COUNTERINTELLIGENCE
"When you come to a fork in the road, take it." (Yogi Berra)

    Counterintelligence activities occur not only between governments but between industries as well, but the term is most commonly reserved for describing activities which protect against foreign espionage, sabotage, and terrorist acts.  Both Executive Order 12333 and the DoD dictionary of military terms define counterintelligence (also called CI) as "information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations conducted by or on behalf of foreign governments or elements thereof, foreign organizations, or foreign persons, or international terrorist activities."  By definition, CI involves investigation, operations, collections, and analysis.  Much of the practice of CI consists mainly of efforts to protect secrets, preventing an intelligence mechanism from being manipulated, and also exploiting the intelligence activities of other entities or organizations.  Given the breadth and depth of this field, only the basics can be covered here.

    Counterintelligence can be passive or active, depending somewhat upon the level of secrecy involved. Passive or defensive counterintelligence is synonymous with security, and involves locating, screening, and identifying people, limiting their access to classified material, and instituting accounting systems to trace losses. Active counterintelligence is sometimes called countermeasures, and involves specific protections using specific tactics such as neutralizing an enemy or putting them under surveillance or reconnaissance.  However, once a security breach is identified, counterintelligence would normally try to keep the enemy's communication channel unaltered (or monitored) to stay one step ahead of them, and to capitalize on potential vulnerabilities that may be exploited later on.  On the downside, counterintelligence produces some of the most confusing information and disinformation in the world, and several nations and/or entities play that game well.  Deception operations often involve counterintelligence.  Historically, the U.S. has been pretty good at counterintelligence (leaks to the press seem to be an American pattern), but other nations and/or entities have gotten pretty advanced at it, and it's interesting, in comparative perspective, how other places (which don't have a free press) operate. 

    In some quarters, effective counterintelligence begins (and ends) with the notion of security classification levels; i.e., unclassified, confidential, secret, top secret, etc., of the kind one applies for via SF-86 and the like.  Recent years have seen the development of higher, "compartmentalized" levels, and developments like these have contributed to debates, of course, over whether there's too much fuss over security levels.  Above top secret includes designations like TS/SCI where SCI stands for Special Compartmented Intelligence, and each compartment is further indicated by a codeword; e.g., KEYHOLE for satellite information, or UMBRA for communications intelligence.  This codeword is sometimes called a "ticket" and serves as a topical access barrier for those who do not have similar tickets.  There are other designations that modify other classification levels; e.g. NOFORN for No Foreign Nationals, WNINTEL for Warning Notice, Intelligence Sources and Methods, and LIMDIS for Limited Dissemination.  ORCON, or Originator Control, also prohibits sharing information with agencies outside the intelligence community if that outside agency is not the originator of that information.  ORCON has become a big issue in the post-9/11 environment where there is a strong need for inter-agency sharing.  At the lower levels, a big issue involves whether or not there should be an additional security level between unclassified and confidential.  The United Kingdom has one called "restricted" but the United States doesn't really have a truly "restricted" level, instead relying upon fairly weak mechanisms like "For Official Use Only" or "Not for Attribution" or the "Sensitive" label.  The assignment of security levels to people is (or should be) part of CI's role in personnel security, which encompasses much broader issues, but just as important is premises security, which typically involves sweeping premises for bugs and controlling access to certain storage areas.  Counterintelligence might also find itself involved in audits of secure facilities, but audits should not be seen as the security mechanisms themselves.

    A basic principle of secrecy is that just having a certain clearance level doesn't entitle somebody to have access.  There is the all-important "need to know" requirement that overrides a security level, and just having a certain level of clearance doesn't automatically entitle someone to see every piece of data at that clearance level.  Counterintelligence usually comes in when it is suspected that secrecy is broken - or you've got a leak - and what you need to do is figure out a way to take advantage of that.  At some point, you're probably going to be launching a counterespionage operation, but for starters, you need to put your leak under surveillance.  You might have a mole, a defector, a double agent, or what is called a "dangle," someone who pretends to spy for someone but is really loyal to someone else.  Expect double-crosses from these kind of people, and in fact, it's probably not a good idea to rely too much on double agents.  Heavy dependence on HUMINT in CI runs the risk of increasing your vulnerability to being deceived.  What you need to do is find out how they transmit their information to the enemy.  Once you find out that channel, you can then use it to send and/or receive information to your liking.

MULTIDISCIPLINARY COUNTERINTELLIGENCE

    What is called multidisciplinary counterintelligence involves giving serious consideration to supplementing HUMINT with TECHINT, via some kind of technology-based means, such as COMSEC.  Chances are you'll be dealing with encryption or ciphers anyway, and breaking these will give you some insight into the enemy's capabilities.  Knowing the enemy's technological capabilities (even if it's just communications chatter) will assist you in developing technical countermeasures.  However, getting back to the importance of keeping those leaky channels open, what you want to do is use those channels for deception or disinformation.  If the enemy is spying on you, keep those channels open, and use them to feed the enemy a bunch of lies, but not blatant lies, lies that are just close enough to the truth to throw them off.  Now, this is all an elaborate game of deception and counterdeception, as the enemy is probably going to figure out how much of what you're feeding them is truth and how much is falsehood.  Above all, don't confuse yourself or the enemy so much by sending such a mix of true and false signals that nobody can tell the difference anymore.  What goes and comes through as true is called "feedback" if you are able to separate the falsehoods by "back-channel" collaboration.  This game works best if you are able to send the enemy deceptive or manufactured information that they think is true anyway.  Also, the more elaborate, long-term, and strategic the deception, the more important is the good intelligence feedback you'll get from it.

