Big brother sees all: Keeping clandestine cover in the digital age

By Mahmut Aytekin



Intelligence is known to be the second oldest profession throughout the history of mankind. It is made up many procedures and protocols, and primarily deals with clandestine operations. Within the analog age, intelligence was primarily focused on ‘human intelligence’ otherwise known as HUMINT. Human’s were at the center of collecting data and intelligence from the field, and bringing them back to the agency for analysis to create forecasts in regards to national security and other types of operations. Human’s were the key and driver in intelligence collection. As a result of globalization, the world has become much ‘smaller’ in this regard. Data can be accessed much easier through cyber-space with a few clicks of a button. Social security numbers and car registration plates could be run with results coming about in a few seconds. With this ‘shrinking’ of communications, this has also had its toll on the intelligence community in both positive and negative aspects. Data could also be accessed much easier as stated earlier. Open source intelligence with means of social media could be accessed easier; profiles could also be created more quickly. The advancement of cyber-technologies and platforms has also had a negative toll on clandestine operations of intelligence agencies. Cover identity is essential for clandestine intelligence work. It provides a means to perform an intelligence operation without getting caught. The digital age has made cover identities harder to keep as all electronic devices have digital ‘footprints’ and produce ‘digital exhaust’ (Lord, 2015: 668).

This paper will first look at the definitions of intelligence, clandestine operations and ‘digital exhaust’ to set the theoretical foundation of the paper. Secondly, this paper will provide insight into intelligence in the analog age, and compare it with current works in the digital age. An emphasis will be put on cover identity and the risks the digital age brings. Finally, recommendations will be made as to how cover identity could be maintained and protected better.

A definitional view of intelligence, clandestine operations and ‘digital exhaust’

According to Clark (2007), Intelligence ‘in its simplest form is about information. Who needs or wants certain formation, where that information is to come from, the manner in which it is to be handled, who will learn about it, and how it is going to be used are all matters central to a discussion of intelligence’ (Clark, 2007: 1).  Johnson (2010) on the other hand describes intelligence as a process stating ‘National security intelligence can refer to more than an information product though. It can refer to a process as well. Although it is easy enough to state the core purpose of intelligence providing information to policymakers the challenge of actually gathering, assessing, and delivering useful insights to those who make decisions is an intricate matter’ (Johnson, 2010: 6). On a final note, according to Lowenthal (2014), intelligence is divided into three parts: intelligence as a process; intelligence as a product and intelligence as an organization (Lowenthal, 2014: 387). Intelligence as a product refers to ‘the means why which certain types of information are required and requested, collected, analyzed and disseminated, and as the way in which certain types of covert action are conceived and conducted’ (Lowenthal, 2014: 387). Intelligence as a product is the product of the processes previously stated, these includes analysis and intelligence operations. Finally, intelligence as an organization is referred to by Lowenthal as the ‘units that carry out various functions in this process’ (Lowenthal, 2014: 387-388).

A clandestine operation on the other hand involves ‘an intelligence operation conducted by governmental departments or agencies to assure secrecy or concealment. It is carried out in such a way that the operation goes unnoticed’ (, 2017). Clandestine operations differ from covert operations. Clandestine operations differ from covert operations whereby the ‘identity of the sponsor is concealed in covert operations’. On the other hand, the operation itself is concealed with clandestine operations (, 2017).

Digital exhaust refers to the ‘data generated as trains or information byproducts resulting from all digital or online activities’. It consists of ‘storable choices, actions and such as personal files, cookies, temporary files and even information that is generated for every process or transaction done digitally. In terms of clandestine operations ‘this data could be very revealing about an individual’ (Technopedia, 2017). According to Kin Western, once the data is combined, ‘very rich profiles of people can be created’ (, 2015)

Then and now: Analog vs Digital

The process of intelligence and the intelligence community (IC) itself has gone through two ‘revolutions’ throughout its history: the analog revolution and the digital revolution. Both these revolutions within intelligence were as a result of the ‘overflooding’ of data. The analog revolution coming about in 1914 with World War I had allowed for mass-production intelligence systems to become possible, resulting in military and diplomatic advantages. According to Warner (2012), the analog revolution resulted in six major effects beginning from World War I: 1) any nation who desired to project its power beyond its border had to build newer and larger intelligence organization based upon industrial methods and resources. Emphasis in this regard was put in agility, adaptation and innovation 2) as large quantities of data from signals and imagery intelligence were being dealt with, the birth of data-management had come about. This had resulted in a need for analytical methods and analysts. This revolutionized military operations and intelligence 3) huge vulnerabilities were resulting from the asymmetric progress between security measures and intelligence collection systems. Innovations of technology had included flaws that were being broken into 4) Intelligence sharing with industry and coalition partners had become imperative because of the large amount of data that was being dealt with and labor sharing amongst the intelligence community 5) Relationships between the intelligence community became more important 6) Intelligence systems had become unique whereby they were not able to be replicated for multi-use. In this regard, a single intelligence architecture had to be used for strategic, tactical and operational purposes (Warner, 2012: 142-143).

