In this information technology age, access to sensitive information is increasingly open to groups and individuals outside the intelligence community. In early May a satellite owned by Planet Labs, a private Earth imaging company, captured a “one in a million” shot of a North Korean Missile launch east of Pyongyang.
Not all discoveries from open source information come down to luck. Careful analysis of data drawn from open sources can bring revelations out into the public domain with vast implications for international security. The open source investigative website Bellingcat was first to identify the suspects who poisoned Russian ex-spy Sergei Skripal and his daughter with a Novichok nerve agent in Salisbury, England in 2018. The findings – based on analysis of facial images from multiple search engines and leaked Russian databases, interviews and passport details - are disputed by the Russian government as “groundless”. Yet in September 2018, British prosecutors, without comment on the findings, charged two of the suspects named in the Bellingcat investigation with attempted murder.
It would be wrong to assume intelligence communities dismiss the value open source information. As open source intelligence (OSINT), intelligence agencies collect information from publicly available materials such as (but not limited to) news reports, social media, online databases, government reports, academic publications, commercial data and grey data like unpublished works and patents. This information then undergoes processing, analysis and dissemination to become intelligence for use by policymakers or to support agency operations. A crucial difference between OSINT and covert intelligence is that OSINT relies on lawful means to obtain information, whereas the latter is conducted clandestinely and information may be collected through unlawful means.
Past debate has focused on what OSINT can bring to the table in maintaining national and international security that other forms of intelligence collection cannot. But given recent developments in international politics, attention is now being turned to how different governments use OSINT and the implications of this on national and international security.
Firstly, since OSINT draws on publicly available information, this information can easily be manipulated. A prime example is Russian influence of social media in the lead up to the 2016 US presidential elections to “…undermine public faith in the US democratic process, sow divisions in American society, and boost public support for one presidential candidate over another”. In tandem with illegal hacking of voter databases and presidential candidates’ emails, open source research was conducted on voters’ social media profiles to establish their political leanings. From this research, fake user profiles were set up over multiple social media platforms to spread targeted propaganda and misinformation to voters across the political spectrum.
This leads to a second point, which is that governments use open source information for intelligence needs for different ends. According to the websites of the CIA and Australia’s Office of National Intelligence, their Open Source Centres collect, interpret and disseminate information about international political, strategic and economic developments and trends to inform policymakers in making foreign policy decisions. This differs strikingly to the use of OSINT by the Russian government and others such as China, which use OSINT to pursue specific foreign and domestic policy goals. In China’s case, its use of OSINT alongside covert intelligence collection in conducting industrial espionage to spur on domestic economic development and innovation is well documented.
A third and final point relates to the legality of OSINT. As OSINT is drawn from lawfully collected information, what is considered lawfully obtained and “open” information is in fact relative from state to state. Consequently, this affects how governments can make use of open source information for OSINT to maintain their national security and inform their foreign policy decisions.
Government access to tech firms’ data highlights this stark contrast of capabilities. Under China’s Cybersecurity Law, National Intelligence Law, and a legal framework largely lacking in privacy protection measures, private tech companies in China are sharing data with the Chinese government. This data ranges from surveillance camera footage to user logs, messages and comments on social media platforms such as WeChat Moments. This has implications for how the Chinese government can implement domestic policies such as its domestic social credit system, or the possibility that Chinese companies abroad such as Huawei might share data with the Chinese government.
Many Western governments do not have the same access to this “open” information. For the most part, Western governments face legal obstacles in accessing information like mobile phone records or messaging data, which requires a warrant and must go through due judicial process. That being said, at the end of last year the Australian government passed unprecedented new laws which require tech companies to hand over encrypted data upon government request - powers which not even the US or UK governments have.
The capacity to analyse and manipulate open source information matters more than ever for national and international security. How it is leveraged by competing states in information warfare is seeing the scales of power tipped away from traditional metrics of power such as military or economic capabilities. Given the challenges, or lack thereof, faced by some states compared to others in accessing information, some states can wield OSINT more effectively than others to achieve their security goals.
Philip Taleski is the International Security Fellow for Young Australians in International Affairs.