STUDY MANUAL COUNTER INTELLIGENCE PROLOGUELN324-91 The purpose of this booklet is to present basic information on the mission and activities of Counter Intelligence. But, with the understanding that the primary mission is to support the commanders of the armed forces. This booklet is dedicated to the concepts of Counter Intelligence in relation with its functional areas, the application of these functions, and a specific dedication and instructions on how to apply these functions. The terms "special agent of Counter Intelligence" (SA) refers to all those persons who conduct and contribute to the handling and gathering of information of the multi-disciplinary intelligence of the hostile services. This booklet is primarily oriented at those persons involved in the control and execution of the operations of CI. In like manner, this booklet has a very significant value for other members of the armed forces that function in the areas and services of security and other departments of intelligence.
LN324-91 COUNTER INTELLIGENCE TABLE OF CONTENTS Prologue Chapter 1 Introduction to Counter Intelligence Chapter 2 Operations Security (OP SEC) Chapter 3 General OP SEC Chapter 4 Document Security Chapter 5 Liaison Chapter 6 Operation of Report on Contact of Liaison Chapter 7 Introduction - Investigation of Personal Security Chapter 8 Interrogatory/Technical Phase of Questioning Chapter 9 Investigation and Interviews of Personal Security Chapter 10 How to Obtain a Sworn Statement Chapter 11 Unexpected Interviews Chapter 12 Witness Interview Chapter 13 Subject Interview (personal) Chapter 14 Introduction to Subversion and Espionage Chapter 15 Interviews of Subversion and Espionage Chapter 16 Espionage Investigation Chapter 17 Sabotage Investigation Chapter 18 Preparing Agent Reports Chapter 19 Reports/Information for Investigation Chapter 20 Preparing Summary Information Chapter 21 Scrutiny of CI of Interrogation Chapter 22 Interrogation of CI Suspects Chapter 23 Abstracting Information of CI Chapter 24 Protecting Targets of CI Chapter 25 Neutralizing Targets of CI Chapter 26 Observation and description Chapter 27 Planning and conduct of a mobile (PIE), Chapter 28 Terrorism Chapter 29 Counter-terrorism Chapter 30 Physical Security Annex A Prepare Report on Physical Security
CHAPTER 1 LN324-91 CHAPTER 1 INTRODUCTION TO COUNTER INTELLIGENCE INTRODUCTION Imagine a circle representing the effort of a total intelligence conducted by all the agencies of the Armed Forces. Inside this overall field, we find that counterintelligence is an integral part of the total intelligence effort. DEVELOPMENT DEFINITION OF COUNTERINTELLIGENCE: Counterintelligence is defined as the activity or activities collectively organized by an intelligence service dedicated to obstruct the enemy's source of information by means of concealment, codes, crypto, censorship and other measures to deceive the enemy by using disinformation, trickery, etc. The two measures used by Counterintelligence are DEFENSIVE or OFFENSIVE: Defensive measures vary normally with the mission of the unit. An example of these measures are: Counter-espionage Counter-sabotage Counter-subversion Antiterrorism Counter-terrorism Intelligence consists of collection, transmission and dissemination of military data referring to possible or real enemy and/or to an area of operations. The military commander uses this intelligence in order to formulate his possible course of action and to select a course of action in particular in order to achieve the mission. Thus, the intelligence obtained is of vital importance to the commander and for the conduct of his mission. Intelligence is also essential for the enemy as it is for us. The enemy also uses all sorts of measures at its disposal to become informed about our capabilities, vulnerabilities and probable cause of action, and also information about the meteorological conditions of the terrain. Military Counter Intelligence is that part of Intelligence intended to deprive the enemy of this knowledge, and in this manner prevent the enemy activities of espionage, sabotage and subversion, as well as discover possible 5
LN324-91 acts of an adverse nature, treason, or sedition among our own military forces. Counter Intelligence is a significant aspect in both the strategic intelligence and combat, and is essential for the favorable application of two of the nine basic principles of war: security and surprise. The principles of war are: Mass Objective Security Surprise Command Offensive Maneuver Force economy Simplicity. Effective Counter Intelligence enhances the security and helps achieve surprise. Surprise depends not only on the intelligence obtained and the speed of movement, but also on the effective counter intelligence. Effort to prevent the enemy from obtaining data, reducing the risk that the command can suffer, provided it diminishes the enemy's capability of utilizing effectively its potential of combat against our Armed Forces. Thus, effective counter intelligence allows security of the unit. DECEPTION: Deception in combat is a military operation designed to conceal our dispositions, capabilities and intentions and deceive the enemy in such a way that it would be to his disadvantage and to our advantage. Deception is designed to derail or deceive the enemy through manipulation, disinformation, or falsifying of evidence in order to induce a reaction in a way that is detrimental to his own interest. In order for a deception operation to be successful, the enemy has to have the capability of collecting information that we would like him to get, so that we can react according to the information. The enemy is given the opportunity to obtain information, and thus creating a deceptive picture. At the same time, counter intelligence goes into action in order to prevent the enemy from discovering the true purpose of the operation of deception and to avoid recognition of the true technical operation or the principle one, which is being supported by the deceptive operation mainly security. QUESTION: Why can we consider a soldier as a counter intelligence agency? 6
LN324-91 ANSWER: An individual solder is an agent of the CI, since he can provide information on the activities of the intelligence of the enemy, including subversion. Much of the CI operations depends on the individual soldiers ability to adequately fulfill the security procedures, camouflage, observation and information system. As a prisoner of war, the individual soldier is a soldier of operational information of the enemy. Therefore, the individual soldier receives training in the measures of escape and invasion, in case he is taken prisoner or that he finds himself behind enemy lines. Also he receives training to resist the interrogations of the enemy and adhere to his rights as a prisoner of war under the Geneva Convention. All the units are agents of the CI and they too take measures of CI in order to deprive the enemy intelligence on our activities, operations and locations of this positions. Every officer of the high command and every subordinate command in effect acts as a Counter Intelligence officer of the Joint High Command. For example, the transport officer aids the command with the Counter Intelligence aspects regarding the movement of transport; the health chief accesses the Counter Intelligence aspect regarding the location of the health installations. Some units, such as the units of the censure, have special function of CI because of the nature of their assigned missions. The CI agent of the Army has the personal training as specialist in CI and is available for providing support in all the military operations. Other government agencies, such as the agencies of intelligence of the Navy, the Air Force and the Defense Ministry, also use certain functions of CI that support the CI operations of the Army. Keep in mind that kind of intelligence is necessary in both times of peace and war, since espionage, subversion and occasion sabotage are not only limited to conditions of time of war. All foreign countries, both enemy and friends, wish to obtain information regarding the Armed Forces, their assets, disposition, weapons, level of training and future plans for operations peace time as well as in time of war. The range of the CI operation extends in proportion to the level of command. At the division level the measure of CI generally have to do with military security. CI operations at higher levels are similar to those of the inferior levels. Nevertheless, the operations have a broader range thanks to the greater number of units in the scope of their areas with a great volume of 7 __________________________________________________________
LN324-91 advance planning. The CI operations at superior levels include: MILITARY SECURITY SECURITY OF PORTS, BORDERS AND TRAVEL CENSORSHIP SPECIAL OPERATIONS CIVILIAN SECURITY Generally speaking, Counter Intelligence is a main part of the intelligence operation in the theater of operations. Depriving the enemy of information regarding supplies, installations, nuclear weapon systems, means of transport, communications is vital in fulfillment of the mission in the zone of the theater of operations. The great territorial responsibility of this zone require extensive operation of the CI of all types. COMMANDERS' RESPONSIBILITIES: QUESTION: IN THE MILITARY UNIT, WHAT ARE THE THINGS THAT INTEREST THE ENEMY? ANSWER: Military information. Personnel. Equipment and installations. As in all aspects of the military unit, the commanders are responsible for the implementation and execution of all the measures of military Counter Intelligence to protect military information, personnel, material and installation within the unit. The commander has his high command which can delegate the authority to carry out these functions; nevertheless, the responsibility rests with the commander. The Counter Intelligence officer: The auxiliary chief of the high command, C-2, is the officer of the high command responsible for the military information which also includes Counter Intelligence. This delegation of authority is given to the auxiliary chief of 8
LN324-91 the high command, C-2, who has under his charge and responsibility of the high command regarding Central Intelligence and CI. The C-2 is responsible for the implementation and direction of all the measures of CI inside the command. The planning of military Counter Intelligence is based on ability or capability of the enemy to obtain information regarding friendly activities. This planning includes adequate CI countermeasures to prevent the enemy from discovering the dispositions and activities that can reveal the intentions of the command or, if interrupted, could endanger the accomplishment of the mission. According to the organization and the size of the command, there may be a CI official of the high command of the C-2. At the division or brigade level, the official of the CI normally is the chief of the section of security or the detachment of military intelligence that supports the division of the brigade. In other words, he wears two hats, as chief of the security section, and as the CI officer of the joint high command of the C-2. CATEGORIES OF CI OPERATION Generally, there are five categories of operations of CI conducted inside the theater of operation at which the C-2 is responsible or has direct interest. The categories are: MILITARY SECURITY CIVILIAN SECURITY HARBOR, BORDER AND TRAVEL SECURITY CENSORSHIP SPECIAL OPERATION MILITARY SECURITY The military security encompasses measures taken by the command to protect itself from espionage, enemy civilians, supervision and sabotage and surprise. These include passive CI measures and active ones inside the Armed Forces and directly pertaining to the same and for specific military operations. Examples of military securities are: SECRECY DISCIPLINE: This is the indoctrination/training on a continuous basis of all personnel against divulging of classified information that is not authorized or unclassified regarding military activities, and the use of 9
LN324-91 patrol of security in areas frequented by military personnel. SPECIAL PROTECTION OF CLASSIFIED MILITARY AND EQUIPMENT INFORMATION: This is the observation of the security measures, such as the security necessary inside the areas that contain information and classified equipment; introduction of a system of passes for entering critical areas; the conduct of studies in inspection of security to determine the strict observation of prescribed security measures. SECURITY OF TROOP MOVEMENT: This keeps a certain connection with the secrecy discipline, preventing inappropriate comments by personnel in the unit given an order for movement; in returning mail dispatches of the unit in a certain period of time before the departure of the troops, and restricting all personnel in the area of the unit. COUNTER SUBVERSION INSIDE THE ARMED FORCES: This is the overcoming of suppression of rumors and propaganda and the apprehension of subversive agents. THE TECHNICAL MEASURES AS REQUIRED IN THE COMBAT ZONES: This is the use of the technical troops for the apprehension of the resistance groups, to help reduce the intelligence subjective and the mop up operations of the guerilla units. TRANSMISSION SECURITY: Listening to the administration communication networks, command operation of intelligence. SPECIAL HANDLING OF ESCAPEES AND EVADERS: This type of person needs to be debriefed to obtain the immediate intelligence information. It is of great importance to make sure that the escapee or evader is not an enemy agent. CIVILIAN SECURITY: In all cases the mission of the military forces has priority over the well being of the civilians in the area. Examples of the civilian security measures are: Systematic registering of the civilian personnel, including the neutral foreigners and enemies: This is done by the civilian affairs agency and includes the distribution of rationing cards, work permits, travel permits and permits for crossing borders. Control of the circulation of the civilian personnel and refugees: This is a very important matter: All civilian personnel must be kept away from the advance combat zones, which will help prevent their easily finding out about our forces and inform enemy agents of espionage or sabotage. Also, all civilian personnel is to be kept at a distance from the major route of supply to make it easier for the military transport and prevent enemy agents from infiltrating the military zone. 10
