Open Source Intelligence (OSINT) Greg S. Weaver - Futures ...

49Open Source Intelligence (OSINT)Greg S. WeaverIntelligence is a process as well as aproduct, the end result of transforminginformation into knowledge (Peterson,2005). This statement also applies toopen source intelligence (OSINT). Opensource intelligence includes thesynthesis of information available fromoutlets accessible to the public.Important examples of relevantinformation include that which isobtained from media outlets, publiclyavailable documents and data, theInternet, professional and/or academicreports, articles, books, and “greyliterature” which refers to academic andprofessional reports that are moredifficult (but not impossible) to obtainfrom public outlets (Jardines, 2002;Lowenthal, 2003; Soule & Ryan, 2002).The terms information and intelligenceare often used interchangeably whendescribing that which is obtained fromopen sources, but there are importantdifferences. Just as putting flour, eggs,milk, sugar, etc., into an oven does notautomatically result in a cake, opensource data and information must beturned into open source intelligence.OSINT results when analysis andresearch is applied to open sourceinformation (Peterson, 2005). However,the utility of intelligence, includingOSINT, cannot be realized unless it isalso disseminated to those agencies thatneed it (Gunaratna & Chalk, 2002).A North Atlantic Treaty Organization(2001:2-3) review outlines a taxonomythat shows how information andintelligence are not one in the same. Inmaking this distinction, NATO identifiesfour primary categories, with subsequentcategories building upon the previousone(s):Open Source DataOpen Source InformationOpen Source Intelligence (OSINT)Validated OSINTOpen source data consists of the plethoraof raw materials that may be obtainedfrom one or more sources, including oraland printed communication and/ordocuments as well as visual information(e.g., maps, photographs, and satelliteimages). Data that have been compiledand broadly organized constitute opensource information. Open sourceInformation has been subjected to alimited level of review and validation.Upon further analysis, open sourceinformation may be condensed,synthesized, and verified to produce opensource intelligence. OSINT is usuallydistributed to a restricted and selectedaudience. The final category – ValidatedOSINT – consists of the final product thathas been subjected to furtherverification/validation, often withcorroborating evidence obtained fromsensitive or closed sources. The repeated“distillation” and validation increases theaccuracy and utility of the finishedproduct. In that respect, OSINT can thenbe utilized by the collecting agency andothers as a tool for a number of tasks.OSINT is a valuable resource, but insome ways it can be a “double-edgedsword” in that its benefits are alsoliabilities. A primary advantage of OSINTis that it is widely available from a numberof sources. Because of few (if any)restrictions on use and distribution, opensource information can be rapidlycollected and, depending on theextensiveness of the accompanying

50analysis performed, communicated orforwarded to others (Lowenthal, 2003;NATO, 2001). On the other hand, thesheer volume of available data andinformation can prove to be animpediment (Lowenthal, 2003).Identifying the relevant piece(s) fromsuch a large body of data/information isa daunting task indeed. Vast amounts ofdata are difficult to organize andprocess, and the quality of some sourcesis suspect (Soule and Ryan, 2002).One pertinent example of this issuecan be found in information obtainedfrom online sources. The Internet isbecoming an increasingly importantchannel for obtaining open sourceinformation. However, the validity ofsome Web-pages or of documentscontained in them is at bestquestionable. Some sources maycontain inaccurate, biased, or misleading(unintentional or intentional) information.Also, documents and sites may beremoved entirely from the Web, makingit necessary to regularly archive entireInternet pages (Jardines, 2002). Anotherconfounding issue is known as echo,when unsubstantiated informationcontained in one source is cited (withoutverification) by another. As a result, therelevance of a piece of inaccurate orunverified information may beexaggerated if it is reported in multipleoutlets.The amount of available informationhas increased exponentially, butdevelopment of actionable intelligencefrom it has not occurred at a similar pace(Lowenthal, 2003). While the military andlaw enforcement at all levels are underincreasing pressure to develop andenhance intelligence capabilities, Peters(2006) warns that intelligence is not apanacea, suggesting that unrealisticexpectations on the part of the public,agencies, and politicians alike must betempered. Intelligence is but one ofmany tools that can be employed, but itdoes not replace the human element.In the United States, the bulk ofinformation contained in intelligencedocuments comes from open sources.OSINT is particularly valuable whencoupled with other forms of intelligence orrestricted materials. The latter (sensitiveor classified information) is value addedto the context and framework provided bythe OSINT (deBorchgrave, Sanderson,and MacGriffin, 2006; Johnson, 2003).OSINT is a key piece of the figurativeintelligence puzzle, yet its importance isoften understated by the intelligencecommunity (IC) itself (deBorchgrave etal., 2006). As mentioned elsewhere, thenature of crime is changing in importantways including that some activitiestranscend jurisdictional and geographicalboundaries. Therefore, the responses tothem must also be adjusted. In someways, the use and sharing of OSINT is apossible mechanism through whichcooperation between agencies anddepartments, laterally and vertically, canbe improved.The traditional IC is viewed as havinga preventive or proactive function,whereas law enforcement has a greaterreactive or investigative role. Thesedifferent but complementary missionshave, no doubt, affected the respectivecultures of each. An unintended andunfortunate consequence is the lack oftrust between agencies (Office of theDirector of National Intelligence, 2005;2007).In some ways, intelligence as aprocess and as a product is viewed as afunction of national security interests, notlaw enforcement. The former is designedto prevent harm and to protect theinterests of the country, whereas lawenforcement agencies have traditionallyfulfilled an investigative role (MarkleFoundation, 2003). The distinction of twocategories of intelligence, tactical and

