John Coyne’s recent Strategist post raises some interesting questions for intelligence agencies and their paymasters; namely, what are the capabilities that agencies require to continue to protect our security, and what’s a reasonable expectation of their success in doing so?
The role of intelligence agencies has evolved, a point noted by Barack Obama in January 2014. Rather than just collecting information on states for the use of policymakers, they’re also expected to pre‑empt attacks planned by organisations in remote parts of the globe, closer to home or both, that by their nature can’t be easily penetrated by human sources. Those organisations are also now increasingly aware of how to avoid technical collection methods using readily available encryption technology and good operational security measures. In this environment, there’s a need for new thinking on intelligence collection and management, and a better understanding among policymakers on what intelligence agencies are actually capable of.
Similar to John and David Lang’s Strategist posts, Thomas Rid observed shortly after the Paris attacks that ‘the encryption train has left the station’. Rid further notes that the Trans-Pacific Partnership includes a clause prohibiting signatory states from banning or regulating encryption. However, the most difficult discussion isn’t about encryption—it’s about looking at how security and intelligence agencies will collect and analyse information to produce actionable intelligence against the next generation of national security threats.
In the wake of the Paris attacks, reports are emerging that there was information stored on government databases that, if identified as information of interest and connected with other data, may have given an indication of the plot. Events such as Paris inevitably prompt renewed pledges to streamline the sharing of information, but information sharing in and of itself isn’t the answer to preventing future tragedies.
The principal challenge for intelligence agencies isn’t necessarily collecting more information. Greater diversification of collection sources is a critical need, but without the means to collate and make sense of the vast repositories of information made available in the digital age, that’s only a half measure. Additional technological solutions will be critical to sorting the wheat from the chaff, and more creative recruitment and training methods for analysts will be critical to make use of the information provided in more innovative ways, perhaps overcoming the lack of imagination noted by the 9/11 Commission as one of four key failures that attack revealed.
It’s been estimated that in 2014 there were 204 million emails sent every minute of the day, and Google processes about 20 petabytes of data every day. The amount of data available to intelligence agencies exceeds the capacity of governments to maintain human analysis assets. In this environment, more effort needs to be applied to technical means of cataloguing and classifying information, and more importantly, to automating data mining and analysis to better identify patterns and anomalous behaviour at a scale not possible with human analysis, such as the Bayesian Learning Program that is partly funded by DARPA and the US Air Force. This is even more critical for states like Australia that have access to the enormous collective knowledge of the Five Eyes enterprise. As John notes, this is particularly critical as signals intelligence declines as a source of actionable intelligence.
With more efficient technical identification of people and networks of interest, intelligence agencies can expend a greater amount of effort on a smaller number of targets, better utilising human analysis personnel. That has obvious benefits, one of which is the ability to overcome some of the challenges of end-to-end encryption by accessing the devices the messages are sent to. Other collection techniques can also be more efficiently targeted, including human sources, surveillance and imagery, to build a rich picture of actors and their networks.
The other challenge for intelligence agencies is shaping expectations of their ability to detect and pre‑empt threats to security. Countless historical events teach us that intelligence agencies are fallible, if only because they are working to predict events that often fall outside regular expectations. Beyond the unexpected, the hunt for Bin Laden, and Saddam’s weapons of mass destruction should give some further indication of the limits of intelligence in contemporary circumstances. However there’s some expectation, possibly perpetuated by dramatic portrayals of intelligence agencies, that they’re all-knowing. Even as they work to more efficiently manage and use information collected from traditional and new sources, intelligence agencies need to work with their paymasters to better shape their expectations of what isn’t possible.
The 13/11 attack in Paris and the intelligence ‘failures’ that occurred demonstrate ongoing issues in both the collection and analysis side of the intelligence production cycle, and more broadly, unrealistic expectations about the ability of intelligence and security agencies to prevent or pre‑empt attacks. More effort should certainly be placed on developing better links between organisations that have information that’s of intelligence value and those agencies that need it. Information sharing is undoubtedly a key aspect to defeating the next generation of threats. Sharing that information in a meaningful way is the challenge that must be overcome. The solution to this will involve both humans and technology, but automation would appear to be critical to sifting the ever increasing amounts of data.