LN324-91 Curfew: Keeping the public away from the streets and routes after certain hours, thus restricting the movements of enemy agents. Surveillance of suspect political groups: One should find out whether other groups are sympathetic to enemy cause. Such groups must always be considered potential agents. Investigation of workers security: Local workers employed by the Armed Forces should be investigated to avoid infiltration of enemy agents in areas and military units. This include the service personnel of the countryside, truck drivers and current workers, and interpreters, translators, etc. Distribution of passes and permits. Passes and permits should be strictly controlled and reviewed frequently to avoid forgery. Passes and permits for travel are normally distributed to government functionaries, political agencies, doctors and workers of public services. Control of international commerce: Control of commerce in neutral states. Experience has proven that many commercial companies are in effect spy agencies that use the company as a cover or front of their operation. The profits from the trade of these companies can be and is used to pay for the expenses of espionage operations. Surveillance of consuls and neutral/high command diplomats: It is possible that people of this category are using their diplomatic immunity to act as couriers for an enemy country. SECURITY OF HARBORS, BORDERS AND TRAVEL: Consists of special applications of both the neutral security measures as well as civilians for the control of Counter Intelligence in entry ports and ports of departure for borders and international lines; all movements of. a non-military character, of entry and departure in the theater of operations. SECURITY CONTROL OF MARITIME HARBORS: This is the responsibility of the Navy and control should be coordinated with the Navy. SECURITY CONTROL OF AIRPORTS: This is the responsibility of the Air Force and control should be coordinated with the Air Force. ESTABLISHMENT OF CROSSING POINTS ON THE BORDER: Normal routes of movement should be directed to points of crossing located strategically. These points of crossing should be controlled by military personnel with the help of local and national agencies as necessary. SECURITY CONTROL OF THE MERCHANT MARINE AND THE CREWS OF COMMERCIAL AIRCRAFT: This is important due to such individuals who by virtue of their occupation can enter and depart legally and frequently from the country and such individuals can be used as pretext for carrying out fraud operations (diplomatic pouch). 11
LN324-91 INVESTIGATION OF SECURITY AND CONTROL OF PERSONS WHO LIVE AT THE BORDERS: Personnel in this category, for example, the farmers who live at the border and the entire front can be on the border, personnel living on one side of the border and working on the other side. CONTROL OF DISEMBARKATION PASSES AND PASSES FOR LANDING, AND FISHING PERMITS: The fishing boats and small craft of a similar nature that operate in very shallow water and thus have the capability of landing enemy agents at any point on the coast of the country where the military operations take place. CENSORSHIP: Censorship is the control and elimination of communication with a double purposes: First, to avoid the transmission of information that can be of interest in helping the enemy; and secondly, to collect and propagate valuable information in the service of intelligence that helps the war effort. The term communication includes all types of postal material, regardless of class;, means of electrical communication and any other tangible form of communication that can be carried by a person, carried in luggage, or among personal effects or in any other way can be transmitted from the area where the censorship is taking place. THERE ARE FOUR TYPES OF CENSORSHIP IMPLEMENTED DURING WAR CONDITIONS WHICH ARE: Censorship of the Armed Forces: This censorship is the control and examination of all communications sent and received by personnel under the jurisdiction of the Armed Forces, which include assigned military personnel, the civilians that can be employed and added to the same. This includes all war correspondents, representatives of the Red Cross and technical representatives of the factories. Civilian Censorship: The civilian censorship is the control and examination of all communication of the national and civilian population of the common goal and transit or circulate in a territory which cannot be liberated, occupied or controlled by the Armed Forces. Press Censorship: Press censorship is a division of the security of the news material and other media that are used, including maintenance of security. This applies primarily to the work that is done by the war correspondents, radio commentators and press photographers, and also includes any material prepared on a possible location by the personnel under the jurisdiction of the Armed Forces. Censorship of Prisoners or War: Censorship of prisoners of war is control and examination of the political communication of the prisoners of war and the civilian detainees under the jurisdiction of the Armed Forces. SPECIAL OPERATIONS: The final category is the special operations. Operations that come under this category will be discussed and planned Back to Top 12
CHAPTER 2 LN324-91 according to the specifications of the commander in keeping with the planning within the SOP of CI. OPERATIONS SECURITY [OPSEC] INTRODUCTION Operations security is one of the keys for achieving the two war principles: surprise and security. A military force has the advantage when he can surprise the enemy. In order to achieve this goal, those military forces must protect their operations and activities with a continuous implementation of a security plan that is healthy and effective. The purpose of OPSEC is to protect the military operations and their activities by negating the indicators military forces plans and their intentions vis-a-vis the enemy forces. In other words, the enemy commander should not know or recognize how, when, where, why and what operations our forces are about to undertake, until it is too late for the enemy to react effectively against our operations. OPSEC is the duty of the commander, together with each individual at all levels of command. The commander determines which are the measures of OPSEC which should be implemented and the duration of each event. Equally, they should determine the level of risk that they should be willing to accept. The elements of intelligence (SD) provide information about enemy threat. The operation elements (S3) direct the program of OPSEC and recommend measures for OPSEC. The units of each individual implement those OPSEC procedures. In order to attain a good OPSEC program, commanders and the members of the joint command, and each individual should be trained in the proper use of the procedures and techniques of OPSEC. This teaching plan provides a guide for the procedures to be used by the technical units in the OPSEC program. Described OPSEC and provides doctrinaire direction for the future instructors and trainers. What is OPSEC? GENERAL In order for our military forces to be successful against enemy forces, information about the activities of our units or plans and operations should be denied to the enemy until it is too late for him to react effectively. OPSEC does not occur by itself. Our military forces have to create the right condition for a good OPSEC program since OPSEC is an integral part of all the operations and activities. The OPSEC program can be good because it was implemented effectively in each unit; or it can be a program without 13
LN324-91 effectiveness because the members of the unit did not know the importance of the program and does not know what it requires. OPSEC IS ALL ACTION TAKEN BY THE COMMAND TO DENY INFORMATION TO THE ENEMY ON OUR ACTIVITIES OR MILITARY OPERATIONS Generally, OPSEC includes coordination of various techniques and procedures that deny information to the enemy. It is the common sense applied systematically to the situation of a unit or a mission. The result is the security of the military forces. This requires a total effort of integration by all commanders, and the members of the team, and the units and each individual. Under the umbrella of OPSEC, there exist basically three types of action. COUNTER SURVEILLANCE - These activities are taken to protect the true purpose of our operations and activities. COUNTER MEASURES - Those actions taken to eliminate and reduce the enemy threat and its capability of intelligence and electronic warfare against our military forces. DECEPTION - Those actions taken to create the false image of our activities and operations. COUNTERSURVEILLANCE SIGNAL SECURITY (SIGSEC) The signal security includes communication security (COMSEC) and electronic security (ELESEC). COMSEC includes those measures taken to deny the enemy information on our telecommunications. This includes the cryptographic security, transmissions security, physical security of COMSEC information, and measures to assure the authenticity of the communications. ELESEC is the protection of the electromagnetic transmission, which includes the communication apparatus. This includes such measures as standard operations procedures which have been approved, appropriate search, maintenance procedures, and training programs. ELECTRONIC COUNTER COUNTERMEASURES Electronic counter countermeasures (ECCM) are various measures taken to 14
LN324-91 protect the electronic transmissions of our military forces and the detection capacity, recognizing and identifying the enemy. This includes the proper use of the command post of the motor, situating the antennas, concealing and distancing the antennas, a check of the equipment to secure and make sure that there is no radioactive radiation, and training. A good electronic counter countermeasure program must ensure the effective use of the electromagnetic systems of our military forces. INFORMATION SECURITY (DOCUMENTS) Information security INFSEC is the protection of information of value for the enemy forces. This includes two types of information, classified and unclassified. Some examples are the dispatch documents, requisitions (orders), plans, orders (directives), reports, charts (maps), map covering material, and dissemination of verbal information, and the press that may have an adverse effect on national security and the operation of friendly military forces. PHYSICAL SECURITY Physical security (PHYSEC) is the protection of the installations, command post and their activities, etc., by the members of the Armed Forces, dogs, and other necessary measures for the restriction and protection of the area. Some measures include barriers of the perimeters, detective lights, marked copies of the keys or combinations, bolting mechanism, alarm systems for the control of intrusion, personal identification, controlled access, and controlled movement. The PHYSEC also allows the protection against espionage, sabotage and robbery. STANDARD OPERATION PROCEDURES (SOP) As a general rule, the countersurveillance procedures such as camouflage, concealing and the use of color, light and noise, are concealment measures discussed in the SOP. The SOP also covers the manner in which the unit utilizes buildings, roofs, highways and its equipment. COUNTER MEASURES Counter measures are selected, recommended and planned in order to overcome the specific aspects for the operation of intelligence of the enemy. Once a vulnerability has been identified and the risk is determined to exist, a counter measure is designed specifically for this threat in order to avoid exploitation of said vulnerability by the enemy. The counter measures can be anything from deception to the destruction of the capability of the enemy's means. The counter measures also include appropriate measures to discover the vulnerability of the friendly force. For example, the use of smoke, or the 15
