Op-Ed: Gasp! The CIA uses open-source intelligence!by Steve Ragan - Nov 7 2011, 09:48
While I gladly wear a tinfoil hat at times, I’m confused as to why some people are concerned by the fact the intelligence community monitors public communications. Last week’s story from The Associated Press, which focused on the CIA and its use of OSINT, shouldn’t shock or surprise anyone at all.
The Associated Press (AP) recently visited a plain-looking building in Virginia, which is used by the CIA (Central Intelligence Agency) and staffed by a team of “vengeful librarians” to sort massive amounts of OSINT, or Open Source Intelligence. The CIA calls this location an Open Source Center.
OSINT, believe it or not, is often a key source of information that leads to actionable intelligence. It’s all around you, because OSINT is anything and everything publically available. Today, social media holds a wealth of OSINT sources, thanks to Facebook, LinkedIn, Twitter, countless blogs and news websites, as well as video channels such as YouTube. OSINT also includes public records.
After the AP story ran, pundits expressed shock because the CIA was “spying” on people via social media. News headlines warning people to “be careful” with what they say on Twitter, because the CIA “may be watching”, made the rounds all weekend long.
It’s a needless worry, because most of what the CIA is doing is no different than what reporters do when following developing events. When a story breaks, journalists will follow breaking news on Twitter or, in some cases, Facebook, in order to amass immediate information and reaction.
So what is the CIA doing? As the AP report explains, it's doing its job. Earlier this year, the CIA monitored the reaction on Twitter to the news that Osama bin Laden had been killed. It also monitored comments here stateside, but most of the aforementioned “vengeful librarians” watched the reactions in China and Pakistan.
Remember, the world first learned of Osama's death on Twitter, long before it was confirmed by televised media. So the comments monitored by the CIA, in addition to location, assessments of mood, and overall tone of the Twitter posts, were collected, sorted, and compiled in a report delivered to the White House.
An interesting side note is that the location and other regional data came from two sources of OSINT. The first was the location data provided by the commenter themselves, by enabling Twitter with the power to display the area where the Tweet was sent from, and the second was language. This is how the CIA was able to report that China and Pakistan were not pleased with the news that the terrorist leader was dead.
When it comes to the CIA monitoring what is said on Twitter or other social mediums, it isn’t worth working yourself into a panic. These are public outlets for communication.
It really isn’t the CIA’s fault that people give away so much private information, or openly talk about anything and everything with complete strangers. Nor is it the CIA’s fault when criminals discuss things publically, which can then be tied to information collected via wiretaps or actual clandestine operations.
OSINT is just public information that is collected and sorted to add layers to the bigger picture. Yes, OSINT can be used against someone by the government, but the CIA isn’t the only agency to collect this sort of information. Every government has an intelligence agency, and they are well aware of the value of public records and information.
Likewise, criminals can watch you too. When the personal information on Wall Street executives and major political players is posted to the Web, a majority of it (names, phone numbers, email addresses, home addresses, tax information, etc.) comes from public record, the very definition of OSINT.
When you merge public records with social media, you get additional confirmation of existing data in many cases, which is the key, as you have to know the intelligence you’re collecting is legitimate.
So again, the idea that an intelligence agency, be it the CIA, FBI, MI5, MI6, or Mossad, collects and monitors public information should shock no one. If you want to worry about social media-monitoring and government activities, worry about persona management.
In June of 2010, the Office of Air Mobility Command within the U.S. Air Force wrote a proposal asking for the installation of persona management software.
The request was for 50 user licenses for software that would allow 10 personas per user. In all, this is a virtual army of 500 personas, which can be centrally controlled by a small group of people.
According to the bid submission, personas must be “…replete with background, history, supporting details, and cyber presences that are technically, culturally, and geographically consistent.”
“Individual applications will enable an operator to exercise a number of different online persons from the same workstation and without fear of being discovered by sophisticated adversaries. Personas must be able to appear to originate in nearly any part of the world and can interact through conventional online services and social media platforms. The service includes a user friendly application environment to maximize the user's situational awareness by displaying real-time local information.”
Details on the persona story can be found here.
In the end, nothing can be done about the CIA watching Twitter or other social mediums. When you post to social platforms, what you’ve written is in the public domain, so anyone--even the government--can see it and analyse it.
This may alarm you, but the only options you have are to leave the social world entirely or limit your social interaction on places like Twitter and Facebook to a select few, and to keep all postings private and away from public view.
However, doing so sort of defeats the whole 'social aspect' of social media.
[This editorial is the opinion of Steve Ragan and does not necessarily reflect the opinions of staff attached to either The Tech Herald or the Monsters and Critics (M&C) network. Comments can be left below or sent to [email protected]]comments powered by Disqus