The Rest Is Classified - 112. How To Protect Your Secrets: Inside China’s Technical Surveillance Playbook (Ep 1)
Episode Date: December 29, 2025The world of surveillance has changed beyond recognition over the past 25 years with the advent of technology. From CCTV cameras to cookie tracking, it's not so easy to escape the long arm of the inte...lligence services in 2025. David and Gordon are joined by the CIA's first Chief of Tradecraft and Operational Technology, Glenn Chafetz, to explore the ever-changing world of ubiquitous technical surveillance and why the Chinese state is upping their capabilities in this space. ------------------- Make someone a Declassified Club Member in 2026 – go deeper into the world of espionage with exclusive Q&As, interviews with top intelligence insiders, regular livestreams, ad-free listening, early access to episodes and live show tickets, and weekly deep dives into original spy stories. Members also get curated reading lists, special book discounts, prize draws, and access to our private chat community. Just go to therestisclassified.com or join on Apple Podcasts. ------------------- THE REST IS CLASSIFIED LIVE 2026: Buy your tickets HERE to see David and Gordon live on stage at London’s Southbank Centre on 31 January. ------------------- Try Attio for free at https://www.attio.com/tric ------------------- EXCLUSIVE NordVPN Deal ➼ https://nordvpn.com/restisclassified Try it risk-free now with a 30-day money-back guarantee ------------------- Email: therestisclassified@goalhanger.com Instagram: @restisclassified Social Producer: Emma Jackson Producer: Becki Hills Head of History: Dom Johnson Exec Producer: Tony Pastor Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
For exclusive interviews, bonus episodes, ad-free listening, early access to series,
first look at live show tickets, a weekly newsletter, and discounted books,
join the Declassified Club at the Rest Is Classified.com.
This episode is sponsored by HP.
Most people are not counter-espionage experts, but that won't stop them getting targeted by cybercriminals,
seeking to extract their secrets.
HP understands that approximately 4 in 10 UK businesses have reported cyber breaches in the past 12 months alone.
That's why HP business laptops, desktops, and workstations bought directly on HP store
are secure straight out of the box with their endpoint security.
No more stressing about dodgy emails or unexplained pop-ups.
HP's independently verified Wolf Pro Security works alongside your existing security tools
to protect your business users and reputation from malware
and evolving cyber threats with your first click.
You don't need an alias or a secret hideout to stay safe.
Just WolfPro Security working tirelessly to protect your hard work.
It's security that's built in, not bolted on.
Find out more about how HP can protect your business at HP.com
forward slash classified.
Podcast listeners benefit from a 10% discount on all business PCs, printers and
accessories using the code T-R-I-C-10. Terms and conditions apply.
If we are to remain an effective intelligence service in the 21st century and keep the identities
of our agents and the tradecraft we use to run them secret, we must continue to modernise
and adapt. Welcome to the rest is classified. I'm Gordon Carrera.
I'm David McCloskey. And that was the former chief of MI6, Sir Richard Moore, speaking in
September, just days before he stepped down, actually, as C, the head of the British Secret
Service. And he was issuing, I guess, David, a start warning about spying, adapt or die.
And we've got a special two-part series starting today on how technology is transforming
the espionage business, for which we're joined by a very special guest who will come to in a
minute. And David, I guess one of the consistent themes in our stories over the last year has been
the intersection of espionage and technology, whether it's China using LinkedIn or Mossad trailing Iranian
scientists and using robotic machine guns or North Korean cyber bank robbers. So this is a chance,
isn't it, to kind of look at how tech is reshaping the human espionage business.
It's going to be a fascinating exploration, Gordon, of sort of what's actually going
gone now in the world of human intelligence operations and just to sort of tee up a few themes,
which will get much deeper into over the next couple episodes. It's probably not an overstatement
to say that a lot of the tradecraft that we've talked about, particularly in some of our
maybe more historical series or stories that we've done, the trade craft that we've discussed
is now, I guess, maybe totally or something close to totally obsolete.
There is an absolute revolution going on in the way that human espionage operations are conducted,
and that's everything from how you spot assets to develop them, handle them, pay them,
communicate with them, meet them face to face.
The entire sort of spectrum of interaction with other humans who have secrets that we want
is being reshaped by a lot of the technology that's all around us every day.
I think that's the other piece of the story that's so interesting is that the technology that we're talking about is not tech that's secretive and hidden off in the world of the NSA or the CIA.
It's tech that's all around us.
And a lot of the tools and technologies that are reshaping human intelligence are available to everybody.
everyone is kind of worried or thinking about issues of privacy or privacy and surveillance
and what's going on with their phones.
You know, am I being tracked?
Who's following me?
Can I track my kids?
You know, all those kind of questions are part of everyday life for many people.
But for spies, for people trying to carry out secret work, they take on this kind of added
dimension where you basically can't do the business without them.