The digital revolution had drastic changes in the application of communications and technology. While premodern intelligence was slow and unreliable with information coming from the source to the government, the digital revolution had found ways out of this problem. Information with premodern intelligence was primarily from one source, this being human intelligence. Reports were written from agents on ground and sent to the responsible government. The digital revolution brought about new technologies such as signals intelligence to conduct mass surveillance with means of a coordination centre and listening posts. The digital revolution with its benefits has also brought weaknesses’ as well. One main weakness is the overreliance on digital products and sources. This over reliance can has sometimes blinded analysts and organizations to the threats present. The digital revolution has brought a fine line between first world and third world countries. Intelligence budgets have skyrocketed, and distorted priorities for watchfulness as well (Wark, 1993). The postwar period had also seen a rapid development in devices specifically designed for clandestine operations such as the U-2 reconnaissance plane and the initiation of the US space program (Barger, 2005: 89). Finally, Warner (2012) has stated that the digital revolution has brought about major developments, these being cyberspace, the shift of human memory to electronic archives, and the ‘democratization of innovations that case cause narrowly tailored or widespread economic or even physical harm’ (Warner, 2012: 144). Intelligence agencies have to update their doctrines utilization at the moment as most of them have been devised from the analog revolution (Warner, 2012: 144), this includes keeping undercover while performing clandestine operations.

How to keep cover? Cat and mouse in the digital age

The advancement of technology with its benefits have also brought dangers to the world of intelligence, primarily the hardship undergone to keep ones cover in an age of big data and rapid data analysis (Frank, 2015: 96). The digital age has brought about open-source databases that are open to the public. Private firms have also created databases that can be accessed via paid memberships (Agarwal, 2017:  13-14) . One main advancement in databases is the creation of biometric databases that contain scans of finger prints and retinal scans as well (Lee, 2015; Aftergood, 2014). According to Clark (2014), disguises such as wigs, hats, fake beards and a change of clothing have all played very important roles in clandestine intelligence operations, but this may all end with the utilization of biometrics as advanced pattern recognition algorithms are at play. One the one hand, biometrics allow for defense against unauthorized access to physical and virtual spaces (Clark, 2014). But with the development of technologies, samples of skin, blood, retinal scans and finger prints can be run throughout a database with a video of a clandestine intelligence operator to pinpoint the identity of the intelligence officer within a few hours (Brannen, 2015; Aguilar, 2015; la Fraga & Coello, 2011: 3-4).

In addition to biometrics, a second form of digital tracking now is that of social media platforms, primarily Twitter, Facebook, Instagram and Linkedin. Social media platforms allow for digital footprints of the everyday user. A simple search engine now can bring up many details from social media platforms and alternative databases. Based on this, a new form of intelligence titled ‘Social Media Intelligence’ (SOCINT) has been developed primarily for tracking social media platforms for terrorism activities (Omand,Barlett & Miller: 2012: 803). Donohue (2015) states that social media data means three things: 1) The data recorded in terms of social media activities can be accessed. With social media, data that previously was not accessible about individuals can now be accessed with ease 2) this data can be analyzed with levels never seen before. Mathematics, special algorithms and network analysis can be utilized to generate new knowledge of links between people, including clandestine intelligence officers 3) Private information can be gathered and put together with information from other channels of intelligence, thus allowing for deeper understanding of the individual (Donohue, 2015: 1062). This form of tracking can also currently be used for counter-intelligence practices as well, aiding in the validation of cover taken up by the intelligence officer.  Within the analog age, a cover was easily created with a fake ID, passport, business card and a letterhead (The Economist, 2015). Currently, covers created need to hold up to scrutiny by security personnel (Gioe, 2017: 217). Open-Source intelligence does have its weaknesses though which can be exploited by other agencies. Firstly, the analysis of data coming in from open-source intelligence needs more expertise than regular analysis because of the amount of big data coming in. Analysts who have no knowledge of the issue regarding the data collected will be having a hard time picking up on key points and connections. Secondly, the analyst may also look at open-source intelligence with confirmation bias. Finally, open source intelligence is seen as ‘less-confirmable’ because of its nature. Data coming in could be seeded into the digital arena for speculation or misinformation (Koseli, 2011: 49-50).

