Radiofrequency and direction finding (RFDF) has been around since the early days of aviation. Today, communication intercept (COMINT), metadata collection, target, and identification/location play a major role in special operations and in the War on Terror. Bulk collection is essential for developing the “big picture,” as satellites, national agencies, and tactical forces complete it.

Bulk cell phone collection was in the news following the San Bernardino massacre. The media focus was on our inability to trace records past a certain timeframe. More to the point, a recovered cell phone was involved in French tactical units’ timely response following the Paris attacks, which led to a massive number of arrests and a successful final assault on the terrorists’ building in Saint-Denis. Much of the intelligence was likely derived from COMINT. Let’s examine how this works. For this discussion, we’ll focus on cell phones versus traditional field-radio communications.

Although metadata collection does not involve listening in on a phone conversation, while challenging, the listening capability certainly exists from both a national and tactical standpoint. Every commercial cell phone has an international mobile equipment identity (IMEI), equipment serial number (ESN), or mobile equipment identifier (MEID). Whichever term is used, it represents your cell’s fingerprint. The purpose is to make the equipment uniquely identifiable.

When a call is made, a temporary mobile subscriber identifier (TMSI) is assigned electronically by the visitor location register (VLR). The TMSI is designated by location and helps to narrow the search area for those of us in “tracking mode.” If the cell moves to a new area, a new TMSI is assigned, yet this original information may still be valuable. Once a cell travels outside of a few TMSIs, an international mobile subscriber identity (IMSI) is assigned and this is keyed into the GSM chip, which used to be easily transferred/removed. In some cases, by tracking the chip, we could identify multiple members of a planning organization. Those acronyms, along with the actual phone number of the caller and receiver, make up the metadata. These provide information in two ways, firstly from the tactical to the theater/national level, and secondly from theater/national to the tactical level.

Tactical to Theater

RC East Soldiers learn intelligence-gathering skills
U.S. and Polish Soldiers lay out all evidence found during a site exploration exercise at a training facility in Ferizaj, Kosovo October 15, 2019. (Photo by Sgt. Patrick Kirby/U.S. Army)

My team hits a target (say outside of Mosul) based on any combination of intel sources. During the Direct Action, we quickly gather all cell phones, pull the GSM chip (in the old days — today it can be a quick hardwire transfer), and upload all info onto a laptop via a sim card reader. Now we have three options:

First, take the information back to base, upload it to national agency assets that then scrub the data, reply back with correlating metadata associated with enemy combatants, and we develop new targets where we use tracking and Direction Finding (DF) gear to locate and hit these tangos. Repeat cycle.

Second, quickly upload the intel to portable COMINT equipment (I had gear small enough to mount on my M4). Listen to see who calls, and develop a new target(s) on-site of the original operation. When complete, repeat if possible, then fall back to option one with the remaining data.

Third, do not hit subsequent targets. Use the metadata to monitor and track movements, collecting intelligence on potential higher-echelon persons.