So we're going to do something slightly different.
We're going to kind of look at this subject, aren't we, through these.
two episodes and kind of dive down deep into it, rather than telling a single story, we're going
to look at kind of different aspects of this. And we've got a great guest who can talk us
through the kind of aspects of human espionage specifically and what's going on. We're not
looking at, you know, cyber spying, for instance, but really, you know, the human intelligence
business, isn't it, David? We're not talking about offensive cyber operations. We're talking
about how technology is reshaping the people side of spying, right?
How is actually reshaping or affecting human intelligence operations?
And you're right, Gordon, that would be maybe a little bit above our pay grade on the rest
is classified.
So we have a very special guest with us who is going to be with us for these next two
episodes to talk about the impact that technology is having.
We're very lucky to be accompanied on this journey.
by Glenn Chaffetz, who is a former CIA officer. He is a three-time chief of station,
who was also the agency's very first chief of tradecraft and operational technology.
Glenn, we don't hold it against him, but he previously served in the State Department and
the arms control and disarmament agency. He's taught or held research positions at a whole
bunch of different universities, including the National Intelligence University, Stanford's
Hoover Institution, the University of Georgia.
Glenn has a Ph.D. in Foreign Affairs from the University of Virginia, and he currently leads
2430 group, which is a non-profit research firm that both educates and equips private businesses,
universities, and NGOs to defend themselves against commercial espionage, attacks on infrastructure,
and disinformation. So, Glenn, welcome to the rest is classified. Thanks for being with us.
I'm glad to be with you. Thank you very much for having me.
So I guess the first question, which is going to be unrelated to the topic at hand,
Because I'm just curious.
2430 of the 2430 group.
What's the significance of that number?
2430 East Street, Washington, D.C., right across from the State Department,
was the first home of, I believe, the OSS and the CIA when they were formed.
The founders of our firm thought it would be a nice homage to the intelligence world.
OSS and Wild Bill Donovan.
I'm not sure how much technical tradecraft he was involved in.
He liked his gadgets, though, didn't he?
But Glenn, maybe you could tell us a little bit about how you ended up in the CIA,
because it sounds like you had quite an academic background,
and then how you end up with this interesting role of the first chief of tradecraft.
None of it was planned, obviously.
I started out as an academic.
I had a mentor in the field who said,
if you're going to teach international politics and foreign policy decision-making and foreign policy,
you should have some experience in actually practicing that discipline.
And I applied for and was accepted into a fellowship in the arms control and disarmament agency,
which no longer exists.
It was folded into the State Department more than a quarter century ago.
And I became an arms control negotiator.
And then when that agency was folded into the State Department, I decided to make the State Department my career.
the State Department, where I stayed for a number of years. And then while I was at the State
Department, I had a good friend in the agency, whom David knows well, John. And John said,
wouldn't you be happier in the CIA? And I said, I don't know. Would I be? And he talked fancy to me,
and he recruited me. And I applied to join the agency and started in the agency, spent the rest of my
career there retiring six years ago. I'm glad to hear that John recruited you. I'm not sure how
proud he is of that. No, no, no, no. Yeah, yeah, probably, probably not. But we're going to be
talking about the impact that technology is having on the sort of human spy business. And I'm
intrigued about the role that you held in this kind of first, first ever chief of tradecraft at
CIA. And I mean, I guess there's a question here, which is, why did that role not exist before and why did
the CIA feel they needed to create that role when you stepped into it? Well, it did exist.
It was divided among several different units within the Directorate of Operations, because that's what we're
talking about, operations. And the leadership decided that given all the technological,
changes that were occurring rapidly, they needed one office that would coordinate all the
different other offices and drive all the other different offices that were dealing with these
issues. And so they created this position, which I think has evolved significantly since my
departure as well. So we're talking about human intelligence operations, which I guess
sort of sounds simple, but just to start with a basic definition, which is what is the point
of intelligence? What's the goal of that enterprise? I think it'd be useful to use an example.
So everybody knows about Operation Overlord, the invasion of Normandy, June 6, 1944. The Germans
desperately wanted to know where and when the invasion would take place. They knew there was
going to be an invasion. They knew that from context. That was not a secret or a mystery that
the Vermacht needed to acquire. But they needed to know where and when. And the allies needed to
protect that information. And that really gets at the heart of what we're talking about. Intelligence is
information of value. It confers value on the possessor of the intelligence. And losing control of that
information of value diminishes the power and strength of the original possessor of the
intelligence. So those who have it want to keep it, those who don't have it, want to acquire it.
