On spies and stratagems/Agency
For an organization to be declared as a spy agency (involved in espionage), it only suffices that a structure exists that permits for agents working on its behalf to engage in sanctioned covert operation.
Most if not all spy agencies are also referenced as intelligence agencies or services. It is not uncommon for police forces, criminal organizations and even private investigators to function and use spy techniques and procedures for espionage also referred as "spy-craft"/"trade-craft" or simply "craft" , sometimes also referred as "dark arts". For operations that focus in gathering and processing information, infiltration of other organizations and the subversion of their competition. A simple example would be how police forces attempt "to turn" assets from the opposing side, creating in fact double agents.
The larger portion of spy agencies are directly controlled by national governments or due to "the nature of the business" have governmental oversight. Most often the management of such enterprises is done indirectly via a specialized and distinct (from the rest of the government) hierarchical structure. The power and activities of information services are extremely susceptible of being abused, and history proves that it is so. Dirty deeds do prefer to be done in the dark. This creates a constant need to utilize an often contrived monitoring system, as to balance keeping activities secretive, move responsibility away from blame and the maintain the possibility of deniability. This creates a continuous paradox that often leads to the question "Who watches the watchers?" (from the Latin, Quis custodiet ipsos custodes?), that does not only addresses the access to the information but the responsibility and oversight of the agencies activities.
"Secrecy is maintained not to keep the opposition . . . from knowing what’s going on, because the enemy usually does know. Secrecy exists to keep you, the American public, from knowing what is going on, because in many ways you are the real enemy."
– Victor Marchetti, Former Special Assistant to the Deputy Director of the CIA
There is not only the problem of abuse but also that in an open society, especially if democratic, the people would not sanction some of the activities of those agencies and subsequently would repudiate their own governments. This of course is not a problem with the people but in the quality of governance and the level of education/information of a society.
If citizens were properly informed of the factual dangers and necessities, not the artificial ones that collaborate in the prevalent and common obfuscation procedures, there would be a better use of these resources/services and if the increased transparency was reciprocated by other governments, a better world would soon be possible.
What we have today is a middle ground, were closely connected governments/states share these services and information to the common benefit of those governments (not specifically their citizens). This has recently been further exacerbated by globalization where the political power or influence being no longer only based around national interests, but since the cold war started to orbit the defense sector, in special the defense corporations, that have not only themselves become multinationals (or enterprises with multinational investments), but economic interests in general have taken center stage over moral superiority and general good. Most large corporations today will have sections dedicated not only to mass collect and process information, even spy on competitors but also in the function of a myriad of Institutes that, if not active spying, generate reports and intelligence plans/analysis based on often sensitive secret information or simply work to shape public opinion.
This of course is also something that occurs in any other secretive organization, even from the area of organized religion or cults to varying degrees, any institution or organization that does not have to be subject to public scrutiny will have private information that it will actively protect and an interest in acquiring intelligence that can further help its members or realize their own goals.
Another consideration is that most medium to large scale enterprises will have an invested interest in monitoring and gathering information not only on the general public, often reduced to the simpler status of consumers, but their active employees and the background of future ones, in fact this is a microcosms representation of some of the concerns that exist at state level, but in this case the information agency will be the humans resource section.
It is common for spies never to talk about the agency by name outside of a secure involvement, they will use a less obvious nomenclature like "the family", "the shop", "the circus", "the outfit", "the tool-shed", "the firm" and other terms that will be mutually understood by those in the know but innocuous to third parties listening in on the conversation. This is also standard operating procedure (SOP) for most undercover, criminal and secret organizations. The development of "in-house" specific language will not only obfuscate but permit to easily detect leaks.
It is interesting to note that the use of specific and distinct nomenclature not only helps creates a private language for those in the know but serves also a secondary purpose at times. As form of a barrier or psychological protection, that not only cleans up "the business" but often enough helps to create a distantiation from events and actions or even a depersonalization to the unnatural human interactions.
