The Pattern Is the Crime: How Predictive Analytics Could Change the Law Enforcement Response to Harassment Schemes
Coordinated harassment campaigns leave data trails that individual incident reports cannot capture. Predictive analytics gives law enforcement the ability to see the pattern across the noise, but the same tools carry documented risks of enabling the very abuse they are meant to stop. The question is not whether to use the technology. It is whether there is enough institutional discipline to use it correctly.
A coordinated harassment scheme is engineered to be invisible to law enforcement systems built around discrete incident reports. A false police report here, a frivolous court filing there, a smear campaign running in parallel, each event looks like noise. Across time and across jurisdictions, it is a pattern, and patterns are exactly what predictive analytics is designed to surface. The technology exists. The investigative methodology exists. What has been missing is institutional will to treat harassment campaigns as the organized, data-traceable conduct they are, and to build the analytical infrastructure that would make that treatment routine rather than exceptional.
What Coordinated Harassment Actually Looks Like in a Report Log
The structure of a coordinated harassment scheme is not accidental. It is designed around a specific vulnerability in how law enforcement processes complaints: the single-incident frame. An officer responding to a complaint, or a dispatcher logging a call, is working with one data point. They do not have, and typically cannot access, the twenty prior data points that establish the pattern.
A harassment campaign might involve false police reports filed against the target in multiple jurisdictions, each designed to consume the target’s time and credibility while generating an official paper trail that serves the harasser’s narrative. It might layer in frivolous civil filings that create additional legal exposure and costs. It might include a coordinated social media operation, doxxing, impersonation, or fabricated screenshots circulated to the target’s employer or professional network. And it might escalate to swatting: filing a false emergency report designed to trigger an armed law enforcement response at the target’s address.
Each of those tactics, viewed in isolation, looks like a different kind of complaint handled by a different part of the system. The false police report is a patrol matter. The civil filings are a court administration matter. The social media conduct may not meet the threshold for a report at all. The swatting call is an emergency response matter. No one officer, dispatcher, or administrator sees the full picture because the full picture is not contained in any single record. The harassment scheme is not hidden. It is distributed across systems that do not talk to each other.
The target of such a campaign, meanwhile, experiences it as a unified, escalating assault on their professional life, personal safety, and institutional credibility. The gap between the target’s lived reality and what the institutional record reflects is not a failure of documentation. It is a structural feature of siloed, incident-based reporting that organized bad actors learn to exploit.
This is not a hypothetical vulnerability. The National Association of Attorneys General published analysis in 2025 documenting that doxxing and swatting incidents have increased significantly since 2024, with perpetrators using automated data scraping tools to assemble detailed personal profiles and AI-generated synthetic voices to place fraudulent emergency calls. Synthetic media tools lower the technical barrier to fabricating evidence. Bot networks can distribute that evidence at scale. The sophistication of the attack surface is growing faster than the institutional capacity to recognize it as a unified campaign.
What the Data Tools Already Know How to Do
The analytical methods that would surface coordinated harassment patterns are not experimental. They are in production use in adjacent investigative contexts, and they translate directly.
Link analysis, which maps relationships between actors across large datasets, is standard in insurance fraud investigation, financial crime enforcement, and gang network analysis. Applied to harassment, the same technique maps relationships between multiple false complainants targeting the same individual, between litigation filings and concurrent police contacts, between online accounts and physical-world incident timing. The question “is this person appearing repeatedly across distinct incidents involving the same target” is a structurally identical question to “is this body shop appearing repeatedly across distinct claims from the same zip code.” The algorithm does not care which problem domain it is in.
Temporal pattern analysis, which tracks the escalation trajectory of incidents over time, is what distinguishes a harassment campaign from coincidental contact. A genuine dispute might produce two or three incidents over a short period before resolution. A harassment scheme produces an escalating series of incidents over months or years, with incident frequency often increasing after the target attempts to seek legal relief. That escalation signature is detectable, documentable, and legally significant.
Nearly half of all law enforcement agencies surveyed by Cognyte in 2025 view predictive analytics as a game-changer for accelerating investigations. The survey was responding to a shift already underway: the recognition that a digital transformation in criminal activity demands a corresponding transformation in investigative methodology. Harassment schemes that route through court systems, law enforcement complaint channels, and online platforms simultaneously are coordinated operations, and they require coordinated analytical responses. A single detective working a single incident report is not the right tool for that problem.
