CIA’s Secret Fear: High-Tech Border Checks Will Blow Spies’ Cover

Eugen Leitl eugen at leitl.org
Fri Apr 13 08:57:13 PDT 2012


http://www.wired.com/dangerroom/2012/04/cia-spies-biometric-tech/all/1

CIAbs Secret Fear: High-Tech Border Checks Will Blow Spiesb Cover

By Jeff Stein April 12, 2012 | 5:30 am | Categories: Spies, Secrecy and
Surveillance

An iris scanner from Senex Technologies on display at the CeBIT trade show.
Photo: Fabian Bimmer/AP

When Tom Cruise had to break into police headquarters in Minority Report, the
futuristic crime thriller, he got past the iris scanners with ease: He just
swapped out his eyeballs.

CIA agents may find that just a little beyond the call of duty. But
meanwhile, theybve got to come up with something else: The increasing
deployment of iris scanners and biometric passports at worldwide airports,
hotels and business headquarters, designed to catch terrorists and criminals,
are playing havoc with operations that require CIA spies to travel under
false identities.

Busy spy crossroads such as Dubai, Jordan, India and many E.U. points of
entry are employing iris scanners to link eyeballs irrevocably to a
particular name. Likewise, the increasing use of biometric passports, which
are embedded with microchips containing a personbs face, sex, fingerprints,
date and place of birth, and other personal data, are increasingly replacing
the old paper ones. For a clandestine field operative, flying under a false
name could be a one-way ticket to a headquarters desk, since theybre
irrevocably chained to whatever name and passport they used.

bIf you go to one of those countries under an alias, you canbt go again under
another name,b explains a career spook, who spoke on condition of anonymity
because he remains an agency consultant. bSo itbs a one-time thing b one and
done. The biometric data on your passport, and maybe your iris, too, has been
linked forever to whatever name was on your passport the first time. You
canbt show up again under a different name with the same data.b

The issue is exceedingly sensitive to agency operatives and intelligence
officials, past and present. bI think you have finally found a topic I canbt
talk about,b said Charles Faddis, a CIA operations officer who retired in
2008.

bI canbt help you with this,b added a former intelligence agency chief. bI do
think this is a significant issue with great implications for the safety and
security of our people, so I recommend you not publish anything on this. You
can do a lot of harm and no good.b

The UK's new biometric passport. Photo: Manuel Balce Ceneta/AP

Other former operatives would not even allow their polite refusals to comment
to be quoted. The CIA, naturally, refused to comment for this story.

But several intelligence sources speaking on condition of anonymity agreed to
discuss the issue with Danger Room, on the grounds that the problem is
already well known to foreign spy agencies and terrorist groups, since it
effects everyone seeking to operate covertly or illegally across a border.

In bthe old days,b as one put it b that would be before 9/11 b deep-cover CIA
operatives could use and discard false passports like hand wipes. bThe only
way immigration could tell if the passports were fake was to look at the
stamps, paper, photo, and so on,b said another recently retired CIA
operative, whose worked on sensitive projects under non-official cover.
Operatives could land at, say, Dubai, with a passport with one false name,
then pick up another from the local CIA station to register at the hotel and
conduct a mission. Then the same operative could return the country several
times under different names, repeating the process.

Biometrics are making that impossible. Even crossing the border with a real
identity, then donning a fake one in-country, presents its own risks. bWhen
you go to check into a hotel room for a meeting with an asset, or even rent a
car to drive to the meeting b or hold the meeting in the car b many hotels
and car rental agencies upload their customer data, including passport
number, to immigration every day,b the former spook notes. bMost countries
are looking for visa overstays. But when you show up on the list as never
having entered the country b& it brings the police around to ask questions.b

If the CIA is working in concert with a local intelligence agency, as it
commonly does in E.U. countries, Jordan, Thailand and other spots, undercover
entries and exits can be smoothed over.

But bunilateral opsb b where the agency is trying to conceal its activities
from the host country b bhave deteriorated significantlyb because of the new
technologies, the career spook said.

The agency saw the windows closing, of course: The clamor for new
counterterrorism border controls reached high decibels after 9/11. By
mid-decade, the E.U. was requiring member states to issue biometric passports
and testing iris scanners.

Right away, the new world of border controls loomed as a big headache for the
CIA. The ability to travel under false identities is as basic to spy work as
motor oil is to engines. The day of the trench-coated, fast-talking spy
easily slipping in and out of countries on false papers multiple times was
coming to an end.