And to protect it then makes that intelligence a secret. And I think it's important that people
understand these definitions and these concepts because it gets to how effective intelligence can
be and how effective protecting secrets can be and the motivation people have for stealing secret
intelligence. Because I guess the point of an organisation like CIA or in Britain, MI6, is to
steal secrets. It's to gather those secrets from people. So in other words, to kind of approach
people who have access to secrets and persuade them to pass on that kind of secret information
that the government thinks might be useful. So I guess just to kind of keep going with this
conceptually, to do that, the spy services need to be able to operate clandestinely.
but in a world of increasing surveillance, which is sometimes called ubiquitous technical
surveillance. Now, that sounds like quite a kind of fancy term. I wonder if you could kind of
unpick what it means, because I think it would help people to understand what's changed
in the way that these spy services operate and why the kind of context is such a challenge.
That's a great point. So ubiquitous technical surveillance, which was a term coined by a colleague of
mine in the agency and really spread throughout all of society, sometimes called surveillance
capitalism, is really the interweaving of modern technology into all aspects of our lives,
often to degrees that we don't understand. And it has several components, sensors, cameras,
phones, microphones, computing power, data, data storage, and algorithms to make sense. And
of that information. And that information is used by the private sector and governments for various
purposes for governments. It's law enforcement, it's fraud detection, obviously intelligence
collection. For the private sector, it's some of the same things. But its main purpose is to
sell us stuff. It's to know what we're doing so that they can put ads in front of us and that we
will buy things. But it's also to make our infrastructure more effective.
knowing who's on the roads at what time and what kind of density can guide traffic control
so that you have more effective infrastructure. It can identify fraud detection. Is this credit card
yours? Are you in this city? Are you in this zip code? That kind of thing. So it has a variety
of purposes. But it is the entire system that has been built up over the last, say, 25 years with
the dawn of cheap data, cheap sensors, Google, Amazon, Facebook, Axiom, those kind of companies
that, for their business model, track people.
It's worth saying that in some countries, it's more pervasive than others.
And obviously, it's quite strong in Western countries with kind of, as you put,
it surveillance capitalism.
But actually, perhaps the most surveilled state might be somewhere like China, where, you know,
you think about how many cameras there are and CCTV and the ability to do facial recognition
which they say is for kind of social order and law enforcement.
You know, people have to use apps, you know, and their phone to pay for pretty much anything
and use any government service.
All of that is kind of creating a web of information around an individual.
And I guess the point is for spies is that means that it's harder to hide
because of all the kind of data and digital exhaust created by life under this kind of surveillance.
Well, precisely.
So intelligence collectors and their sources in the pre-UTS days could have the kind of meetings that we're all familiar with in the back alley at one in the morning.
The example I always like to point out is all the president's men where I think it was Woodward had the meeting with his secret source later shown to be Mark Felt in a parking garage in Arlington, Virginia who's very well dramatized.
in the movie, if you think about that meeting today, it would be much more difficult to do.
And the reason it would be more difficult is everybody's expected to have a cell phone.
Everybody has this little spy with them all the time.
And if you don't, that looks weird.
And I remember having conversations when I was still in the agency with the commercial sector
and saying, who is it that you find doesn't carry cell phones?
I want to understand the pattern.
And the person I was talking to looked at me like I had just grown a second head.
Everybody has cell phones.
The only people who don't carry cell phones are, you know, drug dealers, infants.
And spies.
And intelligence officers.
Right.
So yikes, right?
So you really stand out by trying to escape all the sensors and data that make up the UTS system.
The other, I guess, concept from the stand.
of an intelligence officer in that relationship with an asset is you want that to be clandestine.
And as you and I, Glenn, were talking, you know, and preparing this conversation, I think
you gave a really interesting definition of clandestinity, which I think you said is the sort of
combination of privacy and anonymity. I wonder if you could tease that one out as well.
Yeah. A lot of people confuse these topics. For very good reasons, they overlap. It is confusing.
but privacy is essentially, you know who I am, right?
You know the identity, but you don't know the activity.
Anonymity is you know the activity, but you don't know the identity of the actor.
Clandestinity is the marriage of both of those.
So if you do a real good, successful, operational act, nobody knows it took place.
There's no identity.
There's no actor.
There's no thief, in Gordon's words, of the secrets.
There's no act.
and because you're stealing information, there's nothing missing.
So a perfect intelligence operation would be one in which anonymity is perfect and privacy is perfect,
and you have clandestinity.
And that's what's required, and that is what is so challenging about today's UTS environment
because we are soaking in all of these technologies that make anonymity and,
privacy so difficult to achieve?
Well, I think there we've kind of set up the challenge for intelligence agencies and the kind
of problem in the modern world. Let's take a quick break. And when we come back, we're going
to dive deeper into how this problem has really affected different parts of the human
espionage business. See you after the break.
This episode is brought to you by Atio, the CRM for the AI era.
Now, David, people think that SpyCraft is just car chases and secret codes, but an awful lot of it is just idling around, waiting for the action.
