The Smartphone: A Spy’s Greatest Tool?

Remember the great old spy movies (or even real life stories), where spies would use subminiature concealable cameras (like the Minox Riga developed by Walter Zapp) designed to take quick photos of Top Secret documents or sensitive corporate intellectual property secrets? These “tiny” cameras might have been hidden in a cigarette pack or cigar case, strapped to a ladies thigh under her dress, or even hidden inside the handle of a gentleman’s walking cane or under this hat.

The intrigue and drama continued as the spy then had to get the camera and sensitive pictures out of a secure building. Or perhaps a spy planted a small bug in a conference room or office and then had to be close enough to pick up the signal to hear or record the conversation before the short-lived battery died. They were probably sitting in a lobby or on a park bench outside the building, reading a newspaper or having lunch. Or they might have been in a car parked nearby and within signal range, but generally very close – less than a few hundred yards.

I recently met and heard Jonna Mendez speak at the new International Spy Museum in Washington, D.C. about her and her late husband’s (Tony Mendez) new book, “Moscow Rules.” She also spoke about her and Tony’s roles as the former chiefs of disguise at the CIA as they developed methods that helped their spy agency do what they do best – steal secrets.

Jonna said one of the most creative devices that was developed before and during her and Tony’s time while leading these efforts was the creation of small covert cameras – they were “game changers” in the world of spycraft.

In just 30 short years, however, “game changer” doesn’t even seem to describe the advances in technology we now have because of smartphones. This device now allows any intelligence organization or criminal element to have an advanced camera with zoom and video capability, the ability to send encrypted content anywhere in the world within seconds, and then to delete this content from the device.

In the words of Pink Floyd, I believe we may have become “comfortably numb” to the risks that smartphones pose to security efforts – somehow we still willingly and knowingly allow them in our spaces without question everyday by the millions, and with very few exceptions. Perhaps they are so ubiquitous that people are overwhelmed in acknowledging the “elephant in the room” – that smartphones are a spy’s greatest tool.

Have the espionage threats of over 30 years ago been reduced, mitigated, or eradicated? Or have we just become accustomed to these spy devices as part of our normal, everyday global environment and we’ve accepted the risks of their use?

Complacency is not the answer. The threats still exist and we can’t be surprised when we hear of foreign or domestic bad actors/spies or malevolent employees stealing valuable classified or sensitive information so easily, and it’s not always from downloading major data files. Even more so today, we must fully understand the true vulnerabilities that exist with regard to corporate espionage and our national security.

It should happen more often than it does that corporate security or Executive Protection teams receive approval to collect certain visitors’ smartphones, putting them into shielded lockers during sensitive meetings with their principals, CEOs, or senior executives. Every corporation, high-profile individual or C-suite executive should be asking themselves how much they stand to lose if they allow access to employees with smartphones. If they aren’t asking that question, why not?

How many readers remember the days of the “clean desk” policy? The reason behind this policy was to reduce the ability or likelihood that someone walking by a desk would see or even steal confidential or sensitive information. In the military and intelligence agencies, we have always had what are called “burn bags” where we put our discarded sensitive or classified paper and material that is marked for total destruction (not just shredding). In most sensitive government offices, these practices are still used today.

At times in my career, I’ve looked through the windows outside of office buildings and have seen what should be considered confidential information on desks, pinned to cubical walls, or even on computer screens facing outwards to public view: employee names, office and cell numbers, financial data, upcoming internal events, HR-related material, CEO messages, etc. It is truly alarming what is in the open now and how our poor social media habits just amplify access to information that should probably pass through a communication security (COMSEC) filter.

It seems overall our major concerns are focused on cybersecurity, hacking or identity theft and what we feel are even more sophisticated risks of stealing secrets or sensitive information. But we have made it easier for foreign intelligence and spies conducting corporate espionage to collect sensitive information. Why have we forgotten the very tradecraft and tools that spies used just a few decades ago?

Is the smartphone a spy’s best tool and, if so, are we turning our heads away from the threat because everybody has one?

Factors that make the protection of information even more challenging include the increase in global population, sophistication of emerging countries, ease of international travel, and advancement in technology and associated tradecraft.

Current young generations are being taught a plethora of technology skills and are fearless when it comes to their early adoption and use. Hostile countries love training new elite spies because of this. And social media has now encouraged massive amounts of “sharing” in many situations that are inappropriate or even illegal. It could even be argued that technology and the smartphone could be encouraging aspiring spies and bad actors because of how easy they make it.

Just because they are ubiquitous doesn’t make smartphones less of a threat. We must be cognizant of the fact that they will continue to pose potential risks to high-profile individuals and corporations.

Some will argue that no one likes the inconvenience that restriction on their smartphone use creates. Employers often expect their employees to be available at all times now, including via text messaging and sending quick emails while at lunch or after work. In many cases, they are provided this device free of charge with an expectation they have it on them at all times.

Most government and business computer systems can detect and advise administrators when a particular file has been opened, shared, emailed, downloaded, printed, etc. But we seem to have forgotten that most employees have a camera on them at all times, and taking a picture of a document on a monitor is just as effective as having the real document.

To make matters worse, the continued advancement in the creation of malicious and sophisticated apps that are intended to aid bad actors in stealing information is happening at a pace that is unattainable to defend against, even in today’s world.

Because possession of a device like this in the past would have caused the arrest and/or imprisonment of a possible spy and since we all have them now, does that mean they have created a global level playing field for spying?

Thirty years ago, no one could anticipate the sea change coming. We can’t even guess at what new technology we will see in the coming decades that will aid spies. The question is, will we continue to turn a blind eye to it too, as we keep relinquishing our privacy on all levels?

This is one conversation where there are more hard questions than easy answers – but we shouldn’t make it too easy for a spy.

— Mike