The Rest Is Classified - 113. How To Protect Your Secrets: Is The Toaster Spying On You? (Ep 2)
Episode Date: December 31, 2025Does China want to hack into your washing machine? What really is the dark web? And can you ever avoid being spied on in the 21st century? Listen as David and Gordon are once again joined by the CI...A's first Chief of Tradecraft and Operational Technology, Glenn Chafetz, to discuss the nuances of ubiquitous technical surveillance and how you can protect your data in the digital age. ------------------- Make someone a Declassified Club Member in 2026 – go deeper into the world of espionage with exclusive Q&As, interviews with top intelligence insiders, regular livestreams, ad-free listening, early access to episodes and live show tickets, and weekly deep dives into original spy stories. Members also get curated reading lists, special book discounts, prize draws, and access to our private chat community. Just go to therestisclassified.com or join on Apple Podcasts. ------------------- THE REST IS CLASSIFIED LIVE 2026: Buy your tickets HERE to see David and Gordon live on stage at London’s Southbank Centre on 31 January. ------------------- Try Attio for free at https://www.attio.com/tric ------------------- EXCLUSIVE NordVPN Deal ➼ https://nordvpn.com/restisclassified Try it risk-free now with a 30-day money-back guarantee ------------------- Email: therestisclassified@goalhanger.com Instagram: @restisclassified Social Producer: Emma Jackson Producer: Becki Hills Head of History: Dom Johnson Exec Producer: Tony Pastor Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
For exclusive interviews, bonus episodes, ad-free listening, early access to series,
first look at live show tickets, a weekly newsletter, and discounted books,
join the Declassified Club at the Rest is Classified.com.
This episode is sponsored by HP.
Most people are not counter-espionage experts, but that won't stop them getting targeted by cybercriminals,
seeking to extract their secrets.
HP understands that approximately 4 in 10 UK businesses have reported cyber breaches in the past 12 months alone.
That's why HP business laptops, desktops, and workstations bought directly on HP store
are secure straight out of the box with their endpoint security.
No more stressing about dodgy emails or unexplained pop-ups.
HP's independently verified Wolf Pro Security works alongside your existing security tools
to protect your business users and reputation from malware
and evolving cyber threats with your first click.
You don't need an alias or a secret hideout to stay safe.
Just WolfPro Security working tirelessly to protect your hard work.
It's security that's built in, not bolted on.
Find out more about how HP can protect your business at HP.com
forward slash classified.
Podcast listeners benefit from a 10% discount on all business PCs, printers and
accessories using the code TRIC-10. Terms and conditions apply.
Technology is making many aspects of spycraft harder than ever. In an era of smart cities
with video cameras on every street and facial recognition technology increasingly ubiquitous,
spying has become much harder. For a CIA officer working overseas,
in a hostile country, meeting sources who are risking their own safety to offer valuable
information, constant surveillance poses them an acute threat. Well, welcome to the rest is
classified. I'm Gordon Carrera. And I'm David McCloskey. And that was former CIA director
Bill Burns. I think a friend of the pod, isn't he? Friend of the pod. Oh, for sure. Friend of
the pod. Absolutely. Writing in foreign affairs a couple of years back about what we're talking about
in this two-part or on the second part now, which is about how technology is changing the human
espionage business. Last time we kind of set up these ideas of ubiquitous technical surveillance,
the ability of sensors and data to track people wherever they were and just making really
spying much harder. And this time we're going to continue that story. And we do have a special
guest to continue taking us through this subject, don't we, David? That's right. After our first
episode, we convinced Glenn to stay. We are very lucky to have with us again, Glenn Chafetz,
who is a former CIA officer three-time chief of station, who was also the agency's first
chief of tradecraft in operational technology. So, Glenn, thanks for being back with us into
this journey into technology and human espionage. Glad to be here, David. Glenn, last time I guess
we left off discussing the kind of some of the challenges of clandestinity, which is basically how
you operate and how much harder it's got in this world. And we're looking at some of the kind of
key topics and the elements of the intelligence business. And I guess one of them is how you communicate
because that's a key fact. You know, we talked before about how you might find someone and then
the challenges in going to meet them, which have got harder, but then it's how you, once you've
maybe met them and started a relationship with someone, how you communicate with them without being
spotted. We've done some, I guess, fun historical stories that have featured unique kind of
ways of communicating clandestinely between intelligence officer and asset. I mean, I guess Gordon,
the one that comes to mind immediately as we did that series earlier this year on Adolf Tolkejev,
a spy for the agency operating in Moscow or in the Cold War. And in that case, we sort of had
everything from Tolkachev wandering up to the then chief of station in Moscow and like leaving
a note on the door, dropping a letter inside, you know, his sort of open car window to after he was
recruited using these kind of impersonal signal sites or even short range agent communications,
these kind of burst devices that communicate between a device that Tolkachev has and a device
that the case officer has. So we had this kind of historical cases.
of it. Yeah, I thought you were going to mention pigeons, though, David. I thought, well,
you know, if you go back to World War II, the use of pigeons for communication and clandest
communication. I won't dwell on pigeons anymore, but World War II pigeons, big radio
sheds. Won't you, Gordon, though? Won't you? Don't make promises that you can't. Yeah,
sorry, Glenn is, we, Glenn is probably very confused by my references to pigeons.
