Collectors! What Three Things Do You Wish Policymakers/Commanders/Analysts Knew About Your Job? (RFI)

Back in the early 90's I was looking at the Balkans.  I had a bunch of info that made me think there was a small, unidentified weapons cache that needed to be confirmed.

I was very proud of myself.  I had narrowed the search area down to about 10 square kilometers.  At the time, I just so happen to be collocated with the imagery collectors so I went down and asked them, "Hey, can you find this cache for me?" I suspected we had the images and I thought it would be a relatively straightforward task.

I already know what all the IMINT collectors out there are thinking.

"What a dumbass!"

And you are right.  I was a dumbass.  But what happened next changed my attitude about intelligence collection activities forever.

The senior photographic interpreter took me over to a light table (yeah, it was that long ago...) and handed me a huge photo and what amounted to a jeweler's loupe.  "Knock yourself out," he said.

It took me only minutes to realize the enormity of the task that I had casually tried to pawn off on the IMINT guys.  Trying to find something so small in an area so large was an incredibly difficult and time consuming affair.

Over my career as an analyst, I was lucky enough to have similar experiences with professionals in other collection disciplines.  Understanding the challenges and capabilities of collectors made me, I think, a better, more efficient analyst.

I am teaching a class this term where I am trying to get my student-analysts to come to many of the same realizations.  Called Collection Operations for Analysts, the goal of the class is to make them more aware of the challenges and capabilities of HUMINT/Primary Source, IMINT, SIGINT, MASINT and even OSINT collectors.

SO...I need your help!  I would really like to give my students the perspective of working collectors.  I am NOT looking for anything classified (of course) or overly technical.  I am looking for the top three things collectors in each of these disciplines really wish that analysts, primarily, but also policymakers, decisionmakers at other levels, commanders with limited intel background and maybe even the general public understood better about their collection discipline.

For example, if I were a SIGINT collector, I think I would want the people I support to have a better feel for just how much stuff there is out there.  The volumes of traffic are huge in this collection discipline and even the largest organizations' ability to collect, process, translate and interpret are incredibly small.  I think if more people had an appreciation for this fact of 21st century communications, some of the stupider things said about SIGINT ... well ... wouldn't get said.

But don't let me put words in your mouth!  This is your chance, collectors!  And I am not just interested in national security collection, either.  I would love to hear from law enforcement and business professionals and even from SAM's international audience!

You can drop a comment below or, if you are uncomfortable with that, drop me an email at kwheaton at mercyhurst dot edu.

Thanks!

The New HUMINT?

A few months ago, I wrote an article on the Top 5 Things Only Spies Used To Do (But Everyone Does Now).  In that article I stated that one of those things (the #2 thing, in fact) was to "run an agent network."

I equated our now everyday activity of finding and following various people on LinkedIn or Twitter to the more traditional case officer activities of spotting, vetting, recruiting and tasking agents.

While I meant that article to be a bit lighthearted, over the last several months I have been exploring this idea with some seriousness in a class I am teaching with my colleague, Cathy Pedler, and a group of very bright grad students.

The picture above gives you an inkling of the progress we have made.

In this class (called Collaborative Intelligence - "How to work in a group while learning how groups work"), we have focused our energies on critical and strategic minerals.  I have already written about this course (if you want more details go here), but suffice it to say that, recently, we decided to use our new-found skills in social network analysis to see if we could solve a traditional HUMINT problem:  "Who should we recruit next?"

Every case officer knows that their agents' value are not only measured in terms of what they know but also in terms of who they know.  Low level agents with an extensive network of contacts within a targeted area of interest are obviously valuable, perhaps even more valuable than the recluse with deep subject matter expertise.

Complicating the case officer's task, however, is the jack-of-all-trades nature of the traditional HUMINT collector.   Today, the collector needs to tap into his or her agent network to get economic information; tomorrow, political insights; the next day the need is for information to support some military or technological analysis.

