In my March 6 talk for FIBiS, I highlighted how digital technologies are changing the strategic landscape for Poland (and for all other nations). I suggested that digital technologies are a “Formal Cause” in geopolitics (i.e. that they have structural geopolitical and cultural effects).
In the 27 April, 2019 issue of the US magazine Foreign Policy, in the article “The Spycraft Revolution,” espionage expert Edward Lucas raises another important aspect of digital technology for intelligence professionals to recognize: its impact on espionage tradecraft. Geopolitical strategists have entered a new world, and so have intelligence collectors. Lucas outlines how.
First of all, Lucas acknowledges that digital technologies may give closed, authoritarian societies a structural edge over democracies. While Europe, Japan and America debate the appropriate limits on public use of technologies like facial recognition or location tracking, authoritarian states simply deploy them. “Intelligence oversight”, “privacy concerns” and “location tracking” are not terms that come up much in Russia, China or Iran.
Lucas next highlights how digital technologies have blurred the traditional boundary between public and private sector intelligence work. Up to now, the private sector seem to touch the world of intelligence mostly as a source of technical innovation. Now it is hitting HR. Increasingly, it is acceptable in some countries to switch back and forth between public and private sector intelligence work. Such revolving doors have benefits, but they also carry risks to the integrity of the services. In addition, such job-hopping erodes the mystique that espionage practiced on behalf of the state used to carry and may undermine the public’s assumption that the services are the guardians of the nation.
Beyond those high-level issues, Lucas highlights one obvious feature of digital life that is often overlooked by the layman but is of vital importance to special services: traditional spycraft has always relied on deception based on identity. Fake identities are increasingly difficult to sustain. An intelligence officer’s “cover” that would have been entirely credible two decades ago can now be unraveled with a few minutes on Google, Facebook and LinkedIn. Say you adopted a cover as an archaeologist to travel to the Middle East. Your papers are in order, you have a LinkedIn profile that backs up your story, the right “pocket litter” and you intend to roam the region using that identity. Counterintelligence (CI) specialists in the least sophisticated of nations can now take you aside at the airport and quickly verify questions like: how many scholarly papers have you published in archeological journals? Has your photo appeared anywhere that isn’t consistent with your background story (for example, do you show up in a friend’s Facebook post at a diplomatic reception in Mexico City four years ago? If so, are you ready to talk about Aztecs, too?) Perhaps you claim that you don’t use social media, so your picture is nowhere. OK, but in some age groups and professions, that’s an eccentric choice (to say the least). You will get a closer look for that reason alone.
Even if an adversary’s counterintelligence people appear to accept your archaeological cover at face value, do your activities in the country match your stated purpose? That’s easy for them to verify. Like everyone in the digital world except the very young, the very old and the very poor, you carry a personal tracker at all times. Your phone! Do you have a new number for your cover? Suspicious. Most people keep the same number for years, so that is an easy CI red flag. Or, after a few weeks, do your movements in country cross the path of one of their people already under suspicion? To the experienced CI eye (or CI algorithm), your phone plus the suspect’s phone’s movements may indicate a brush pass occurred. Expect new attention. Even if you venture out without your phone, what sort of surveillance detection routine will you perform in Singapore, where next year 110,000 lamp posts will have facial recognition cameras attached? Good luck servicing a dead drop! In the digital world, any anomalies – habits, hobbies, movements, the use of special apps on your phone, participation in online games, etc. – can be highlighted by AI, and thereby attract CI attention.
In the digital world, CI isn’t even necessarily conducted by states. Look at what Bellingcat was able to achieve investigating the Russian would-be assassins of Sergei Skripal. Because digital technologies ultimately enhance memory, everything most people do in much of the world is being recorded. In that world, open source, gray market and private databases can achieve feats that the KGB in the heyday of the USSR could not have matched!
Lucas acknowledges that intelligence services are not helpless before these challenges. They can quickly train – but use only once – so called “clean skins”, people who are exactly who they say they are. That option, however, is expensive and opens new risks, and is hard to achieve at short notice. To a degree, technologically sophisticated and rich countries can simply throw money at creating cover identities that can withstand the sorts of scrutiny above. Again, however, that route is difficult, expensive and prey to new CI techniques.
Where does that leave midsized nations like Poland? At the turn of the last Millennium people spoke of a “digital divide” forming between the citizens of rich countries and citizens of poor countries. A new digital divide is opening between rich and poor intelligence services.
Apart from cover problems for human assets, digital technologies open other novel issues for special services. In the analogue world, numbers just symbolized things; in the digital world, numbers do things. This distinction matters because as intelligence services begin to penetrate an adversary’s network, even from abroad, it will not be clear whether they are seeking to learn things (the traditional realm of intelligence) or do things (like shut down a network in preparation for an attack or to disrupt an election). Solid attribution of a penetration does not begin to solve this blurring of the line between espionage and warfare. International norms and Cyber codes of conduct – the espionage “rules of the road” from the pre-digital era – have yet to catch up to these questions. Given Poland’s frontline position, Cyber norms are a pressing matter. Just ask our Ukrainian and Estonian neighbors.
Finally, Edward Lucas highlights another reason mid-sized, law-bound countries like Poland may struggle in the digital era: the rise of “lawfare”. Ask William Browder about Russia’s abuse of the Interpol Red Notice System. Browder was lucky to have American power behind him. Moreover, not only do the minions of authoritarian governments make use of the financial infrastructure of the free world to evade sanctions and to stash their wealth, they also use its legal system. Witness Cambridge University’s Press’s capitulation in the UK to Russia in 2014, when they dropped the late Karen Dawisha’s book Putin’s Kleptocracy: Who Own Russia? for fear of libel suits (it was ultimately published in the US, where the court system is less claimant-friendly, and then in the UK). Law firms often have the expertise to unravel complex financial schemes, but will smaller intelligence services have the budget to buy that expertise? Lucas quotes a Western spy chief to the effect that finding $100,000 USD to bribe a North Korean would not be a problem, but finding the same sum for forensic accountants and specialist lawyers would be unacceptable.
In short, FIBiS has drawn attention to the need for Polish intelligence analysts to consider the geopolitical impact of digital technologies. Now, Edward Lucas has highlighted digital’s specific impact on spycraft. Formal Causes cause new forms, and digital is changing Poland’s strategic and its intelligence landscape. Are the right people in Poland listening?
Dr. Milo Jones is an Associate of FIBiS and a Fellow of the Center for the Study of Digital Life, a US not-for-profit strategic research group dedicated to understanding the effects of digital technologies on civilizations. He is the co-author of Constructing Cassandra: Reframing Intelligence Failure at the CIA, 1947-2001, published in 2013 by Stanford University Press.
 Edward Lucas is the author of numerous books bearing on this topic, including Spycraft Rebooted: How Technology is Changing Espionage, The Snowden Operation: Inside the West’s Greatest Intelligence Disaster, and Cyberphobia: Identity, Trust, Security and the Internet.