FOREIGN THREATS AND INFLUENCES

    Typically, subversive threats which occur domestically can have a foreign connection.  It is not wise to always assume this, but prudent to be aware of the possibility.  More typical and substantial threats are likely to come directly from foreign intelligence services which include major adversaries, like China, Cuba, Iran and Russia, along with major allies, like Japan, France, England, Canada, Mexico, Germany, South Korea, and Israel.  As an example of an adversary threat, the Cuban Intelligence Service (CuIS) is notable because they extensively use both "illegals" and "legals" defined respectively, as trained intelligence officers sent abroad with false identities who maintain no overt contact with their government, and trained intelligence officers under official or diplomatic cover.  It is "hostile" precisely because both types of operatives use heavily coded means of communication, often infiltrate military security, and influence U.S. citizens or officials to lobby for easing sanctions against Cuba.  In the mid-1990s, the U.S. successfully broke up a ring of Cuban spies in Miami using the Foreign Agents Registration Act, which serves several purposes.  Originally drafted in 1938 to levy criminal penalties against Nazi propagandists, the Act has evolved into much more than that, most notably the requirement that agents of foreign lobbyists register and file letters on intent.  Another significant piece of legislation is the much older Logan Act which forbids U.S. citizens from negotiating with foreign governments.

    Regarding threats from allies, friends do not normally spy on one another in military or political matters, but when it comes to economic and technological competition, friends are competitors, not allies.  The most frequent target of such competitive spying is the dual-use technology on the Militarily Critical Technology List (a classified document).  Dual-use technology has both military and civilian applications, but the list is intended to enumerate items critical to maintaining superior U.S. military capabilities.     

    Counterintelligence threats not only come from nation-states (although most of the aggressive and persistent threats do), but from private sector players like businessmen, scientists, academics, and students.  Intelligence collection is also done by foreign corporations acting independently of their governments as well as by foreign intelligence services.  Most of these players may or may not know they are assisting a foreign government, and are commonly duped into it, chasing a desire for profit or acclaim, or acting out of misplaced loyalties.  The range of motivation is diverse, and it is the job of CI to sort out the various motivations.  In addition, globalization and computerization have made it much easier to steal sensitive technology and trade secrets under the guise of international conferences and posting research work online.  In fact, it is quite often the case that secrets no longer stay secrets at trade shows, conferences, symposia, visits, and open houses.  The growing openness of the scientific and educational communities has facilitated the flow of secrets across borders as a "brain drain" escalates within and between countries.  Cyberespionage crossing international borders has also increased.

EXPORT CONTROL

    Export control usually refers to licensing procedures and other economic restrictions on the so-called "merchant of death" industry where the government prohibits certain munitions (there is another classified document called the Munitions List) as well as dual-use technology that can be used to kill people.  Nuclear technology is the most frequent item of concern here, and the suppliers themselves (see Nuclear Suppliers Group) have put regime controls in place.  Both the US and a few developed countries have been somewhat successful at controlling exports of technology with military applications.  Despite some disputes between allies, the Coordinating Committee for Multilateral Export Controls (CoCom) was a remarkably effective method of economic warfare during the Cold War.  CoCom was abolished in 1994, and replaced by the Wassenaar Agreement (WA) in 1996, where a much larger group of countries are involved and concern is institutionalized for the economic welfare of affected states.  Exports are often restrained rather than banned by the WA.  So-called "pariah states" are identified by consensus in the WA.  In fact, membership in the WA is open to anyone who engages in "responsible" export policies with a WA-maintained list of pariah states.  According to one of the WA's High Level Meeting statements, a pariah state is one which has "suspected ties to terrorism, attempts to develop WMD, and has possible designs on territorial expansion or other forms of behavior that raise questions about their commitment to regional and global stability."

    One of the problems with export control is the so-called "deemed export" exemption in the Export Administration Regulations (EAR).  This allows the release of technology to a foreign national in the United States as if such release were an export to the country in which the foreign national holds citizenship status, but deems it a export violation if a regulatory violation occurs.  It typically takes the form of technical data or technical assistance under the auspices of visual inspection in a secure U.S. facility, or it may take the form of an oral exchanges of information between scientists or visiting dignitaries.  Naturalized US citizens and foreign nationals holding valid permanent resident status in the United States (green card holders) are not subject to the deemed export rule.  The problem is that few cases are ever prosecuted under export law because of the difficulty in observing deemed exports.  With no observable movement of goods, the transfer is virtually impossible to detect, let alone prosecute.  Clearly, there is a need for better laws in this regard.

INTERNET RESOURCES
Army FM 34-60 Counterintelligence
ExportLawBlog
Hostile Intelligence Threats on U.S. Technology (pdf)
March 2005 National Counterintelligence Strategy for the U.S. (pdf)
Office of National Counterintelligence Executive
Wikipedia Entry on Counterintelligence

PRINTED RESOURCES
Carlisle, R. (2003). The encyclopedia of intelligence and counterintelligence. Armonk, NY: M.E. Sharpe, Inc
Dulles, A. (1963). The craft of intelligence. NY: Harper Collins.
Lowenthal, M. (2003). Intelligence: From secrets to policy, 2e. Washington D.C.: CQ Press.
Posen, Barry. (2003). "The struggle against terrorism: Grand strategy, strategy, and tactics," pp. 391-403 in Russell Howard & Reid Sawyer (eds.) Terrorism and counterterrorism.  Guilford, CT: McGraw Hill.
White, C. (2005). Intelligence/Counterintelligence. NY: AuthorHouse.

Last updated: May 11, 2008
Not an official webpage of APSU, copyright restrictions apply, see Megalinks in Criminal Justice
O'Connor, T.  (Date of Last Update at bottom of page). In Part of web cited (Windows name for file at top of browser), MegaLinks in Criminal Justice. Retrieved from http://www.apsu.edu/oconnort/rest of URL accessed on today's date.