It's a bit like starting your own business.
You think it's going to be as easy as creating and selling a product, but the reality is business owners spend far too long trying to get their CRM to fit a system not built for them.
Atio's AI-driven CRM enables you to take control of your platform to build something from the ground up that fits.
It's your needs. James Bond had Q's x-ray shades, an explosive watch, and a pen grenade.
Business owners have Adio's real-time customer insights and platform that grows with them.
All tools relevant for your mission to build a company from the ground up.
Atio even has something called agent collaboration.
Yes, but in this case, that means giving people the ability to let AI work seamlessly in the background for them.
Try Atio for free at A-T-I-O dot com slash trick.
This episode is brought to you by Ancestry.
Hello, James Holland here, joined by Al Murray from Gollhanger's World War II podcast.
We have ways of making you talk.
These are those odd days between Christmas and New Year.
The house buzzing with laughter, leftovers piled high, festive films murmuring in the background,
and trivial pursuit debates still raging round the table.
It's the perfect time to sit close, share family stories and think about people who came before you.
Grandparents, great uncles, aunts you hardly knew, everyone who helped shape the family you're part of today.
With an ancestry membership, you can take those conversations further.
All you have to do is provide what you know about your family history, such as your parents and grandparents' birthplaces,
and ancestry will help you dig through billions of records to uncover fascinating news stories about the lives of your relatives.
Maybe it's a great-uncle ferrying a hurricane north, a grandmother stitching uniforms in a Glasgow mill, or a relative holding the line on the Normandy beaches, and suddenly the stories around your own table take on a whole new depth.
The past isn't behind you, it runs straight through you.
Head to ancestry.com.uk slash new year to learn about ancestry's memberships and start your family history journey today.
This episode is brought to you by NordVPN.
A breach used to require a full store or a lifted file.
Now it begins the moment you join a dodgy public Wi-Fi network.
Leave one device exposed and operators can map your online activity in moments.
NordVPN shuts that down.
One click encrypts your connection, stopping public networks turning into blind spots,
and keeping your traffic secure, wherever.
you log on. NordVPN's Threat Protection Pro feature blocks malicious links, fishing sites and even
scans downloads for viruses. It's like having your own cyber bodyguard. And if you're abroad,
you can shift your virtual location for the sites you rely on or check whether prices change
by region before you buy. To get the best discount off your NordVPN plan, go to NordVPN.com
forward slash rest is classified. Our link will also give you four and
extra months on the two-year plan. There's no risk with Nord's 30-day money-back guarantee.
The link is in the episode description box.
Okay, welcome back, everybody. David, I guess it's time we start diving a bit deeper with Glenn
into some of the specifics of what this all means for the business. And rather than do this
kind of tech first, I think it might be easier to actually just talk about the broader
challenge by looking at how it's impacting some important parts of the human intelligence
business. So sort of start with pieces of the trade that are being impacted and kind of talk
about how the tech is reshaping them. And I think one of them, which is very important,
finding the people who have the secrets we want. Typically, you'd call that sort of spotting
and assessing potential targets of value, people who have secrets. And that, obviously, you know,
Gordon, I mean, we talked a little bit in our recent episodes on Chinese spies using LinkedIn, for example, to try to find people. But we've also done it in some of the more historical series as well.
Yeah, I guess historically, Glenn, this would have been done by trying to meet people, by trying to talk to people. It's the classic thing we think of, isn't it, of going to cocktail parties. You know, the diplomat at the cocktail party, sizing up his KGB opposite number or similar, trying to work out if he is KGB, trying to work out.
kind of personality is, there may be someone building a file and trying to work out what secrets
he has. I always think of Oleg Gordievsky, you know, where they get a tip off from one person,
from one defect to saying, this guy's interesting, then they build up a farm. And then eventually
someone, I think, approaches him on a badminton court, a kind of cold approach on a badminton
court in Copenhagen, of all places, to basically say, do you want to talk? I mean, that's the old
school way, isn't it? And I guess that's what's got harder. It's harder and it's easier.
And let me talk about how it's easier.
So we just talked about all this data that's collected on each one of us every single day.
I think I read it's 2.5 sextillion bytes of data, which is an absolutely stunning number.
Somebody I think described it as two Oxford English dictionaries on top of each other,
covering the entire planet Earth worth of information every single day about people, right?
So that's a lot of data.
And if, for example, Gordon were interested in someone, he could use avail himself of all of that data.
And you don't have to be anybody special to do that.
This is not limited to intelligence services.
This is what e-tailors and merchants and businesses do all the time to find customers
and to detect fraud is they build a profile.
And there's books written about this, you know, how the modern surveillance economy
determines when you buy, when you die, when you click, who you know, what you care about.
