HUMINT in the age of digital traces, strong and easy biometric identification, and advanced analytics

HUMINT is adapting to the changing technological environment, both enabling new activity and constraining others. In this post I wrote up my thoughts after reading Jenna McLaughlin & Zach Dorfman’s December 2019 article in YahooNews. I focus on what digitally-enabled counterintelligence capabilities mean for HUMINT tradecraft.

What follows:

• Digital traces, biometrics, and advanced analytics and their implications on HUMINT
• My Conclusion
• Summary of McLaughlin & Dorfman

Digital traces, biometrics, and advanced analytics and their implications on HUMINT #

Digital traces and biometrics coupled with cheap data storage and advanced data analytics are quickly changing the scope conditions for HUMINT tradecraft. One can separate the changes in two main aspects: on the one hand, digital data trails and individual connectivity has opened a rich targeting and access venue for HUMINT - think of all the ways you can connect to individuals now halfway around the world. On the other hand, digital data trails have upgraded the counterintelligence capabilities of various countries. The reporting makes clear that HUMINT can no longer rely on not being identified (or is moving there quickly). This second aspect is the focus of my post.

The drivers are abundant digital data traces, widespread surveillance technologies, strong biometric identification (facial recognition, iris scans, DNA, gait tracking), cheap data storage, massive processing power, and advances in data analytics. Think of it as the integration of online tracking enabled facial recognition, border control data, hotel bookings, and surveillance data - it is hard to lie to all the different sensors at the same time. Consider all the data breaches in recent history (OPM, Equifax, Anthem, Call Detail Records of Telcos worldwide etc.): how much data has been siphoned into intelligence agencies’ permanent targeting & CI databases? Some cyber activity can directly be explained as offensive counterintelligence and HUMINT targeting support activity.

The amount of identifying data has implications on operational tradecraft, most importantly, on legend building, forcing individuals to operate mostly under their true name. Bellingcat’s fantastic OSINT work (1, 2, 3, 4, 5, 6, 7, 8) highlights the difficulty of maintaining cover. As a secondary implication, biometric checkpoints at the border become a lucrative target for any intelligence agency, both as a data gathering and an operational enabling measure.

Traditional HUMINT tradecraft with an official cover on the ground can still work (i.e. surveillance evasion & meet in unobserved space), but is harder to maintain. This has incentivised the CIA to shift the trade-off between non-official cover (NOC) vs. official cover towards more interest in NOCs. Furthermore, the increasing use of third parties, who unwittingly gather intelligence, becomes a formidable counterintelligence challenge. All of this is well documented in a recent article, summarized for you below, although, I recommend reading it.

My Conclusion #

Watch this space. Many agencies are retooling and recalibrating. In the US, I would encourage watching the newly formed CSIS Technology and Intelligence Task Force. In the UK, I recommend paying close attention to Alex Younger’s view, MI6’s current ‘C’. It is clear that the UK/US services are currently grappling with the deep transformation of their realm. Expect them to seize the opportunities and to adapt to the new challenges.

HUMINT is here to stay, but its operating space is being fundamentally transformed.

My summary of McLaughlin & Dorfman: #

SOURCE: Jenna McLaughlin and Zach Dorfman, (30 December 2019), ‘Shattered’: Inside the secret battle to save America’s undercover spies in the digital age, Yahoo News.

“Digital footprints, biometric trackers, and AI” #

• the identification of CIA officers in the Milan 2004 case starting with SIM card swapping as an operational security failure already showed what data trails are left in telcos
• Singapore is systematically collecting & integrating flight, hotel, and taxi data
• London has abundant CCTV whilst UAE rolled out facial recognition

Conclusion
“Today there are ‘about 30 countries’ where CIA officers are no longer followed on the way to meetings because local governments no longer see the need, given that surveillance in those countries is so pervasive, said Dawn Meyerriecks, the CIA’s deputy director for science and technology, in a 2018 speech.”

Biometrics (fingerprints, facial recognition, iris scans) #

• the article mentions China and Iran
• widespread sharing of biometrics btw EU members states makes aliases difficult
• consumer DNA kits create new risks (think 23&me etc.)

Implication:
Biometric data has become a prime target; backdooring border control software can enable pass-through (e.g. the US hacked Dubai & Abu Dhabi airport; CN hacked Bangkok airport & many more).

Digital Infrastructure #

• 2009 compromise of CIA covert communication tool by Iran (allegedly shared with CN)
• data breaches with relevant personally identifiable information: OPM, Anthem, Marriott, etc.

Conclusion:
“‘We can’t protect identities anymore. Tech is going to make it almost impossible. I think we need a new paradigm,’ said Eric Haseltine, the former head of the NSA’s research directorate […] ‘Our officers overseas are known,’ he said. ‘That’s a hard pill to swallow.’”

Operational implications #

• one country, one alias (CIA)
• in 2010s CN adopted tradecraft dead drops & brush passes etc.
• RU shifted to meeting in third countries with “less sophisticated biometric systems” (e.g. Central and South American countries - Peru is named)
• RU & CN started using more real names
• CIA moved to use more (foreign national) contractors (in the late 2000s), in early 2010s ramped up its Non-Official-Cover program “with a focus on recruiting and deploying spies in technical fields, such as predictive analytics or data brokerage”; “NOCs must truly ‘live their cover’ — that is, actually work as the professional engineer or businessperson that they present themselves to be. NOCs live and work under their true names”
• “Fewer than 10 per cent of individuals within the CIA’s Directorate of Operations regularly use alias passports or credit cards, says a former senior official.”
• Because digital backstopping has gotten increasingly harder, closer coordination with actual private American businesses was sought (CIA). Shift to recruit employees directly in companies & train them on the job (targets: “technology, finance and film industries, among other sectors, targets both major U.S. corporations and smaller U.S. companies, which are sometimes preferred because they are not beholden to shareholders”). The benefit to companies: Executives get special briefings on countries of interest.
• FBI also started complete severance of its undercover employees from FBI (&CIA with NOCs, including training)
• progress on digital legends and alias documentation (CIA and FBI), including many other government agencies. Collaboration with (friendly) digital companies (e.g. ancestry databases)
• “CIA has ramped up its use of ‘cutouts’ to pay third parties to gather intelligence for them unwittingly, posing as data brokers looking into trends in the oil and gas industries, for example”.