In 2003, the CIA abducted Hassan Mustafa Osama Nasr off the streets of Milan. He was suspected of recruiting foreign jihadist fighters and then facilitating their way to Iraq. With Hassan shipped off to Egypt for interrogation, the operation at first appeared to be a success. What happened over the following months and years demonstrated how technology may be the undoing, if not the end, of covert operations.
Twenty-three CIA officers were convicted, in absentia, by the Italian courts of kidnapping Nasr. The operation’s CIA involvement was brought to light when the Italian government traced the activity of cell phones belonging to CIA personnel, ironically using a version of Analyst Notebook, which America had provided to the Italian government as part of a post-9/11 counterterrorism package. Using this software, they found the metadata from the CIA operatives’ cell phones showed that they were at the location of Hassan’s kidnapping at the same time he went missing.
Since the Edward Snowden affair, metadata has become a household word, as has awareness of how powerful this data can be in the wrong hands. When you consider the proliferation of biometric scanners in airports and even on city streets, the difficulties involved in inserting clandestine operatives for covert operations become even more profound. Conducting long-term analysis of big data may be the final blow to the traditional tradecraft we are all familiar with from spy novels and movies.
Cover-identity documents, disguises, and counter-surveillance routes may very well go the way of the dodo, but will this leave America’s intelligence professionals dead in the water without a purpose in life? Or will technology itself facilitate the birth of a new form of intelligence gathering?
In the military, we often refer to the trade secrets we use to conduct operations as ‘tactics, techniques, and procedures.’ Spies use the term ‘sources and methods.’ The ‘methods’ category primarily refers to tradecraft. While supposedly a deeply held secret, many methods of clandestine tradecraft are widely known and featured in films, books, and television shows. Take for example the counter-surveillance route that a spy walks to try to identify enemy counterintelligence agents following him around. Consider the ‘dead drop,’ in which a secret message is hidden away somewhere for the spy’s handler to pick up later that day. Of course, tradecraft gets much more sophisticated than this, but these are examples of basic methods spies use to slip below the radar and go unnoticed.
Former Mossad officer Michael Ross comments on the subject that, “Traditional tradecraft will never be obsolete. Spies will still need to learn cover, detect surveillance, cross borders, recruit sources, conduct clandestine meetings, communicate covertly, engage in direct-action operations and all the myriad of activities that have been relevant to the profession for centuries.”
The spies who use tradecraft are usually those engaged in HUMINT, or human intelligence. That is, the art and science of recruiting sources who have access and placement that allows them to gather information the spy wishes to obtain. HUMINT is considered by many to be the bread and butter of intelligence gathering, although it has given way over the years to SIGINT, or signals intelligence, which eliminates the human factor and gives wrist-wringing bureaucrats more quantifiable metrics.
Human beings are messy and unpredictable, but technology gives us something to measure, which in turn gives policymakers a false sense of security. Of course, SIGINT is only as good as the human beings who interpret it. As a member of the Special Operations Task Force in Iraq, this author recalls numerous examples where Rangers and Special Forces teams were ordered to conduct direct-action raids on the same targets multiple times because someone in the operations center was convinced a terrorist was living there based on SIGINT. Of course, every soldier on the ground knew it wasn’t true as we hit the same target night after night.
One element of tradecraft is utilizing a cover, something we are all familiar with from watching actors like George Clooney in movies like “Syriania.” The clandestine operative assumes a false identity with a fake passport, which helps him infiltrate a foreign country. Michael Ross made extensive use of cover during his time with Mossad, living with a deep-cover identity for seven years while he “lived, worked, and travelled without detection and was able to conduct all manner of clandestine activity and direct-action operations securely.”
However, with the advent of biometric technology such as fingerprint scanners, widely used in airports and customs control points around the world, spies may need to adjust their tradecraft or develop entirely new techniques. One Army Special Operations soldier asked his superiors years ago about what would happen if he was placed under a false identity, passed through customs in Germany where his fingerprints were scanned, and then, 10 years later, went back to Germany on vacation with his family.
Customs officers would read his fingerprints again but see that they are now associated with a completely different name. Now the German authorities know that he was lying to them 10 years ago, or that he is lying to them now. They also now know that he is, or was, a clandestine operative. One shutters to think of what would happen if this same situation were to arise for one of our personnel in Russia, China, or Iran. Because of the proliferation of biometric technology, our highly trained spies may become single-use operatives. Once their biometrics are collected abroad, they can never be used for clandestine work again.
Ross advises, “One way biometrics can be overcome: Don’t go against the tide, swim with it. So long as countries are not sharing biometric information, one identity per country is one interim solution.” Which works, just as long as adversarial countries are not sharing biometric data with one another.