And so all that information can be mined. And we've heard about this, data mining. And so in that
sense, it's much, much easier to find out who would have the kind of information that
anybody would be interested in, including a government or an intelligence service. It's harder
in the sense that if you wanted to go meet some specific person and talk to you,
to that person to feel out whether, say, if it was Gordon and David that you wanted to find out
what David knew and how he was inclined, you're going to leave a record of that.
If you call him, you're going to leave a record of that if you meet him.
You're going to leave a record of that if you see him at a cocktail party.
And you don't want to do that because if he is valuable, you want that relationship to be clandestine.
And you've already ruined that from the get-go.
You can't put that toothpaste back in the tube.
So you have to be exceptionally careful about making those associations that at some point you would
want to hide because they don't go away.
And as I've told David in previous discussions, this technology, big data, has really changed
previously our understanding and functions of time and place and what you can know about a person.
In the old days, if you did an act like talking to somebody at a cocktail party,
Okay, you had a conversation with someone at a cocktail party, as long as the people there didn't see you at the time and they didn't have an interest in that. That was fine. But the problem today is that meeting lives forever in cameras and microphones and other sensors.
The fact that those two phones of you and that person were both at the same place at the same time lives forever in a way it wouldn't have done.
That lives forever. In a way with Gordievsky meeting someone at a badminton court, that could have been done quickly and quietly.
So yeah, it's a really interesting point, isn't it? Because we can find out much more about people now. So you can do the research bit pretty easily. And I guess we all know, as you said, this is something we all do. We all can kind of, you can Google people, you can look up social media profiles. So you can get quite a lot of understanding of someone. You could even say spy on them without actually meeting them or having to kind of engage with them face to face. But as soon as you want to do that engaging face to face or interacting with them, or connecting with them, that's where it gets trickier.
It's a devilish challenge.
It's doable, but it's very challenging.
Because if you think about it, you're carrying around this device that's tracking you
and you're moving in a sea of other devices that track you.
Various ring cameras and traffic cameras and business cameras and other surveillance cameras
and CCTVs and microphones and people's personal cameras.
You're in this sea of RF and data.
election. And if you try to hide from it, you stand out. Yeah. And if you don't try to hide from it,
you're captured by it. And so you have to find that narrow place where you don't stand out and
you're not captured by it. Or it's not you. So it's exceptionally difficult. It's doable,
but it's difficult. One of the areas of this entire kind of UTS environment that,
maybe we're sort of conceptually aware of, but don't really understand or see most of us
day to day, is this world of data brokers and commercially available information that's not
top secret information in the files of the agency, and it's not open stuff that's on social
media, but it's information that if you have money, you can go out and acquire. I'm wondering,
Glenn, if you could talk to us a little bit about that space and what's no way.
about people if you have a few bucks and know the right data broker?
It's a real appropriate question because we tend to think of secrets and open source
information as the two categories. But there's other categories and you just identified
one. So there's open source information, which any of us can get for free. We go on our
computers or our phones and we go to a browser and we go to Google or Bing or one of
the LLMs, and we ask, you know, who's David McCloskey? But then there's this entire other category
of commercially available information that you have to pay for. There's a guy named Mike Yagley,
who's done a lot of work on what data brokers have and how they make their money and what they
can know. I spent a lot of time talking to him and learning from him, and it's just amazing.
What is collected? And there are these tiers of collection, and the
The more money you have, the more information that you can get on people and organizations.
And nobody really cares who you are.
They just care that you can pay.
And I think there's probably tens of thousands of these brokers around the world.
I think the United States leads in this because it's the most unregulated or loosely regulated data economy, much less so than, for example, the EU.
It's because we have more freedom.
We have more freedom here, Glenn, I think, is what you're trying to say.
I'm not going to comment.
I'm not going to comment on that, David, might be more lobbyists.
More lobbyists from big tech.
But the point is, anybody can buy this data.
It's not, it's not restricted in any way, and it's for sale.
When we're talking about looking for people who have secrets that an intelligence agency might want, I mean, sometimes people put that on LinkedIn, you know, that I,
I used to work for the CIA or I used to work for the NSA or I used to have security clearance, things like that.
And also, I guess the other thing you're looking for is someone who had access to secrets or has access to secrets and someone who might have a kind of weakness or a reason why they might be willing to pass on those secrets, like they're in debt or they don't like their employer.
Yeah.
And I guess that second category, you can also probably get from some of that commercially sensitive information.
You know, if you can do a credit check on someone, you can access their credit or you can look at what they're trying to buy.
or where they're going, or is their marriage in trouble, all those like kind of little tell-tale
things, which might actually be relevant in this situation.
Yeah, well, I think the most salient point that you made is that people share that
information without recognizing that they're sharing it.
I mean, this is one of the really interesting things about intelligence that people don't
realize is that people don't recognize the value of their privacy, and so they undermine it
constantly.