LN324-91 use of flak in critical moments. The deception operation also can be planned. DECEPTION OPERATIONS Deception operations (DECOP) are carried out in order to deceive the enemy. These operations include: Handling of Electronic signatures Distortion of the friendly activities in order not to make the real objective known. Falsifying material, and placed wherever it can be captured or photographed by the enemy. Simulated maneuvers Demonstrations Simulated equipment Deception operations can be conducted when the commander sees an opportunity to deceive the enemy. ? 2 Also, deception can be required when the countersurvei1lance operations are not sufficient to disorient the enemy so that the operation may be successful. In any case, knowledge of the friendly military forces provided by security analysis is necessary in order to create a credible deception plan. SECURITY ANALYSIS Security analysis is done in order to support the countersurveillance and counter measures. OPSEC depends on the commander and his personnel being informed of a threat that they will confront, in the patterns, weaknesses and profiles of the friendly force. Intelligence analysts provides information on the enemy; the analyst assigned to OPSEC section determine which unit or activity of the friendly forces are vulnerable, and why. The OPSEC analyst provides the commander and the operators with a risk estimate; this is based on the efforts of the aggregate of intelligence of the enemy and the activities of the friendly forces that are known. They can recommend procedures or procedures of countersurveillance and counter measures. OPSEC is a condition. Generally, OPSEC is a condition that seeks to attain security or safety of the friendly forces. It involves a variety of activities for concealing the friendly units, or to deceive the capabilities of the enemy analyst and commander in regard to intelligence gathering. These activities (under the 16
LN324-91 category of countersurveillance, counter measures and deception) can be accomplished independently by members of each unit. But it is the integration of these activities by the commanders and the operation officer, which transforms the OPSEC program for a unit and provides security for the operations. The elements of security such as SIGSEC, counter intelligence, military police, and the personnel of each unit, provide the necessary support to create good conditions for OPSEC in the installations. THE THREAT COLLECTIVE CAPABILITIES OF THE ENEMY HUMAN RESOURCES ELECTRONIC RESOURCES IMAGE RESOURCES Agents INTELSEN/GE Photography Infiltrators -- Radio interception Infrared (close and distant) Reconnaissance Unit --Radar interception Night vision equipment Combat Unit --Interference equipment Image amplifiers Patrol --Radar surveillance Visual Prisoners of war--Telesensors SLAR Refugees --Acoustics Figure 1 The intelligence threat against our Armed Forces vary from place to place, according to operations, missions, contingency plan and the level of sophistication of the enemy. Therefore, the units to receive information about the threat in specific situations in the local sections of intelligence. It is expected that the enemy units will utilize all of their capabilities of collecting information, as is shown in Figure 1, when they confront our forces. The enemy is particularly interested in the different echelons of our military forces: which are the capabilities of the unit; such as, their fire 17
LN324-91 power, communications, detection capabilities, logistic support, but in the same way are interested in the location, movements, and intentions of our military forces. The capability of the threat that is discussed in the classrooms and the practical exercises of the units should be based on the capabilities of the enemy and the ones that can have be a fundamental threat in the operation activities of the unit involved. In other words, the OPSEC program was developed in order to counteract the specific threats against the military unit involved. OPERATIONAL GUIDE GENERAL The OPSEC program is conducted by the commander and led by the operations officer as part of the operations of each unit. Each unit can have an effective OPSEC program with only the coordinated forces of the commander, members of the task force and the troops, and the use of various activities of security and intelligence. NUCLEUS OF THE OPSEC OPERATIONS Operations Officer G1/S1 G3/S3 SIGSEC Commander Troops Counter espionage G3/S3 MILITARY INTELLIGENCE 18
LN324-91 The OPSEC program is designed to function with the characteristics of the technical operations, and the requirements of each organization. Each unit takes the necessary steps to provide the security and maintain the surprise - keep the enemy without knowledge of what our military forces are doing. For this reason, OPSEC should be taught in all the military schools at all levels, and established in the doctrinaire literature of each organization and its operations. Each manual should describe how military forces can improve the security of their operations. In order for the OPSEC program to be effective, the tactical units should: Be established by the commander, and led by the operations officer of the support of the local intelligence officer. Be based on the operational requirements of the unit. Be imaginative and adaptable for certain changes. Be designed to deny valuable information to the enemy regarding activities and operation. Be compelled at all levels by the commander in the plans and training, so that the program can function in operations situations. OPSEC SUPPORT The OPSEC support is provided by the unit or sections of the OPSEC which are found in the organizations of military intelligence. The OPSEC teams are specialists in security signals in the counter intelligence and should be put in direct support of the combat brigade, support division commands and the artillery units. These teams support the unit determining the vulnerability of each unit, to assist the subordinate units and maintaining the most current data regarding enemy threats and evaluation of vulnerabilities of such threats. The support units of OPSEC participate in the conduct of evaluation of OPSEC. They also recommend certain ways of protecting the procedures which could provide indicators to the enemy. The security specialists help in the development of the plans and procedures of OPSEC, maintaining the archives of OPSEC, and recommending the deception measures. Commanders can also obtain the support of the units of OPSEC at the highest echelons of the high command of the Armed Forces. This support includes services such as the signal security, computerization security, counter measures of technical surveillance, counter intelligence investigations and inspection of cryptographic installations. 19
LN324-91 THE OPSEC PROCESS OPSEC is a continuous process of planning, collecting information, analyzing and forming, changing data base, issuing orders and instructions and execution. OPSEC PROCESS Planning the gathering --->Information gathering--->Analyzing Report on Report results Executing orders <----Issuing orders <-----Revising the and instructionsdata Base NOTE: Once started, the OPSEC process is continuous and more than one section can do it at any moment. The OPSEC process is done in a sequence of planning, execution and reporting the results. The process begins with information already known of the data base and continues in a logical way resulting from the assessment, recommendation and operation plan. The plan is carried out by the units. The OPSEC measures are monitored by members of the different unit and by elements of the CI to verify the effectiveness of the OPSEC measures. The commander and the operations officer take action to correct the vulnerabilities based on the different reports. The process can be illustrated as follows: THE OPSEC PROCESS S3/D3 S2/D2 Based on OPSEC profile Estimate of the enemy Data base or intelligence threat Condition of our forces ------------ and Commander countersurveillance guideline in effect 20
LN324-91 The Concept of the Commander of the mission or operation P --Determine the sensitive aspects of the operation L --Develop the essential elements of friendly information (EEFI) A --Advise on our vulnerabilities N --Analyze the risk N --Determine countermeasures and requirements of deception I --Estimate of OPSEC (written or orally) N --OPSEC plan (written or orally) G --Deception plan (written or orally) I M P --Units implement Operational Plan (With the OPSEC plan as an Annex) L --Counterintelligence elements supervise the OPSEC plan E M --Inform on indicators that can influence the operations E N --Effectiveness of OPSEC program is evaluated T A T I 0 N R E S --Counterintelligence elements inform the commander and the U operations officer orally or in a written report. L T S Figure 1 21
LN324-91 THE DATA BASE Data base for the planning of OPSEC is maintained by the CI section. This information on our units and enemy capability for gathering information is always in the process of evaluation and change. The intelligence section informs the CI element regarding the capability of the element to collect information. This information about the enemy is important because: Time is not wasted advising an erroneous threat. Counter measures are not assigned to indicators which the enemy does not have the capability to collect. Counter measures are assigned to counteract the capabilities of the enemy to collect information on our activities. The CI section establishes the data base to develop the indicators, the signatures, the patterns and the profile of our forces. This information indicates how our units appear in the battlefield -- the way they operate, how they communicate, how they are supplied, etc. The information about our own unit is important for the planning of our operations because: It determines the essential elements of information on our forces and our vulnerabilities. Counter measures are applicable to the units which need them. In carrying out and providing advice for OPSEC measures. Deception can be done effectively. The use of deception depends on common sense, precise information about enemy intelligence and our involved units. For example, the units which use deception have to demonstrate indicators, signatures, patterns and profiles showing the same characteristics as the type of unit they are trying to imitate. COMMANDER GUIDE The concept of the operation and the mission of the commander provides the direction and guideline for the OPSEC plan. The commander can order certain general measures of OPSEC or perceive specific procedures of security during operation. For example, it can establish measures for protecting the revealing of unit movement, supplies and use of radio. The commander should announce which part of the operation should be protected for the operation to succeed. 22
LN324-91 PLANNING The C3/S3 is assisted by the CI section and other high staff and general staff officers, realizing the plan described in Figure 1. Although the different aspects of the planning might not be completed in detail, each one should be completed as much as possible in a given time. Determine the Sensitive Aspects of the Operation Take note of the information which if known by the enemy provides indicators that reveal our operation. Operational indicators and physical characteristics are compared constantly with the operation. Once this is done the planners can -- Determine the Essential Elements of the Elements of Friendly Information (EEFI) The essential element of friendly information is information that if it falls in the hands of the enemy, our operations will fail. The EEFI reflect the concern of the commander regarding areas that need security. The CI agents use the EEFI to identify and inform regarding vulnerabilities. The unit uses the EEFI to plan operations of countersurveillance. Advice on Our Vulnerabilities Noting the EEFIs, the CI sections begin to advise on our vulnerabilities. The CI agents identify the units and activities that are most vulnerable and detectable by enemy intelligence. This step is necessary for -- Risk Analysis Risk analysis is a process that compares our vulnerabilities with the enemy capabilities for gathering of collect. The CI agent identifies indicators that if detected would result in the divulging of important combat intelligence regarding our operations. The purpose is to identify the risk and determine what can be done to reduce them. This includes an evaluation of the operation of countersurveillance and counter measures actually in effect for determining what more needs to be done. The units always employ procedures of counter surveillance. The units separate and evaluate the effectiveness of countersurveillance as they receive new information. Based on the new information, they can decide and adjust the measures for countersurveillance in order to focus on certain techniques and procedures. This process continues throughout the CI agents structure. 23
LN324-91 Determine the Counter Measures Counter measures are used to protecting these indicators and EEFI which are most vulnerable for enemy detection, as a result the counter surveillance measures which are not adequate. Generally there are five options: Counter measures are not necessary Applying a counter measure Stop the activity Employ deception operations Change the operation Counter measures are not necessary under the following conditions: A indicator cannot be detected by the enemy If it is detected, the indicator supports the deception plan. The commander decides to accept the risk. The use of counter measures in deception requires common sense, information over our units and knowledge of the capabilities of the enemy to gather intelligence. The specific counter measures are directed towards the capabilities of the enemy in order to collect information. Counter measures may include the physical destruction of the enemy -s collection measures. If this is the case, the S3, in accordance with the commander, has to react quickly in order to counteract the enemy's gathering capability. For example, it is known that an enemy reconnaissance patrol is collecting enough information regarding our operation, the 53 can recommend the increase of combat patrols to destroy the reconnaissance element. Deception The planning of deception is integral in the planning operations. A deception plan can be done because it is a good idea for a specific operation; because it is a requirement to support a plan of deception at a higher level as part of the measure against the enemy intelligence threat. In any case, deception and the OPSEC are inseparable. In order to use deception successfully, a unit as o have a good knowledge of all of the aspects of OPSEC. 24