51strategic, assists in illustrating this issue.Tactical intelligence refers to that whichis typically associated with a particularcase or investigation. In many instances,this intelligence may be archived orstored upon completion of aninvestigation, but it is usually not reexaminedin the context of the larger lawenforcement mission. Strategicintelligence, on the other hand, is moreclosely associated with the proactiveelements of intelligence, focusing on the“big picture,” as opposed to a specificincident or case (Best, 2001; Peterson,2005). The following example related todrug trafficking illustrates this distinction.Strategic intelligence would includeknowledge about traffickingorganizations, methods, and routes,whereas information on a specificshipment illustrates tactical intelligence(Best, 2001). Similarly, strategicintelligence is not limited to theenforcement function only. It is also akey component in planning efforts,staffing decisions, and in thedevelopment of policy and priorities(Evans, 2005).However, Osborne (2006) correctlyasserts that the process of takinginformation and, through research andanalysis, producing actionableintelligence, differs little for lawenforcement, intelligence agencies, orthe military. This point is relevant for twokey reasons. First, the boundariesbetween crime and issues related tonational security have becomeincreasingly blurred. For example, it is awidely held belief that proceeds fromillegal drug trafficking are an importantsource of funds for terrorist organizations(Sullivan, 2001). Second, some acts,such as terrorism, human trafficking, andcybercrime, transcend geographical andjurisdictional boundaries. As a result, theneed for cooperation between countriesis increased. Deflem (2006) points toEuropol as one such example. Thejurisdiction and authority of Europol isdefined in part by agreement between themember states of the European Union.Liaisons from one country are stationed inanother. Similarly, the FBI has begun toassign attaché offices in a number offoreign countries. These arrangementsnot only increase the capacity toinvestigate crimes that cross nationalboundaries but also serve to provide amedium for information exchange as wellas to strengthen relationships betweenindividuals and agencies alike (Best,2001). Studeman (2007) asserts that theintersection of different elements of theintelligence community is a function ofcross-jurisdictional boundaries.Beginning in the 1970s, an increasingnumber of restrictions were placed ondomestic agencies in terms of havingaccess to or collecting information onU.S. citizens unless that material waspertinent to an ongoing investigation or ifreasonable suspicion warranted suchaction. However, these restrictions havebeen eased somewhat since 9/11 viachanges authorized by the USAPATRIOT ACT (Markle Foundation,2003). Clearly, the concern overcompiling and accessing information onU.S. citizens is legitimate, but given thatthe boundaries between crime andnational security have becomeincreasingly blurred, balancing theseconcerns is of utmost importance. Forexample, since 9/11, law enforcementagencies have been allowed more leewayin terms of collecting intelligence, such asconducting public surveillance andperforming Google searches (MarkleFoundation, 2003). Both of theseexamples arguably fall under the generalcategory of OSINT.McNamara (2007) notes that at thepresent, a national, unified system fordistributing unclassified information doesnot exist. Legal concerns and the cultures