And so they'll post on Facebook or InstaFace or Insta, I don't even know them all, Instagram, they'll post, you know, I hate my boss.
Okay, good to know.
All of a sudden they'll post a family picture and the spouse isn't there or a vacation that they took by themselves and all of these things.
So they either say it directly, I hate my boss, or someone who's clever can infer this.
There's the famous case of, I think it was Target that sent directed at.
advertising to the daughter in a family for her pregnancy. Well, they inferred her pregnancy
from her buying pattern and she had not told her family that she was pregnant. I think this was a
New York Times story many years ago. And so they either announced this information,
I hate my boss, or it can be inferred from the rest of the data that's out there about them.
I found a couple fascinating examples that are connected to that, Glenn. I mean, one
them was a former CIA officer after they had left on LinkedIn. LinkedIn suggested to them
that they should be connected to someone who had been their asset when they were working at
the agency because it had connected, I don't know what country it was in, but the algorithm
had said, oh, you've got enough kind of overlapping connections. You should be connected.
I mean, on the point of like even just locational stuff,
and what you can buy from data brokers.
I mean, there was a researcher who had actually done a study for the Defense Department
to try to see what might it committed for an adversary go out and buy on U.S. service members.
And so they set up a U.S.-based organization and a Singapore-based organization,
contacted U.S. data brokers, and they ended up buying individually identifiable contact, financial health,
and a bunch of other data on thousands of active duty U.S. military service members,
and they got it for about 12 cents per service member.
And they were able to geofense some of that stuff so that they could look at, you know,
sort of where a lot of these people were based, including some sensitive special forces operators.
So these data brokers are just selling this stuff to Singapore, selling it to the states.
It kind of doesn't matter.
And it's really, I mean, that is a great start for a tariff.
targeting package if you're a foreign intelligence service and also if you're trying to show
the right ads to these service members, right? So that overlap in sort of targeting effectiveness
is, I mean, it's really quite profound and it's astounding what's available if you have some
money. Yeah, this is the problem, is the data reveal connections that you don't recognize as
being revealed. And to your point about U.S. service members, this is a problem that all countries
face. There was a story, I think, last week. China gave EVs to top Israeli military officers.
I just thought, no, do not, do not accept them, you know, because a car is like a phone,
except on steroids, right? And it collects all kinds of information about where, obviously,
where you go, but when are you in the car? Who's in the car with you? What do you say? I mean,
a car is a giant recording data device. So particularly the EVs, which have all these microphones
and cameras, and it doesn't go away. So that was quite a Trojan horse story. So I guess so
far, we've talked about how data can allow you to understand someone better and how they have. So all
of that makes it sound like it's actually easier to find people. Yes. That part of the business
arguably has got easier than the days of having to kind of build up gossip over years.
through kind of meetings and then and maybe a cold approach.
But let's maybe focus next, shall we, David, on the next stage where it's made it harder,
which is actually going to meet someone for the first time,
which I guess is about, you know, what's called David Cover, isn't it?
It's about people taking on different identities and things like that.
We talked about this a little bit, Gordon, when we did the series on Matroken, right?
is, you know, how do you, maybe for the first time, how do you meet somebody, and how do you,
I guess, frame your employer, your affiliation, your nationality, your name, that piece of
it, I think, as we'll talk about, has gotten a lot harder, because in the, in the Matrokin case,
it was relatively, seems straightforward.
When you look back at these cases from the Cold War and even into the 90s, I guess,
all these case officers, all these kind of handlers, they just basically had a stack of false
passports. It was as simple as that. You had a false passport with a different name in your safe,
and when you're kind of going on a particular mission, you go, today I'll be James, tomorrow I'll be Robert,
pick up the false passport. And that was kind of all you needed. Yes, you've got to memorize your
backstory and where you were born and things like that if someone's asking you. But that was it,
wasn't it? You know, for a lot of people. You didn't need to do much more to kind of,
ask who you were. And that's certainly what the kind of MI6 team who went out to meet Matrock
and did. They just picked up one of their false identities. But then I remember someone from
MI6 saying that in the 2000s, they suddenly realized that that was getting harder because the
ability to maintain your cover when you hit a border, they realized as soon as you had kind
of Google and social media in the 2000s was getting really difficult because they did a test
and they said, how long would one of those old-fashioned types of cover, just a passport,
sustain you against a border guard asking questions and with access to Google and social media.
And the answer was less than a minute, you know, before they realized that there wasn't a backstory,
it didn't match. You just couldn't do what you could do in the past. So I guess it was the 2000s,
was it? When, you know, people started to realize you just couldn't do this anymore in the same way.