Only an expert case officer with deep contacts can hope to be able to respond to the wide variety of requests for information.  In today's fast moving, crisis-of-the-day type world, the question becomes "Where can I find good sources of information ... on this particular topic ... quickly?"

Twitter to the rescue!

You see, the image I referred to earlier began as the 11 lists of Twitter users the 11 students in my class were currently following as they studied critical and strategic minerals.  The students had found these Twitter users the old fashioned way - they bumped into them.  That is, they found them on blogs or in news articles that talked about strategic mineral issues and they followed them on Twitter in order to stay current on their postings.  Since each of the students has a slightly different portfolio (the students are broken into three teams, national security, business and law enforcement and then, within those teams, each student has an area of specific interest), their lists have some common sources but many different ones as well.

The natural next question is, "Who are my sources of information following?"  Using NodeXL to collect the data and ORA to merge, manage and visualize it, the students rapidly discovered who their "agents" were following.  Furthermore, we were able to discover new people to follow -- Twitter users that many people on our initial lists were following (implying that they were potentially very good sources of information) but that the students had not yet run across in their research.

The picture got even more interesting when we merged the results from each of the students.  Once we cleaned up the resulting picture (eliminated pendant nodes, color coded the remaining Twitter users by team, etc), the students had identified over 50 new sources of information -- Twitter users who were posting information relevant to the issue of strategic minerals and vetted by many of the Twitter users we had already identified -- that we had never heard of.  You can see this more focused set of Twitter users in the image below.

While this sounds exciting (and it was, it was...), trying to listen to over 50 new voices seemed to be a bit overwhelming.  The question then became, "Of these 50, which are the 'best'?"

The traditional answer involves following all of them and then, over time, sorting out the wheat from the chaff.  Most people don't have that kind of time; we certainly didn't.  We needed another way to sort them and, thankfully, Twitter itself provides some potentially useful answers.

The first answer, of course, is to look at the number of "followers".  This is the number of Twitter accounts that claim to follow a particular person or organization.  In general, then, the sheer number of people who are following a particular person is a rough measurement of their influence and, by consequence, importance to a conversation on a particular topic.

Most twitterati don't put much credence in gross tallies of followers, though.  Anyone with a twitter account knows that only a relatively small number of their followers are actively engaged with the medium.  Some studies have also indicated that a third or more of these followers are fake or, even worse, bought and paid for.  While this is typically true on some of the most widely followed accounts and is significantly less likely to be true among the people who are tweeting about rare earths, for example, it is still a cause for concern.

Twitter again offers a solution to this problem but it takes a little work to get it.  The key is Twitter's List feature.  Twitter allows users to create lists of people; subsets, if you will, of the larger group of people a particular user might follow.  For example, I have a list of competitive intelligence librarians (there are actually quite a few on Twitter).  Lists are a way for people to follow hundreds or thousands of people but narrow and focus that chorus in a way that is most useful for them.  It allows the savvy Twitter user to filter signal from noise.

Twitter allows a user to not only look at their own lists but to know how many lists other people have created with their name on it.  This is important because it takes time and effort to create and curate a list.  It is almost certain that you have not been placed casually on a list.  Being placed on a list is an indicator of credibility; being on lots of lists even more so.  Like followers, though, the number of lists is still pretty rough and does not give the best sense of the value of a particular Twitter user to his or her followers.  Thus, while the number of lists you are on is not a bad indicator, many people like to use the list-to-follower ratio to assess overall credibility.

In other words, if you had 1000 followers and every one of them had placed you on a list, you would have a list-to-follower ratio of 1.  If only 500 had placed you on a list, then your list-to-follower ratio would be .5.  In practice, list-to-follower ratios of .1 are rare.  Based on my experience a list to follower ratio of .05 is very good and a list to follower ratio of .03 or lower is more typical.

