Welcome Back, Mr. Bond: We Follow You On Instagram
Like a good many other people it seems, I am absolutely hooked on Apple TV’s new spy drama Slow Horses. It is based on a series of novels by the author Mick Herron and follows the story of a team of disgraced British intelligence officers who are sent to an unglamorous department where they are tasked with investigating low-level cases. The plots are interesting and the acting is absolutely first class, with heavyweights Gary Oldman and Kristin Scott-Thomas anchoring a terrific ensemble cast. If you want a believable and interesting spy drama to get immersed in, check it out!
Amy B. Zener, the author of Spies, Lies, and Algorithms: The History and Future of American Intelligence calls this kind of drama “spytainment”. Now, I like spytainment as much as the next person, but of course I always find myself questioning how much of it is real because I suspect that the real world of the spy is mundane surveillance, rather than jumping out of airplanes or racing around on motorbikes, and much of the work is about joining up the dots rather than uncovering secrets.
This is the world of what is called “open source intelligence”, or OSINT. As my good friend Alan Brown writes, broadly speaking this is the gathering of open data sources to support understanding and guide decision making. With the wider availability of such sources, the opportunities for OSINT have significantly increased in recent years. Whether examining satellite images to understand troop movements or analyzing social media posts to review sentiment about government actions, digital sources are being used as important inputs to many kinds of strategic decision making.
Think about the Russian invasion of Ukraine: Never mind CIA spy satellites, the position of troops and tanks could be found on Twitter! We are now in that OSINT era for real. General Sir Jim Hockenhull, Britain’s Chief of Defence Intelligence, said that it has proved to be a “force multiplier” and that the intelligence services need to shift an operational model where they obtain most of their situational and contextual understanding through open source and combine this with our secret intelligence to support decision making.
Perhaps the James Bond era is over.
Spy vs. Social Media
A few years ago, Alex Younger (a former Chief of the Britain’s Secret Intelligence Service, known by the codename “C”), made the point that it is really hard to be a spy now. Gone are the days when an agent could just grab a fake New Zealand passport from the cupboard, shove it in her backpack and head off to the airport. Now, biometric identification, social media and smartphones make it far more difficult to adopt a realistic alter ego and slip unnoticed into the crowd. Establishing a fake identity is the easy bit. The problem comes because a fake identity needs a real reputation.
Reputation, unlike identity, is hard to forge. It has a time component. It takes years to build up a reputation that will stand up to scrutiny! If you wanted to pretend to be someone now, you would have to have started building the fake LinkedIn profile a decade ago.
Things are definitely changing in the world of spies then. For one thing, three out of the four directors-general of the British secret intelligence services, each of whom reports to the current “C”, are women and they include the head of technology (known as “Q”, after James Bond’s gadget man). One of them told the Financial Times that it had been an exciting career during “the days before biometrics”, when she was making her way unnoticed from one country to another, often on foot, and changing disguises en route.
Ah, the days before biometrics.
Not Stirred Anymore
James Bond’s creator, Ian Fleming, actually served in the intelligence services in World War II and was rather famously involved with Operation Mincemeat, the British military operation that involved the planting of a corpse carrying false documents in order to deceive the Axis powers about the Allies’ plans for the invasion of Sicily, which featured in a recent movie with Colin Firth.
The essence of the operation was that a body, dressed as a British military officer and accompanied by a briefcase containing false documents that suggested the Allies were planning to attack Sardinia and Greece instead of Sicily, was dropped into the sea off the coast of Spain. The deception was successful and the Axis powers were misled into diverting troops away from Sicily.
It’s hard to imagine fooling foreign powers with a fake identity cards, a worn uniform and some receipts from London restaurants these day. Think how hard it is for spies now! Even after they have spent ages setting up a bogus LinkedIn profile and nurturing it for years, creating a convincing Facebook profile that shows them to be unremarkable and posting stuff about some dreary hobbies in Instagram there’s still an intelligence mountain to climb.
Imagine that James Bond dons a suit and grabs a fake passport in the name of Dave Birch, heads off to the casino for an evening of intelligence gathering with suspicious oligarchs and arms dealers. He heads through the main entrance, where his face is scanned and fed into the age verification system that is connected to the open banking “safe to spend” service and the police criminal records information system and the casino loyalty scheme before a screen flashes up “Welcome Back Mr. Bond, only another half a million to lose and your gold membership will b extended for another year”.
Oops.
Credentials, Not Identity
We’re not quite there yet. Facial recognition is far from perfect. The technology is especially inaccurate when identifying people of colour and women. While intelligent law enforcement recognises that the technology is there to provide leads for investigator and should not be relied on a sole source of truth, a misplaced faith in its efficacy is evident all too frequent. The technology has led to wrongful arrests, and using facial recognition as the only justification for arrests is a “troubling and growing trend” according to Clare Garvie from the US National Association of Criminal Defense Lawyers.)
Anything to declare on Twitter?
© Helen Holmes (2023).
Biometric identification seems convenient, but biometric authentication is a much better way forward and this should be our “default” way of thinking about security. James Bond heads into the casino and waves his smartphone over a scanner. The smartphone (or watch, hat, bracelet, pendant etc) gives up a Verifiable Credential (VC) that is a casino loyalty card in the name of Dave Birch. This is immediately checked in the casino’s back end system to see that Dave Birch has not been barred from the premises and presents a picture of James’ face to the doorman (since James would have registered with his face but a fake passport in the name of Dave Birch). This is why the Anglosphere should converge not on National Identity Schemes, but National Entitlement Schemes that keep identity out of transactions that do not need it (ie, almost all transactions).
That’s only part of the solution of course. How is James going to pretend to be me all evening? Everyone else sitting around the Baccarat table has LinkedIn on their phones and because they are rich they will probably have access to some AI-powered face recognition service!
Fashion Icons
This will make for very different spy movies in the future. I recall a heartwarming tale of parental love and guidance that illustrates this problem rather well. It concerned a Tuesday evening some time ago when a billionaire was having dinner at a restaurant in Manhattan when his daughter walked in with her date, a young man unknown to the protective father. The billionaire did what any parent would do in the same situation, which was to ask the waiter to go and take a photograph of her beau, which he then uploaded to the Clearview facial recognition application. He was immediately presented with collection of photos of the man and was able to determine who his daughter’s escort was, at which point he sent his daughter the full biography of her companion by text.)
These days, even after James Bond has successfully got past the doorman in the guise of Dave Birch then any casino, restaurant or party that he gets into will be full of revellers taking pictures of each other for their Facechat, Snapgram and Instatok feeds. By the time he’s finished his first martini, James Bond will be in a few hundred social media feeds and his location with already have been triangulated by Russian bots scampering around the web for precisely this purpose.
Hence my prediction for the next most important gadget for Q to develop and surely the next big retail fashion business opportunity: make up to defeat facial recognition systems. This already exists, by the way. A study from Ben-Gurion University of the Negev found that software-generated makeup patterns can be used to consistently bypass state-of-the-art facial recognition software, with digitally and physically-applied makeup fooling some systems with a success rate as high as 98%.
FILE – In this Oct. 31, 2018, file photo, a man, who declined to be identified, has his face painted … [+] to represent efforts to defeat facial recognition during a protest at Amazon headquarters over the company’s facial recognition system, “Rekognition,” in Seattle. (AP Photo/Elaine Thompson, File)
Copyright 2019 The Associated Press. All rights reserved.
The makeup looks pretty strange, but then I suppose tattoos and metal studs used to look strange. Whoever the next James Bond is, we need them to wear this kind of adversarial makeup to make it cool.