Former CIA Case Officer Jeff Butler (seen in the foreground, featured image) points out that the proliferation of biometrics has likely impacted how the CIA is able to place people in foreign countries using cover, but there are always workarounds as “intelligence agencies simply face greater hurdles in overcoming, or avoiding, biometrics. As a hypothetical, why fly into Frankfurt if it has all the newest biometric gear when you can fly into Split, Croatia, or Ljubljana, Slovenia, and drive to Frankfurt? We are still a ways off from widespread biometric tracking, so workarounds are available. As biometric tracking becomes more widespread, different workarounds will be required.”
But what if the prospective spy had their biometric data collected on a vacation to Thailand they took prior to joining the military or the CIA? What if someone in the Thai government had been selling their country’s biometric data on Americans to a third country, such as Iran or China?
Because of public (government) and private (corporate) partnerships, which are not always visible and are sometimes deliberately secret, one can never be sure of who has access to what information. Those security cameras inside your local deli in New York City may very well pipe into an NYPD database, all without you knowing about it. As biometric technology is introduced in every airport and even in city streets, our intelligence officers will have to continue to innovate to overcome these challenges.
On that note, how hard will it be for intelligence services to recruit spies who have zero social media presence? The CIA will have a tough time finding a 30-year-old recruit who has never traveled abroad (where his biometics may have been gathered) and who has never posted his or her pictures on social media. Ross points out that intelligence services are well aware of the problem, but that there are mitigation measures:
“An under-30 recruit will likely have some form of social media profile, but that will also be examined as part of his or her recruitment as well as an indicator as to his or her level of discretion and maturity. There’s nothing wrong with a social media profile, but it will have to be minimized. Don’t underestimate the capability of modern intelligence services to manipulate the data through their partnerships within the private sector. If the NSA had Google, Facebook, et. al. on board for data collection, what’s to say the CIA couldn’t have someone’s social media profile altered, if not completely erased?”
SOFREP writer and intelligence analyst Coriolanus remarked that everyone in the intelligence community knows that not having a Facebook profile is a huge indicator of nefarious activity, especially when taken together with another indicator that the person may be a spy. Former CIA Case Officer Lindsay Moran commented on the topic of a spy not having a social media presence: “It doesn’t make sense when, and if, that recruit is employed as a spy to completely drop off social media,” as that could create a signature, or as Coriolanus says, it would indicate ‘derog’ or derogatory behavior, which is used to establish a pattern of life.
Moran continues by saying that social media cuts both ways, against as well as in a favor of, the intelligence officer. “Social networks do a lot of a case officer’s work for him or her. So much of a potential target’s personal information that used to take months, or even years of rapport, development, and elicitation to uncover, is often right there out in the open.” Interestingly, this also highlights a heightened importance of OSINT—open-source intelligence—in today’s era of espionage. In the information age, there is more information/intelligence (note that the Chinese, for example, do not differentiate between these two words) than ever before. “How much bang for our buck are we actually getting in traditional covert HUMINT collection?” Moran asks. “The future of espionage might also be collection via OSINT.”
Another tool for intelligence services is metadata. Rather than simply look at the actual contents of phone conversations, text messages, and emails, metadata is the underlying technical information used to make those transactions possible and contains information about how, when, and where you communicate from. This type of information can be analyzed and used by intelligence professionals in many different ways. The cell phone itself is essentially a sensor, one that doesn’t need to be placed by covert operatives, but rather one we all voluntarily carry in our pockets.
For instance, one can examine what times someone places calls on their cell phone, and from this, they can develop an idea of an individual’s circadian rhythms. This alone will quickly allow an intelligence analyst to narrow down what time zone this person is living in.
Much of this data falls under the category of lawful collection in Western countries. Other nations are likely to be even less restrictive on their counterintelligence operatives who are hunting for our spies. It was no coincidence that after the Boston bombing, cell phone towers were shut down, but only so much as to prevent people in the area of the blast from making phone calls; they could still send text messages. This measure forced people into using a communication medium that could be lawfully intercepted and tracked by law enforcement without having to acquire a warrant.
How can this affect our spies? Another aspect of tradecraft is running surveillance detection routes (SDRs) to spot counterintelligence agents and allow our spies to meet with their assets in a clandestine manner. Obviously, this becomes highly problematic when foreign governments are tracking metadata emitted by our cell phones. “Surveillance detection routes are a funny thing, and are supposed to be designed for figuring out if you have surveillance on you. You would never do one with a cell phone on you, or iPod, or iPad, for the sole reason they can be tracked,” Butler explains. “That means don’t use them in operations, don’t ever do ops on an attributable phone, regularly scan vehicles/rooms for bugs, and generally avoid repetition in operations. For example, don’t use the same meeting site twice. Good ole’ fashioned tradecraft still applies, even to avoid technological pitfalls.”