We need to start a tracker. Maybe, and some one of our secret squirrels, we'll start a tracker
of the episodes in which Gordon mentions pigeons.
Because I would wager.
Maybe the ones I don't.
Maybe the ones I don't.
Maybe the ones you don't, yeah, to make it easier on the person keeping tabs.
No, you're right.
Pigeons, radios.
Covert communications.
Radios, pigeons.
And then you get to burst transmitters.
And I guess, you know, you're right.
You go from kind of, yes, pigeons, but also big radio sets to kind of small radio sets
to, you know, burst transmitters.
I mean, famously, the Brits got caught in the early 2000s using a spy rock.
I always love this in Moscow.
And they had a, according to the Russians, never denied by the Brits, and I think we know
it's pretty true, but the Russians said that there was a kind of fake rock, which had a receiver
in it, and then someone would walk past the rock, press a button, and their transmitter
would kind of beam the information into the rock, which then could be extracted from the rock at a later
date, which gives you some idea of the kind of technology that's involved in covert communications
when you're trying to keep the communication secret.
it. So I guess that's the challenge. The Brits Gordon are very creative in this field, I think,
because if you remember back to the series we did on Mansfield Coming, the first chief of the Secret
Intelligence Service, you had some crazy people cooking up the idea of using semen for secret writing,
right? So the Brits are very much, David. Male bodily fluid is how I refer to it.
Male bodily fluid is the correct term.
male bodily fluid is a worse term than the actual term, which I use.
But maybe we'll have to bleep out what I used.
That was Invisible Inc. Invisible Inc. We should say. That was to use for invisible ink,
which I guess was another method of clandestine communication. These were some of the ways
people used in the past. But I guess what we're heading to now is the fact, you know, most
communication is digital. But by definition, Glenn, I guess, you know, this is maybe where
you want to come in. Digital tends to leave a trail, doesn't it? Digital, you know,
the internet, all these things, have problems, don't they, when it comes to communication?
Yeah, I can't talk about how asset handlers communicate with assets.
I can say that communication is always a challenge.
You know, if you look back in history, humans are infinitely creative about how they convey
information to other humans, as you just demonstrated in a way that I'd rather not rehash.
But, you know, the problem with digital communication is, again, that people have to think about
what other people can see or hear or acquire and when and again they inflate aspects of that
problem so if you look at things that have been in the news people famously said okay well signal
is secure or i message or what's app any of these end-to-end encrypted commercial messaging apps
are secure well the content is secure so if gordon and
David, you communicate via signal with some exceptions.
No one's going to know what the content of that communication is.
And we can talk about that, those exceptions.
But they're going to know that you're communicating.
And that's just as bad and dangerous for maintaining a clandestine relationship as knowing the content.
If David has secrets for one country and Gordon, you're from another country and you're talking to David, that's going to look bad.
and that's going to peak the interest of David's country.
So you have the content of the communication,
you have the fact of the communication,
and then you have the signature of the communication method.
So, for example, if you're in North Korea
and you have an iPhone with signal on it, that's going to look odd.
Yeah.
Right?
So you have to make sure that all of those things match.
And, you know, you have direct communication,
you have indirect communication,
You have simultaneous communication.
You have communication that's delayed.
And so I think the challenge in the digital age is for those who are communicating
to work it out so that they hide the fact of the communication and the signature of the
communication as well as its content.
And again, it's a tremendous challenge.
And I think there's very smart people in various agencies who know how to do this.
I won't go into detail about the different ways that they can do it, but they managed to do it.
If I thought about, let's take the example you gave of Gordon and I communicating on Signal or WhatsApp.
I mean, if you had money to go buy the data, how would you establish that connection, put aside for a second, the sort of content, but just Gordon and I being in contact on Signal, how do you committed spy hunter slash maybe like data broker?
How do you get that? Where does that information come from? How do I get it so that I could do something with it?
Well, I mean, this is every single tech company and data brokered in the world does this, which is your device is sending messages, and Gordon's device is receiving those messages.
And even without any of the content, they go through infrastructure. They go on to servers.
You can work out the timing. If you're talking, you can infer the timing. If your text,
a lot of the texting is is done simultaneously if you've ever watched kids texting and I'm sure you do the same thing you text high text it's not that hard right these two devices are in contact with each other these two people know each other that's part of the business model for the digital advertising environment how do you how do you establish someone's network I could establish your network David I just buy the data about who you text who you eat
email, all those devices leave traces on the infrastructure. You buy that data. You run it through
an algorithm. Here's David's network. You overlay that with travel. You overlay that with social
media mentions. It's not that hard. No, I always think it's interesting. You made a good point
there. It's not always even about the content of the call because I think people have a lot of
ideas about encryption. A lot of the tech companies will say, well, your communications are safe
because they're end-to-end encrypted.
I mean, I always think two points.
One is your point, which is,
especially if you're worried about the, you know,
sensitivity of your communications,
the content is encrypted,
but the metadata,
the data about the conversation
often is traveling on a normal telecoms network.
And if you're a security service
with access to the telecoms network,
you can get that data.
And you can do all kinds of very clever,
you know, kind of network analysis of going,
this phone's talking to that phone,
but it's only talking to that phone,
and it talks to it once or,
you know, you can do all that kind of
stuff. And I guess the other point people make is it's, yeah, it's end-to-end encrypted. At the two
ends, it's got to be unencrypted and open, because otherwise you can't read a message. You know,
it's no good. So if you have access to the device itself, you get access to that and you can
open it, you know, whether through a thumbprint or knowing the pass code, then again,
you're kind of into the actual content of the message and all the devices. So I sometimes think
people in the, you know, who worry about security and often, you know, because I kind of deal with it a lot
as a journalist, you know, where sources are worried about it. And you've got to kind of be honest
with people. It is hard if you're a journalist dealing with sources. If you're going to deal
with them electronically, even over signal or other messages, to kind of guarantee that there is
no way of connecting the two of you or of ever knowing the kind of content of your communications.
Very hard to guarantee, I think. Well, precisely. So you raised two issues. So let's look at end-to-end
encryption. There's the famous case of Pegasus and Jeff Bezos's phone. Pegasus and similar malware.
Yeah, we should explain what Pegasus is. Yeah, it's a malware that transmits what's on the phone
to the cyber intruder. And when you open up your I message or signal message or or a WhatsApp message,
whatever it is, and you're reading it on the phone, that's what Pegasus is reading.
As you said, it's no longer encrypted.
Great.
It was end-to-end encrypted, but now it's reading it at the end.
So it hasn't decrypted.
It hasn't broken the encryption.
It's reading it in the clear the same way that you are.
And then the issue that you raised of the metadata is a really great point.
Okay, so there's a lot of investigations that involve, say, for example, insider trading or is someone gambling?
They investigate, okay, is this person gambling and he or she,
has inside knowledge of injuries or what have you, no, no, I've never gambled.
And then all of your calls go to a bookie or to work to a legitimate gambling site.
Well, you just said you're not gambling.
And I don't have to have the content of the call to start the investigation, right?
Or even to draw conclusions.
I just have to know that you're in contact.
There's a lot of investigations, for example, on insider trading and inappropriate sharing of
information on for financial firms they're supposed to use a dedicated phones that are recorded to make
sure everything's on the up and up a lot of them will use cell phones to get around that of course
that leaves a record and it doesn't matter whether the content of the call is hidden a you shouldn't
be on that phone so now we have the signature issue yeah right you can't be doing business work on that
phone. And B, you've now established through metadata a connection with someone you should not
be connected with, right? So I don't need as an investigator that content. I already know
with near certainty that you've done something wrong. And the rest of it is just tying it up
neatly. I think the Pegasus point is fascinating because that is developed by commercial
companies and then sold to lots of states. Yes. And states, technically for Laura,
enforcement, counterterrorism, but we know it's been used, you know, by lots of governments
around the world for spying on political imponents, spying on journalists, all those kind of things.
I think the Saudis use this against Khashoggi, to catch and murder him.
Yeah, and that's a perfect example where, you know, something which had been quite a high-end
technique, I guess, you know, in the past, you'd have thought the ability to kind of break into
someone's phone and capture everything that's happening on it. You'd have said, you know, that is something
that only GCHQ, NSA, maybe Israelis and a few could do. And now something, it's something
which is commercially made available to a much larger group of governments. So you see the kind
of proliferation of spying technology, which can be used to kind of surveil people. I think
it's a really big shift, isn't it? Well, this is what I was talking with David about
before, which is that intelligence is a profession and an activity has jumped the tracks.
and it was during this period that we talked about
where all of this data became available
and that it was able to be analyzed.
And so you look at China, for example,
which has turned its whole country into an intelligence state,
not just to surveil and oppress its own population,
but to steal economic information
from the United States and Great Britain and Japan
and South Korea and Australia and all the rest.
And really, it's turned intelligence into a mass
activity where both the actors, the intelligence collectors, are no longer full-time professionals.
They are business people. They are proxies for the government, or they turn the government
into proxies for their businesses. And the objects of that intelligence are not state actors
and government officials. They are companies like Apple and Google and GM and, you know, Goldman's
sacks and anybody else who has, as we talked about at the beginning of the first show, who has
information of value. And so what China has done has really taken this technology and expanded
intelligence and attacks on its adversaries into the private sector. So it's a version of the
old-fashioned, you know, Francis Drake stealing Spanish gold, except on.
steroids to use a cliche. David's going to be mad at me as a professional novelist.
We'll edit that out. We'll let it out the cliche. Don't be trifling. But it's taken that
and turbocharged and energized it and turned it into a mass activity. And so you look at, say,
the 2017 intelligence law in China, Article 7, which says that every individual and every
company in China must, must cooperate with China's.
intelligence services, and that goes both ways. So these companies go to the intelligence
services and say, hey, we would like to get this information. And what you do is instead of
use this for a purely national security purpose, you use it for a business purpose to literally
put rival companies in the United States and abroad out of business. This is the technology
revolution plus the intelligence revolution. One of our old colleagues, Anthony Vinci,
he calls the fourth intelligence revolution, together with neo-mercantilism.
And that's the world that we're in right now.