LN324-91 Deception is designed to deceive the enemy by means of manipulation, distortion, making him react in a way that is detrimental to his interest. In order for a plan of deception to function, certain conditions have to exist: -- The plan of deception should be credible. The concept of deception should be carried out in conjunction with the concepts of operation. Whenever possible, the operation activities should support the plan of deception. -- The deception should be part of the technical situation. -- The enemy should be given the opportunity to react to deception. -- One should consider all the information gathering capabilities of the enemy. There is no point in deceiving an enemy resource if it is detected by another resource. The success depends on the good knowledge of the characteristics, capabilities and the use of intelligence systems of the enemy. -- The units involved in the deception have to accomplish their different missions. This may not require anything special if the unit is doing its normal mission. It is possible that it may have enough information and equipment to project a false image. The subordinate units have to support the plan of deception of the superior units. Deception requires good intelligence, OPSEC and an operational implementation in order for it to be successful. Intelligence units inform regarding information gathering capabilities of the enemy and possible reactions. The CI section informs regarding indicators, signatures, patterns and profiles of the units involving deception; and the operations sections applies the deception plan of the combat operations. A satisfactory OPSEC program needs to be established in order for the deception to be successful. INDICATORS, SIGNATURES, PATTERNS AND PROFILES General All the armies have their ways of operating. The normal operating procedures, the field manuals, the training instructions, and other local instructions result in similar units functioning in a similar way. The effort of maintaining the similarities and functioning adds to the effectiveness and efficiencies of the units. Its weakness is that the units become stereotypical units, and consequently more predictable. This causes that the analyst of any intelligence can interpret more easily the indicators, signatures, patterns and profiles of our military forces. The commanders and the operation officers should examine and study carefully how to conduct their military operations. They need to know if they 25
LN324-91 are conducting operations in the same way each time there is an operation, and advise on the manner the operation should be conducted. This means that they should revise the actions that occur during the planning phase, execution and the debriefing after the combat drills. It could be that a comparison of the activities of various combat drills is necessary. INDICATORS Indicators are activities that may contribute to determine a course of action of our military forces. When preparing combat operations, it is virtually impossible for a military unit to hide or avoid giving out indicators. Certain activities must be conducted. Some of these activities are essential for the operations -- others can be directed by the commander or by standard operational procedures of the operations. In many cases, these activities might be detected by the enemy and used to predict possible courses of action. Identifying and interpreting specific indicators is a critical task for the intelligence operations, either for the enemy of for our own armed forces. The intelligence personnel looks for indicators, analyze the, and make an estimate of the capabilities, vulnerabilities and intentions. These analyses have become a requirement for information, plans, and eventually provide the basis for directives and orders. Identifying the critical activities of the military forces could indicate the existence of specific capabilities or vulnerabilities, or the adjustment of a particular course of action. Determining which indicator is important, could be the result of previous action analysis. The lack of action is as important, in certain cases, as actions already taken. For example, if a unit does nor normally deploy its attack artillery equipment, this information is important for the analysts to include it in their estimate. In any case, the indicators that arise requires a concrete knowledge of the organization, equipment, doctrine of the tactics, the command personalities, and the logistic methods, as well as the characteristics of the operations. Indicators are not abstract events. The indicators are activities that result from the military operations. Indicators are potential tools for each commander. The indicators are probabilities in nature, which represent activities that might occur in the military operations. The interpretations of the indicators require knowledge of the enemy and the current situation. Some indicators are mentioned below. It is not intended to be a complete list, or applicable to all situations. 26
LN324-91 Possible Attack Indicators -- Concentration of mechanized elements, tanks, artillery, and logistic support. -- Delivery of combat elements (mechanized, tanks, anti-tank) in echelons. -- Deployment of tanks, guns, cars to the front units. -- Extensive preparation of artillery. -- Artillery positions very much to the front and in concentration. -- Extensive patrol activity. -- Change in the level of communications, crypto, codes and frequency. -- Placement of the air defense forces beyond the normal front. -- Logistics activities, reinforcement and extensive replacement. -- Relocation of support unit at the front. Possible Defense Indicators -- Withdrawal of defense positions before onset of battle. -- Successive local counterattacks with limited objective. -- Counterattack is suppressed before regaining positions. -- Extensive preparation of field fortifications and mined fields. -- Firing positions in the front are used; the long-range firing is started. -- Movement to the rear of long-range artillery equipment and logistics echelons. -- Destruction of bridges, communication facilities and other military equipment. 27
LN324-91 SIGNATURES The signatures are a result of the presence of a unit or activity in the battlefield. The signatures are detected because several units have different equipment, vary in size, emit different electronic signals, and have different noises and heat sources. The detection of the individual signatures could be grouped by analysts to point out the installations, units, or activities. In general, these are the categories applied to the units: visual, acoustic, infrared, and electromagnetic. Each one of these areas are discussed individually. Have in mind, however, that the enemy will try to exploit several individual signatures grouping them in order to determine a signature for the unit. Usually, action is not undertaken as a result of the detecting only one signature. With exception of the detection of critical areas, which can result of the detection, identification and location of a signature. The critical areas are key activities such as command posts, communications facilities and systems, some equipment and its surveillance systems. The detection of these areas reduces the ability of a military force to conduct military operations. However, the longer the critical areas are exposed, the easier would be for the enemy to detect, identify, locate, attack and destroy these critical areas. VISUAL Visual signatures are detected through light photography and by human eyesight, assisted or unassisted. Visual signatures are equipment, location of personnel, activity patters, and the frequency of these activities. Also, some of these visual signatures include vehicle movement, tanks, vehicle marking, uniform markings, etc. Theoretically, a target is detected when it is seen by a human eye. The targets might be detected and identified by using photography by -- -- Its distinct form, or recognizable patters, form, style, size, design, shadow, and its dimensions of height and depth. -- A distinct deployment system, possibly involving other targets. -- The color, hue, shine, tone and texture of the target. It is possible to detect a target without having to identify it. Detection is the discovery of a target or activity, while identification requires an additional step - to establish what the target is, what it does, or the capabilities of such target. The violence, confusion, and the darkness in the battlefield introduces variables that might prevent identification or detection of military targets. 28
LN324-91 Some studies point out that the visual detection is affected by the following: -- The size of the target and the time it has been exposed to sight. -- The degree to which the target has been camouflaged or covered. -- Light variation, visibility and weather. -- Number of targets - the more targets there are, it is more difficult to identify them correctly. -- Target distance - the longer the distance the more difficult to identify the target correctly. -- The contrast of the target against the background -- the less contrast there is, the more difficult it is to identify the target. Some factors help the probability of visual detection. For example, the probability of detection is increased by knowing previously that a target is in a particular area. The probability of detection and identification is also augmented if the target detected in a particular area is associated with other targets in the vicinity, in other words, find a known target and search for similar ones in the area. For example, if a tank repair vehicle is detected in an area, look for tank units or mechanized units in the vicinity. The identification and visual detection can be enhanced with the use of photography. Visual location of ground and air observers, of which there is no specific identification, can be used to lead photographic reconnaissance missions. Unlike the location in one site only, or having a short view of the target, photographs provide the opportunity to enlarge and study specific areas and equipment. Photography is limited mainly because it provides the record of an area as it was at the moment the photograph was taken. ACOUSTIC (SOUND) The acoustic signatures come in two types: The first are noises produced during battle by explosives and rifle firing. The second sound is associated with the noise of certain military functions - such as vehicles, equipment and the activities of the installation. The acoustic signatures are detected by human hearing, sound detection equipment, or special devices that magnify the sound. Acoustic sounds could be very significant because different equipment and guns have a unique sound. These signatures have considerable importance for planning countersurveillance, countermeasures and deception. The forces 29
LN324-91 try to prevent escape of signatures in order to reinforce security; a deception plan must sound as if it were an actual unit. The noises produced by operations are affected by the weather conditions, terrain, atmospheric conditions, and the propagation of sound. The relative direction of wind, the amount of wind, the temperature and humidity influence the quality of sound. In general, the sound travels better when projected by the wind, when humidity is relatively high, and during nighttime. The enemy is not expected to react only to what he hears. The sound only serves to alert us on what is happening. The acoustic signature, unlike the visual signature that can stand by itself, normally is used to support other sensors. The acoustic sounds are integrated with other information to enhance intelligence. But have in mind that under certain circumstances, the sound can travel long distances. While the enemy cannot distinguish between an M-60 tank and an APC, the sound can alert him that there is movement in the vicinity. INFRARED (IR) The infrared signatures are those not visible by the eye. It is the heat, or light, produced by equipment, person, unit or activity. The infrared signatures can be detected with the use of several specialized equipment. The infrared surveillance equipment vary from the individual optical device to sophisticated aerial systems. Under favorable conditions, the systems that have been improved will be able to produce images that distinguish between the equipment of the same quality and type. The tactical infrared equipment come in two categories -- active and passive. The active equipment require that the potential target be illuminated by infrared sources -- light sent in infrared frequencies. These devices are susceptible of being detected because they emit a distinct and identifiable signature. The enemy sensors can locate the active sources. The passive devices detect the infrared radiation of any of these two sources: emissions created by the target or solar energy reflected by the target. These devices are more applicable to play the role of surveillance because the equipment does not produce an identifiable signature. The passive devices are vulnerable to detection at the level at which their power sources are detectable. The majority of the military equipment emit an infrared signature of some type. The equipment more vulnerable to infrared detection are those that produce a high degree of heat, such as, tanks, trucks, long guns, generators, air conditioners, furnaces, aircraft, maintenance facilities, artillery fire, kitchen areas, landing areas and assembly points. 30
LN324-91 Infrared surveillance has limitations. Humidity, fog, and clouds can cause serious limitations, while smoke and fog can degrade the operations of some systems. The clouds present a more serious problem because the radiations emitted can be enough to prevent the operations of the system itself. Clouds also telltale the infrared radiation of the objects being targeted by the system. ELECTROMAGNETIC The electromagnetic signatures are caused by electronic radiation of communication and non-communication emitters. In other words, the detection of specific electromagnetic signatures can disclose the present of an activity in the area. This allows us to direct our sensors to that area in order to detect other signatures. The communication signatures are generally direct -- use a radio and a signature will be provided. The battalions have certain communication systems; the brigades have other communication systems, and the elements of higher echelons also have different communication elements and other additional systems. To find the bigger units, to which a transmitter belongs, it is the duty to: -- detect other transmitters in the area. -- Use radio-goniometry to determine the location. -- Categorize signals by a signal analysis. -- Locate the type of transmitter in the vicinity of the area. From this type of information, the intelligence can determine the location of a unit or command, supply point, weapons units, and assembly areas. This is particularly true when some radios or radars are used exclusively by a specific unit or weapons system. The movement, information of the order of battle, the structure of the radio network, tactical deployment, and, in a lesser degree, the intentions could be derived from the interception of the communications systems. All these could be detected and identified by knowing the location of communication equipment, without reading the messages. The signatures produced by radars are considered from two viewpoints. First, when radar systems are activated they transmit signals and create signatures. This makes our forces vulnerable when we use radar against the enemy. Secondly, the equipment, buildings and mountains have identifiable characteristics which the radar can be used to detect and identify. Therefore, the forces exposed are vulnerable to the detection by radar. 31
LN324-91 The military equipment have a great number of protuberances, angles and corners which the radar could detect. This refers to what is called the radar cross-section (RCS). Modern radar surveillance equipment can do more than solely detect the RCS of a target. Aerial radars with lateral view (SLAR) have enough resolution to identify certain weapons systems by detailed imagery or by its pattern. The radar systems can penetrate the fog, cloud and moderate rain. The surveillance radars are active systems and can operate against mobile or fixed targets. The radar systems are limited in that they require an uninterrupted passage, or visibility points, towards the target area. However, have in mind that these systems cannot penetrate forests or heavy rain. The radar systems are susceptible to enemy interception and can become targets because of their distinctive signature. PATTERNS A pattern is the manner in which we do things. Patterns that can be predicted are developed by commanders, planners and operators. The different classes of patterns are as numerous as the different procedures in military operations. Some examples of patterns are: -- Command and Operations Posts -- Artillery fire before an attack -- Command posts located in the same position relative to the location of the combat units. -- Reconnaissance patrols repeatedly on a zone before an operation. The officers need to examine their operations and activities in their zones of responsibility and reduce the established patterns whenever possible. PROFILES The profiles are a result of the actions taken by military units and individual soldiers. The profile analysis of a unit could reveal signatures and patterns on the procedures, and, eventually, the intentions of the unit could be determined, collectively, the profiles could be used by the enemy to find out our various courses of action. Our counterintelligence units develop profiles of our units in order to determine our vulnerabilities and thus recommend the commanders on the correction measures. In order to achieve this, all activity of the unit has to be identified to see if it presents indicators to the enemy. Usually, profiles are developed by means of the gathering of information on the electromagnetic equipment and on physical actions and deployments. 32
LN324-91 Electromagnetic information identifies the activities of the units by associating the different signals with the equipment. Physical actions and deployments are things that the unit does: how a unit appears while it is performing; how it moves; its configuration during march or when it deploys. These different factors identify the different units. In the majority of units, the electromagnetic and physical information is applicable to 5 areas of importance in order to complete an entire profile. The five profiles are: -- Communications and command post -- Intelligence -- Operations and maneuvers -- Logistics -- Administration and other support COMMUNICATIONS AND COMMAND POST Some factors to be considered when developing and profile: Where are the command posts located with regard to other units - particularly subordinate units? -- How does the command post look like? -- When is it transferred with regard to the other command elements? -- Is the post surrounded by antennas - thus creating a very visible target? -- What type of communications equipment is used and where is it located? -- What is the amount of communications traffic with regard to the activities and operations? -- Are there any road signs that might help the enemy units or agents to located the command post? -- Do the logistics and administration communications compromised the operation? 33
LN324-91 INTELLIGENCE Profiles on intelligence, surveillance, reconnaissance and elements identifying targets are developed in order to determine whether our activities indicate our intentions. Some considerations: -- How frequently and to which zones have the land and air elements been assigned for information gathering? -- Where are the information gathering elements located? (Which communication methods are used to report? Which are the information channels? Which are the security measures?) -- How are the radars used? (For how long are they used before transferring them?) -- Are there sensors in the target zone? -- Have the reconnaissance vehicles (land and air) compromised the location of future operations? -- Are the patrol levels been varied? -- Can the different gathering activities relate to the different stages of operation - planning, preparation, execution? OPERATIONS AND MANEUVERS Activities during the preparation and execution of combat operations can be identified. Many activities are hard to cover due to the number of men involved, the noise, dust, tracks of vehicles, heat emitted, etc. However, the activities for combat operation have to be examined. -- Can the drilling and instruction of men be easily detected? -- If there is special training required for the operation, are there any special security measures? -- Where are the units located before the operation? Artillery? Aviation? Reserves? Maintenance and supply? Is the movement indicated towards the front or the rear during their course of action? -- How are the same actions carried out for preparation of offensive or defense operations? Do they indicate intentions? LOGISTICS 34
LN324-91 Supply, maintenance, transportation and services and facilities indicating an operation have to be examined. -- Which movements indicate the starting of an operation? -- Are material and special equipment visible? -- Where is the material being stored? When? -- Is the change of schedule for vehicle and weapons maintenance indicating the start of an operation? -- Are new roads being built? -- Are special munitions being delivered secretly? ADMINISTRATION AND OTHER SUPPORT Activities seemingly completely innocent individually could provide valuable information for the enemy analyst. The administration and support profile could identify these actions which become obvious because they are different from what is normal. Some examples follow: -- Things change before an operation: * Getting up and meals schedules? * Directions * Larger mail volume? * Frequency of reports: * Entry of licensed personnel? -- There is a special request for: * Personnel? * Equipment? * Supplies of all types? -- How is trash, paper, etc. being destroyed? Can enemy agents locate and use the waste? -- Expecting wounded personnel by medical units, do they indicate a pending operation? 35
LN324-91 36
LN324-91 THE OPSEC PROCEDURE 1) To identify the enemy capability to gather intelligence (D-II/S-II). 2) Identify our EEFI and profiles. Profiles + Patterns and signatures Profile: All the characteristics pertaining a unit. Patterns: Repeated activities established by SOP or by doctrine. Signatures: Field actions of a unit. -- visual -- sound -- infrared -- electromagnetic Profiles: Command Post -- Communications -- Operations -- Logistics 3) Identify the vulnerable profiles that indicate our intentions. 4) Implement a risk analysis and make note of the EEFI. -- Profiles \ -- Patterns > Indicators -- Signature / 5) Recommend OPSEC measures -- Countersurveillance -- countermeasures -- Deception 6) Select the OPSEC measures. 7) Apply the OPSEC measures. 8) Apply efforts to monitor OPSEC. 9) Monitor the effectiveness of OPSEC. 10) Recommend OPSEC adjustments. 37
LN324-91 Step (1) --- OPSEC estimates Step (2) --- OPSEC estimates Step (3) -- Planning estimates/guidelines Step (4) --- Estimate/guidelines Step (5) --- Estimate/guidelines Step (6) --- Estimate/guidelines Step (7) --- OPSEC Annex Step (8) --- OPSEC Annex Step (9) --- OPSEC Annex Step (10) --- OPSEC Annex ESTIMATE --> GUIDELINE --> ANNEX EVALUATION:YEARLY REPORT 38
LN324-91 OPSEC ANNEX Item 1): Mission of the unit. (From the Plan of Operation) Item 2): Summarize the enemy situation in terms of intelligence gathering, sabotage, and subversion. Discuss the situation with regard to recent enemy activities and their potential capability. This item is designed to indicate their capability for intelligence gathering; while item 3 include the measures to counteract those efforts. The following factors should be analyzed: A. Indicate the effect of weather on the enemy's capability to gather intelligence on our OPSEC measures. B. Indicate the effect of the terrain on the enemy's capability to gather intelligence on our OPSEC measures. C. Resume the enemy's capability to gather intelligence and carry out sabotage and subversive actions. This includes: 1) Intelligence A) Ground Observation and Reconnaissance 1) Eye observation 2) Patrols 3) Ground radars 4) Infrared surveillance 5) Long-range ground sensors 6) Other B) Air Surveillance and Reconnaissance 1) Penetration flights 2) Long-distance flights 3) Reconnaissance satellites C) Signal Intelligence 1) Communications Intelligence 2) Electronic Intelligence D) Electronic Warfare 1) Interception and radio goniometry 2) Interruption 3) Destruction E) Guerrilla, insurgents, agents 39
LN324-91 F) Other: infiltrators, refugees, prisoners of war, etc. 2) Sabotage A) Military B) Economic 3) Subversion A) Propaganda B) Terrorism C) Political D. Summarize the enemy's intelligence and security weaknesses. Summarize its intelligence gathering weaknesses, for committing sabotage and subversion sabotage. Discuss its internal security posture. Item 3): Implementation A: Make a list of all the countersurveillance measures taken by the field SOP. Emphasize new countersurveillance measures or changing of measures that are part of the SOP. B. In this section, make a list of all the additional countermeasures that are not included in the SOP and are applicable to all the units. These countermeasures are designed to counteract a specific threat by the enemy counterintelligence. Item 4): Miscellany A. Summarize the threat to internal security. Discuss the problems of internal security detected in the command post. B. Establish any special instructions not covered previously as targets of interest for counterintelligence (with priorities and locations). C. Establish the chain of command for counterintelligence. Item 5): Command This item deals with instructions on where counterintelligence is sent to, the link between the various units, location of counter- intelligence personnel, the different dissemination channels, types of reports required, frequency and priorities. 40
LN324-91 OPSEC ESTIMATION Item 1): The Mission of the Unit. (From the Plan of Operations) Item 2): Area of Operations. (Discuss the influence of the area of operations on the enemy capabilities to gather intelligence and commit acts of sabotage and subversion). A. Time/weather. (From the Intelligence Annex) -- The enemy's capabilities for surveillance and ground and air reconnaissance. -- The time/weather is or is not favorable to the enemy's gathering efforts. -- The impact of time/weather on our countermeasures. B. Terrain. (From the Intelligence Annex) -- Surveillance -- Coverage -- Natural and artificial obstacles -- Key Terrain (How the terrain affects the enemy's capability to gather information/intelligence and how it affects our countermeasures). C. Other factors of the zone. -- Political -- Economic -- Sociological -- Psychological -- Transportation Item 3): Current Enemy situation on intelligence, sabotage and subversion activities. A) Intelligence 1) Ground surveillance and reconnaissance. -- Eye observation -- Patrols -- Ground radars -- Infrared surveillance -- Long-range ground sensors -- Other 41