From what we can understand, clandestine operations are becoming harder to perform with the expansion of intelligence technologies. Operations and covers need to be planned accordingly. Special emphasis will need to be put on cover and ways to keep it.  Intelligence agencies in this regard will need to plan out operations going to take place in a much wider space of time. This is needed for the cover designed to ‘mature’ and keep real. An operation going to be conducted six months later will need to have its cyber-identity and cover created four to five months prior to the operation to make it look more legitimate. Fake documentation needed for the clandestine operation will then be created according to the social media profile created the operative/ operatives executing the operation.

Social media platforms such as LinkedIn, Facebook, Twitter and Instagram can be utilized for counter-espionage purposes (Krekel, 2016).  Typically, in a counter-espionage operation, three things are kept into perspective to measure out the success or failure of the operation: 1) Has the data or signals sent out for counter-espionage purposes reached the adversary or location? 2) Has the data used for speculation and cover reached the adversary? And 3) Has the adversary shifted into the psychological frame in which we want and made the conclusions we needed? (Ozdag, 2013: 173). Letterheads and business cards were enough to keep cover before. Now, personal websites for the cover, alibis, social media accounts and visual material such as photos and videos will need to be designed for clandestine activities. This will then be fed into the digital realm where the adversary will pick up this cover and filter it as legitimate.  If they cover is created smart, analysts analyzing open-source intelligence will not suspect of the cover created (Sulick, 2016).

A second problem is that of not being able to use the cover created for more than a few months. As biometric measures are in play, and electronic passports are utilized more and more (Goodin, 2010), covers will need to be changed much quicker. The same cover will not be able to be utilized for clandestine purposes. Cover will need to be changed from country to country. This will allow for tracking of the intelligence officer to much more difficult.  For counter-espionage purposes, multiple ‘expendable’ covers can be created to divert attention of the actual cover being used, and take the heat off the cover being utilized in a clandestine operation.

A final point is the advancement of technology for surveillance and tracking purposes. Closed circuit cameras in hotels and other venues can be used for identification purposes. In addition to cameras, credit card machines, cell phones possessing gps capababilities and other electronic devices omitting signals can also be used to blow covers of intelligence officers (Zahradnik, 2017). In the process of a clandestine operation, additional personnel and equipment will also be needed to disengage closed circuit cameras and other equipment which may be used for identification purposes. For this additional technical training will be needed for intelligence officers who have a specialization in cyber-technologies. This can be done with jammers to be utilized in the process of the operation or surveillance equipment of the venue being hacked by the operational team. Denial of Service (DDOS) attacks can so be initiated by the team to disengage CCTV cameras present (Fadilpasic, 2016; Chitransh, 2017)


Much has changed in national intelligence for espionage and counter-espionage purposes with the digital age.  Human intelligence is seen to be of ‘less importance’ as a result of being able to conduct surveillance from listening posts such as that of the five eyes project between Australia, America, England, Canada and New Zealand (Hanna, 2017).  Cell phones could be listened to, internet traffic could be monitored, all creating digital exhaust on the internet, and thus able to be used with network analysis to create relationships and identities for intelligence officers conducting clandestine operations.  As the development of technology aids in surveillance and tracking, intelligence agencies will need to develop techniques and technology to overcome this for their own operations as well. Social media in this sense can be used for counter-espionage purposes. Additional training will also need to be provided to specialist intelligence officers to be able overcome closed circuit cameras and also digital networks as well. Intelligence officers will need to take the utmost care when using multiple identities as their covers will undergo scruitinization by security personnel in airports and border gates. Intelligence offers will also need to undergo further psychological training to handle shifting through multiple identities quicker.




Aftergood, S. (2014). Identity Intelligence and Special Operations |. [online] Available at: [Accessed 1 Oct. 2017].

Agarwal, S. (2017). Open source social media intelligence for enabling government applications: extended abstract. ACM Sigweb Newsletter. [online] New York: ACM, pp.1-19. Available at: [Accessed 2 Oct. 2017].

Aguilar, M. (2015). The US Government’s Biometric Tracking Tech Makes Being a US Spy Harder. [online] Available at: [Accessed 1 Oct. 2017].