Of the different spy agencies, the little that is known must be understood as a small glimpse of what truly exists and how they operate.
The Intelligence Community
Hierarchical and sequential structures, especially popular since Gutenberg, are usually forced and artificial. Intertwingularity is not generally acknowledged — people keep pretending they can make things deeply hierarchical, categorizable and sequential when they can't. Everything is deeply intertwingled.
– Ted Nelson, November 10 1998?.
State Agencies have legally delegated responsibilities and should comply with international law and treaties. As we will see later in greater detail a state agency, should primarily serve at least the primary objective of preserving the security of the state, both internally and externally. Including the social and political stability of the nation. Security of the state is generally defined as "National security" and is generally divided, even compartmentalized, into external and internal services. It is worth noting that state agencies can control and use private organizations, depending only on the local legislation (or capacity to subvert it). It often hinges on the way a government legislates on matters that regulate personal information, person and capital movement and imports and exports of goods and services, this includes armament and intelligence or restricted know how and technologies. For instance under the US Patriot Act the FBI, Justice Department and other agencies can issue National Security letters that allow the government to access to information on finances and communications without oversight from a judge, including that of American citizens and those that receive the requests are legally obliged not to disclose to anyone that they have even received the request. This type of broad access to personal information is extremely rare in democratic societies.
- United States of America
- United States Secret Service
- Central Intelligence Agency (CIA)
- National Security Agency (NSA)
- United States Department of Defense (DoD)
- United States Navy SEALs
- Defense Intelligence Agency (DIA)
- Air Force Intelligence, Surveillance and Reconnaissance Agency
- United States Strategic Command (USSTRATCOM)
- United Kingdom
- Military Intelligence, Section 5 (MI5)
- Secret Intelligence Service (SIS) also referenced as MI6.
- Special Reconnaissance Unit also known as the 14 Field Security and Intelligence Company (internally "The Det") and operates in Northern Ireland at present (2018) under the cover name "Northern Ireland Training and Advisory Teams (Northern Ireland)" - NITAT(NI).
- Special Boat Service (SBS)
- New Zealand
- Bundesnachrichtendienst (BND) (Federal Intelligence Service)
- Directorate-General for External Security (Direction Générale de la Sécurité Extérieure, or DGSE)
- Direction centrale du renseignement intérieur (Central Directorate of Homeland Intelligence, DCRI) a merge of the old Direction de la Surveillance du Territoire (DST) (Directorate of Territorial Surveillance) and Direction Centrale des Renseignements Généraux (Central Directorate of General Intelligence)
- Agence nationale de la sécurité des systèmes d'information (ANSSI) (English: National Agency for Computer Security)
- USSR (referenced for historic reasons, see Russia for active agencies)
- East Germany (referenced for historic reasons, see Germany for active agencies)
- Czechoslovakia (referenced for historic reasons, see Czech Republic and Slovakia for active agencies)
- Direction générale de la surveillance du territoire (General Directorate for Territorial Surveillance, commonly referred to as the DGST or the DST). Prior to 2005 it was known as the Direction de la Surveillance du Territoire (DST).
Coalitions and Multi or supra-state agencies
- RAND Corporation
- SRI International (SRI) (originally founded as the Stanford Research Institute)
- Center for Strategic and International Studies
- Centre for Strategic and International Studies (Indonesia)
- Gulf Research Centre
- General Dynamics
- Northrop Grumman
- Hakluyt & Company
- Vupen, a French security firm that sells secret software exploits to spies and government agencies. In 2012 the company's CEO Chaouki Bekrar stated that the company only sells to NATO governments and 'NATO partners'.
- Search for International Terrorist Entities (SITE), previously an institute now redefined as an intelligence group.
- European Strategic Intelligence and Security Center (ESISC)
The inclusion of firms like Google and Face book is mostly due to the size of the data they have access to, this is the case with any multinational corporation especially those that work ares of interest to state security, communications or basic infrastructure. Even if they may not be actively spying, beyond they internal interest, they may be leveraged into doing so. There enterprises are an optimal tools to monitor, shape and survey not only populations in a group but even down to personal interests.