LN324-91 2) Air surveillance and reconnaissance -- Penetration flights -- Distance flights -- Air Sensors -- Reconnaissance satellites 3) Signal Intelligence -- Communication intelligence -- Electronic intelligence 4) Guerrillas and Insurgents 5) Espionage 6) Other: infiltrators refugees, displaced persons, prisoners of war, etc. B) Sabotage 1) Military (installations, line of communication) 2) Economic C) Subversion 1) Propaganda 2) Terrorism 3) Political Item 4: Enemy capability for intelligence gathering and to commit sabotage and subversive actions. A) Intelligence 1) Ground surveillance and reconnaissance. -- Eye observation -- Patrols -- Ground radar -- Infrared surveillance -- Long-range ground sensors -- Other 2) Air surveillance and reconnaissance -- Penetration flights -- Distance flights -- Air Sensors -- Reconnaissance satellites 3) Signal Intelligence 42
LN324-91 -- Communication intelligence -- Electronic intelligence 4) Guerrillas and Insurgents 5) Espionage 6) Other: infiltrators refugees, displaced persons, prisoners of war, etc. B) Sabotage 1) Military 2) Economic C) Subversion 1) Propaganda 2) Terrorism 3) Political Item 5): Conclusions A) Indicate how the enemy will use its capability to gather intelligence and to commit sabotage and subversion actions. B) Indicate the effects of the enemy capability on our course of action. C) Indicate the effectiveness of our current countersurveillance measures. D) Indicate the effectiveness of our current countermeasures. E). Recommend additional countersurveillance measures. F). Recommend additional countermeasures. 43
LN324-91 OPSEC PLANNING GUIDELINES UNIT ______________________________ COMMANDER: __________________________ G3/S2: ______________________ NAME OF OPSEC OFFICER: ____________________ CONTENTS DISCUSSED WITH: ________________________________________________ NAME RANK PERSON COMPLETING REVISION: ____________________________________________ YES NO CAMOUFLAGE A. B. DOCUMENT SECURITY (INFORMATION) A. B. COMMAND POST A. B. COMSEC SIGSEC TRANSSEC Back to Top 44
CHAPTER 3 LN324-91 OPSEC EVALUATION INTRODUCTION: OPSEC means Operations Security. It is the duty of the Intelligence/ Counterintelligence Agent to determine the extent to which the security measures are being followed within the OPSEC program. If the measures have not been carried out, then nothing has been accomplished and the security of the command is in serious danger. When the OPSEC measures, developed from the OPSEC Procedures, are applied to an operation or activity (Commando) there are several methods to evaluate its effectiveness. All are included under the subject of "OPSEC Evaluation." The phrase OPSEC EVALUATION is applied to two different concepts: a. One concept refers to an evaluation or study of the activity, unit, or project, using the OPSEC Procedure in order to recommend the OPSEC measures and create a Data base for Counterintelligence (CI). b. The second concept is an evaluation of the effectiveness of the OPSEC measures already recommended. This evaluation might result in modification or suppression of measures, or the identification of new OPSEC measures. OVERVIEW: 1. The OPSEC Evaluations vary, as already mentioned, depending on the units needs. 2. All evaluations have in common the characteristics of examining the effectiveness, the failure or the lack of OPSEC measures in a unit. 3. All evaluations are structured in a way that can provide complete and detailed information as to how the units and agencies are implementing the OPSEC measures. 4. THE OPSEC EVALUATIONS ARE NOT INSPECTIONS. The evaluations are presented and must be considered as data finding and/or failure finding. 5. The Evaluation is used to identify those areas of the security procedure of a unit that need to be improved. 6. When a team of agents carries out an OPSEC evaluation, it must be done sensibly and not overlook or ignore something, having always in mind that the evaluation results will be used to improve the system. 7. EVALUATIONS IN PEACE TIME AND IN WARTIME: 45
LN324-91 a. During peacetime the OPSEC Evaluations can be prepared several months in advance. An OPSEC evaluation of each command (unit) within a Division or Brigade, must be carried out annually. b. In addition to a yearly evaluation, a commander may request it, through the G3/S3, that an OPSEC special evaluation be made of his unit. c. During wartime, as vulnerabilities and threats are identified, the evaluations are carried out in response to an emergency request or urgency by the affected agencies. 8. Each evaluation is unique, since each one reflects the operation or activity being evaluated. However, there are certain common procedures for all evaluations, and these are as follows: a. Planning b. Evaluation c. Report/Information 9. Planning of Evaluation: The main factor in the planning stage of an evaluation is detail. It must be prepared in detail to carry out an evaluation. Normally, the planning stage includes the following: a. Development of the purpose and scope of the evaluation: The purpose/scope of the evaluation is prepared by the analysis section of CI, and by the OPSEC element, for approval by G3/S3. SAMPLES OF POSSIBLE PURPOSES AND SCOPES OF AN EVALUATION: (1) "This OPSEC Evaluation will discuss the vulnerability of the Division or Brigade to the multi-disciplinary threats of the enemy. These threats include Human Intelligence (HUMINT) and Signal Intelligence (SIGINT), etc. b. Selection of the team that will carry out the Evaluation: The team shall be selected by G3/S3, who will request its units to assign expert personnel in the areas of operations, intelligence, communications, logistics and administration. The team can be re-structured according to the type of evaluation to be made. c. Establish the contacts (link) in the area to be evaluated: One of the initial steps before evaluation is to contact the security chief of the installation to be evaluated. He can provide access to the necessary files needed for an evaluation. 46
LN324-91 d. Compilation of the reference materials: The team must review the Standard Operations Procedures (SOP) of the unit to be evaluated. This will make the team familiar with the mission and the operational procedures of that installation. e. Review the Essential Elements of Friendly Information (EEFI): By reviewing the EEFI, the team may identify the valuable intelligence data which the commander deems important for the security of the installation. This information may include any information, classified or not, which, if revealed to enemy intelligence agent, could result in serious damage to the installation. f. Review the threat of hostile intelligence: The team must be familiar with possible espionage threats, activities of intelligence gathering by the enemy, by using all the sources in the area of operations. g. Become familiar with the activity or installation to be evaluated: Members of the evaluation team shall review all the directives of the installation. The evaluation team leader should be briefed by the commander of the installation. h. Prepare organizational charts: Preparation of organizational charts for evaluation purposes will facilitate the evaluator's work. The chart should be prepared according to the area to be evaluated. The charts should include the areas to be reviewed by the agents and specific notes that might be useful for the individual evaluator to carry out his duties. i. Give notice of evaluation: The final step in the preparation of an OPSEC evaluation is to notify it. The G3/S3 notifies the installations that will be evaluated by means of an amendment. The information that might appear in the message is as follows: (1) The purpose and scope of the evaluation. (2) The members of the evaluating team and its access to classified information. (3) Necessary briefings and familiarity. (4) Date and time that will be spent in the evaluation. (5) Support required from Signal Security (SIGSEC) 47
LN324-91 10. The Evaluation: After completing the planning stage, the evaluation will be performed. The following steps, in order, must be carried out at the onset of the evaluation. a. Beginning briefing: This briefing could be formal or informal. It must be given by the evaluating team leader. The areas to be covered during this briefing are: (1) Purpose and scope of the evaluation. (2) How the evaluation will be conducted. (3) Summary of the enemy threats and the vulnerability of the installations to these threats. (4) Previous OPSEC evaluations, if any, will be discussed. b. Briefing by the Commander: This briefing will give the Evaluating Team an opportunity to receive information on the operations from the viewpoint of the commander of the installation. c. The Evaluation: (Information that will be covered later on by this chapter). d. Final Briefing: The purpose of the final briefing is to inform the Commander of the results of the evaluation and the findings during the evaluation with regard to the OPSEC system of his installation. Also, the outgoing briefing could be an informal one. e. Report: During this period, the evaluating team, the analysis section of CI and the OPSEC section, shall evaluate all the information obtained during the evaluation. The product of this effort shall provide a data base that can be used to identify the vulnerabilities of the installation in the OPSEC areas. The evaluation results of the information obtained by the team will be the basis for recommendations of new OPSEC measures, if necessary. 48
LN324-91 OPSEC EVALUATION BROCHURE: TECHNIQUES AND AREAS TO BE COVERED DURING AN OPSEC EVALUATION. OPSEC EVALUATION HUMAN INTELLIGENCE A. Security of Information: 1. Reproduction machines (copiers): a. How many machines are there? b. What is the control on the reproduction of classified material? c. Who is authorized to reproduce classified material? d. Who authorizes reproduction? e. Has the personnel been instructed that when a document is copied in a copier, the image of the document remains latent in the crystal and could emerge if a blank paper goes through. 2. Destruction of classified information: a. Who does the destruction of classified information? b. Where is destruction carried out? c. When and how often is classified information destroyed? d. How is it destroyed? e. What security measures exist during the destruction process of classified material? 3. Emergency Evacuation and Destruction Plan: a. Obtain a copy of the plan and review it to determine whether it is effective: b. How is the plan carried out? c. Do they have the necessary materials on hand to implement the plan? 49
LN324-91 d. Has the plan been rehearsed (drilled)? 4. Sensitive unclassified Trash: a. Is there a procedure with regard to the handling of sensitive unclassified trash? b. Is there any mention of it in the SOP? c. Is the SOP specification carried out? d. How can they be sure that the command instructions are carried out with regard to sensitive unclassified material? e. Is all the personnel aware of the importance of controlling the sensitive unclassified trash? How were they instructed? 5. Requests for information: a. How are requests for information processed? b. What is the procedure if the request originates from another military or civilian command, or foreign country? c. How do they control publication of information on activities evaluated by other sources? d. Is there an Officer for Public Relations (PRO)? e. What are the responsibilities of the PRO in this program? f. How is unsolicited mail handled? 6. Open Publications: a. Which are the open publications of the installation? (A publication which is unclassified and anybody can have access to it.) b. Obtain copies and determine whether the publication has any EEFI information. c. How are open publications controlled? 7. EEFI: a. Obtain copy of the current EEFI list. b. On what was this list based? 50
LN324-91 c. Is all the necessary personnel aware of what is included in the EEFI list? Is this information denied to some personnel? d. Is the EEFI list realistic, does it in fact contain everything that the unit wants to protect? 8. Reports of Previous Inspections/evaluations or Studies: a. Obtain copies of all the inspections, evaluations, studies, of physical security, personnel, OPSEC, that has pertain to the installation. b. Review all the reports and determined which measures have been taken to correct problems identified previously. 9. Special Access Material: a. Which materials requiring special access are used by the installation? b. What security measures are enforces to protect and safeguard the material? 10. Classification guidelines: a. Obtain copy of the classification guidelines for classified material of the installation. b. Are these guidelines effective? c. Are they written in an efficient way, providing the necessary information? d. Is the personnel knowledgeable of this classification guideline? 11. Casual Conversation. a. During the evaluation of the installation, try to listen to conversation carried out in areas where classified or sensitive matters should not be discussed; also be on the alert to conversation between persons that have access and the need to know certain information with persons that do not have the need to know nor the access. b. Which is the procedure of the unit/installation regarding casual conversation? c. Does the installation have an instruction program to brief its personnel with regard to the danger of casual conversation? 51