Often, a CIA operations officer traveling under nonofficial cover (so-called
NOCs) can pick up a new set of documents from a CIA courier or dead drop once
he or she is in the country. Therebs nothing new about that. But since the
better hotels require guests to present their passports, which are scanned
into the system, that ruse is increasingly rendered moot, especially in
hostile climes like Iran, where the interior ministrybs computers are assumed
to be hard-wired into the airline passenger and hotel guest lists.

bNot that they couldnbt duplicate the technology or the bonafides of the
passports themselves b watermarks, holograms, et ceterab&b the retired
operative added. bTheir biggest worry was getting the [false] passport and
travel data into the countrybs databases.b

One obvious workaround is for operatives to book one-star hotels where such
impediments are less likely. But if theybre traveling undercover as, say, a
prosperous Western business executive, booking a room in a seedy joint only
raises red flags with the desk clerks and local gendarmes.

So after 9/11, intelligence sources said, CIA ops managers began putting
renewed emphasis on recruiting spies in foreign border-control agencies b
people with access to the electronic files, who can change, add or eliminate
documents.

bJust before I left, they were gearing up to make a request for CIA officers
to recruit foreigners with access to immigration databases,b said the retired
NOC. bIbm sure that several people made careers out of just this kind of
operation, much as some officers did when the NSA suddenly lost millions of
access points to intelligence when the world switched from microwave towers
to fiber optic lines b whole departments were formed to recruit telephone
company assets in foreign countries.b

The challenge isnbt just the CIAbs, of course. Every intelligence agency
faces it. The problem is especially acute for Israelbs Mossad.

bThatbs right,b says former Mossad operative Michael Ross. bI remember
discussions about that in the latter part of my career, just before 9/11.
Obviously for Mossad the issue of documents and identity are an ongoing huge,
huge projectb&. You canbt go into Syria, say, or basically anywhere in the
Middle East, with an Israeli passport, for obvious reasons, so we have to use
other documents.b

Mossad puts its documents through test runs, said Ross, who retired in 2001.

bWe get into, say, France, with a document, then change our appearance, then
go into Germany and see if they pick up the physical change, to see if the
two speak to each other and say, bWait a minute, is this the same guy? Before
he had a beard and glasses, and now hebs clean-shaven and wears contacts.bb

bThere are some very smart people in Mossad who spend a lot of time and
energy ensuring that we can get our people in and out of countries without a
document flap,b Ross added.

But something went wrong in a Dubai hotel in January 2010. A Hamas official
was assassinated, almost certainly at the hands of Mossad. As it turned out,
Israeli operatives, who entered Dubai on forged passports from the United
Kingdom, Ireland, France and Germany, were videotaped in the hotel by its
security cameras.  The resulting dust-up mystified longtime intelligence
observers, who thought Mossad incapable of such sloppy tradecraft. Either
Mossad hadnbt locked down its relations with Dubai authorities as tightly as
it thought, Ross speculated, or an Iranian mole leaked the surveillance
tapes.

For day-in, day-out CIA espionage operations abroad, bbiometrics is a problem
only if you have the same case officer traveling into the country multiple
times with multiple aliases,b said the former NOC. bThe easy fix to that is
to break up the workload among several case officers who only travel to that
country under one alias.b

Or to meet your spies someplace else, others suggested, where border controls
are looser, such as Cyprus.

Or better yet, introducing malware into the computers of foreign immigration
and border control services, to change data on demand.

But the electronic curtain is descending all over the world.

All EU countries are now required to issue second-generation biometric
passports, however, the EU does not require foreign visitors to present a
biometric passport. By last September, only Belgium had not complied,
according to a scolding press release by the European Commission. At most
American airports and seaports, foreign nationals have to produce biometric
passports to submit to a fingerprint check before entering the country.

Meanwhile, a business newsletter anticipated last year that bResearch
analysts predict that in five years, iris scans will be commonly used for
airport security and border control.b

That might be a little ambitious. Britainbs groundbreaking iris-scanning
system is being quietly scaled back, according to reports from last November.

Itbs not that the machines werenbt accurate. They just didnbt work as fast as
planned. Lines were long.

bWe currently do not have any iris scanners in use,b said Customs and Border
Protection spokeswoman Stephanie Malin.

Testing continues. One company alone, Eyelock Corp., has deployed machines in
some U.S. ports, as well as Mexico, Singapore and Columbia, a company
spokeswoman said. It has pilot programs running in Brazil, Chile, France,
Spain, the U.K. and unspecified bMiddle Eastb ports.

Dubai loves it. In 2009, Ministry of Interior officials claimed its iris
scans had netted 54,000 criminals and 1,088 forged passports the previous
year.

Did they catch any CIA operatives in their biometric dragnet? If so, no one
is talking.

Jeff Stein

Washington investigative reporter Jeff Stein writes the SpyTalk blog. He
served as a military intelligence case officer in Vietnam.

Read more by Jeff Stein

Follow @SpyTalker on Twitter.





More information about the cypherpunks-legacy mailing list