Travel as an intelligence officer. Yeah, thank you, Google. I think it really started with Google and
AdWords. And again, Google wasn't trying to do this. Google wasn't trying to destroy anonymity and
privacy. But AdWords. Which is their advertising business. Their advertising business, which generates
probably tens of millions of dollars a day. Revenue, if not profit, started essentially this
dynamic. And then you reach a point in which storage becomes so inexpensive that it's cheaper
to keep most information than it is to delete.
I think that happens somewhere around 2010.
And then, of course, you had the crossover point in which most uses of computation
moved over from the desktop or laptop to the telephone.
And once it became mobile, well, now you associate identity with location.
And that becomes very, very challenging.
And I mentioned this colleague of mine, Mike Yagley would do these presentations where he would show people their pattern.
He would buy it from, you know, an appropriate data broker.
He would show somebody their pattern and they would realize it was actually fairly simple.
People do the same thing every day.
We're exceptionally habit-driven.
We go home, we go to work, we pick our kids up from school.
We might go play tennis or go to the gym or something like that.
it's it's pretty simple it's most of us are shockingly boring and so when we do something
that's out of that pattern that's noteworthy i think all of us can think of times where you get an
alert from your credit card that says oh i see that you're in penn station new york that's not where
you live is this you if it isn't please contact this number if it is just ignore it right that's
frightening to me that's a private company that does that and that keeps that information forever
And so, really, I think this is what you're referring to.
This tracking that's part of our normal economic existence affects everybody, including
intelligence collectors.
You bring up the fraud point.
It's a good one because I guess this same algorithm that is detecting some anomaly in your
location or your payment history, it could be used to detect potentially the operational act, right?
because that's, by definition, going to be an, well, in the past, it would have been an anomaly, I guess.
It would have been something that was potentially out of pattern.
And, again, that fraud detection.
I mean, that's, that's like Amex has developed that, right?
Right.
So that's not being developed by the MSS or the CIA.
That's just a private company that's got it.
I'm curious on the, I mean, one of the pieces of, I guess, this UTS environment we haven't talked about in,
detail as biometrics.
So the linkage of your retina, your fingerprint, whatever, your face with you.
Talk a little bit about how that is maybe impacting clandestinity or the work of human
intelligence today.
You have these sensors which take photos of you from various angles and then process that
data about the distances and angles of the various features of your face and they construct
a digital map of your face.
And it's your face and only your face and nobody else's face.
And it's gotten quite good and it's going to get better.
And now it can recognize you when you've got a surgical mass on.
Got a lot better during COVID for that reason.
So if you try to disguise yourself, that's a bit of a challenge.
So the most obvious one I think is facial recognition combined with the statistical
automated AI machine learning capabilities and algorithms that make
each one of us uniquely detectable based on our face. Then you have iris scans, all of which are
becoming more pervasive and cheaper, of course, fingerprints. And people open their phones with their
thumbs and they open their phones with their photographs. And of course, this is stored and shared
and can be used, again, for law enforcement purposes, for identification, for sales purposes,
various hotels and retail establishments recognize customers when they walk in the lobby
because of facial recognition.
I find that unacceptably creepy, but these establishments rely on this.
And some people like it.
Oh, hello, Mr. McCloskey.
Welcome to Acme Hotels.
Sorry, if there really is an Acme Hotel.
I don't mean to despair.
We'll bleep it out.
We'll bleep it out.
Yeah.
Because I remember hearing that one of the first challenges for the intelligence services
was iris recognition.
I think when I think some certain Middle Eastern airports
introduced the idea you were going to get your iris scanned
on arrival at the airport.
And they suddenly thought, hang on a sec,
if I go under that false passport I'd use before
and my iris is scanned,
if I turn up here next time,
even on holiday with my family,
and have my iris scanned
and it says this is the same iris as a different name,
they're going to go, you know, spy, you know, and arrest you.
So that was, I guess, an early example
of how that was a worry.
Disguises in the old days would be like a wig, all those kind of things.
I mean, in the movies, you'd think there are kind of, maybe this is getting into detail
you can't get into Glenn, but in the movies, if I'm watching Mission Impossible or something
about that, there's kind of fake fingers, fake irises and things like that you can do to fool
them.
I mean, does disguise still work in the world of biometrics and, you know, where they can see how
you walk and things like that?
I don't know.
I think it would be exceptionally challenging.
I mean, obviously, if I put on a mask of David's face...
Lucky you.
You know, I would obviously be much more successful.
But if I put on a mask of David's face and I wear a perfect mask of David's face, sure.
I don't know if such a thing exists outside of movies.
It's very difficult to disguise yourself.
I guess in theory you could burn off your fingerprints.
But this is all, it's the mathematics of the distance of different parts of your face, from other parts of your face, which is highly invariant, right? And I think also if you showed up, if you showed up at a border with like a heavy mask, you might get some questions. I wouldn't base my tradecraft on the Mission Impossible movies.
