Wednesday, November 26, 2008

Principles of Clandestine Behavior

The following article was originally published in the Winter 1995 issue of THE RESISTER, Volume I, Number 3.


Principles of Clandestine Behavior


Michael Bateman

Individual underground and resistance operatives, expected to cope with sophisticated law enforcement practices or security organizations are often as a singular disadvantage in their efforts to understand systematized techniques and practices of clandestine behavior. The varieties of this behavior, known collectively as "tradecraft," are a traditional province of secret intelligence and special operations; fields reluctant to shed light on operational methods and procedures. There is a dearth of reliable material in the literature of underground and resistance intelligence and unless the operative has an appropriate background, attempts to obtain useful extracts from the broader open literature will prove difficult indeed.

The purpose of this article is to provide the reader with an introduction to elements of tradecraft important to evade enforcement operations or security investigations by underground and resistance operators. we have enclosed disciplines set a pattern of practitioners and this pattern is liable to prediction or analysis. We disagree with this theory when it is applied to clandestine behavior. The logic of tradecraft is the logic of fear. Fear is an individual matter.

The _Oxford_English_Dictionary_ defines tradecraft with eloquent simplicity as, "skill or art in connexion with a trade or calling." The trade or calling with which we are immediately concerned is that of the underground operative. Definition therefore becomes a practical matter of describing components expressed in the training literature of intelligence agencies and federal paramilitary organizations. Allowing for purely stylistic variation, or variation born of contextual circumstance, the study of tradecraft is regarded as inclusive of six broad elements:

1. AGENT HANDLING. What we refer to as agent handling includes target group analysis; spotting; assessment; development; recruitment; operational management and termination.

2. PROTECTION. Protection includes methods of establishing and maintaining cover; countersurveillance; use of safe-houses, and technical skills relating to disguise, document work and forgery.

3. COLLECTION. Collection methods are primarily technical in nature and include photography; audio surveillance; physical surveillance; surreptitious methods of entry; flaps and seals work; drawing and sketching, and elicitation.

4. COMMUNICATION. Communication studies include the use of drops and letter boxes; clandestine meetings; secret writing; concealment devices; radios; codes and ciphers, and numerous other forms.

5. INDIVIDUAL SKILLS. Individual skills include observation and memory; evasion and escape; close combat; interviewing; elicitation, and report writing, among others.

6. SPECIALTY SKILLS. Specialty skills include methods of infiltration (ingress and egress), expertise with certain weapons and explosives, and technical specialties relating to any of the categories noted above.

Our delimitation of each category is idiosyncratic. We do, however, present an accurate portrait of the interdisciplines of tradecraft as tradecraft is best regarded by underground operatives.

A major task of the opposition intelligence specialist is developing information concerning underground activity conducted in secrecy. To the extent the activity in question is indeed secret, and presupposing secrecy's role is to actively deny the opportunity for information collection, then the underground operative must be conversant with the pure practices of counterintelligence.

A useful definition of counterintelligence for underground purposes is: intelligence activity, with its resultant product, intended to detect, counteract, and prevent opposition collection encompassing security measures designed to:

1. Conceal the identify or origin of the participants
2. Conceal the activity during its incipient, or planning stage;
3. Conceal the support apparatus exploited by the participants;
4. Conceal the activity or activities during commission;
5. Protect the participants during withdrawal.

Please note that our definition of counterintelligence relates to the study of secrecy as an instrument of concealment. Concealment is the very aim of secrecy. The two are intermeshed but not identical. Concealment apart from being the aim of secrecy is a form of secrecy, while secrecy is a variable of concealment. To study secrecy one therefore begins with the study of concealment.

The study of concealment begins with categorical notice of how concealment is to be achieved. concealment is a three-fold process of manipulation involving 1) the object of concealment, 2) the observation process, inclusive of the observer, and 3) the environment. The manipulation process itself involves a philosophical ground consisting of 1) an assumption of knowledge, 2) a known category of perception, and 3) a time frame into which are injected variables of disguise, deception, and secrecy. Each variable serves an element of the process in consort with each other variable. Disguise manipulates the object, deception manipulates the observation process, and secrecy manipulates the environment.

Proceeding forth from the above we reach the modalities of concealment. These are the techniques employed to fit each variable to the corpus of knowledge and category of perception. With references to disguise, for example, we find cosmetic changes in appearance and substantive changes in form. With reference to deception we find the technique of imbedding, which redirects attention, and dispersal, which expands attention.

By way of illustration we are reminded of an old story concerning a famous smuggler who, for sake of narration, we shall call Pierre. One day Pierre appears at the frontier pushing a red bicycle on which he balances a basket filled with straw. The inspectors descend in force and for their trouble produce a single brick from the bottom of the basket. Breaking the brick, they are disappointed to find it quite genuine.

Weeks pass and the scene repeats itself. Specialists are called in to no avail and always with the same result. The inspectors know Pierre must be smuggling something but they do now know what. Curiosity changes to anguish when informants report Pierre has crossed the border for good and is living comfortably on the other side. In desperation, the Chief Inspector decides to pay the smuggler a call.

"I have, as you know, no power here," he says, "and as it seems you now reside here permanently we shall not meet again. I will ask you, no... I will beg you as one man to another to please set my mind to rest. I know you were smuggling something but I do not know what it was."

Pierre thinks for a moment and then he answers: "Bicycles, your honor, and we did it together."

"Bicycles! We together? But how?" cries the Chief.

"I painted them red," replies Pierre. "You hid them among the bricks."

In the example given, the object or aim of concealment is to prevent detection of criminal activity, id est, smuggling. Pierre's fame as a smuggler and the reaction of the inspectors is the assumed corpus of knowledge. Visual search of objects by inspectors is the category of perception. The element of disguise is red paint, the element of deception a brick, and the time frame is expanded to create the effect of dispersal. Note how all these elements work together in secrecy; so closely that an error in one can contaminate all.