And that's the business that I'm in right now is helping companies figure out how to defend
their valuable information against companies and countries that work together to do what
you just referred to, Gordon, which is steal all kinds of information using all of them means
available.
I want to make sure we come back to this because I want to park this idea because I think
there's a bigger question kind of rolled up in all of this, which is, does the Western
intelligence model still work and how will it be able to compete with the Chinese model?
But maybe we could come back to that because I wanted to ask, again, on the communication side,
we talked about the idea that Gordon and I are talking, okay, that's probably enough for an
investigator to start to make investigation, right, if they just see two people that shouldn't
be in communication. But Glenn, you know, I want to ask about quantum computing here and whether
we should expect that in the future we'll even have encryption. So, in other words, like,
how much of a, what's the, what's the prospect that, you know, five, ten years down the,
down the road, there actually won't be any privacy, even in the content of the communication?
Wow. A great question. Yeah. So quantum decrypts in seconds or minutes or hours that will.
which under traditional encryption would take centuries to decrypt.
And that's horrifying because our adversaries have already hoovered up untold quantities of
encrypted information as they can and as we could.
I mean, it's there for the taking out of the air and over the wires, but it's pretty
useless right now because it's encrypted.
but when you have quantum decryption, it's not useless.
And all of that information at rest and all of that information in transit now is no longer secret.
And that's horrifying.
And the way to protect that information going forward is to use quantum encryption, which everybody is aware of.
But they're not doing, not in a large scale.
And the problem is we're not going to know that anybody has quantum decryption.
until it already exists.
I mean, think about this.
If you could decrypt everything that's encrypted,
would you tell anybody about it?
Hey, I'm all of a sudden able to read your mail
and read your messages.
You wouldn't, right?
And we're not going to know if another,
if an adversary has that until after we're already sunk.
I mean, the parallel to me is always a bit like Bletchley Park.
When Bletchley Park could break codes,
you keep it quiet and you keep selling the people,
the idea that their messages are completely unbreakable.
Yeah.
And, you know, Crypto AG did this for decades.
The Brits kept Bletchley secret for decades because they could still read loads of
information and gain loads of intelligence of it because everyone went, oh, my communications
are perfectly secure on these devices.
And so the reality might be, who knows, you know, somewhere in China right now, there's
a quantum computer, you know, which is cracking all the messages and which is a game changer
for intelligence because suddenly you then have this kind of radical transparency in which
anything which isn't built with a new standard of kind of quantum resistant in cryptic.
is going to be transparent.
You know, a whole layer of secrecy and secrets and private information suddenly disappears.
I mean, that's a kind of potential game changer, isn't it?
Oh, it's a nightmare, Gordon.
I mean, think about all the information that's already sitting in storage in data lakes
that's encrypted and then the capability to decrypt that.
Think about the financial system, which depends on standard encryption.
What's going to happen that?
I don't want to think about that, Glenn.
that's terrifying. I would like you to think about, David, perhaps that's your next novel.
All your financial information, David, all transparent to the world, imagine.
Yes. All your secrets, David. If you put on your MSS hat, Glenn, which maybe you have
behind you on the table there. Yeah. If you have that capability, what do you do with it?
Whatever you want, David, whatever you want, the sky is the limit. I mean, imagine, again,
we're doing a hypothetical here. But imagine China has hoovered up.
some quantity of encrypted information that goes over the wires and over the air about the U.S.
military, about the U.S. government, about the U.S. intelligence establishment, and it's all
encrypted.
And then one day, because they've succeeded in decryption, they can read all of that mail.
They can read all of the messages.
Think about all of the things that they know.
Think all the things that the United States government wants to keep secret from China.
And then you expand that beyond government to, okay, this is everything that Apple does and Google and Amazon and Anthropic and Microsoft and Goldman Sachs.
I mean, it's just horrifying.
The short answer is whatever they want.
And so our secrets aren't safe.
Our military planning isn't safe.
Our intelligence operations aren't safe.
our money isn't safe. Money, credit, that's all based on trust. That's all based on the idea that
these ones and zeros that are in computers are safe from theft. And now it's attacked now and again
in a cyber way. The North Koreans have a nice little industry in attacking banks and crypto. But
that's going to look like child's play. That's going to look like a tiny iota, a stye.
compared to the absolute forest of secrets that are going to be revealed when quantum comes online.
Is it a certainty that it is coming?
Is it just a matter of when?
Is it like maybe it's five years?
Maybe it's 10 or like, is it?
The joke is it's always five years away.
Quantum computers, it's always five years away, the breakthrough.
But I mean, I was talking someone yesterday who said, might be really only five years away now.
That might actually be true.
Yeah, I don't know, but I wouldn't take the risk, David, that it's not, right?
that we continue to make progress.
It's not as if human beings are not making progress on quantum decryption.
They are.
I can't tell you whether it already happened.
I can't tell you, which is another thing that would keep me up at night.
Or if it's a day away or 10 years, I don't know.
I don't think anybody knows.
That might be a good place to take a quick break on that moment of slight doom and gloom,
and we'll come back after the break and see what we could do about this.
