Intelligence: From Secrets to Policy (36 page)

Categorizing the different types of polygraph exams depends on the questions being asked and the information being sought. Thus, intelligence agencies have what they call the
lifestyle poly
(personal behavior) and the
counterintelligence poly
(foreign contacts, handling of classified information). In some instances, such as vetting a source, only a few pertinent questions are asked.
Beyond taking a polygraph (known as “being put on the box”), employees and prospective employees are evaluated for other possible indicators of disloyalty. Changes in personal behavior or lifestyle—marital problems, increased use of alcohol, suspected use of drugs, increased personal spending that seems to exceed known resources, running up large debts—may be signs that an individual is spying or susceptible to being recruited or volunteering to spy. Any of these personal difficulties may befall an individual who would never consider becoming a spy, but past espionage cases indicate some reason for concern.
(See box, “Why Spy?”)
The response of counterintelligence agents to the discovery of such problems depends on the suspect’s larger patterns of behavior, how long the problem persists, and evidence of potentially hostile activity. In the aftermath of the Ames case—in which marginal performance, alcohol abuse, and a sudden increase in fairly ostentatious personal spending should have been taken as indicators of a problem—U.S. intelligence increased the amount of personal financial information that intelligence personnel must report on a regular basis. These financial-reporting forms assume, however, that ill-gotten gains show up in some way that is detectable with or without the cooperation of the recipient—cash. stocks, or new homes, cars, and so forth bought with cash received. However, as was learned from both the Ames and the Hanssen cases, the country supporting the espionage may be putting some or all of the money in escrow accounts that will not be detected—or even accessed—until years after the espionage is completed. Again, the cases of Ames and Hanssen are instructive. Ames’s lifestyle clearly changed—new house, new car, better clothes, cosmetic dental work—but all this occurred before the financial-reporting forms were required. Outwardly, Hanssen’s life showed no signs of increased wealth.
Another internal means of thwarting espionage attacks is the classification system. In U.S. intelligence parlance, the system is
compartmented.
In other words, an employee being accorded the privilege of a clearance does not automatically get access to all of the intelligenne information available. Admission to various compartments had been based on a
need to know.
Thus, someone working on a new imagery system is likely to have different clearances than someone involved in running human intelligence (HUMINT). There are also compartments within compartments. For example, a clearance involving HUMINT may include only specific cases or types of HUMINT—perhaps proliferation or narcotics.
WHY SPY?
 
U.S. counterintelligence emphasizes personal financial issues in assessing security risks. Many people involved in the worst espionage cases suffered by the United States—Aldrich Ames, Robert Hanssen, the Walker spy ring, Ronald Pelton—were motivated largely by greed, not ideology. Some exceptions were Julius Rosenberg, Alger Hiss, Larry Wu-tai Chin, and Ana Montes.
By contrast, many involved in the worst espionage cases in Britain—Kim Philby and his associates or George Blake, for example—spied because of ideological devotion to the Soviet Union.
Although espionage cases of either type (greed or ideology) can arise in either country, some observers have been struck by the difference. It can be explained, in part, by the fact that Britain has had (and still has) a class system that makes ideology a more likely reason for betrayal, although the most serious British spies have come from the upper class. In the United States, the main competition has always been based on economic status, not social class
Spies may also be motivated by vengeance toward superiors or agencies, by blackmail against themselves or family members, by thrills, or by involvement with a foreign national. Still, until recently, most of the spies suffered by the United States have been motivated primarily by money. However, a Defense Department study released in April 2008 found that “divided loyalty” between the United States and the nation enlisting the spy had greatly increased as a motive for espionage.
 