Cross-jurisdictional data sharing is the operational prerequisite that makes pattern detection viable. The Interstate Stalking Statute already recognizes that coordinated harassment frequently crosses jurisdictional lines: federal anti-stalking law supplements state prosecution specifically because the multi-jurisdictional nature of the conduct can frustrate local enforcement. The data infrastructure to match that legal framework has not kept pace. Agency coding systems that assign unique case numbers that follow across jurisdictions, as recommended by the Stalking Prevention, Awareness, and Resource Center guide for law enforcement agencies, would allow pattern analysis that is currently impossible when each jurisdiction treats its piece of the campaign as a standalone matter.
The Lab houses the Clutch Justice interactive tool suite: the FOIA Request Generator, Judicial Report Builder, Michigan Courts Glossary, PPO eligibility decision tree, and more. Built for people who need to understand how the system works before it works against them.
Explore The Lab ?Weaponizing Law Enforcement: The Harassment Scheme Inside the Response
The most operationally sophisticated harassment schemes do not just evade law enforcement. They recruit it.
A serial false complainant who understands incident-based reporting can use it as a weapon. Every false police report filed against a target creates an official record that the target was the subject of a law enforcement contact. That record can then be used in civil proceedings, custody disputes, professional licensing challenges, or employment background checks to suggest a pattern of concerning behavior, one that exists entirely in fabricated filings but carries the institutional weight of official documentation. The target is not the subject of a crime investigation. They are the subject of a document-manufacturing operation that uses law enforcement as its printer.
The Electronic Frontier Foundation’s documented analysis of law enforcement database abuse identified cases in which officers used official data systems to stalk, follow, and harass private citizens, including an Ohio officer who pleaded guilty to stalking a former partner using law enforcement database access, a Michigan State Police dispatcher who sold confidential data from official systems over more than a decade, and officers in multiple jurisdictions running unauthorized searches on personal targets. If the official data systems themselves can be weaponized by bad actors inside the institution, any predictive analytics deployment built on those systems carries the same risk. The data does not protect itself.
This is why the case for analytics in harassment detection cannot be made without a simultaneous case for audit infrastructure. The Brennan Center for Justice’s 2025 analysis of AI in policing documents that when the LAPD’s Operation LASER flagged individuals as “chronic offenders,” officers created and circulated personal information about those individuals department-wide, resulting in home visits and increased police contact for people with no active warrants and no arrest history for violent crime. A predictive system with no oversight mechanism is an accusation engine. It produces designations that carry real-world consequences without the evidentiary standards that would attach to a formal charge.
The application of analytics to harassment scheme detection is meaningfully different from predictive policing applied to geographic hotspots or individual recidivism risk, and that distinction matters. Hotspot and recidivism models operate on population-level historical data that carries documented racial bias. Harassment pattern detection, properly scoped, operates on documented contact records tied to specific identified actors and specific identified targets. It is closer to financial fraud network analysis than it is to crime forecasting. The civil liberties concerns are different in character, though not absent, and the evidentiary value is higher because the pattern being detected is not probabilistic but documentary.
The Serial False Complainant as a Trackable Actor
One of the most actionable applications of analytics to harassment detection is the identification of serial false complainants: actors who repeatedly file police reports, court complaints, or regulatory grievances against the same target or a rotating set of targets, with no legitimate basis and no consistent follow-through when the reports are investigated.
The behavioral signature of a serial false complainant differs from a genuine victim in ways that are analytically detectable. Genuine complainants typically increase contact with law enforcement during an acute crisis period and decrease it as circumstances resolve. Serial false complainants show the opposite pattern: escalating contact frequency that does not respond to resolution, clustering of reports around significant dates in the target’s life, and a filing pattern that shifts methodologies when one channel is closed off. They also tend to reuse specific language, specific allegations, and specific documentation strategies across their filings, a stylistic consistency that emerges from the operational logic of the scheme rather than from genuine grievance.