As an example to how in 2007 Yahoo admitted to providing their internet user information to the Chinese government, leading directly to their arbitrary arrest, long-term detention, and abuse and torture, while arguing that in was done in compliance with Chinese law. This international firm decided that its local businesses interested relations supplanted U.S. law and international human rights standards.
This can today occur in a scale that has never been done before. Of particular note is the close relations these enterprises have with intelligence agencies. They do not provide unique services and there are many other similar enterprises but they are flagships in their fields of action. Any other firm that manages personal information in large numbers would be as prone to be used as a governmental tool, but these two also establish a business plan around the information gathered.
But not all organizations have a registered front or presence, or even a declared interest in covert activities, from criminal organizations to some decentralized civic movements there are a group of interests that can only be differentiated by labels.
- Organized crime (Mafia, Triads, Yakuza, etc...)
- Insurgent movements, that range from guerrilla, radical, revolutionary, anarchist, terrorist and other irregular organizations, will also be running intelligence operation. These are needed to identify targets, infiltration opportunities as well as actively engaging in relations with other underground operations, for instance as a way to obtain financing (the IRA was know to provide training to South American drug cartels). Most times there is also a interchange of operatives and resources across outfits, by intention (as an infiltration or support action) or simply by the operative's outright conversion.
The epitome would be for instance the case of Ali Mohamed he was reportedly a CIA double agent and a Egyptian Islamic Jihadist, it is very hard to define at what level he operated, since he could be a simple CIA plant. That is the strongest viewpoint since it removes all implications of extensive incompetence in detecting his activities by the USA and provides further evidence for the artificial creation of the Al-Qaeda umbrella designation, that fails even as a conceptual structure. Leading to an open affiliation claim that should not be taken serious (akin to the problem with establishing affiliations in other ad-hoc distributed groups, like for instance the Anonymous movement). We then get things like Al-Qaeda in the Arabian Peninsula (AQAP) that in accordance with the SITE Institute even runs its own online magazine in English language, Inspire.
- Hactivists, groups of people that work together on the Internet and restricted social circles that pursue a common political goal. In a report about 2011 Verizon stated to have determined that 58% of data stolen resulted from hacktivism.
Any organization that fights to expose secret documentation, planing or activities are engaged in intelligence gathering and dissemination activities.
- Public Intelligence (http://publicintelligence.net/)
As we saw secrets are not limited to political ideologies or military and economic interests. They, as information in general, are about power, control and imposing a specific order or simply a mindset, and so those that intent in pursuing the control of any type of power will ultimately find themselves into conflict with the interests of other groups. Things often devolve to a situation illustrated by the "axis of evil" of George W. Bush that intentionally oversimplified things in an effort to exacerbate polarization. This "you're either with us, or against us" than often comes underlines with the "It's that simple!" (when in fact it isn't) is always a deception of sorts.
Organized religions (or cults) are no different, if not only for self preservation and protection, as a way to exert control over their followers and manage external public opinion. At times even engaging in active operations nefarious to general human society, they are not only information agencies but prime targets for activity monitoring and profiling. Religion due to its communal appeal that often bypasses general society is a fertile ground even promoter of for zealots and fanatics. The semi-open nature and extensive often highly evolved information and relationship network it creates has been many times used as a base to terrorism and a stepping stone to politician power in fact religion was at the core of all political system until the creation of the republican system and the the move toward laicism.
Often religious organizations are thought by the general public as archaic institutions or simple organization but nothing would be far from reality. Most rely on very complex hierarchical structure and often with internal layers of compartmentalized access. They actively collect, shape and disseminate information and seek influence over society in general.
