How Digital Identities Challenge Traditional Espionage

Generating believable false social media profiles, posts and digital devices is only a small part of the capability requirements. Spooks also need to trace all aspects of the digital profile they already have, including biometrics such as voice print, gait and face descriptors, and have them consistent across multiple devices and platforms. They will need to be able to track where that digital identity already exists and how exposed they are to adversaries.

Operational officers will want assurance that profiles have not been contaminated through data breaches or tradecraft errors (such as a recent cyberattack that exposed face descriptors and biographical data). They will need to be able to delete or modify aspects of these profiles that are already in the world (their digital shadow). They may want to operate online with an only slightly modified profile (a digital twin), rather than operating online under a completely different persona. Spooks will need online profile management tools to track and trace where digital profiles have been used and exposed online.

At the same time, investigators will need to be able to spot other countries doing this to us; which raises its own challenges. How can we track profiles across platforms? How do we validate identities online? And how do you fuse identity information together to convey the level of uncertainty to the analyst? Saying that a profile is a 60 percent match to a known criminal isn’t that helpful to a busy analyst.

Ultimately, the difficulties in developing these technologies will start to challenge the assumptions of what kind of espionage can be done in-person or online. For example, if bots can generate profiles and hold conversations with targets online, nurturing the relationship until a human role-player can pick up the engagement (while keeping the conversation in line with the digital-forensics profile of the bot), why do you need to meet the target in person at all? Bots can have thousands of conversations in parallel whereas a role-player is generally limited to two or three engagements at any one time.

A broad technology architecture of different tools is required to solve this generational challenge. It is not all about technology. We need to develop these capabilities in ways that are in line with western democratic values, manage ethical and privacy concerns, address the public’s lack of trust in government and large tech companies, and account for the increasing globalization of social media platforms. There’s no easy solution.

Kyle McCurdy is a technologist and former British diplomat. This article is published courtesy of the Australian Strategic Policy Institute (ASPI).

Leave a comment

Register for your own account so you may participate in comment discussion. Please read the Comment Guidelines before posting. By leaving a comment, you agree to abide by our Comment Guidelines, our Privacy Policy, and Terms of Use. Please stay on topic, be civil, and be brief. Names are displayed with all comments. Learn more about Joining our Web Community.