While I am certain that there are automatic ways to collect the data you need from Twitter, we simply crowdsourced the problem.  Dividing the list into 11 pieces, we were able to quickly and accurately collect and deconflict the various data we needed including number of lists and number of followers.  In the end, we were able to rank order the 50 top Twitter users talking about Strategic Minerals in a variety of useful ways.  In all, including the teaching, it took us only about 6 hours to get from start to Top 50 list (For the complete list and more details go here)..

And here is where the analogy breaks down...

Up to this point, we were able to fairly confidently connect traditional HUMINT ideas and activities with what we were doing, much more quickly, using Twitter data.  The analogy wasn't perfect but it seemed good enough until we put the students -- the "case officers" -- into the network.  They stuck out like sore thumbs!

Case officers in traditional HUMINT networks need to be working from the shadows, pulling the strings on their networks in ways that can't be seen or easily detected.  Trying to lurk on Twitter in this sense just doesn't work, however.  My students, who are following many people but are not followed by many, became very obvious as soon as they were added to the network.  The same technology that allowed us to rapidly and efficiently come up with a pretty good first cut at who to follow on Twitter with respect to strategic minerals, allows those same people to spot the spammers and the autofollow bots and the lurkers and even the "case officers" pretty easily.

Back in my Army days we used to say, "If you can be seen you can be hit.  If you can be hit, you can be killed."  Social media appears to turn that dictum on its head: If you can't interact, you can be spotted.  If you can be spotted, you can be blocked.

It turns out, it seems, that the only way to be hidden on Twitter is to be part of the conversation.

Top 5 Things Only Spies Used To Do (But Everyone Does Now)

There has been a good bit of recent evidence that the gap between what spies do and what we all do is narrowing -- and the spies are clearly worried about it.

GEN David Petraeus, Director of the CIA, started the most recent round of hand-wringing back in March when he gave a speech at the In-Q-Tel CEO Summit:

"First, given the digital transparency I just mentioned, we have to rethink our notions of identity and secrecy...We must, for example, figure out how to protect the identity of our officers who increasingly have a digital footprint from birth, given that proud parents document the arrival and growth of their future CIA officer in all forms of social media that the world can access for decades to come."

Richard Fadden, the Director of the Canadian Security Intelligence Service (CSIS), added his own thoughts in a speech only recently made public:

"In today's information universe of WikiLeaks, the Internet and social media, there are fewer and fewer meaningful secrets for the James Bonds of the world to steal," Fadden told a conference of the Canadian Association of Professional Intelligence Analysts in November 2011. "Suddenly the ability to make sense of information is as valued a skill as collecting it."

Next I ran across a speech given by Robert Grenier, a former case officer, chief of station and 27 year veteran of the clandestine service, given at a conference at the University of Delaware.  In it, he describes the moment he realized that the paradigm was shifting (and not in his favor):

"Grenier said he came to realize the practice of espionage would have to change when he received a standard form letter at a hotel overseas, while undercover, thanking him for visiting again.  When he realized electronic records now tracked where he had been for certain date ranges, he said he knew the practice of espionage was going to have to change.  “It was like the future in a flash that opened up before my eyes,” Grenier said."

(Note:  While I could not embed the video here, the entire one hour speech is well worth watching.  The part of particular relevance to this post begins around minute 8 in the video.   This is, by the way, fantastic stuff for use in an intelligence studies class).

Finally  (and what really got me thinking), one of my students made an off-handed comment regarding his own security practices.  I needed to send him a large attachment and I asked for his Gmail account. In response, he gave me his "good" address, explaining that he only used his other Gmail address as a "spam account", i.e. when he had to give a valid email address to a website he suspected was going to fill his in-box with spam.

That's when it hit me.  Not only is it getting harder to be a traditional spy, it is getting easier (far easier) to do the kinds of things that only spies used to do.  The gap is clearly closing from both ends.

