Media accounts of the WikiLeaks publication of CIA cyber collection capabilities will no doubt focus over the next few days on the sexy particulars of those programs and whether or not U.S. intelligence is using these tools to undermine privacy here and abroad.
Far less attention will be paid to the fact that, once again, after the expenditure of large amounts of human and financial resources, U.S. intelligence will see critical technological collection capabilities exposed to friends and adversaries alike. At some point, the question has to be asked: can the intelligence community keep a secret?
The issue here isn’t vulnerability to the typical case of espionage where country X is able to gain access to classified reports or plans—as damaging as that may be. The issue is the seeming inability to keep secret the tools, the methodologies themselves, by which we collect intelligence against foreign targets. Once again, it seems, someone with access to a top secret, compartmented program, was able to spirit out a massive amount of material about how the intelligence community goes about its business.
Although the WikiLeaks publication of what it has dubbed the CIA’s “hacking arsenal” and Edward Snowden’s pilfering and release of documents about NSA’s cyber collection capabilities are the most recent examples, the problem itself is decades old. In the late 1950s and early 60s, low-level functionaries at NSA were able to provide the Soviets with information on that agency’s technological prowess in reading Kremlin and Red Army communications. In the 70s, a young TRW contractor in California handed the KGB station in Mexico City critical data on an American satellite system capable of listening in on various Soviet radio and microwave networks. Next to go was a handbook on America’s most advanced photographic spy satellite, the KH-11, provided to Soviet intelligence by a low level CIA employee. Then in the 1980s, an NSA employee gave away a top secret Navy program that involved tapping underwater Soviet communication cables.
Such losses in technical collection are important precisely because human collection—spying—is neither for the faint of heart nor for anyone looking for a high percentage of success. It can pay off in big ways, but it’s unlikely to fill the gaps in information American policymakers want when it comes to the most difficult and sophisticated targets.
Recruiting, vetting, and protecting one’s agents is just plain hard to do, and in the case of the US, the record shows just how hard. One could probably count on one hand the number of high-level Soviet or Warsaw Pact spies recruited by the CIA during the Cold War. Moreover, we now know that a high percentage of agents supposedly in the employ of U.S. intelligence in places like Cuba and East Germany were actually “double agents,” working for the very services and governments they were being paid to spy on. Add to that the devastation caused by “moles,” such as the CIA’s Aldrich Ames and the FBI’s Robert Hanssen, who not only identified to Soviet and Russian intelligence the catalogue of human assets working for U.S. intelligence but also provided the very methods and techniques used to run those spying operations.
Given the vagaries and uncertainties of the human spy business, employing American technical ingenuity has always been a way of trying to stay ahead of opposition when it comes to intelligence collection. But, unlike human collection operations, where the number of people “in the know” can be limited, technical collection efforts often require a large number of personnel to develop, test, and then put into operation. And a lot of that work, especially once a program is up and running, will be managed by a team, sustained by technicians, and, for reasons of cost and expertise, involve contractors. That’s a lot of hands in the pot; not all will be taking home large paychecks, but all know they are handling some of the country’s most valuable gems.
Compounding the difficulty of keeping these newest collection systems secret is the fact that the explosion in information-age systems, which provide the target-rich environment for U.S. intelligence to operate in, are the same systems the community uses to exploit, collate, and share information. Closed networks are obviously safer than open networks, but they are still networks with vast amounts of data potentially available.
And, finally, there is no getting around the fact that globalization, both politically and technically, has created an environment in which no small number of individuals believe that the “internet of things” should be free of the kind of state-centric competition that justifies and guides the work of intelligence agencies. Proud of their cyber savvy but perhaps relegated to mundane technical tasks, it’s not difficult to imagine just one or two individuals deciding to take things in their own hands and expose capabilities that should remain hidden.
There is no complete solution to this counterintelligence problem. But one would hope that these most recent leaks will drive both the intelligence community and the oversight committees of Congress to ask why we seem to do such a poor job of keeping these invaluable techniques secret.
The views expressed by contributors are their own and are not the views of The Hill.