Most agencies have a somewhat open and public face, this requires not only to offer as front man, someone that takes social political responsibility for the agency's actions, maybe a director and a sub-director, but often these, top fronts, do not have themselves a direct control over operations and may receive only filtered reports. Not only because of the risks for security but by the simple power that they would be able to wield especially if they themselves had any latitude in determining the nature and target of the operations the agency would perform.
Most intelligence agencies have very strict areas of operation. Their responsibilities are varied, they may include execution of several types of tasks even exclusively (as part of a larger intelligence network), tasks like planing, operations, monitoring and reporting, analysis and proposals that can themselves be further split into other various specializations.
A state agency, should primarily serve the interests of the state, however it depending on the state's political structure this may reduced to the interests of a particular government (for example in a dictatorship), it all depends on how nation state interests are interpreted. Some state agencies have reduced scope of operations, for example the public police. In this case its operations becomes directed to the specific function, even if it is normal to exist a large degree of interaction, the sharing of information is generally bottom-up, and there is a delegation of specific functions to the specialized agencies in accordance with the legal requirements, for example counterfeiting, terrorism etc.
One should however note that state security agencies are often excluded to participate in general criminal investigations, because doing so could expose their capacities, structure and agents. This is why there is a separation between the criminal police that often has its own information service and state security agencies. In 2012 in New Zealand in a famous criminal investigation case against Internet tycoon Kim Dotcom towards his extradition to the U.S, this type of problem came into painful realization of the GCSB (Government Communications Security Bureau, NZ state agency). There is even the case that operation requirements may not even be compatible, for example the legal requirements would be different between listening in on communications from a citizen in a criminal case and a known terrorist in a national security operation.
One core objective it to preserve the security of the state, both internally and externally. This is done in several ways, from information gathering and security to the planing for the furthering of state interests at home and abroad.
One other consideration is that any spy agency will often collaborate or subcontract to other enterprises, as a way of increase obfuscation or deniability or simply because they do not have the proper knowledge or resources.
In case of a private agency the interests to protect are often reduced to the maintenance and extension of profitability, since there are specific companies that offer intelligence services to third parties the objectives may be very fluid depending on what is contracted, from the examination of internal security process to the background checks, to corporate espionage (intellectual property and strategy).
As we have seen before agencies (not only state agencies) tend to aggregate. Resulting from these type of collusion or at least convergence around common goals a virtual "ecosystem" is created. The nation that has the better funding becomes the apex predator in a world of finite possibilities, acting as to create a state of subservience and dependency on the other national agencies that share its sphere of influence. This permits not a real sharing of efforts, since trust becomes layered but a power structure that not only exert control but helps to predict interactions. To a point smaller agencies to stay relevant start to act primarily not to the benefit of their own state interests but on maintaining good relations with the stronger partner and the world information stage becomes populated by closely aligned blocks where only the most rich nations have a real say, loosely mirroring what happens in the world's economical and political stage.
Private sector spy activities are more common in the USA. The reason why the USA has so many on the private sector involved in intelligence (or spy), activities is mostly explained by three major reasons.
Historical reasons, since the US has been in some sort of armed conflict for the last decades, it would suffices to understand that politically and economically the US never exited completely the WWII conflict (in the intelligence sense), especially directed toward the ex-USSR, leading to the Cold war against the "communist" ideology. Then we have the Korean war that is in perpetual stand-off but not ended.
The second reason is economical, due to how the US managed to position itself after WWII, it was permitted to take almost unilateral control of the global economy, one need look no further than how the dollar became the reserve monetary currency, this of course makes US economical interests and technologies a prime target for competing powers.
The last reason is sociological, how the US social structure has developed, long before WWII, to serve self interest above the state interest. From the outside one may look to the US as a single nation but internally the US has always been fractionated by being a federated state, where internal competition is almost as fierce as external international pressures (one need to just look how state borders evolved). Add to this the prevailing individualistic mentality that is even fostered on the nations constitution and even simpler security matters becomes a concern for the survivability of the federal government. Then last cornerstone is how society also has been shaped by an economy based in consumption and credit (more than production) and how publicity and marketing and media in general have evolved in the USA as to serve as a social planing and shaping tool, more than anywhere else.