52of constituent agencies contribute to thisproblem. Until such a system has beendeveloped, information sharing, laterallyand vertically, will be less than optimal. Areport of the Commission on theIntelligence Capabilities of the UnitedStates Regarding Weapons of MassDestruction suggests that the FBI,because of its dual role as aninvestigative and intelligence agency, isparticularly well-suited to become thepoint through which intelligence isshared, provided that the long-standingpractice of “stovepiping” information anda general sense of mistrust areameliorated (Office of the Director ofNational Intelligence, 2005). Since 9/11,the FBI has, in fact, assumed a greaterintelligence function, in part because theBureau falls under the purview of theOffice of the Director of NationalIntelligence. As a member of and inconjunction with the Joint Terrorism TaskForce (JTTF) units establishedthroughout the country, its potential asan information conduit to other agencieshas increased (Johnson, 2003; MarkleFoundation, 2003; Markle Foundation,2006). Additionally, it is suggested thatbecause of the law enforcement role ofthe FBI, the concerns over collectinginformation on U.S. citizens and theircivil liberties will not be ignored (Office ofthe Director of National Intelligence,2005).As mentioned previously, a longstandingbias in the intelligencecommunity is that OSINT is inferior toclassified or “high side” material. Also,for a number of reasons, there has beena tendency to overclassify or to restrictthe availability of intelligence. This “needto know” approach limits the distributionof material that may be of benefit to anumber of agencies. It is apparent thatclear guidelines are necessary tofacilitate the sharing of both open sourceand sensitive/classified information. Justas the definition of law enforcementsensitive differs across jurisdictions andagencies, so, too, does the question overwho can have access to this information(Markle Foundation, 2003; McNamara,2007). It has been suggested that animportant change lies in moving from aphilosophy of “need to know” to one of“responsibility to provide” information tothose agencies that need it (Office of theDirector of National Intelligence, 2007).Another step in addressing theseconcerns lies in increasing the use of andaccess to OSINT. The Markle Foundation(2003) recommends that the emphasisshould be placed on creating distributableproducts whose access can be restrictedas more sensitive or even classifiedinformation is added, as opposed toautomatically restricting this informationat the onset. The dissemination of OSINTcan be regulated via guidelinesestablished beforehand, so developmentof consistent and usable policies isimportant. For example, the use of avirtual private network (VPN) dedicated toOSINT could greatly enhance theintelligence capabilities of variousagencies and departments. Because theinformation contained in them is notclassified per se, it is not necessary tohold a security clearance in order toaccess it.Conclusion:“Where do we go from here?”Clearly, a number of challenges mustbe addressed in order to better useOSINT. However, it accomplishes little tolament what has not been done in thepast or to recommend unrealisticmeasures that are not feasible within theexisting intelligence system. Perhaps oneway to move forward is to acknowledgeand learn from mistakes of the past. Thefollowing discussion takes this approach.

53In Sharing the Secrets: Open SourceIntelligence and the War on Drugs,Holden-Rhodes (1997) offers acompelling, yet controversial, account ofhow “round five (p. 2)” of the War onDrugs beginning in the 1980s washindered by a lack of coordination,cooperation, and information sharingbetween various departments, agencies,and the military. The alleged underutilizationof OSINT is central to theseclaims. For example, Holden-Rhodescontends that OSINT can providevaluable information on drug traffickingand distribution.In Holden-Rhodes opinion, one of thefactors contributing to the failure of theWar on Drugs occurred years earlier.From 1969-74, the Nixon administrationcharacterized anti-drug efforts as anissue of national security. However,local, state, and federal law enforcementagencies have a prominent role indomestic drug issues, and itsrelationship vis-a-vis the military iscomplex. Poorly defined goals andunrealistic expectations led to politicalwrangling in a number of areas, andpolicy suffered. During the 1980s andbeyond, the emphasis on anti-drugefforts resulted in large increases inavailable funding. According to Turner(1999), various agencies anddepartments scrambled to secure theirshare of the figurative financial pie. Thiscompetition resulted in a lack ofcooperation between agencies, bothhorizontally (federal) and vertically(federal-state-local).The “national security versus crime”debate is apparent in terrorism policy aswell (for a recent review, see LaFree &Hendrickson (2007)), and there is nodearth of compelling arguments insupport of either position. A detaileddiscussion is not needed to recognizethat at times, the similarities between thewar on drugs and the developing policiesrelated to the global war on terror areunnerving. In essence, the author arguesthat the War on Drugs has beenineffective in large part because arational, unified strategy is lacking.Furthermore, without a clearly definedsystem of command and control, theobjectives at hand can be lost. He agreeswith Wilson (1983, p. 49) who asserts thata rational policy must clearly identifygoals and objectives and be geared torecognize the ones that are attainable(and those that are not) and what level ofinfluence the government has tomanipulate those goals or conditions toachieve the desired results. In short, the“Global War on Terror” falls on thecollective shoulders of a number ofagencies and departments, andcooperation is of utmost importance.REFERENCESBest, R. A., Jr. (2001). Intelligence andlaw enforcement: Counteringtransnational threats to the U.S. (CRSReport for Congress #RL30252).Washington, D.C.: CongressionalResearch Service.deBorchgrave, A., Sanderson, T., &MacGaffin, J. (2006). Open sourceinformation: The missing dimension ofintelligence (Report of the CSISTransnational Threats Project).Washington, D.C.: CSIS Press.Deflem, M. (2006). Europol and thepolicing of international terrorism:Counter-terrorism in a globalperspective. Justice Quarterly, 23,336–359.Evans, S. (2005). Law enforcement andDelphi: An exercise in strategicintelligence research. Low IntensityConflict & Law Enforcement, 13, 70–79.Gunaratna, R., & Chalk, P. (2002). Jane’scounter terrorism (2 nd ed.). Surrey,U.K.: Jane’s Information Group.