Barger, D. (2015). Toward a Revolution in Intelligence Affairs. Technical Report. [online] New York: RAND Cooperation, pp.1-143. Available at: [Accessed 1 Oct. 2017].

Chitransh, T. (2017). Hacking CCTV Closed Circuit Television or Video Surveillance. [online] HACKEROYALE. Available at: [Accessed 1 Oct. 2017].

Clark, J. (2007). Intelligence and national security. 1st ed. Westport, Conn.: Praeger Security International.

Clark, J. (2007). Intelligence and national security. Westport, Conn.: Praeger Security International. (2017). Clandestine Operation Law and Legal Definition | USLegal, Inc.. [online] Available at: [Accessed 1 Oct. 2017].

Donohue, L. (2015). The dawn of Social Intelligence (SOCINT). [online] Available at: [Accessed 1 Oct. 2017].

Donohue, L. (2015). The Dawn of Social Intelligence (SOCINT). 1st ed. [ebook] Washington D.C: Georgetown University, pp.1061-1111. Available at: [Accessed 1 Oct. 2017]. (2017). A new age of intelligence. [online] Available at: [Accessed 1 Oct. 2017].

Fadilpasic, S. (2016). The majority of CCTV cameras can be easily hacked. [online] BetaNews. Available at: [Accessed 17 Oct. 2017].

Goodin, D. (2010). Defects in e-passports allow real-time tracking. [online] Available at: [Accessed 1 Oct. 2017].

Hanna, J. (2017). What is the Five Eyes intelligence pact?. [online] CNN. Available at: [Accessed 1 Oct. 2017].

Johnson, L. (2010). National Security Intelligence. In: L. Johnson, ed., The Oxford Handbook of National Security Intelligence, 1st ed. London: Oxford University Press, pp.3-33.

Johnson, L. (2010). National Security Intelligence. In: The Oxford Handbook of National Security Intelligence, 1st ed. London: Oxford, pp.3-33.

Koseli, M. (2011). Istihbarat temel hususlar ve guncel konular. 1st ed. Ankara: Adalet Yayinevi.

Krekel, B. (2017). Foreign Espionage, Social Media, and the Unwitting Insider Threat | USA 2017 | RSA Conference. [online] Available at: [Accessed 1 Oct. 2017].

la Fraga, L. and Coello, C. (2017). A review of applications of evolutionary algorithms in pattern recognition. In: P. Wang, ed., Pattern Recognition, Machine Intelligence and Biometrics, 1st ed. Berlin: Springer-Verlag Berlin Heidelberg, pp.2-4.

Lee, J. (2015). Biometric technologies impacting covert travel for special intelligence agents. [online] BiometricUpdate. Available at: [Accessed 1 Oct. 2017].

Lord, J. (2015). Undercover Under Threat: Cover Identity, Clandestine Activity, and Covert Action in the Digital Age. International Journal of Intelligence and CounterIntelligence, 28(4), pp.666-691.

Lowenthal, M. (2014). Intelligence: From Secrets to Policy. 6th ed. Washington, DC: CQ-Press.

Omand, D., Bartlett, J. and Miller, C. (2012). Introducing Social Media Intelligence (SOCMINT). Intelligence and National Security, 27(6), pp.801-823.

Özdağ, U. (2013). İstihbarat teorisi. 7th ed. Ankara: Kripto Kitaplar.

Sullick, M. (2016). Espionage and Social Media. [online] The Cipher Brief. Available at: [Accessed 16 Oct. 2017]. (2017). What is Data Exhaust? – Definition from Techopedia. [online] Available at: [Accessed 1 Oct. 2017].

The Economist. (2015). A new age of espionage. [online] Available at: [Accessed 1 Oct. 2017].

The Security Ledger. (2015). Digital ‘Exhaust’ may be the biggest Internet of Things Worry | WIRED. [online] Available at: [Accessed 12 Oct. 2017].

Wark, W. (1993). The Intelligence Revolution and the Future — Central Intelligence Agency. [online] Available at: [Accessed 13 Oct. 2017].

Warner, M. (2012). Reflections on Technology and Intelligence Systems. Intelligence and National Security, 27(1), pp.133-153.

Zahradnik, F. (2017). What a Cell Phone GPS Can Do for You. [online] Lifewire. Available at: [Accessed 1 Oct. 2017].





Leave a Reply

Your email address will not be published. Required fields are marked *