.[2]   Nevertheless, since the publication of that framework in 2006, the amount of threats to law enforcement personnel through social media—notably Facebook and Twitter—have increased. Whereas people once handwrote threats, they now simply send messages from their phones or computers. The ease and instant connectivity of social media means a much higher volume of threats than before, which taxes law enforcement’s ability to investigate each one.

Complicating the investigation is the fact that not every threat is a real one. Calhoun and Weston divide threateners into two categories, hunters and howlers, demonstrating that not all threats lead to violent acts.[3] The Internet magnifies the ability of people to communicate threats, but very few are carried out. Determining which threats are real is difficult. First of all, Twitter and Facebook provide a platform of communications that can hide someone’s identity. Obtaining the identity of a Twitter account holder requires court paperwork based on probable cause or exigent circumstances. Second, social media allow people to repost tweets from the original threatener, whereby the same threat appears to originate from many different people. In this case, it is difficult to identify which poster poses the highest risk of violence.

Analyzing the language of Twitter and Facebook posts could provide an earlier starting point. Patton et al. illustrate how language from Twitter messages can be coded for different types of aggression—direct, indirect, proactive, and reactive.[4] The coding method is not used to assess risk. Coding Twitter messages also occurs in the private sector. Automated analysis of social-media language can identify risks to a company’s reputation through a coding process.[5] By coding text, analysts can divide tweets into negative or positive feelings about the company.[6]   Progressing even further, confidence scoring provides a ranking based on how probable an event is to happen.[7] Using this tool could also help determine which threats have a higher probability of happening. Lastly, tools such as public record databases, search engines and social media analysis software exist which could analyze information provided in threatening posts, feed information to the confidence scoring tool and possibly increase the accuracy of confidence.

In sum, risk assessments begin at the point a suspect is identified. The evolution of social networking sites allows individuals to communicate threats anonymously and in high volume. This ability means investigators cannot wait to identify a suspect to begin a risk assessment. There are software tools already available that can help start assessments earlier. By creating a new software platform that combines a social media monitoring tool, a language sentiment tool, a criminal history database and a confidence scoring tool, law enforcement identifies violent people before they injure or kill their victims. Although more development is needed, the case stories in this thesis shows the proposed software correctly identifying people that post on social media and then act out violently.



[1] Association of Threat Assessment Professionals, Risk Assessment Guideline Elements for Violence: Considerations for Assessing the Risk of Future Violent Behavior (Sacramento, CA: Author, 2006),

[2] Association of Threat Assessment Professionals, 5.

[3] Frederick S. Calhoun and Stephen W. Weston, Concepts and Case Studies in Threat Management (Boca Raton: CRC Press, 2013), 11,


[4] Desmond U. Patton et al., “Gang Violence on the Digital Street: Case Study of a South Side Chicago Gang Member’s Twitter Communication,” New Media & Society (January 2016): 7, doi: 1461444815625949.

[5] Paul Alpar and Daniel Ohliger, “Creation of Risk Profiles of Business Customers from Social Media,” Banking and Information Technology 16, no. 1 (March 2015): 26,

[6] Alpar and Ohliger, 26.

[7] Bill Murdock, “How to select a threshold for Acting Using Confidence Scores,” IBM Watson, June 23, 2016,

No Comments

Post a Comment