No, no, no, no, we'll tell everyone.
everything is fine, but how we should think about this world of technology. One last look at it
with Glenn and we'll see you after the break. This episode is brought to you by Atio, the CRM for the
AI era. Now, David, people think that Spycraft is just car chases and secret codes, but an awful
lot of it is just idling around, waiting for the action. It's a bit like starting your own business.
think it's going to be as easy as creating and selling a product, but the reality is business
owners spend far too long trying to get their CRM to fit a system not built for them.
Atio's AI-driven CRM enables you to take control of your platform to build something from the
ground up that fits your needs. James Bond had Q's x-ray shades, an explosive watch, and a
pen grenade. Business owners have Adio's real-time customer insights and platform that grows with them.
All tools relevant for your mission to build a company from the ground up.
Atio even has something called agent collaboration.
Yes, but in this case, that means giving people the ability to let AI work seamlessly in the background for them.
Try Atio for free at ATTIO.com slash trick.
This episode is brought to you by NordVPN.
A breach used to require a full store or a lifted file.
Now it begins the moment you join a dodgy public Wi-Fi network.
Leave one device exposed and operators can map your online activity in moments.
NordVPN shuts that down.
One click encrypts your connection, stopping public networks turning into blind spots,
and keeping your traffic secure wherever you log on.
NordVPN's Threat Protection Pro feature blocks malicious links,
fishing sites, and even scans
downloads for viruses. It's like
having your own cyber bodyguard.
And if you're abroad, you can shift
your virtual location for the sites you rely on
or check whether prices change by region
before you buy. To get the best discount
off your NordVPN plan,
go to NordvPN.com
forward slash rest is classified.
Our link will also give you four extra months
on the two-year plan. There's no risk
with Nord's 30-day money-back guarantee.
The link is in the episode description box.
Welcome back.
I think Gordon and Glenn, we've been talking for most of this kind of two-part series to this stage about how tech is changing the world of espionage.
And in particular human espionage, we've been trying to do it from the lens of, I think, some key elements in the trade of human espionage.
I thought we might switch for a second and actually talk about some specific pieces of technology
because there are some that I think the impact that they have spreads across the entire field of the intelligence business.
And it'd be good to talk about them individually.
I mean, I guess one that pops immediately into my mind that I think we really haven't talked much about yet is how cheaper, smaller drones or UAVs are impacting espionauts.
today. Because obviously, I mean, we had the world of sort of armed drones that we see all
around us in Ukraine. But I'm kind of thinking here, Glenn, of how maybe more from a just
surveillance standpoint, the proliferation of really effective high quality drones that I can
buy for my son that cost about 30 bucks. You know, how does that whole landscape impact this
kind of the business of human espionage today. It's developed by leaps and bounds over the last
a few years and I think we'll continue to see improvements in capability and reductions in price
as technology goes in the next few years. So obviously it is a it is a sensor platform and it is
cheap and it is capable and it's controllable and that represents a danger I think both for state
actors and for non-state actors there was a story I think a few months ago in the New York Times
about a drone loitering outside the window of Erickson in Copenhagen. You know the story I'm talking
about David, where it's, it's photographing, yeah.
I'm just laughing, thinking about a drone sitting outside a window, just, just watching.
Well, I mean, think about, think about this, right?
You know, access to somebody's computer screen or keyboard is gold, right?
If I could photograph you typing away, I could learn a lot about what you're doing.
If you think you're safe because you're on the 40th floor of a building or the 14th floor
of a building and I just park a very quiet, very small.
drone outside that window and photograph the whole thing. I have all kinds of information that's useful.
So that's a nifty little collection tool, you know, which is partly human because you have the
operator, but, but I can imagine scenarios in which the human is further and further away from
the actual collection. And then it's stored and it's beamed, sometimes in real time, and then
used. So that's, that's, you know, an exceptionally valuable tool to have. We've already seen how
valuable they are in the battlefield, but I would be worried about how valuable they are in terms
of business intelligence. A lot of companies have very good access controls. And I'm not talking
about companies in defense. I'm just talking about companies that might be targets of other
companies abroad, principally from China, where that information confers tremendous advantage,
getting back to our definition of intelligence.
But they don't have any counter-drone program.
You know, they don't operate in skiffs.
They have windows for their people.
They don't want their people to be like we had to be back in the day
in these windowless offices, deep inside buildings without windows.
And so the possibilities really go from there.
Add microphones to the cameras and you're really in business.
Wi-Fi detectors, all kinds of sensors.
Censors, microphones, cameras are now in cars.
They are in, you know, watches, they're in phone.
You know, we used to think of it as just as phones as the tracking devices or the sensor devices.
But the extent to which everyday items are effectively connected to the internet, internet of things, exactly.
You know, your fridge speaks to the internet.
Right.
You know, and the point is convenience to tell you have you run out of milk and I can order it for you.
But it also may be able to tell someone who could easily hack into it, because I
I bet it's cyber security isn't very good.
Is this person at home at the moment?
Have they not opened the fridge for two days?
In other words, is that a good time to break in?
Or are they stocking up extra bottles of vodka in their freezer,
which maybe is a sign of alcoholism?
Well, some other indicators.
So, you know, it's that kind of everyday pervasiveness of this,
which I just think is it's really game-changing, isn't it?
Well, everything you buy, I have a real ambivalence about these loyalty programs, right?