With all this exposition in mind, here is my list of the Top 5 Things Only Spies Used To Do (But Everyone Does Now) -- Don't hesitate to leave your own additions in the comments:

#5 -- Have a cover story.  That is precisely what my student was doing with his spam account.  In fact, most people I know have multiple email accounts for various aspects of their lives.  This is just the beginning, though.  How many of us use different social media platforms for different purposes?  Take a look at someone you are friends with on Facebook and are connected to on LinkedIn and I'll bet you can spot all the essential elements of a cover story.  Need more proof?  Watch the video below:


The only reason we think this ad is funny is because we intuitively understand the idea of "cover" and we understand the consequences of having that cover blown.

#4 -- Shake a tail.   It used to be that spies had to be in their Aston Martins running from burly East Germans to qualify as someone in the process of "shaking a tail."  Today we are mostly busy running from government and corporate algorithms that are trying to understand our every action and divine our every need, but the concept is the same.  Whether you are doing simple stuff like using a search engine like DuckDuckGo that doesn't track you or engaging "porn mode" on your Firefox or Chrome browser, or more sophisticated stuff like enabling the popular cookie manager, NoScript, or even more sophisticated stuff like using Tor or some other proxy server service to mask your internet habits, we are using increasingly sophisticated tools to help us navigate the internet without being followed.

#3 -- Use passwords and encrypt data.  Did you buy anything over the internet in the last week or so?  Chances are good you used a password and encrypted your data (or, if you didn't, don't be surprised when you wind up buying a dining room set for someone in Minsk).  Passwords used to be reserved for sturdy doors in dingy alleyways, for safe houses or for entering friendly lines.  Now they are so common that we need password management software to keep up with them all.  Need more examples? Ever use an HTTPS site?  Your business make you use a Virtual Private Network?  The list is endless.

#2 -- Have an agent network.  Sure, that's not what we call them, but that is what they are:  LinkedIn, Yelp, Foursquare and the best agent network of all -- Twitter.  An agent network is a group of humans who we have vetted and recruited to help us get the information we want.   How is that truly different from making a connection on LinkedIn or following someone on Twitter?  We "target" (identify people who might be useful to us in some way), "vet" their credentials (look at their profiles, websites, Google them), "recruit" them (Easy-peasy!  Just hit "follow"...), and then, once the trust relationship has been established, "task" them as assets ("Please RT!" or "Can you introduce me?" or "Contact me via DM").  Feel like a spy now (or just a little bit dirtier)?

#1 -- Use satellites.  Back in 2000, I went to work at the US Embassy in The Hague.  I worked on a daily basis with the prosecutors at the International Criminal Tribunal For the Former Yugoslavia.  That collaboration, while not always easy, bore results like the ones that led US Judge Patricia Wald to say, "I found most astounding in the Srebrenica case the satellite aerial image photography furnished by the U.S. military intelligence  (Ed. Note:  See example) which pinpointed to the minute movements on the ground of men and transports in remote Eastern Bosnian locations. These photographs not only assisted the prosecution in locating the mass grave sites over hundreds of miles of terrain, they were also introduced to validate its witnesses’ accounts of where thousands of civilians were detained and eventually killed."  It is hard to believe that only 12 years ago this was state of the art stuff.

Today, from Google Earth to the Satellite Sentinel Project, overhead imagery combined with hyper-detailed maps are everywhere.  And that is just the start.  We use satellites to make our phone calls, to get our television, and to guide our cars, boats and trucks.  We use satellites to track our progress when we work out and to track our packages in transit.  Most of us carry capabilities in our cell phones, enabled by satellites, that were not even dreamed of by the most sophisticated of international spies a mere decade ago.

-----------------------

If this is today, what will the future bring?  Will we all be writing our own versions of Stuxnet and Flame?  Or, more likely, will we be using drones to scout the perfect campsite?  Feel free to speculate in the comments!