To expand the shades of meaning for secrecy and concealment the technical terms "clandestine" and "covert" evolved. Clandestine refers to activity hidden but not disguised; covert to activity disguised but not hidden. This distinction is important for us to grasp. Clandestine activity is secret because it is concealed. Covert activity is concealed because it is secret. Both are secret, both exist in a continuum of concealment and at the point where one form passes into that of another the same principle of tradecraft apply.

In the traditional sense distinctions between covert and clandestine are deemed necessary to permit denials; a matter of statecraft, not tradecraft. The opposition finds these distinctions significant for other reasons. Sophisticated underground activity from inception through the planning stage is clandestine in character. Upon commission of the activity and thereafter it is covert.

Acknowledgment of the dual character of conspiracy brings us to the dual character of counterintelligence. Counterintelligence is itself clandestine activity expressed 1) defensively, or 2) offensively. The defensive aspect is often referred to as the security function. The security function involves physical and investigative measures designed to safeguard information, installations, personnel and operations. The offensive aspect refers to application of active countermeasures;
counterespionage, countersabotage, or counterreconnaissance as necessity or fashion may will.

Offensively expressed counterintelligence activity is composed of two elements; the control element (sometimes called "preventive" counterintelligence), and operational element (sometimes called "defensive" counterintelligence).

Control measures are regulatory in character. Indeed, all federal, state and local government regulatory agencies are "feeder services" of the opposition's counterintelligence agency. Control measures involve the exercise of influence in five areas:

1. CONTROL OF IDENTITY. The exploitation of identification systems such as vital statistic certificates, driving and other licenses.

2. CONTROL OF MOVEMENT. Limitation or other regulation of internal and external travel.

3. CONTROL OF ACTION. Use of regulations prohibiting certain activities such as public meetings or possession of firearms.

4. CONTROL OF COMMUNICATION. Regulation or exploitation of broadcast communications and telecommunications, whether public or private.

5. CONTROL OF PUBLICATIONS. Censorship, tacit or expressed, of newspapers or private publishing.

Operational measures are uniformly based on the extensive use of informant services. Operational measures are as follows.

1. SURVEILLANCE. Surveillance includes the selective use of static observation posts located in the area of targets of continuing counterintelligence interest. Examples are organization headquarters, airline terminals, bus stations, hotels, and the homes of suspects. Also included is mobile surveillance of counterintelligence targets and sub-targets.

2. INTERCEPTION. The techniques of interception are applied against communications. Included are postal monitors, telephonic and telegraphic monitors, detection and monitoring of clandestine transmitters and the direct interdiction of secured information systems, carriers, or repositories.

3. PROVOCATION. Provocation involves offers of service or supply, the use of false information, and incitement.

4. PENETRATION. Penetration of groups or conspiracies may be accomplished by direct involvement, indirect enlistment, or the exploitation of double agents.

5. INTERROGATION. Interrogation is used against targets and sub-targets in custody, and persons named in previous interrogations.

6. SEARCHES. Searches are conducted against persons, places, or conveyances. Searches run the gamut from extensive cordon operations to snap searches.

Brief notice must be made of the so-called human factors approach to counterintelligence operations. Human factors operations involve the production of estimative intelligence intended to portray the psychological profile of a given counterintelligence target. Examples of techniques employed are indirect personality assessment; analysis of written materials by means of word count and frequency of use; indirect monitoring of certain biological functions; observance of historical behavioral trends, and (in desperation) mystical methods such as handwriting analysis and astrological charting. Please note that what we here describe is not uniquely counterintelligence methodology as assumes much of the character of the
basic analytical function.

Having developed a common ground of terminology and having offered delimitation to the broad expanse of subterfuge and detection, we now propose to justify the study of tradecraft as an end in itself. Our thesis is fortunately rather simple and expressed as follows.

Opposition counterintelligence officers engaged in the application of control and operational measures will be faced with the task of observing and reporting clandestine and covert activity. As discussed, such activity bespeaks greater or lesser degrees of secrecy and concealment designed to foil observation. The very processes of secrecy and concealment therefore become a valid and in many cases the only target for observation. Understanding the character of these processes (id est, understanding tradecraft) will sensitize the counterintelligence officer to the manner in which observation is being manipulated, and in consort with other methodology permit him to pierce the veil of secrecy, uncovering that which is concealed.

We again briefly note the functions of counterintelligence, this time in terms of the corresponding means of secrecy and concealment used to cloak underground activity.

1. CONTROL MEASURES. Control measures are foiled by the arrangements of cover, the application of countersurveillance techniques, and the use of safe-houses.

2. OPERATIONAL MEASURES. In addition to cover, countersurveillance, and safe-houses, operational measures are foiled by the techniques of clandestine meetings, drops, and secret writing.

Each opposition counterintelligence function has to contend with one or more diametrically opposed protective or communicative elements. This is because hidden activity is, after all, a normal process of interaction between human beings; complicated by necessity for secrecy and concealment and the assumption of active attempts at detection.

Axiomatic in the counterintelligence profession is the idea that individuals are most vulnerable when in communication or movement. Why is this? One answer has to do with the quality of counterintelligence itself. Another has to do with the exigencies of agency. Human beings, when used as instruments for the performance of secret activity in lieu or on behalf of others are known as agents. Extensive use of agents, as we know, is a hallmark of conspiracy. Agency by its very definition includes measures of direction and control and an altogether logical and safely assumed process of dialogue. Detection of such communication is in many cases de facto evidence of underground activity. The foiled equipment buy or the foiled
passage of documents are two ready examples.


No comments: