In two articles from Pursuit Magazine, Lindsay Moran, an Ex-CIA operative is interviewed about being in the CIA, explains psychology around maintaing a separate life, and gives a few cute stories about tradecraft. You can start reading them here if for nothing else, a fun read. I think there are some OPSEC take-aways here in regard to psychological problems of maintaining compartmentalized identities, using psychological motivators to exploit humans, and defending yourself from surveillance – human or technical.
I’m most interested in the psychological perspective that she gives and the issues that appear when one is compartmentalizing their identities. You can’t discuss, disclose, or share what’s going on between your various identities. In her case, she was maintaining just two identities; her personal life, and her professional one. Having a career where everything you do is regarded by the U.S. Government as Top-Secret and requiring a specific clearance to discuss, is taxing on humans.
…I found that a lot of my relationships outside the Agency suffered. It becomes a chore to get together with people and have to lie to them because you feel guilty, and the result is that you kind of shut down, which is just not my nature.
The natural tendency to “shut down,” as she says, is common in groups that need to keep secrets; hackers, activists, military families. You’re maintaining an index of things you can share, and things you can’t. It requires discipline to keep track of these and adhere to the lines. This is one of the problems with compartmentalizing multiple identities, or even just one.
Living in a Bubble
Moran went on to describe, what I would call, a lonely sentiment when you are working for the CIA.
You tend to forget when you're inside the CIA that there's a whole other world out there. It's to fall back on a cliche, a bubble.
You’ve lost track of reality – of your personal identity – and you’re more focused on maintaining your secrets and lies than having personal relationships. I find this may hit close to some that have decided to go dark and stay in the caverns of the Internet. For those, they may lean towards the identity that gives them the most enjoyment, not the ones that require the most work. You, for example, as a gun smuggler, trading on the Internet, would much rather have a conversation with a fellow drug smuggler, than your coworker at the bank. If for no other reason, you can speak more freely about the topic without concern about accidentally leaking the fact that you’re smuggling guns.
It should be noted that your adversaries realize that your life as a nomad is lonely. It’s a sad fact that many or most of the people caught doing something illegal on the Internet are identified by LEO’s that play into how lonely your life is. Moran says:
On the most basic level you're acting --almost-- as a clinical
psychologist for your assets.
She’s referring to using the classic CIA definition of motivators, and exploiting these in people to get what she wants out of the asset. As a gun smuggler, you may be motivated by ego, but there’s no way you can brag about how good you are at smuggling guns on the Internet. But when having a private conversation with someone that appears to be a gun smuggler, why not show off how cool you are.
One of the more benign, but subtly interesting comments that she gives was referring to ways of evading surveillance. She contrasts how in the movies, when someone it tailing you, you speed away as fast as you can. But in all actuality, you are trying to lull them to sleep by acting boring. There’s a bit of HUMINT craft here, that can be applied to electronic OPSEC. If you were under electronic surveillance, you can take actions to protect yourself. The movie version, of speed away and run a red light would be to choose to encrypt your communications. In actuality as a spy, nomad, activist, or whatever, your first job is to not be directly targeted. Moran, in her tailing example, says:
You're supposed to convince anyone following you that you're not
We shouldn’t speed away, we should walk into the grocery store or go to the movies. This is where, in my opinion, our current common consensus with- regard-to answering the question of “How to defend ourselves against electronic surveillance” falls flat. Depending on your threat model, and what you are concerned about, merely encrypting your communications is not enough. By doing so, you have effectively confirmed, in the eyes of the adversary, that you have something to hide and are therefore worthy of further action. This tactic has been confirmed in an old Edward Snowden release that states that the use of encryption, is a determiner of whether or not you will be further targeted.
This was a light, fluffy interview that I may be over-analyzing, but it does highlight some ways in which the Americans view OPSEC. The psychology of the subject has some direct take aways.
- When trying to compartmentalize, make sure your motivators of money, ideology, coercion, and ego, and fulfilled internally. Do not rely on an external resource for this.
- A confidentiality and anonymity (or un-attributability) win over merely confidentiality in the face of electronic surveillance.
- Identify the natural tendencies to shut down, or tunnel yourself into a single identity, and compensate by building personal, trusted relationships in your other identities.