To me personally, intelligence and security organisations offer a unique epistemic challenge, e.g. how do you go about gathering knowledge about objects in the world that are secretive and deceptive? I'm not going to go into that philosophical aspect much, but one fruitful route (among others) is to look at counterintelligence, operational security, and deception operations in historical and academic literature (of course, there are meta-epistemic issues here, how do we know that these sources are fruitful?). This allows us to get an insight about the properties/characteristics of secretive and deceptive events, people, and objects.
Notes from Godson's Dirty Tricks or Trump Cards.
First up is the notes from Roy Godson's Dirty Tricks or Trump Cards: US Covert Action & Counterintelligence. In particular the notes are from Chapter Five. Godson is an intelligence scholar. The book covers both covert action and counterintelligence at a historical and a higher conceptual level (the strategic uses of CA and CI, high level principles of these, etc). The book is definitely worth reading if you want a knowledge of how they go about covert actions (covert propaganda, money and support to guerrillas, paramilitary groups, organisations, agents of influence. Assassinations, and various other aspects of covert action). I won't be taking notes on this section of the book, as I'm more interested in the security aspect.
How can counterintelligence help advance policy? The key answer is offensive defense.
The essential components of first class counterintelligence:
(1) Counterintelligence analysis (as distinct from positive intelligence analysis).
(2) Counterintelligence collection (as distinct from positive intelligence collection).
(3) Counterintelligence exploitation. This uses the products of (1) and (2) to exploit adversaries.
(1) Counterintelligence analysis
The key aspects of (1) are:
(1a) Analyzing key secrets that need protection.
(1b) Assessing vulnerabilities in (1a).
(1c) Assessing adversary capabilities and motives towards (1a).
(1d) Counterdeception analysis.
(1e) Support for operations.
(1a) Analyzing key secrets that need protection.
Ascertaining what really needs protection is the place to begin. What secrets need top protection in a powerful, technologically advanced country?
Godson quotes a number of priorities in order:
- Secret Priority One: "... strategic command and control systems, location, and characteristics of strategic weapons; the information processing circuits that such weapons depend on; and specific plans for the use of these weapons and for the defense of leaders and retaliatory forces."
Secret Priority Two: "The details of the government's relations with scores of other regimes around the world. In the absence of an immediate common threat, relations among states can be particularly strained. Adversary governments or groups may use both overt diplomacy and propaganda and covert action to split up allies and isolate and discredit certain states."
Secret Priority Three: "... The plan one state uses in negotiations with another -- for instance, where the state is prepared to make concessions, where it will draw the line."
Secret Priority Four: "Government protection of proprietary technology," as "a state's military and economic capabilities depend on ... technological superiority."
Secret Priority Five: "States also need to protect their own clandestine operations -- the collection of intelligence, and influencing events abroad. In the United States this is called Operational Security (OPSEC)."
(1b) Assessing vulnerabilities in (1a).
"Vulnerability needs to be assessed at the beginning of a major project."
Godson also notes that vulnerabilities may change in time, due to policy or social factors.
(1c) Assessing adversary capabilities and motives towards (1a).
"After defining the defensive perimeter ... the next job of counterintelligence is to analyze what areas foreign intelligence is targeting and assess its ability to reach those targets ... One of the clearest indication of an intelligence service's true interest is what it chooses to target, that is, what its human and technical sources are being tasked to collect or influence."
(1d) Counterdeception analysis.
"Identifying the clandestine means a foreign government uses to manipulate perceptions and actions. Foreign intelligence services are often used by their governments to deceive and to manage perceptions of adversaries."
Deception has three requirements:
- Deception requirement one: "It must be founded on strategy or policy. Deception for deception's sake serves little purpose."
Deception requirement two: "If one succeeds in convincing the adversary of something, will the adversary respond with action or not?"
Deception requirement three: "Deception must be buttressed by an orchestrated plan."
"Clever deception operations use a variety of techniques -- SIGINT, HUMINT, diplomacy, media, rumours, and propaganda -- to prevent the enemy from learning a plan in its entirety, in other words, to keep him scrambling after pieces of the puzzle ... A reliable feedback channel to gauge the adversary's reaction is helpful, if not essential, so that future messages can be constructed to reinforce any conclusions ... It is critical to protect the deception plan itself and the real strategy being concealed."
"If other states are seeking to control or alter perceptions by manipulating foreign collection and analysis, counterintelligence analysts can respond with counterdeception analysis. By mirroring the steps involved in foreign perception management, counterintelligence analysts protect their own government from manipulation. They may try to identify any foreign government objectives that could be furthered by a deception plan. Military operations usually (and economic and diplomatic operations often) employ a deception plan to achieve surprise and thereby to increase the chance of success. Counterintelligence analysts need to examine their own government's collection modus operandi to determine its vulnerability to foreign deception."
"Counterdeception analysts must identify how foreign governments perceive their target as reacting to certain information. Is the target reacting to or merely ignoring attempts at perception management? Counterdeception analysts also need to identify who is conducting the perception management. Are there deception planners in the foreign country? Where are they located? What are their objectives-- what are the specific tasks of their agents, and what do they us to "learn" about their secret military plans? Counterdeception analysts would also do well to learn the foreign country's operational security procedures, which could unlock the deception plan. If they are really good, analysts may be able to discover the information or activity that deception is trying to cover."
(1e) Support for operations.
Here Godson outlines how counterintelligence analysis can be used in support of counterintelligence operations. He outlines two major analytical tools: Pattern analysis and Anomalous behavior analysis.
Pattern analysis is, "guides to the general behavior of foreign intelligence and foreign counterintelligence."
"By collating the experience of many foreign counterintelligence operatives over a long period of time, counterintelligence personnel can detect patterns that may be of great assistance in deciding where and when to concentrate their surveillance of suspects."
"By analyzing patterns of behavior it is sometimes even possible not only to identify foreign intelligence professionals, but also to specify those who are successful and in what type of operations they are succeeding, thus tipping off counterintelligence operators."
Godson gives an example here of adversary intelligence officers being promoted fast in some niche field (like weapons technology). This might imply that they have a spy within that field.
Anomalous behavior analysis, "seeks out strange or puzzling behavior pointing to a counterintelligence problem even before it is known to exist ... There are various kinds of anomalous behaviors that might tip off an analysis about a foreign intelligence service's successful operations." These include:
- Strategic behavior. When an adversary changes their behavior based on secret information.
Ostensible coincidence. If a series of coincidences occur, you should start seeking out alternative explanations. Since coincidence can "lead to exposure," intelligence organisations will act in ways that make them appear not well informed, less their intelligence source gets outed.
Personal behavior. Are there changes in the personal behavior of an individual?
Next up in my notes is Counterintelligence Collection from the chapter in Godson's book. I will endeavour to have them up in a week or so.