The point of the loyalty program is not to, it's,
To charge people who don't share information more money is the point of the loyalty program.
So you go to the store, right?
And like, oh, I see you're buying.
This was obviously many years ago.
I'm buying a newspaper.
Can I have your phone number?
No.
You can have my money and then you give me the newspaper.
What do I have to give you my phone number for so that you know that I bought the Wall Street Journal on Friday?
That's not, you know, why do I want a network to scale?
Good God, no.
I don't, you know.
And then your credit card bill tells you.
tells people masses of information about you.
And, of course, after COVID, no one uses cash anymore.
The wonderful thing about cash is it divorced your identity from your behavior.
But try spending cash in a lot of places, and you can't or they discourage you.
Definitely China.
Right.
No, you can't.
But cryptocurrency?
I mean, cryptocurrency offers some...
No, no, it's...
Some benefits to people?
No, you spend the time, you can track it.
It's, you know, they have tumblers and...
But eventually, given enough effort, you're not going to be able to hide.
So, yeah, I mean, blockchain offers some advantages, and it really discourages investigators
because it's a lot of work.
But, I mean, you know, and Tor, same thing.
But all of those things can eventually be unwound.
It's the time and effort of the investigator.
Yeah, it's interesting.
I mean, just you mentioned Tor, which is the onion root of the kind of dark web.
I think we started the first episode with a quote from the,
chief of MI6, the last chief of MI6, Richard Moore. And in that same speech, he also launched,
I think, something called Silent Courier, which was a kind of portal, a platform for people to
contact MI6 on the dark web. And on the one hand, that's a kind of example maybe where
technology is an enabler for a spy service, because you've got the equivalent of walkins,
people who want to offer themselves up to a spy service. I think of Mitrokin, just because I've
written a book on him, you know, who walks into the American and then the British
embassies in the Baltics in 1992. In those days, you had to walk into an embassy to contact them.
Now, you can try and use one of these dark web platforms. They promise a degree of anonymity
to contact MI6. And I think CIA runs a kind of similar thing, you know, quite openly saying
to Russians, particularly, if you're aggrieved with your government, you know, use this
platform to approach us. So I guess, you know, that is an example where some of that technology is
an enabler. But I guess it also creates a single point of failure and some risks as well. But
you've got a lot of pressure on that one platform and that one point of contact.
Well, Gordon, I don't want to talk about that one.
That's okay.
That's not what I want to comment on.
No, that's fine.
But I'll comment on it.
And I think it's really interesting because I think it is an example where technology,
it's the fact it's enabling and a risk.
And I think that's the kind of interesting thing about technology, isn't it?
Is that, you know, there's two sides of the coin for lots of this.
Going back to the Internet of Things point, I was having a conversation.
and I don't know, it's a couple weeks ago
with a cybersecurity expert
and was actually doing book research
and he was telling me a story about
the proliferation of cases
he's seeing of people who have their
Wi-Fi hacked by someone
going in through a pretty
like a device
like a washing machine
or a refrigerator
or your connected scale
that does not have the
same level of defense
as the traditional router
but is still connected to it all the same
because you just sort of don't think about it.
Like, well, am I doing software updates on the washing machine?
Right, right, right.
You know, and it's a weak link, but you don't,
you just almost don't even think about it now.
Yeah, it's totally normal to have a washing machine
that's connected to my Wi-Fi.
Why not?
Your toaster is spying on you.
That could be the title of your next book.
It's horrifying.
One topic we've talked about in little bits and pieces
throughout this conversation has been artificial intelligence.
And this is a huge question.
And obviously, you know, the impact of AI on the intelligence business is, it's not
just impacting human, it's impacting analysis and everything, right?
But I'm curious from your standpoint, Glenn, I mean, how should we think about the way
that AI is disrupting the human intelligence game?
to the degree that it speeds up collection, analysis, interpretation, it represents, I think,
an offensive weapon in terms of collection, a potential tool for counterintelligence and a potential
tool for analysis. What do all of these features mean and how quickly can we make these associations
that we wouldn't do if we didn't automate them? So I don't think everybody understands
yet, all of the implications for AI and machine learning.
The one that I've probably paid attention to the most is the collection of faces and the
analysis of faces and how it has made that a lot better.
It can also be used for spoofing voices and spoofing video.
So we've had a number of cases where we look at companies and they're vetting people
and they're doing these interviews like this one over a video channel.
And the person is not the person they're purporting to be because they've used AI tools
to disguise what their face looks like and what their voice looks like.
And now, right now, that's fairly crude and there's some very easy ways of determining that.
But that's going to get harder and harder as time goes on.
You talked about identity earlier, Gordon, really face-to-face, but you also have identity
over the phone and you have identity over video chats.
And I think that's easier to do.
disguise. And people have to determine fakes. And then you have to look at influence operations.
What's real? And intelligence services, malign intelligence services, could flood the zone
with fakes. Now, it doesn't matter that it's determined to be a fake necessarily from their
perspective in the sense that nobody then believes anything. Yeah. You have the inability to
separate fact from fiction. Am I really speaking to David or not? Yeah. That definitely scared
me. But I mean, I guess as we kind of, you know, start to round things up, I mean, this world of
deep fakes of AI of not being sure who's who, human intelligence, the point of it, as opposed to
kind of cyber or digital intelligence, is that there is a human relationship, I guess. And at some
point, it requires two people in a room, or probably to be physically together and to talk to each other
and have a relationship and look into each other's eyes, not in a romantic way, but in a kind
of intelligence way and say, do I trust you?