Spain’s VeriPol system, an automated program that analyzes police report language for consistency with known false reporting patterns, has demonstrated that narrative inconsistency in police reports is detectable at scale. Research analyzing more than 1,000 police reports through VeriPol found that language patterns in fraudulent reports are statistically distinguishable from those in genuine ones. The same principle applies to serial complainants across multiple reports: the pattern of language, allegation structure, and behavioral timing creates a detectable operational signature across filings. That signature can be surfaced analytically without requiring individual officers to make that judgment call in isolation on each report.
Cross-jurisdictional false complainant tracking would require the kind of coordinated case-numbering infrastructure that the Stalking Prevention, Awareness, and Resource Center recommends and that most agencies have not implemented. It would also require clear legal protocols for what happens when a serial false complainant is identified: referral to prosecutorial review, flagging of subsequent reports for elevated scrutiny, and, where the false reporting meets the threshold, criminal accountability for the complainant. Stalking and harassment are crimes in all 50 states, but proving organized, coordinated conduct to prosecutorial satisfaction remains difficult without the documentation that cross-referenced, analytically processed complaint records would provide.
Knowing Who They Are Is Not Enough: Mapping the Threat Network
Here is the problem that identification alone does not solve. Law enforcement can confirm that a specific person is filing false reports, coordinating harassment, and targeting a victim through multiple channels. That confirmation matters. But it is only the first layer of the analytical picture, and stopping there is a strategic mistake.
The more operationally important question is not who the harasser is. It is who they are connected to, what those connections are capable of, and how those connections translate into vectors of harm against the target. A harasser who operates alone is a problem. A harasser embedded in a network of enablers, proxies, and willing instruments is a threat category entirely different in scope and in danger level.
Threat network mapping in harassment cases asks a specific set of questions that identification alone cannot answer: Is this person connected to an attorney who has a documented history of filing meritless litigation as a pressure tactic? Do they have associates, family members, or affiliates who have made separate contact with the target, each incident deniable in isolation? Are they connected to individuals with histories of physical confrontation, property damage, or stalking behavior? Have they shown a pattern of recruiting third parties, whether knowingly or through manipulation, to act against a target while maintaining plausible distance from the direct conduct? The answers determine whether the threat ends with the individual or extends through every relationship they can activate.
The weaponized attorney scenario is one of the most common and most difficult to counter. A harasser who retains counsel with the specific intent to use litigation as a harassment instrument can file actions, demand discovery, seek restraining orders, and generate official legal proceedings indefinitely, as long as the filings are crafted carefully enough to survive initial scrutiny. Each filing consumes the target’s time, money, and emotional bandwidth. The attorney may or may not know the full context of what they are participating in. What matters analytically is whether the litigation pattern, examined against the full behavioral record of the harasser, fits the signature of a pressure campaign rather than a legitimate legal dispute. Filing frequency, the relationship between litigation events and the target’s life timeline, the absence of genuine pursuit of legal remedies when offered, and the overlap with concurrent non-legal harassment activity are all detectable signals.
Link analysis deployed in this context does not just map the harasser. It maps everyone the harasser has activated, recruited, or used as a proxy. A threat network graph might show a primary actor at the center, connected to a litigation attorney through documented case filings, to a family member through shared phone records and incident proximity, to an online associate through coordinated posting patterns, and to an individual with a prior assault history through social network overlap. That graph is not speculation. It is a documented relationship map drawn from public records, court filings, complaint logs, and contact histories. It tells the target and law enforcement not just who the harasser is, but who the harasser can send.
The physical safety dimension of network mapping is the one that carries the most immediate stakes. A harasser who is themselves unlikely to make direct physical contact may be connected to individuals who will. Showing up at a target’s home, workplace, or regular locations is a harassment tactic that crosses from the legal system into physical space, and it is not always the named harasser who does it. It may be a contact, an affiliate, or someone who has been fed a distorted account of the situation and recruited into the campaign without understanding their role in it. Knowing that the primary harasser has those connections, and documenting those connections before a physical incident occurs, is the difference between a proactive protective posture and a reactive one that waits for something to happen first.