LN324-91 12. Security Education Program: a. Which is the level of security education of the evaluated installation? b. Is there an education program in the areas of sabotage and espionage against the armed forces, OPSEC, SigSec, Humint, and imagery intelligence? c. If there is a program, is it effective? (Does the personnel respond to the teachings?) d. Has the installation informed on any attempt of sabotage and espionage or incident to the SEAAF? e. Is the personnel contacted aware of the purpose of OPSEC? Could they identify an approach to SEAAF if it would happen to them? B. Physical Security 1. Inspections after working hours: a. Are inspections of the installation carried out after working hours? b. If they do, what do they look for? c. How often are these inspections performed? d. What happens if they find loose classified material or any other security violation? 2. Effectiveness of Physical Security: a. What is the concrete effectiveness of the physical security of the installation? b. Are the current physical security measures adequate? c. Examine doors, gates, fences, barriers, etc. and determine its weakness and strong points. 3. Inspection Program of the Security Inspector: a. Does the installation have an inspection program by the Security Supervisor? b. When the security supervisor carries out an inspection, is it announced or unannounced? c. Is the personnel performing the physical security inspection, assigned to the same installation which they are inspecting? d. What do they look for when inspecting? e. What happens when they discover a vulnerability? 4. Access Control: 52
LN324-91 a. Pretend you are a hostile intelligence agent and determine how could you manage to enter the installation. Plan it from the outside to the inside and how far could you penetrate. Try to obtain classified material or try to listen to casual classified conversation. Use your imagination. The enemy will do the same. b. Are the gates adequate? c. Is there a cleared zone beyond the perimetry fences? d. Is there an adequate number of guards? Are they duly trained? (How do they communicate among themselves? e. Are the fences adequate? f. Are the outer doors adequate? g. Is the alarm system adequate? (Do they have an alarm system?) h. Is there a control of visitors and their vehicles? i. Do the guards have an established routine of movement that will make them vulnerable to an attack? j. Is there a reserve/support group that could assist in case of a surprise attack? k. Prepare a scenario of how you could penetrate the installation, include a detailed account of the weak and strong points of the security program of the installation. 5. Pass system: a. Is it adequate? b. Can the passes be reproduced easily? c. Is there another system that could be used in case the first one is compromised? d. How are passes destroyed? e. What happens when they are informed that a pass has been lost? f. Do they allow for one pass to have access to the entire installation, or are there restrictions? 53
LN324-91 g. If the pass is not shown, is he made aware by the other individuals, or is he allowed to walk without problem or question? h. Are all the passes always visible? i. How is the access to classified information certified or verified of an individual visiting the installation? j. Are visitors escorted through the installation? k. Is there a record of the passes? l. How many times a year is the pass system changed? 6. Visitors control: a. What kind of access is authorized to visitors? b. How are their level of access to classified information verified? c. Are the visitors required to sign at the entrance? What information are they required to provide? d. What other controls are applied for visitors? 7. Foreign Liaison Visitors a. Are their access or authority for visiting verified? b. Who is notified of their visit to the installation? c. Which areas are they allowed to access? d. What type of information is exchanged? e. Is a briefing offered to the personnel that will have contact with the foreign visitors? 8. OPSEC Support - Physical Security Plan: a. Review and determine whether the plan is effective,. b. Does this plan provide the support/information/guidelines needed? c. Can a Study of Physical Security be carried out? d. What do the personnel know of the Physical Security Plan? 54
LN324-91 e. Is it reviewed and updated frequently? 9. Instructions for the Guards a. Are the instructions to guards adequate? b. Do the instructions to guards indicate which are their responsibilities? c. Are emergency plans included in the instructions? d. What do the guards know about the plan? e. Do the instructions include how to proceed in case of a bomb threat, sabotage, espionage, events of interest for the CI, and the destruction of government property? f. Do the guards understand what they have to do if they are involved in an incident that concerns the military intelligence? C. Personnel Security 1. Human Reliability Program: (This program is used to determine the reliability of persons in sensitive posts. The subject is discussed in the Chapter entitled "Security Investigation of Personnel") a. Does the installation have such a program? b. If it does, how is it checked? c. What has this program offered to the Commander? d. How is access to classified information validated? e. Where do personnel whose access has not been approved yet work? 2. Travel Abroad by Staff Personnel: a. Where to and when do these individuals travel to foreign countries? b. What is the procedure to notify the commander of these trips? c. Are the travel schedules controlled/evaluated? d. Is the personnel travelling abroad briefed? 55
LN324-91 e. What kind of information do they carry and what kind of information can they exchange? f. Are trips abroad reported to military intelligence? 3. List of Accesses to Classified Information: a. Is there a list of all the persons who have access to classified information? b. Do the personnel have access to the necessary information to carry out their tasks? c. Revise the access list and determine whether there is any individual with access to information who should not be allowed. d. How does the command verify the access to classified information of other agencies? 4. OPSEC Program: OPSEC SOP: a. Does the installation have an OPSEC SOP? b. Is it adequate? c. Does the SOP of OPSEC describe the responsibilities of everybody down to the individual level? OPSEC Officer a. Does the officer in charge of OPSEC working full-time for OPSEC, or does he have other primary functions? b. Which are the responsibilities of the OPSEC officer? c. What kind of support is given to him? d. Does he have the experience/education/reference material necessary to carry out his tasks? e. What importance does the Commander bestow on the OPSEC program? OPSEC Analyst a. Is the command aware of what is an OPSEC analyst? 56
LN324-91 b. Does the command know what an Analyst can do for them? c. Have they requested support by the OPSEC Analyst, and what kind of support was requested? d. Have they received in the past any support by an OPSEC Analyst? e. Is the OPSEC Analyst effective? 4. OPSEC Consciousness: a. Does the personnel know what OPSEC means, what OPSEC can do for them to protect their mission and work material? b. Is OPSEC considered a daily routine in this installation? c. Is OPSEC considered before, after and during a military exercise? d. What kind of OPSEC training have been given to the personnel? e. Does the personnel believe in the importance of OPSEC? f. Which is your (the agent's) opinion of the total consciousness of OPSEC in the installation? D. Signal Intelligence 1. SOP: a. Obtain and review all the SOP's of SIGSEC. (are they adequate?) b. Are they reviewed and updated periodically? 2. Support by Signal Intelligence: a. What kind of support has the installation received from Signal Intelligence? b. What kind of signal intelligence support does the installation need? 3. Safe Communication: a. What are the means for safe communication? 57
LN324-91 b. Are they adequate? c. Is there a backup system in case the primary one stops working? 4. Inspections of Safe Communications and Signal Security: a. When was the last SIGSEC/COMSEC inspection done and what were the results? b. Does the system need to be improved? (Were the improvement measures carried out?) c. Is there a need currently to improve the SIGSEC and COMSEC systems? 5. Security Education: a. Is the installation personnel trained on communications security? b. If they are trained, how is instruction given, is it accepted or rejected? c. Is there a need to improve the security education program? 6. ADP Security: (ADP: is a security system used to protect the computer communication) a. Is the personnel trained on COMSEC? b. Is a key code used? How can an unauthorized person be prevented to access the computer system? c. Do unauthorized persons use the system? d. What is the software used? What classification does it have? e. What is the procedure for controlling the computer output? f. What physical security measures are used to protect the computer terminals that are outside the computer room? g. Which procedure is used for the necessary maintenance? 58
LN324-91 h. If the system contains classified information, how can they get the cleared personnel to carry out the computer maintenance? i. Is there a Security Officer assigned for the computer room? j. Are the computer operators trained on the need to protect the systems security? k. Can classified information be obtained through the terminals? l. Are visitors escorted while visiting the computers area? m. Is there a pass system for the computers area? n. Does the installation share the use of computers with other installations or agencies? E. Imagery Intelligence 1. Aerial Photography: a. Is the personnel conscious of the existence/threat of aerial photography? b. Is the installation vulnerable to this threat? c. What precautions are taken for protection against this threat? d. What kind of written information do they have to protect themselves against this threat? 2. Manual Photography by an Agent: a. Is the personnel conscious of this kind of threat? b. What physical security precautions are taken to protect themselves against this threat? c. How vulnerable is the installation? d. Are the guards aware of this threat and know how to prevent it? 3. Outside Tryouts 59
LN324-91 a. Does the installation conduct tryouts outside the building that could be vulnerable to the threat of imagery intelligence? b. Has the command considered using camouflage before the tryouts are carried out? c. Does the SOP contain something with regard to the protection against this threat? F. Vulnerabilities/Recommendations of Signal Intelligence G. Imagery Intelligence 1. Local threat: 2. Vulnerabilities/Recommendations: H. Other Vulnerabilities and recommendations as appropriate: I. Remarks: (General remarks are included which are not qualified as vulnerabilities.) J. Conclusions (Support to be given to the installation in the future.) I. ANNEXES: a. Data on Threats in general. b. Results of the COMSEC evaluation. c. Study of Signal Security d. Essential Elements of the Enemy e. Report of ADP Security f. BEFI - Evaluation g. Inspection of Technical Support h. Other information or reports that might backup the OPSEC Evaluation. 60
LN324-91 NOTE: Not all the Annexes mentioned above are required in all the reports of an OPSEC evaluation. Back to Top 61
CHAPTER 4 CHAPTER IV DOCUMENTS SECURITY INTRODUCTION: The application of this chapter will be based on the following main principles: 1. It is essential that some official information be given top protection in order to safeguard the capability of the nation to protect itself against all hostile and destructive actions. 2. It is also essential that the citizens of the nation be informed as much as possible on the activities of the government. 3. This chapter should not be interpreted in any way as trying to withhold information that otherwise could be publicly disseminated. GENERAL: A. DEFINITION OF DOCUMENT SECURITY: The degree of protection given to certain official information for the safekeeping of the nation's capability to protect itself against hostile or destructive actions. B. All personnel must be aware that the above-mentioned principles are the fundamental factors that govern military security and must be deeply indoctrinated so as to be inherent with the routine performance of their tasks. C. ORGANIZATION: 1. Categories of Classification a. The official information requiring protection in the interest of national defense will be limited to three categories of classification, which are, in order of importance, TOP SECRET, SECRET and CONFIDENTIAL. No other designations shall be used to classify information of national defense. 2. Other Definitions a. Information of Defense. It pertains the official information that requires protection in the interest of national defense that is not of common knowledge, y which could be valuable military information for a potential enemy, to plan or sustain war or insurgency against us or our allies. b. Classified Material. It is the official information which has been classified and marked with one of the categories mentioned above.