You know, that is the kind of core of the business.
Does it survive, do we think?
Certainly shrinks.
I think the opportunities for doing that have shrunk.
I think the opportunities for Humet have shrunk, in part because you can achieve so much
now with data, with collecting commercially available and openly available information
and parsing that together.
And that makes the analyst, the targeter, a much more important piece, the OSINT investigator,
a much more important piece of intelligence collection and analysis, but there's still a role
for humans. None of that data can tell me what a foreign adversary leader, you know, call it
she, call it Putin, whomever. No one can tell me what he perceives at a particular time,
what he plans, what he intends. That can only be gleaned from someone in the inner circle.
And then getting in touch with that person in the inner circle and determining whether that person is willing to share and then arranging the transfer of that information is much more difficult now.
And I think the opportunities to have long conversations where you build that relationship have diminished because we're trying to have those conversations in a sea of sensors and data.
And that's just hard.
I remember reading an article, I think, a couple years back, and I know you won't comment on it, but just I'll put it out there.
There was a Washington Post article that was quoting somebody from the agency as saying, hey, the number of recruitment is down over the last four or five years.
We're recruiting fewer human sources than we used to.
And it seems like I'd always sort of conceptually thought, oh, it's a is a supply side problem in that it's just harder to do it because of all these tech.
challenges. So we're trying, but we're not having as much success or it's just in certain cases
it's impossible. But I guess I'm hearing you say it's also kind of a demand side problem in
that a lot of the questions that we would have had in the past where we would have tasked
human collection, we don't need to anymore. So in some ways, if humint is kind of the market share
is shrinking, it's not necessarily just because it's harder. It's because there might actually
be less demand to actually put some of these questions to humans than we had in the past.
The exception being the plans and intentions point that you're raising, which is what is she
thinking? What is Putin thinking? Those are evergreen questions where you actually really want
a well-placed human to give you that perspective. I would just go back to the scenario where you have
a leader you want to know something about, right? That leader's scale is networked. His to
toaster is spying on him. He's got social media. He drives in a car made after 2003, or is driven
in a car made after 2003, which means that it produces a digital exhaust, which can be tracked.
The leader speaks on a cell phone, the leader's photographed, the leaders roundly quoted.
There's all sorts of information about that leader, both intentionally and unintentionally,
produced that tech companies derive great insights from, great analysis from, and governments
could do the same. And so what we had to collect via Humeant about that person, about any person,
has logically shrunk because you can do that remotely by buying that data. So that's not a failing.
That's just a change in technology. I can't comment on any story about numbers or
quality of recruitment, and I don't even know. I mean, I've been retired for years now. I would
just say logically, knowing the capabilities of big data, and let's call this tech revolution
big data, you can find out facts and derive additional facts from that data that you could
not do 10 years ago, 15 years ago, 20 years ago. It's even so much better now than it was
five years ago. Open source intelligence and digital intelligence.
and cyber espionage.
They all offer new ways of kind of stealing secret
for getting hold of useful information, I guess.
And then you combine all of those.
But I guess what's interesting, isn't it?
It's the fusion of all of these things.
Because you get a sense that these days,
you know, human espionage is enabled by the digital or the open source.
The kind of mixing of it means that the old days where you think back to the old
kind of Cold War spy stories and it was always be about that kind of fighter pilot,
you know, case officer or, you know, MI6 officer,
who is the individual who just is the kind of loan operator who would kind of go and talk that
agent into being. That doesn't work in the modern spy world, does it? Because you need a kind of,
you need digital analysts around you as well to build up the profile of the person you're going
to talk to. You need maybe, you know, some cyber espionage around it. You might need some technical
knowledge. It's a kind of, it's changed the kind of the game in that way. Yeah, I certainly think
it's become much more of a team sport now than it used to be.
because of technology, I think the best operations have a bit of all of these elements in them.
A lot of, a lot of cyber operations are enabled by Humant.
A lot aren't, right?
Social engineering, I mean, a lot of cyber operations are a result of people getting people's logons,
right, getting their credentials.
Simple things like overhearing a conversation or shoulder surfing can enable cyber
operations. Parking a camera on a drone outside someone's window can see somebody type in
a password. You slow it down and you see how they type it in. There's all kinds of ways to
blend cyber and signal and human intelligence. And our adversaries do this every single day.
I wanted to go back because I think when we were talking about communication before the break,
I parked a question on the kind of intelligence business model.
that we've built up versus maybe the Chinese one. And I'm curious if you think,
are we adapting? No. Is our business model catching up? No. Yeah. No. No, we're not. I mean,
we're playing two different games. So China, which is the best example, is an intelligence state
in which the party state and companies, I won't call the private sector because there is no
true private sector in China. It doesn't have a rule of law. They steal from each other.
just as they steal from us.
But they have a national theft program.
And NSA Director Keith Alexander, General Keith Alexander,
talked about this 20 years ago.