54Holden-Rhodes, J. F. (1997). Sharingthe secrets: Open source intelligenceand the war on drugs. Westport, CT:Praeger.Jardines, E. A. (2002). Theory andhistory of OSINT: Understandingopen sources. Retrieved July 15,2007, fromhttp://www.oss.net/dynamaster/file_archive/030201/254633082e785f8fe44f546bf5c9f1ed/NATO%20OSINT%20Reader%20FINAL%2011OCT02.pdf.Johnson, L. K. (2003). Bricks and mortarfor a theory of intelligence.Comparative Strategy, 22, 1–28.LaFree, G., & Hendrickson, J. (2007).Build a criminal justice policy forterrorism. Criminology and PublicPolicy, 6, 781–790.Lowenthal, M. M. (2003). Intelligence:From secrets to policy (2 nd ed.).Washington, D.C.: CQ Press.Markle Foundation Task Force. (2003).Creating a trusted network forhomeland security (Second Report ofthe Markle Foundation Task Force).New York: Markle Foundation.Retrieved July 8, 2007, fromhttp://www.markle.org/downloadable_assets/nstf_report2_full_report.pdf.Markle Foundation Task Force. (2003).Mobilizing information to preventterrorism: Accelerating developmentof a trusted information sharingenvironment (Third Report of theMarkle Foundation Task Force). NewYork: Markle Foundation. RetrievedJuly 8, 2007, fromhttp://www.markle.org/downloadable_assets/2006_nstf_report3.pdf.North Atlantic Treaty Organization.(2001). NATO open sourceintelligence handbook. Retrieved July15, 2007, fromhttp://www.oss.net/dynamaster/file_archive/030201/ca5fb66734f540fbb4f8f6ef759b258c/NATO%20OSINT%20Handbook%20v1.2%20-%20Jan%202002.pdf.Office of the Director of NationalIntelligence. (2005). The commissionon the intelligence capabilities of theUnited States regarding weapons ofmass destruction (Report to thePresident of the United States).Washington, D.C.: Program Manager,Information Sharing Environment.Retrieved July 15, 2007, fromhttp://www.ise.gov/docs/wmd%20report.pdf.Office of the Director of NationalIntelligence. (2005). The nationalcounterintelligence strategy of theUnited States of America (Report tothe President of the United States).Washington, D.C.: Program Manager,Information Sharing Environment.Retrieved July 15, 2007, fromhttp://www.dni.gov/reports/NCIX_Strategy_2007.pdf.Osborne, D. (2006). Out of bounds:Innovation and change in lawenforcement intelligence analysis.Washington, D.C.: JMIC Press.Peterson, M. (2005). Intelligence-ledpolicing: The new intelligencearchitecture (NCJ 210681).Washington, D.C.: United StatesDepartment of Justice.Soule, M. H., & Ryan, R. P. (2002). Greyliterature. Retrieved July 15, 2007,fromhttp://www.oss.net/dynamaster/file_archive/030201/254633082e785f8fe44f546bf5c9f1ed/NATO%20OSINT%20Reader%20FINAL%2011OCT02.pdf.Studeman, M. W. (2007). Strengtheningthe shield: U.S. Homeland SecurityIntelligence. International Journal ofIntelligence and Counterintelligence,20, 195–216.Sullivan, J. P. (2001). Gangs, hooligans,and anarchists: The vanguard ofnetwar in the streets. In J. Arquilla &D. Ronfeldt (Eds.), Networks and

netwars: The future of terror, crime,and militancy (pp. 99–127). SantaMonica, CA: Rand Reports.Retrieved July 23, 2007, fromhttp://www.rand.org/pubs/monograph_reports/MR1382/MR1382.ch4.pdf.Turner, M. A. (1999). Open sourcing thedrug war. International Journal ofIntelligence and Counterintelligence,12, 103–108.Wilson, J. Q. (1983). Thinking aboutcrime (Rev. Ed.). New York: VintageBooks.55