The British Army jeopardises OPSEC with overuse of social media. Social media appeals to us, it amplifies our voice and its rewards are near-instant and highly visible. However, Bellingcat and others are a reminder of how much intelligence can be pieced together from seemingly innocent posts. This article discusses the balance between good social media use and necessary secrecy.
Social media has been used to great effect by the British Army. It has: boosted recruiting, enabled conversation between the highest and lowest ranks, provided a mechanism to expose failures in the military covenant and it has kept deployed forces better connected to home. The virtues of social media use are clear, but these virtues should not blind us to associated dangers.
It is the nature of ‘Big Data’ that when thousands upon thousands of small, seemingly innocuous pieces of data are gathered together, the result is a highly detailed and high confidence intelligence picture.
Well-designed apps allow us to automate the intelligence cycle and these same apps allow a user to ‘soak up’ all social media over a geographical area (possibly a base or Area of Operations).
At any given location of interest, even the simplest of searches is likely to reveal selfies with key equipment, articles interviewing commanders, LinkedIn job profiles, Strava routes from gates to home addresses and families’ forums discussing deployments of spouses. Overlaying a temporal analysis on these soaks will reveal guard changes, exercises, deployments and other patterns. One more layer of deduction will allow the analyst to surmise readiness states, unit functions and capabilities.
Bellingcat are exemplars of these techniques and they lead the way in social media investigation; their product has been used by the official commission into MH-17 and their work was cited as proof of Syrian war crimes by the UN.
Partly due to Bellingcat’s exposés, on 19 February Russia’s parliament voted to ban soldiers from posting about military service online and banned the use of smartphones on duty. This heavy-handed approach not only nullifies the virtues of social media but is also likely to be unenforceable. The British Army therefore needs to defend against the threats of social media with a nuanced approach that is both technical and cultural.
This technical defence is the realm of Specialist Counter Intelligence who can conduct vulnerability studies – for individuals up to operations. These studies are initially defensive and advise on how to prevent release of critical information and how to secure account profiles but; they are also offensive. Counter Intelligence can give insight into who the digital adversaries are and how they operate. This leads to better protection from trolls, bots, false info and agitators. By understanding the social media ‘battlefield’ influencers can better land
and subsequently protect their message from those who seek to distort.
The cultural defence is where we encourage ourselves to question what information we are releasing. Most members of the Armed Forces understand what information shouldn’t be released and are likely to have strong privacy settings on their accounts. However, we are only ever one social media step away from family and friends who may not have this innate understanding and who have left the ‘digital door open’. In sum, we do not need to constrain social media use, but simply remain cynical. Always asking the question “what will adversaries deduce when they read this?” – note ‘when, not ‘if’ – will serve social media users well.
Rich is in the Military Intelligence community. He currently commands Specialised Counter Intelligence capabilities including open source intelligence and digital forensics.