You know, it was the most massive transfer of wealth in human history.
This is getting back to the neo-mercantilism.
Yeah.
Where it's not to say that China doesn't innovate,
it certainly does, but it doesn't have to innovate as much as we do
because it's we're subsidizing, it's R&D.
American companies don't do that.
It's against the law here.
against the law to do it to ourselves, and it's against the law to do it to Chinese companies.
China doesn't have that problem. It steals private sector information. This is, again, what I
work on now is helping companies protect themselves against this because they don't realize
the degree and scale of the theft. And this has national security implications because
essentially what China is doing, as the Ottomans and the Portuguese and the Dutch did to Venice,
They're trying to put us out of business.
And that's going to destroy our economy, and it's going to destroy or certainly diminish
our strength as a state.
And it's not just the United States.
It's all of its allies.
And I think very few companies are aware of this.
And our national security establishment is not set up to deal with this.
It was set up to do with the Cold War and to a certain degree terrorism.
It wasn't set up to deal with an adversary that wages a gray zone.
hybrid war on the U.S. private sector and national infrastructure.
My next question was going to be, what keeps you up at night, Glenn?
I think you might have just answered it.
Yeah, that. That, that does. I mean, that keeps me up at night. Quantum. Quantum keeps me up
at night. I mean, the fact that that companies are still rushing to do business with China,
knowing that their IP is at risk, at least understand what your valuable information is
and take steps to protect it.
But in many cases, the information's not stolen.
It's freely given away.
I'll give you RIP if you allow us access to your market.
I don't think that's worked out terribly well for the United States economy or private sector.
Maybe this is the question I'll close on then, which is just to go back to this central topic of tech and how it's impacting the espionage business.
For people who, I mean, who are listening or are thinking about the job of a case officer.
What do you think that job is going to look like in the future?
Give it all the changes we've talked about.
At the humid level, what does that job look and feel like, do you think?
Yeah.
You really put me on the spot there, David.
That's a huge question.
I expect it's going to be, it's going to involve a lot more reliance on data and technology than it does now.
I think the case officers now, I mean, currently need to.
have much greater technological aptitude than they did back in my day. I think that's only going to
increase to understand the capability of sensors, to understand the capability of computation,
to be able to separate out fakes from reality. I don't think human, old-fashioned human people-to-people
relationships are ever going to disappear, as Gordon was talking about a few minutes ago. But I think
it's going to shrink. Because the idea of a case officer, even protecting his identity and
job, has gotten so much more challenging. And so the way that China has dealt with this is they've
turned their whole country into intelligence collectors through things like the national
intelligence law and the national security law and this, you know, a massive intelligence establishment
and a giant hacking cyber intrusion force. It's an intelligence.
state the way they've changed intelligence. And again, this is out in the open. They don't hide
their law. Oh, they say, oh, we wouldn't do that to you. Well, then why do you have the law?
If you're not going to use your population as intelligence collectors, why do you mandate that
they become intelligence collectors? I think you're going to see a lot of that. I can't speak to
the United States, but other countries, China, Russia, among them, have blended the private sector
together with the national security sector to make something that's even more dangerous.
Well, Glenn, I think that's probably a good place for us to wrap up.
I think we've got a real understanding of why, you know, we started off with a former
chief of MI6 saying adapt or die, basically, when it comes to technology.
And I think what we've hopefully done over these two episodes is unpick what that means,
what technology is doing to both the intelligence business, but also to kind of privacy,
privacy, secrecy.
You know, it's making us all kind of spied on.
spies, but also kind of restricting the space for some of the old-fashioned spying we think
about. Not as easy to write about, is it for your books, David, I think, some of this stuff.
But it's kind of the reality. I mean, you do capture some of it in the novels. It's harder,
isn't it? It is. I deal with it every day when I'm writing where you're trying to write a story
about characters, about people, you know, in a business that is dealing less and less
with actual human interaction. So a lot of the, a lot of the, a lot of the,
scenes that I would have written in books, you know, to point Glenn, 15, 20 years ago,
you know, they just, they don't happen. It's that meeting of the source in the parking
garage. That's a great scene to write about. But does it work anymore? Not really. So the real
downside here for novelists. Novelists are the ultimate losers. Yeah. Pool novelists.
Two words for you, David. Historical fiction. Historical fiction. That's the, that's the takeaway.
Revert to the past, baby. That's right. Yeah. Yeah. That's right.
Yeah. Yeah. That's right. Thanks for joining us on this journey, Glenn. We appreciate you coming along and educating us and our listeners and this, I mean, hugely important topic and one that I think will be coming back to over and over again on the stories we tell on the pod. So thanks for being with us.
Thanks very much for having me. It was a pleasure.
So thanks to Glenn. Thank you all to listening. Just a reminder that if you want more of these kind of interviews with people who are, you know, insiders in the spy world, then do you.
join the declassified club at the rest is classified.com where you'll get plenty more like that,
won't they, David? That's right. And Gordon, we'd be remiss if we didn't say. We do have our
live show coming up in London on the 31st of January. So you can go to the rest is classified.com.
I think we've still got a few tickets left. Get those there and join the club as well.
We'll see you next time. See you next time.
Thank you.