- There is no enemy
To the agency, there is no static enemy. There are allies and the opposition, in an ever changing field of operations. Todays "enemy" may be tomorrows ally or even an asset to be leveraged, trader or lost in the pursue of the agency's goals.
The goals of an agency and its legal framing define its operational responsibilities, or areas of interest and responsibilities. This is the core defining aspect of any agency and the type of information that it will deem relevant and the assets that will require to operate.
Terrorism and Counter-terrorism
Information and asset management
This includes suppression, creation and dissemination of information with the goals of protecting the agency specific interests or as a aid to meet its goals.
Information and assets acquisition
Information and assets classification
"in the clear"
"in the black"
Cases are handled often handled by a case officer (CIA), a bureaucratic spy that manages all assets, analysis and planing concerning a given operation. To some degree it acts as a spy ring leader controller, as the contact in the agency.
- Multiple layers
- Security levels
Other security and planning aspects
A blow-back is not simply a public relations crisis. But can have retaliatory repercussions, from the public or the competitions. If grave enough it can even lead to a declaration of war.
While a public relations crisis may threaten the long term survival of an organization, and for this reason, many organization's business continuity planning include PR crisis responses to control the delivery of bad news, the initial statements made to media and thereby control first impressions. A successfully managed PR crisis may actually improve public opinion about an organization. A poorly managed PR crisis may eventually bankrupt an organization.
The agency operational security rests primarily on the commitment of its personnel. More than any other type of institution a spy agency must at all times threat all personnel as security risks. Intentionally, due to negligence or weak standards of operation, most breaches of information tend to reside in the human factor of the agency.
In December of 2012, the NDB (Swiss spy agency) was forced to inform other agencies that shared with it their counter-terrorism information that it had been compromised by one disaffected senior IT technician, that may have stolen massive data (several terrabytes) from the Swiss intelligence service's servers onto portable hard drives. It was believed he intended to sell to foreign officials or commercial buyers. (See Reuters article)
Stand-down procedures are pre established security protocols, in the form of routine steps, that are required to safely abort or disengage from a particular action.
- Spy ring
A front is normally a seemingly private enterprise with no direct relation but set up and/or under the control of the spy agency, as to facilitate or provide cover for its activities or specific operations.
Useful types of fronts include law firms, news agencies, banks, air transport agencies, shipping agencies and housing agencies, all useful to hide the activity and offer support for operations.
In the private sector it is more difficult to establish a front (to hide the fact due to legal requirements) or justify these sorts of expenses, it is however normal to acquire (or by subcontract) other specialized firms and hide the relation within the parent's company and financial reports.
A black site may indicate any type of secret facility, under the agency's control (or of a friendly power). This is not the same as a safe house, that will be covered later, but indicates a secret complex, a mid-to-long term infrastructural asset of the agency with a specific purpose, for instance for manufacturing bombs, counterfeiting currency or like the CIA started to use the term to indicate an agency operated prison.
The cold war concept
Ever increasingly, technology controls all human interactions, this motivates spy agencies seek control, even by subversion, of any protocol, automation or electronic devices (ie. phones, automobiles, etc...) and software as a way to pursue their goals. Going beyond their normal interest in developing new technologies themselves for a multitude of functions, like information gathering, observation, signal processing and others, to a point that they may even actively promote and generate generally adopted options that will provide the agency an advantage.
The constantly evolving field of science and technology is not itself only one specific battleground but a source of indispensable resources to keep superiority over all other fields of action. One common term today is "cyber war" or "cyber warfare", and governments spend millions in plans to build up defenses and secure their digital boarders, most of it is simple rhetoric, even with purposes of extending control or suppressing some civic liberties, but lurking in the background ins the increased realization that we live today in a digital world. Operation that previously needed physical presence of agents can be done remotely and information collected and analyzed like never before.