This places a heavy burden on the CIA’s Directorate of Science and Technology. These are the technical experts charged with keeping the CIA’s case officers informed and equipped to avoid technological counterintelligence methods they may encounter in the field.
However, there can be issues with “going dark.” If the country you are operating in is always monitoring your metadata, but at key moments you abandon your phone, that in itself is a signature, and you could become very interesting to counterintelligence agents. Michael Ross speaks to his experience with Mossad: “If you are too high profile, or your signature is that noticeable—even in its absence—you’re doing it wrong. It’s bad tradecraft to suddenly disappear. Things can be changed gradually: Commercial companies reorganize, merge with other entities, and sometimes move to a new location. People move from one position to another or emerge in a new profession. It’s all about making it look routine and maintaining the appearance of normalcy.”
The birth of a new form of espionage?
There will always be counters and workarounds. Technology can always be defeated with greater technology. Biometric sensors can be spoofed if intelligence agencies are able to gain access to the programming that its software operates on and start changing around the ones and zeroes in the code. False social media “personas” can be developed over long periods of time. Metadata can also be spoofed to provide spies with “tailored access” to the areas that they need to penetrate. Of course, all of this would be expensive and time consuming.
In the future, robots may do most of the spying for us. Just as the cellular phone is a sensor used to collect intelligence, increasingly more and more “smart” devices are on the commercial market, which includes various types of sensors. It could be our kitchen appliances spying on us tomorrow, and that isn’t an exaggeration. Not only will these robots surround us and gather information about us, but they will also work in concert. The data derived from all of these devices can be aggregated; they will work together in a gestalt that will map out our entire lives.
The proliferation of technology may give rise to a new form of intelligence gathering, a new type of ‘int.’ The spy of the future may be a high-speed cable repairman whose function is to emplace technology near the person or people we need to collect information from.
In the past, human intelligence gatherers would directly recruit assets who had access and placement that our spies coveted. In the future, biometrics, metadata, and other more novel technologies may make the recruitment of assets difficult, if not impossible, using old-school tradecraft. Instead, our spies may infiltrate near would-be assets to place devices that would allow them to listen in. They may recruit assets, often unwitting, who would than electronically bug the real asset we want information from.
For example, an American intelligence officer could replace a janitor’s broom with an identical broom loaded with a concealed device. The next time the broom is is used by the janitor in a sensitive facility, the device inside would electronically ‘slurp’ up data, and then transmit it to the intelligence officer who would be nearby to download it onto his smartphone. This sort of technological intelligence-gathering-by-proxy may become much more commonplace in the coming years due to the pressure placed on traditional tradecraft from the technological measures discussed above.
Perhaps sometime in the not-so-distant future, nations will engineer operatives from birth for the purpose of espionage. While it may sound outlandish at the moment, we are already on the cusp of several paradigm-changing technologies likely to alter the way we live even more dramatically than the invention of the Internet and telecommunications technologies. These technologies will also impact how we fight and how we spy on each other.
In the coming decades, biometric scanners, statistical analysis of big data, are likely to make it much more difficult to place spies under a cover and have them conduct covert activities. A spy can change a lot of things about him or herself for purposes of deception, but not his DNA, and DNA scanners may be one of the key technologies mentioned above.
Will states and non-state actors one day engineer human beings to be spies from the time they are in the womb? In this manner, their entire life would be their cover, with no actual deception aside from the intent of the spy. When this subject was mentioned, Lindsay Moran joked, “Like the Russians do it?”
However, human beings are not interchangeable parts in a mechanical machine. Moran explained that the qualities needed in a spy can’t really be grown in a laboratory. “That sounds like a viable option, but you cannot really know who is going to be predisposed for the career and craft. It draws upon such a unique combination of personality traits and skills, such as extraversion, street smarts, curiosity, and even a certain amount of empathy.”
“This is a very outside-the-box approach,” Ross explained. “But to me, it seems to delve too far into the realm of science fiction. There’s really no way of knowing if someone has the aptitude to be a good spy from birth. With all the training in the world, you either have the innate ability to operate in the field or you don’t. My former service [Mossad] expends a lot of effort into that weeding-out process.”
From experimentation in gene doping to advanced technologies like the TALOs project, the next 50 years will be interesting to say the least. How much of our science fiction becomes science fact during that time is a question likely to keep more than a few of our intelligence professionals up at night.