Although “need to know” was the standard for decades, in the aftermath of the terrorist attacks, many felt that this standard also served to impede the necessary sharing of intelligence. In 2003, the intelligence community began to stress the “need to share,” an important shift in emphasis. Many also believed it was necessary to get away from the notion of various agencies—especially those that collect intelligence—“owning” the intelligence they produced. The clearest sign of this “data ownership” concept was the classification marking ORCON, or “originator controlled.” ORCON means that any further distribution of intelligence or its inclusion in another document must be approved by the originating agency. ORCON reflects the concern that the intelligence could reveal a sensitive source or method, a sensitivity that those wishing to use the intelligence more broadly might not appreciate. ORCON, even if necessary, was also a major impediment in intelligence sharing.
In 2007, Director of National Intelligence (DNI) Mike McConnell signaled a change in emphasis by promulgating a
“responsibility to provide”
standard. In other words, officers and agencies now will be evaluated by the degree to which they actively seek to share intelligence. This is far from the old “need to know” standard but, as with all other DNI initiatives, the question remains as to how McConnell will enforce this new standard and what sanctions he can impose against those who fail to measure up.
The clearance system that remains in place limits access and therefore reduces the damage that can be caused by any one source of leaks. The system is not without costs. It may become an obstacle to analysis, either wittingly or inadvertently, by excluding some analysts from a compartment crucial to their work. Administering such a system has direct costs: devising a system, tracking documents, running security checks on employees, and so forth. Indirect costs include safes, couriers, security officers to check officers’ clearances, and color-coded or numerically tagged papers, to name a few. This list gives some sense of what is involved in a thorough classification scheme. And, if such a scheme is not thorough, it is nothing more than annoying and wasteful. The Government Accountability Office (GAO) reported that, in 2006, the U.S. government (excluding the CIA, which presumably spent even more) spent $9.2 billion safeguarding classified information.
Other safeguards include the certified destruction of discarded material; the use of secure phones, which cannot be easily tapped, for classified conversations; and restricted access to buildings or to parts of buildings where sensitive material is used. These are called sensitive compartmented information facilities (SCIFs).
The process by which individuals are vetted for hiring by the intelligence community has also come under scrutiny and some pressure for change. Managers and applicants have all decried the time it takes to hire new personnel. It is also an expense for the intelligence community, costing perhaps as much as $10,000 per potential employee. From a security point of view, it is likely preferable to be overly rigorous during the hiring process rather than take a chance on letting a potential security risk get inside the system. This has been characterized by many as a “risk-avoidance” approach. This approach has many results, some intended, some not. It means that the vetting process is more thorough but also longer. The intelligence community is aware that this has, on occasion, cost them would-be employees who could not afford to wait out the nine or more months needed to check backgrounds. It is also means, in a period of greatly increased hiring, like the one that began across the intelligence community in 2001, that hiring delays will likely increase. The risk-avoidance approach also means that some candidates, who may not actually pose a security risk, will not be hired because of the guiding cautious approach. DNI McConnell, again in his
100 Day Plan,
has noted the need to improve the hiring of first-generation Americans “whose native language skills and cultural experiences” are most needed. There is evidence to suggest that these candidates face particular burdens under the risk avoidance approach, out of fear of divided loyalties, family left behind whose influence is unknown or who could become subject to external pressure, and so on. There is an irony here in that most of the worst espionage breaches suffered by the United States came from individuals whose families had been here for generations. This is not to discount the problem of
sleeper agents
—that is, agents sent to another nation to assume normal lives as citizens and penetrate enemy services or perform other espionage activities.
DNI McConnell wants to move from the “risk-avoidance” security approach to a “risk-management” approach. This implies a willingness to give the benefit of the doubt to some applicants or employees rather than to try to run a system that wards off any potential risks, which clearly is not possible. As sensible as this approach may be, it can run into opposition from those people who are supposed to administer it, the individuals responsible for personnel security. These individuals are unlikely to see any benefit to clearing more people if this means they have also cleared the individual who becomes a security threat. The personnel security staff may also recognize that they will be the ones who are asked to explain how breaches got through in the first place. This personnel policy shift will be an interesting test of the DNI’s authority over intelligence officers who work in agencies that the DNI does not control directly.
EXTERNAL INDICATORS AND COUNTERESPIONAGE
 
Besides internal measures taken to prevent or to identify problems, counterintelligence agents look for external indicators of problems. They may be more obvious, such as the sudden loss of a spy network overseas, a change in military exercise patterns that corresponds to satellite tracks, or a penetration of the other service’s apparatus that reveals the possibility of one’s own having been penetrated as well. (This apparently is how Robert Hanssen was detected.) The indicators may be more subtle—the odd botched operation or failed espionage meeting or a negotiation in which the other side seems to be anticipating one’s bottom line. These are all murkier indicators of a leak or penetration—what some have described as a “wilderness of mirrors.”
In 1995 the CIA and NSA published signal intelligence (SIGINT) intercepts (code-named VENONA) that had been used to detect Soviet espionage in the United States. From 1943 to 1957 VENONA products helped identify Alger Hiss, Julius Rosenberg, Klaus Fuchs, and others working for Soviet intelligence. As VENONA showed, SIGINT can offer indications of ongoing espionage, although the references to spying may be oblique and are unlikely to identify the spy outright . The VENONA intercepts used code names for the spies but often provided enough information to help narrow the search.
The serious problems resulting from having been penetrated by a hostile service also highlight the gains to be made by carrying out one’s own successful penetration of the hostile service. Among the intelligence that may be gathered are
• An opponent’s HUMINT capabilities and targets, strengths, weaknesses, and techniques;
• An opponent’s main areas of intelligence interest and current shortfalls;
• Possible penetrations of one’s own service or other services;
• Possible intelligence alliances (for example, the Soviet-era KGB used Polish émigrés in the United States for some defense industry espionage and Bulgarian operatives for “wet affairs—assassinations): and
• Sudden changes in an opponent’s HUMINT operations—new needs, new taskings, changed focuses, a recall of agents from a specific region—each of which can have a host of meanings.
 
Discovering the presence of foreign agents may not lead automatically to their arrest. The agents also present opportunities, as they are conduits to their own intelligence services. At a minimum, efforts could be made to curtail some of their access without their becoming aware of it and then false information could be fed to them to send home to confuse their analyses. Alternatively, counterintelligence officers may try a more aggressive approach, attempting to turn them into double agents who, although apparently continuing their activities, now provide information on their erstwhile employer and knowingly pass back erroneous information. (Britain’s Double Cross system was very effective at turning German agents into double agents during World War II. Fidel Castro apparently was also successful with U.S. agents sent against his regime in Cuba.) But just as there are double agents, so there are triple agents—agents who have been turned once, discovered, and then turned again by their own side. The effect, again, is a wilderness of mirrors.
PROBLEMS IN COUNTERINTELLIGENCE
 
Several problems arise in assessing counterintelligence operations. First, by its very nature, any counterintelligence penetration is going to be covert. Counterintelligence officers are unlikely to come across initially compelling evidence about a successful hostile penetration.

Other books

Unknown by Unknown
Saint Bad Boy by Chance, Abby
The Geek Job by Eve Langlais
Meeting Evil by Thomas Berger
Whitethorn by Bryce Courtenay
Earth Bound by Avril Sabine
The Journey Home by Michael Baron
The Sweet Wife by Charles Arnold