Technological options selected to benefit the agency control and security concerns will not necessarily be the for the general public (non-adversary agencies).
Considerations about standardization and normalization
Standardization of methods, procedures, operations and technology is a sword of two edges in regards to security. Establishing a pattern or modus operandi permits not only to facilitate identification amongst a confusing background, of actions and agents but also deviations from expected norms. This is not only useful to maintain security put to identify leaks or note the opposition. The same concept is also at the core of the issue in regards to heterogeneous and homogeneous options in regards to security, be it of general outlook (like in uniforms) or intrinsic characteristics that can be easily accessed to permit or prevent easy targeting.
In the case of technologies keeping the enemy restricted to a defined set eases any attacks and the required know how, creating even the possibility to leverage supply and production paths of those technologies for the purposes of the agency. This is a core issue in regards to the adoption the agency of any technology, from weapons to computers to vaccines, in targeting any technological system of the opposition.
Photocopiers and Scanners
Signals and Intercepts
Channels and paths
Analog versus Digital
Most spy techniques predate not only the digital revolution but even the industrial revolution, so many of them are adaptations to a new reality and very few are innovative in themselves but exploration of the offering of the new realities, like the stealing of machinery and factory blue prints or even time tables of a production line and reliance in mass production goods in place of skilled craftsmanship was an evolutionary step in facing the industrial revolution, today the subversion of digital systems, utilization of digital storage, indexing and analysis represent the simple continuation of ancient methodologies to satisfy the same old needs regarding security and control.
The cyberwar meme, is a public relations meme, it could even be categorized as a marketing plot since the only real innovation falls into the realm of pure business interests and lacks the maturity and clarity than any innovative security concern requires. To put this into context, the concept of "cyberspace" is not something new, the concept predates even the rise of the Internet and it was first conceptualized in science fiction, including a general view of all its implication, some of them we haven't even yet been realized...
The Internet, or better yet the interconnected world, that in reality has no special relation to the Internet, as it does not start or ends in that particular network, is but the most recent addition to our plane of existence in regards to information. As such the digital world will of course reflect and extend all what is the the human experience. Simply a new tool that at best extends and modifies old security paradigms rather than create new ones.
Todays networked world has simply extended the previously battle field. From the information revolution emerged the information warfare, relegating to the wasteful clashing of standard armies as something of the past, something that should be ultimately avoidable. New wars will be mostly about information and conquering minds. From the choreographed battles that were the norm until the Napoleonic wars and the US civil war, war has that evolved into the mass production of death and misery with a need to account the statistical and mathematical erosion of combatants and resources as seen on WWI military action and from there it has been moving away from a symmetric confrontation to asymmetric confrontation, a lesson learned from battle fields of the European decolonization process and the Vietnam War. In the field of intelligence the same thing has happened sooner, especially since WWII with the concept of active resistance and the saboteur, asymmetry and subversion has gained an ever increasing level of importance, something that became doctrine with the rise of Nuclear weaponry and has endured since the end of the Cold War.
Today standard armies utilization will not occur unless the outcome is perfectly expected, even finding enemies for a conventional war is becoming harder due to how we are now living in a global economy that is fast becoming interdependent due to the huge shift of the consumer vs producer relation, in geography and in society in general due to technological advances.
Previous to the new interconnected reality, cyberwarfare was reduced to small scale infiltration, interference (monitoring and corruption) of communications. All involved direct human intervention at some point, not anymore. Today these activities, if time is not a pressing factor, can be done remotely, even automated and by being non-centralized they become extremely hard to detect.
Cyberwarfare raises the costs of the informational infrastructure, due to the monitoring, logging, hardening and redundancies it requires and implies. Ultimately it still is an information game, those that control the technology (hardware and software) production will control the battlefield.
The Internet has brought us all more together, even our secrets. It does not reflects todays realities but permits to never forget one's mistakes.