This is where predictive analytics moves from pattern detection into genuine threat anticipation. The same escalation modeling that identifies a harassment campaign’s trajectory over time can identify the point at which the campaign is likely to recruit additional actors, shift from institutional channels to direct contact, or move from digital targeting to physical presence. Escalation signatures in harassment cases, including the harasser’s response to legal setbacks, the entry of new actors into the contact record, and the narrowing of the target’s documented locations, are analytically modelable. They are not crystal-ball predictions. They are probability assessments drawn from the documented behavior of the network, and they give law enforcement and victims the lead time to act before the next incident rather than after it.
Effective threat network mapping in harassment cases requires that law enforcement treat the full relationship graph of the primary actor as investigatively relevant from the beginning, not as a later discovery if the situation escalates. That means subpoena strategy, records requests, and social network analysis are initiated when the harassment pattern is confirmed, not after a physical incident creates urgency. It means building a documented picture of who the harasser can reach, what each connection has done in the past, and what each connection is capable of. That picture is what enables a protection plan calibrated to the actual threat rather than the visible surface of it.
The Doxxing and Swatting Escalation
Swatting is harassment at its most dangerous intersection with law enforcement. A swatting call, designed to trigger an armed response to a target’s location, uses law enforcement as a physical delivery mechanism for threat. It also consumes emergency resources, creates risk of serious physical harm to the target during the response, and generates exactly the kind of official incident record that a harassment campaign is designed to accumulate.
The National Association of Attorneys General documented in 2025 that swatting perpetrators are increasingly using AI-generated synthetic voices to place fraudulent emergency calls, voice-altering software, and spoofed caller ID to prevent identification. The same report documented a sharp escalation in incidents since 2024, with bot networks amplifying associated doxxing content to maximize reputational damage and personal exposure for targets.
Detection of swatting as a campaign element, rather than an isolated hoax call, requires exactly the same cross-referencing infrastructure as harassment pattern detection more broadly. A single swatting call handled as a hoax is a misdemeanor-level matter in many jurisdictions. A swatting call that is the fifteenth documented hostile contact against the same target in a six-month period is evidence of a felony-level campaign. The difference between those two characterizations is entirely a function of whether the prior fourteen contacts have been documented, cross-referenced, and presented as a unified record.
Britain’s National Centre for Violence Against Women and Girls, launched in April 2025 with government funding and modeled on counter-terrorism and serious organized crime frameworks, offers a structural template. The center is intelligence-led, brings together multiple investigative teams under unified coordination, and applies a unified threat and risk assessment framework across all 43 police forces. The design principle is that patterns visible only across a large institutional landscape require institutional-scale intelligence infrastructure. The same principle applies to coordinated harassment detection in the United States: cross-agency, analyst-staffed, and operating on shared data rather than isolated incident records.
Knowing Who Will Actually Act
There is a layer of the threat assessment problem that predictive analytics cannot solve on its own, and it is the layer that determines whether any of the rest of it matters: knowing which agencies will act on what they are shown.
Identifying a harasser, mapping their network, and building a documented pattern record are necessary conditions for an effective institutional response. They are not sufficient ones. A harassment campaign that spans multiple counties does not automatically produce a coordinated multi-county response. It produces a series of independent jurisdictional decisions, each made by an agency with its own caseload pressures, its own risk tolerances, and its own institutional incentives. Those decisions do not always point in the direction of action. Sometimes they point toward deferral, toward routing the victim to another agency, or toward waiting for the conduct to escalate further before treating it as a priority. That is what bunting looks like in practice.
A harasser who operates across county lines is, in effect, buying institutional confusion as a shield. Each county sees its slice. None sees the whole. And when a victim tries to escalate, they encounter a version of the same problem they are trying to escape: each agency refers them to the next one, each jurisdiction defers to the other, and the documented record that would establish the pattern across all of them sits unassembled in filing systems that do not communicate. The harasser continues. The victim absorbs the cost. The system closes.
The Lindke situation in Michigan is a documented case study in exactly this failure mode. Kevin Lindke’s harassment history spans multiple counties, multiple courts, and multiple institutional records. St. Clair County, Kalamazoo County, and Macomb County each hold pieces of a pattern that, assembled, meets every threshold for coordinated, escalating conduct. Publicly available court records show PPO violations counted in double digits in a single matter. A St. Clair County Circuit Court sentenced Lindke on three separate dates in 2021 for criminal contempt arising from PPO violations. Michigan family courts suspended his parenting time after documented threatening communications. The St. Clair County Sheriff’s Department, when approached for a police report, warned that Lindke’s followers may reach out to complainants and may engage. That is an institutional acknowledgment of a threat network operating around the primary actor, delivered informally rather than documented as part of a coordinated protective response.
