The devastating 9/11 attack put the global intelligence community in overdrive and forced agencies to reform and retool in order to fight international terrorism. The US Congress, for instance, spent billions of dollars to support the transformation of the CIA and other components of US intelligence. Following the 26/11 Mumbai attacks, India’s security architecture too underwent changes and has since been able to unravel numerous terror plots.
But the world today is confronted with security threats that go beyond terrorism.
In 2018, it was reported that a senior IAF officer was sharing sensitive information with two women he had befriended on Facebook. It was later discovered that he had been honey-trapped by a spy agency that was using fake social media profiles. Certainly, the officer knew that he was acting against the Official Secrets Act. But the incident itself is a testament to how technology can be and is being used for espionage. Since then, many such cases have been reported. It is near impossible to identify the different ways in which technology can pose a threat to intelligence agencies.
While the top brass can issue orders to be mindful of sharing sensitive information with strangers on the internet, it should be the mandate of the RAW, as India’s primary external intelligence agency to train its workforce to identify such threats and employ strategies to mitigate them. Simultaneously, the RAW should also see how it can best use emerging technologies to achieve its goals.
There is still no evidence of the adversary breaking into the top-level in India and reported episodes to show that honey-trappers usually try to spread fake news. That, however, is no reason for India’s intelligence community to not break out of the status quo.
In the context of India, the RAW was the first intelligence agency to recognise the need to have a technical cadre, which included officers in surveillance tasks such as satellite monitoring, terrestrial monitoring. Unfortunately, it has not been able to match the rate at which technology is progressing. This asymmetry leads to the state being responsive, not proactive.
New technologies will likely be integrated into the functioning of the Intelligence Bureau under its new leadership. This should be the approach of the entire intelligence community in India, regardless of jurisdiction or mandate.
If anything is to be learnt from the 26/11 Mumbai experience, it is that intelligence agencies must stay ahead of the curve, adapt to these rapid shifts and not jeopardise the nation’s first line of defence.
Scary world of AI
Not just social media, the application of emerging technologies like Artificial Intelligence (AI) is rapidly changing the nature of threats that countries today have to tackle. WIRED carried a story on extended corporate espionage and how Chinese hackers were able to gain access to Boeing’s military transport planes. This is just one instance in which technology was used as a tool of intelligence. The world is yet to fully understand the influence of Russia’s social media platforms on the 2016 US presidential election. Episodes like these beg for a change in the approach to national security. Not just nations, even non-state actors such as ISIS has weaponised social media in a manner that was unheard of previously. As far as we know, India has thus far been successful in mitigating threats of such scale.
Technology like AI can make it near impossible to break into the adversaries’ networks. Earlier this year, Elon Musk’s ‘Open AI’ created an AI application that excelled at mass-producing fake news. The AI was so good at generating misinformation that the company decided not to release it. Similarly, AI-based generative adversarial networks (GANs) can be used to generate entirely new human faces and have them target powerful networks for information.
Spies have actually already used AI-generated social profiles to connect with their targets. A fake LinkedIn profile made under the name Katie Jones had made high profile connections in the US administration. This included “a deputy assistant secretary of state, a senior aide to a senator, and an economist being considered for a seat on the Federal Reserve”. Emerging technologies are levelling the playing field and increasing the demands made of intelligence agencies.
What should RAW lookout for?
A common theme in tech-based intelligence attacks is manipulation of information networks. This was on full display in the Facebook and Cambridge Analytica scandal and in the Katie Jones case – both of which beg the question: what should India’s intelligence agency RAW look out for?
AI-driven espionage and threats can be carried out remotely with limited resources. Moreover, because of the rate of advancement in technologies, threats evolve at a rapid pace. Since platforms such as Facebook do not have a clear deepfake policy or one on AI-generated content, these tools of misinformation can be deployed at scale without little warning. Moreover, even when you manage to completely debunk a piece of dangerous content, it does not mean that it won’t be shared further.
A technical solution to a technical problem is obvious, but not sufficient. Because the algorithms learn by competing with each other, any deepfake detectors are unlikely to work for long before being outsmarted. This makes the role of human agents in intelligence indispensable, regardless of the scale of the advancement of technology.
The elementary solution to this is two-fold. First, India’s RAW should train its workforce so that it is able to harness technology to the agency’s benefit. Analysts and field operatives should have a foundational knowledge of emerging technologies and how they can potentially threaten national security. The National Technical Research Organisation (NTRO) is an excellent agency and can fill the gap for RAW, so that there isn’t a need for officers to go deep into the technical know-how. But elementary knowledge should be mandatory.
Second, the agency should not shy away from suitably collaborating with experts in matters that require deep subject knowledge. The RAW, like its counterparts across the globe, is being forced to move faster, but sometimes this comes at the cost of digging deeper. This is because the RAW needs to scan an expansive landscape, now including the online landscape, to monitor and collect information, while also processing and analysing it to actionable items.
Combining intelligence with data from other government sources like the NTRO and open-source information can minimise the uncertainty and miscalculation that were previously unavoidable in espionage. Some of these capabilities are available in the open market. For instance, facial recognition software—mostly developed by private companies—allows governments and law enforcement agencies to store and search vast numbers of faces. There are a plethora of existing systems that can simplify the work of intelligence agencies while reducing inaccuracies.
Shibani Mehta is a Policy Analyst at the Geostrategy Programme of The Takshashila Institution. Rohan Seth is Policy Analyst with the Technology and Policy Programme of The Takshashila Institution. Views are personal.