No, I seem to remember there was a problem with laughing if you had some of these masks, David, that there was some history where, you know, the masks were fine. And as soon as you laughed, you had a problem. So, yeah, they definitely had their limits in the Cold War. Yeah. Well, I mean, it also seems like from the standpoint of the disguise, I mean, even if you had one that was quite good, your ability to wear that for any long period of time, I think would be pretty diminished. I mean, it just seems very technically challenging. I guess, you know, Glenn, the other piece of this, we talked about, you know,
facial recognition or gate recognition or like person recognition. I mean, there was a story
I think maybe a couple years ago about how the Russians, surprise, surprise, had become quite
adept at using the sort of camera networks around Moscow to find draft dodgers, you know,
people who were called up to Ukraine and had decided not to go and were still for some reason
hanging around Moscow. And we're able to make a bunch of arrests around that. I'm curious about
some of the back end pieces of this because, you know, we think we go out and we walk around
any major metro area. It could be in the States. It could be, you know, at London, it could be
Moscow. And there's cameras everywhere. Those cameras are not always centralized, especially
in the States. It could be a lot of private companies. In London, I can tell you, they are
everywhere, though. They're everywhere. You seem everywhere. But there's a back end to this,
which is the analytics to do something with that information. I'm curious if you could talk a little bit
about that sort of back end, it's not very sexy, but you think about someone's got to take
all this data, which in its kind of, you know, what's collected is probably pretty unstructured
and not exactly useful from an intelligence standpoint, but then the back end, you know,
maybe AI powered bit, maybe not to make sense of it is really kind of the beating heart of it.
Maybe talk a little bit about that piece of it. Yeah, it's a really good point. The, the wishful
thinking that I get from people when I talk about this is it goes something like this. Well,
no one could ever process all that information. They can take all the pictures, but nobody's going to
look at all those pictures and nobody's going to find me. I think relying on the incompetence
of the adversary is not a particularly successful strategy for achieving your goals.
there's all kinds of experiments done with this.
Some probably rigged to make them look more successful.
But in general, the issue is time and automation.
And so, for example, if you talk about China, which is, I think, the most heavily cameraed up large country in the world.
That's a word I've really come to enjoy, camera it up.
I think there's like a million surveillance cameras in Beijing alone.
It's probably an understatement at this point.
Yeah.
You look at London, which is much smaller than Beijing,
but London, I think, has tens of thousands of cameras.
And Beijing has millions.
Yeah.
And Shanghai has millions.
And any large city in China has millions.
And the authorities have all the time in the world
and all the computational power in the world
and all the algorithms that they can avail themselves out.
To look at these photographs,
both video and still, private residences and businesses have to share their camera feeds with
authorities. So my advice to people is if you see the camera, assume it works, assume someone's
going to see what's on that camera. Now, it might not be today. It might not be tomorrow.
It might not be this year. But for example, if you're committing a crime or if you're doing
espionage, an asset caught a year from now is still caught, right? And so the conversation
that intelligence officers have to have now concerns, am I safe for all time? And it's not a
question that's easily answered. Back in the day before all of this technology existed,
an intelligence officer could do an operation, come back home, know that he or she got home safely,
find out that the asset later was safe. And that's that. But now you have to wonder for days and weeks
and months and years if something is going to trigger an investigation that leads a service
to go back through that video or still photography. And like you said earlier, I think it was Gordon,
connect two people who weren't connected. There could be a newspaper story saying, hey, this person
worked for the Russian intelligence service. Oh, I thought he was a businessman. That's interesting
to me. I'll go investigate and whether he met with anybody for more government.
Yeah. I mean, we've definitely seen examples here in the UK where they've used that kind of
CCTV. I mean, the Salisbury poisoning, 2018, you know, they were able to identify using
CCTV from the train station. Your point about underestimating CCTV and things like that,
your peril. I mean, I remember the Israelis, Mossad, normally thought it was one of the most
capable intelligence services. 2010, they carried out this hit in Dubai against Babu, I think a Hamas
official in his hotel. And they seemed to have just not realized how much CCTV there was in the
hotel. And there was just all this amazing CCTV of people going into a kind of bathroom
coming out in a different set of clothes, I think a tennis uniform at one point. You know,
they clearly underestimated the Dubai intelligence, the UAE intelligence services,
ability to track them at their peril because it basically burnt a lot of identities. I think
they were using. So yeah, I think, you know, people have learned often, haven't they, from some of those
mistakes. So I wonder if we stop there for this time, because I think we've set up some of the
problems around these issues of technical surveillance and data, and next time we dive even deeper
into some of the kind of ins and outs of running agents and human espionage in the digital age.
And of course, if you don't want to wait for that second part, you don't have to, go to
the rest is classified.com, join the declassified club. Get early after.
access to that episode and to a whole bunch of other goodies as well.
But we'll see you next time.
See you next time.