Macomb County Circuit Court Judge Tracey Yokich was on record as aware of Lindke’s location and circumstances. Kalamazoo County had its own incident documentation. St. Clair County had the deepest case history. What did not exist was a mechanism to pull those records into a single threat picture and route it to a single coordinating agency with the authority and the mandate to act on the aggregate rather than the fragment. Each county held enough information to justify escalated attention. None held enough to act alone with confidence. The result was institutional paralysis distributed across three jurisdictions while the pattern continued.
This is where the threat network mapping argument becomes an argument about institutional will as much as institutional capacity. An analyst with access to cross-jurisdictional records can build the unified threat picture. But that picture has to land somewhere. It has to reach an agency that will treat the assembled record as a basis for action rather than as a reason to route it back to the county of origination. The analytics problem and the institutional accountability problem are not the same problem, and solving the first one does not automatically solve the second.
Lindke’s documented litigation strategy compounds the jurisdictional confusion deliberately. His own federal court filings establish a legal framework that depends on the accumulation of non-domestic PPOs as evidence for his constitutional claims. The strategy benefits from a system in which each PPO is processed by a different county court without reference to the others, where each complainant is treated as unrelated to the last, and where the aggregate pattern of who he targets and how he targets them is never assembled into a single evidentiary record. He is, in effect, playing the jurisdictional gaps as part of the operational design. That is not an accident. It is what sophisticated harassment looks like when the perpetrator understands the architecture of the system they are exploiting.
Threat network mapping and predictive analytics answer the question of what is happening and who is connected to it. They do not answer the question of who among the available agencies is positioned, willing, and legally equipped to act on that intelligence. That second question requires its own analysis: which jurisdiction has the strongest documented predicate for action, which agency has both the statutory authority and the institutional disposition to move, and which prosecutorial office is likely to treat a pattern record as a basis for charging rather than a reason to wait. Knowing the answer to that question before the next incident occurs is part of what separates a proactive protective strategy from a reactive one.
For victims navigating this landscape, the practical implication is stark. Building a documented record is essential but not sufficient. Understanding which agencies in the relevant jurisdictions have historically acted on similar patterns, which prosecutors have a track record of pursuing coordinated harassment cases, and which courts have demonstrated willingness to treat multi-incident conduct as a unified campaign rather than a series of separate matters is a form of threat intelligence in its own right. It is the intelligence that determines where to file, where to escalate, and where to stop waiting for a response that is not coming.
The Accountability Condition
The case for deploying predictive analytics in harassment scheme detection is strong. The case for deploying it without independent oversight is not.
The documented history of law enforcement database abuse is not a peripheral concern. It is the central risk variable. When officers have used official data systems to stalk private citizens, when predictive systems have generated “chronic offender” designations without evidentiary basis, when gang database inaccuracies have been fed into analytics tools that treat them as fact, the technology has not been neutral. It has amplified and laundered the biases and misconduct of the people operating it.
Any serious proposal for analytics-based harassment detection must include, as structural requirements rather than optional add-ons: independent audit of access logs and query histories, clear legal standards governing when a pattern designation is actionable versus merely flagged for review, defined thresholds separating harassment pattern detection from surveillance of individuals without specific predicate, meaningful civil recourse for people incorrectly flagged or targeted by the system, and strict prohibition on the data being used for any purpose outside its defined investigative scope.
The pattern is the crime. That is both the analytical insight that makes predictive tools useful in harassment detection and the institutional recognition that has been missing. Law enforcement that processes a harassment campaign as a series of unconnected incidents is not documenting a dispute. It is failing to document a coordinated attack. The tools to close that gap exist. The institutional discipline to deploy them without replicating the abuses they are designed to counter is the harder build, and it is the one that determines whether the technology serves accountability or undermines it.
Institutional Forensics. Pattern Recognition. Legal AI Expertise.
Rita Williams maps how institutions hide from accountability, and how bad actors exploit the gaps between them. That map is what she sells.
“I map how institutions hide from accountability. That map is what I sell.”