Modern Spies, An Excellent BBC Documentary

One of our sharp-eyed alums just informed me of an excellent new BBC series called Modern Spies.  It appears to be focused primarily on the HUMINT side of the business but it does include interviews from active officers in MI6, MI5, the FBI and CIA.  The full series does not appear to be available through the main website to people outside the UK but episode 1 (embedded below) is available through YouTube.

Evaluating HUMINT Source Reliability (McGill Research Blog)

Prof. Will McGill points to a recent paper in Law, Probability and Risk on assessing the competence of human sources. The authors of the journal article, David Schum and Jon Morris (of George Mason University and the CIA, respectively), argue that there are four major categories of questions one should ask to determine the reliability of a human source. According to Will's excellent summary of the article, the fours big categories are:

• Competence (or is the source qualified to the provide information?)
• Veracity (or does the source believe what he/she is saying?)
• Objectivity (or was the source’s belief based on the evidence obtained by the source?)
• Observational Sensitivity (or how good was the evidence obtained by the source?)

Underneath each of the main categories there are a variety of different questions that should be asked to determine the overall evaluation for each category. Will breaks these down as well in his blog post.

HUMINT: Counting Cash As A "Tell" (Metacafe via Asterpix)

A very interesting video came out a couple of weeks ago that purports to show how different regions of the world count cash. I wasn't sure if the info in the video was correct or not so I went on a bit of a snipe hunt to see if I could find still images of people in various parts of the world counting cash so I could confirm the assertions made in the video. Generally, the assertions appear correct (although there were some exceptions). You can see the video below and my comments after it.

(Note: I have taken this opportunity to also highlight another new service I found, called Asterpix. Asterpix allows you to take virtually any video on the web and annotate it. As you watch this video you will notice rectangular shaped boxes flashing weakly on top of the video. If you mouse over the box, you will freeze the action and you can read my notes and even go to the sources I found that I think confirm or deny the accuracy of the video. I found Asterpix to be drop dead easy (though I wish they had some sort of a bookmarking feature so you could easily go back to a place in the video you wanted to mark). Like Comiqs.com, this is a production tool well worth knowing about).




It occurred to me while watching this video that the way a person counts cash could act as a "tell". In poker, a "tell" is a predictable but unconscious pattern of behavior that signals the strength of one's hand. For example, if you tapped your fingers every time you had a good hand without knowing that you did it, that would be a tell.

Perhaps counting cash is similar. While this video has been out there for some time, so I am sure the sophisticated operators are already planning on how to use this info to signal that are someone they aren't, there may be a number of places (on patrol in a marketplace, for example?) where it would be possible to use this kind of info to gain additional insight into the people around you or with which you are dealing. It is very interesting to me, for example, that the way Iranians and Iraqs count cash are, according to the video, very different. Perhaps this is something that the Army's Human Terrain Teams could confirm or deny...

Likewise, if anyone knows if any of the info in the video is true or false for a particular country, please leave a comment.

With Spies Like These... (Washington Post)

Many people believe that the lack of human intelligence resources, among other things, led to the US intelligence community's mistaken belief that Iraq still had WMDs. Since then, there has been a good deal written about and apparently done to increase the US's clandestine capability.

It is this conventional wisdom that is going to make this Washington Post editorial so controversial. The author, Joseph Weisberg, believes that such spies, even if they existed, "wouldn't have made any difference."

Other highlights:

• "Ever since the inception of the CIA, the operational side of the agency has both believed in and spread the fantasy that foreign agents can provide vital secret intelligence that will clear up great mysteries, change the outcome of wars or prevent terrorist attacks. But this view of intelligence is a myth."

• "Intelligence from almost all CIA assets is unreliable for the simple reason that so many of them are double agents, meaning that the CIA recruited them but that they are being controlled by their own countries' intelligence services."

• "This does not mean that there isn't some useful intelligence to be gleaned from various human sources -- just that these sources aren't always going to be recruited agents and that they aren't going to prevent terrorist attacks or change the outcome of wars."

Related posts:

In Praise Of Open Source
Nada Nadim Prouty: Inevitable