LN324-91 c. Access to Classified Material. It allows access to classified material only to those persons authorized to work with classified information and need to know such information to be able to accomplish their official duties. d. Custody. Is the person in possession or that has the responsibility of protecting and accounting for classified material. e. Inventory. It is the procedure used to account for classified material by control of entry and record of the document, or entry of destruction record, or by signed receipts. f. Document. Is any recorded information, without considering its form or characteristics, and includes, without being limited to, the following: (1) Handwritten, typewritten or printed material. (2) All drawn, painted or engraved material. (3) All sound recordings, voices, tapes or records. (4) All types of photographs and films, in negatives or processed, fixed or in motion. g. Authority for Derived Classification: It is the authority to classify material as a result of being connected to, or in response to other material related to the same subject of an already classified material. h. Material: Means any document, product or substance, on or within which information can be recorded or included. i. Properly authorized person: It is a person who has been authorized to work with classified information, according to the established norms. 3. TOP SECRET Information. Top Secret classification is limited to the information of defense or material that require the highest degree of protection. TOP SECRET information will be applicable only to that kind of information or material that is extremely important for defense, and the unauthorized disclosure of which would result in serious danger for the nation, as for example: a. Definite severance of diplomatic relationships, that would damage the defense of the nation; [leading) to an armed attack against them or their allies or to a war. 63
LN324-91 b. Compromise the military defense plans, or the operations of military intelligence, or technical or scientific developments vital for the national defense. c. As examples of this type of information, there are: (1) A strategic plan that documents the complete operations of war. (2) The documents for war planning. (3) Plan of operations for an independent operation, or for a series of coordinated operations. (4) Documents of military intelligence containing complete information of a nature that would reveal a big effort of military intelligence activities by the nation, and that would enable unauthorized persons to evaluate the success obtained by the military intelligence services of the nation. (5) Plans or programs to carry out operations of military intelligence, or other special operations, when the knowledge of a particular plan, program or operation would result extremely damaging for the nation. (6) Important information regarding equipment (war materiel) extremely important and radically new, whose technical development constitute vital information for the defense of the nation. 4. SECRET Information. The use of SECRET classification will be limited to defense or material information whose unauthorized dissemination could result in serious damage for the nation, such as: a. Jeopardize international relations of the country. b. Endanger the effectiveness of a program or policy vitally important for the national defense. c. Compromises important military plans for the defense or the technical development for the national defense. d. Reveals important operations of military intelligence. e. Examples of this type of information are: (1) A war plan or a complete plan for a future war operation not included under the TOP SECRET classification, and documents that indicate the disposition of our forces, whose unauthorized publication, by itself, could compromise such secret plans. 64
LN324-91 (2) Defense plans and other military plans not included under the TOP SECRET classification, or in the previous paragraph, that contain plans and development programs or acquisitions, although they do not necessary include all the emergency plans. (3) Specific intelligence that, by itself, could reveal the military capability of degree of preparation of the Armed Forces, but does not include information whose unauthorized disclosure could compromise a TOP SECRET plan. (4) Intelligence that reveals the strength of our forces involved in war operations; quantity or quality of equipment, or the quantity or composition of the units in a theater of operations or other geographic area where our forces might be involved in war operations. During peacetime, the information that would reveal the strength, identify, composition or situation of units usually would not require SECRET classification. (5) Military intelligence or other information whose value depends on concealing the fact that the nations possesses it. (6) Details or specific information related to new material, or modification of material that reveal important military advances, or new technical development that has direct application of vital importance for the national defense. (7) Security measure for communication or cryptographic material that reveals vitally important information for the national defense. (8) Intelligence of vital importance for the national defense, with regard to amounts of war reserves. f. CONFIDENTIAL INFORMATION. The use of CONFIDENTIAL classification will be limited to defense information and to the material whose unauthorized disclosure could be damaging to the interests of the national defense. As examples of this type of material, there are: (1) Reports of operations and battles that might have valuable information for the enemy (The Essential Elements of Friendly Information). (2) Reports that contain military intelligence, no matter what type of information. (3) Frequencies of military radios and call signals that have special meaning assigned, or those that are frequently changed because of security reasons. (4) Devices and material related to the communications security. 65
LN324-91 (5) Information that indicates the assets of our ground, sea and air forces in national territory or abroad, or the composition of the units, or que quantity of specific equipment units that belong to them. During peace time a defense classification is not necessary unless such information reflects the numbers of the total assets or quantity of weapons whose characteristics are themselves classified. (6) The documents or manuals that contain technical information used for training, maintenance or inspection of classified war material. (7) Doctrine of tactical or technical operations. (8) The investigation, development, production and acquisition of war materiel. f. Handling of classified documents (1) Protection of classified material in the hands of persons that are travelling. (a) A person receiving travel orders, and who is authorized to carry classified material, will protect such material by the following methods: 1- He will contact his commander in order to obtain, if available, the corresponding means of protection, according to the particular classification of the material, or; 2- Will keep the material under his personal control continuously. It is the responsibility of the carrier of classified material to use his best judgement for his actions, in order to avoid risky situations that might compromise the classified material. (b) The personnel on travel mission will not carry classified material when crossing international borders where the classified material might be subject to scrutiny by Customs inspectors or other "unauthorized" persons. Such material, when forwarded previously by diplomatic pouch or by mail, will not encounter any obstacles on its way. (2) Covers of classified material. The cover of classified material is used to call the attention of the personnel handling it, to the fact that it is a classified document, and to protect it against unauthorized scrutiny. The cover shall have the stamp identifying the classification of the document. (3) Destruction in case of emergency. 66
LN324-91 (a) Plans The commanders and chiefs that are responsible for the protection of classified material will make formal plans for the destruction or safe transfer of all classified material under its jurisdiction, in case of civilian disturbance, disaster, or enemy action. (b) On board aircraft or ships If the aircraft carrying classified material is forced to land, or a ship runs aground in unfriendly or neutral territory where capture seems imminent, or in other circumstances when it appears that the material should be destroyed so as not to be recognized, it is preferable to burn it or destroy it in a way that will not be recognizable. (4) Security of the typewriter ribbons: The typewriter ribbons, whether made of cotton, rayon, paper, or silk, which are used to write classified information are not safe until they have been written over twice. Presently, many of the ribbons for typewriter machines can only be used once, therefore have in mind that the impression of letters remain in the ribbons and these are significantly valuable for the enemy as is the paper in which the information was typed. These ribbons should be protected accordingly. (5) Classified trash: Trash such as drafts, minutes, notes, dictaphone recordings, or other recordings, typewriter ribbons, carbon paper, rolls of film, and similar articles, containing information of national defense, shall be protected by a responsible person, according to their classification, until they can be destroyed in an orderly fashion the same as for material of similar classification. It is necessary to have a certificate of destruction. Back to Top 67
CHAPTER 5 LN324-91 CHAPTER V LIAISON INTRODUCTION: The purpose of this chapter is to enable you to plan and carry out Liaison with Government and civilian Agencies for collection of information/intelligence required, in compliance with the commanders requirements, without losing a mutual confidence with the Source. GENERAL: A. Before carrying out a Liaison, it has to be determined first which agency or source will be contacted and the purpose for the contact: 1. Liaison could be carried out with the following sources or agencies: a. Government agencies b. Military units or agencies c. Civilian agencies and industry 2. The purposes for carrying out the liaison are: a. To establish a relationship of mutual confidence between the various government agencies. b. To develop sources of information for immediate or future exploitation. c. To collect and exchange information that might be useful for future investigation. d. To obtain assistance in investigations or CI operations. B. With this in mind, there are two forms or types of Liaison that can be carried out: FORMAL LIAISON and INFORMAL LIAISON 1. Formal liaison is carried out to obtain: a. Specific information for an ongoing investigation. b. Information related to security violations. c. Information of threats to the national security. 2. Informal Liaison is carried out to: 68
LN324-91 a. Establish a relationship of mutual confidence. b. Develop Sources. c. Obtain information related to specific investigations. d. Obtain information that has not been requested specifically but is related to one or more incidents or investigations. e. Maintain friendly relationship among the Sources of information and the CI agents. C. Before starting a liaison, you should review the SOP of the unit to determine the proper Liaison procedure in your area of operations. D. Upon reviewing the SOP you should determine the requirements and establish priorities according to the SOP. Some of these areas are: 1. The priority of intelligence requirements are selected by the Commander, higher authority or by the mission. 2. The requirements are generated by the direction taken by the investigation. 3. The priorities that have been established based on the recommendations by the Commander or the urgency of the mission. E. Once the requirements have been reviewed, you can establish the liaison contact. 1. There are three basic methods to establish a contact, and these are: a. Personal Approach: This is done by the person (Agent) actually carrying out the liaison with the Source. This individual (Agent) introduces personally the new Agent to the Source. This method is preferred because it has the advantage of transferring the credibility and confidence of the old Agent directly to the new Agent or contact. b. Introductory letter: In this method the new Agent obtains a letter of introduction from a person or old Agent that knows the Source. This letter is presented to the Source during the first contact. The other method of introduction letter is to send a letter to the Source indicating that you wish to visit him. c. Cold Approach. This is the least effective method since it involved making the initial contact with a strange person. The first visit of this approach should always be on a social level and must be a short one. 69
LN324-91 2. When you have not done any personal contact with the Source, you must take into consideration the following: a. The Agent must introduce himself and present his official credentials identifying him as a Special Agent of Officer of Military Intelligence. b. Indicate the purpose of the visit. c. Based on your personal observation of the Source's reaction, determine if a casual conversation is appropriate. d. As the Agent you must be alert all the time to the signals by the Source that might indicate what kind of approach is better to use with the Source. e. The Agent must be cordial, professional and sincere. f. Must show respect for the position or profession of the Source. 3. If there has been a previous personal contact with the Source, the actions of the Agent could be more relaxed (calm) according to the relationship established by previous contacts. F. During the liaison, you must establish a Relationship of Mutual Confidence in order to: 1. Establish cooperation between you and the Source. A great deal of precaution should be used to develop the Source's willingness to cooperate, because you do not want to compromise the Source. 2. Have in mind that you can obtain information from previous liaison reports and other documentation that may assist you in determining the type of approach that would be best for the Source in particular in order to: a. Adopt the proper attitude. b. Be ready to change attitude if it is necessary. As the Source calms down and starts to cooperate, a more relaxed attitude could be helpful. 3. One of the techniques that you can use is to deal with subjects of mutual interest. EXAMPLE: "If a person is a football fanatic, he would very receptive to talk about that sport instead of another sport that he does not know, or does not care to about." 70
LN324-91 4. During the liaison contact you must show sincere interest in the Source's opinions. If the Agent shows that his (Agent's) opinion is better than the Source's, you might lose the Source's confidence. 5. It is important, also, that you study well the capabilities of the Source before asking him for information. This might embarrass the Source if a request is made that he cannot fulfill. 6. You must always be aware of the jealousy existing among the various Agencies. And remember always that you do not have to compare the effectiveness of one Agency against the other, this could cause a serious problem because the Source could also be providing information to other agencies where you might also have another contact. 7. During the Liaison contact, maintain always your position as a CI Special Agent and do not fall into discussion of military ranking; this is very important because you are a direct representative of the government. 8. If you do not have any previous knowledge of the Source, establish the contact and mutual confidence in the manner already discussed. In this situation, maintain flexibility and allow the circumstances to dictate on the approach that can be used with the Source. G. During the liaison contact there will be instances when information of mutual interest will be exchanged. 1. Before exchanging such information, first determine if that information can be divulged. Consider the following points as basis for such exchange: a. Whether the information does not violate the SOP stipulations. b. Whether it is classified and cannot be divulged among other agencies, even if they are part of the Government. NOTE: The exchange of information is important because if you only obtain information and does not offer certain information in return there is the possibility of losing the Source's confidence. 2. The Liaison contact can be considered successful when: a. both parts involved in the Liaison decide or discuss the exchange of information. b. both parts can use the information exchanged to their advantage. Back to Top 71
CHAPTER 6 LN324-91 PREPARATION OF THE LIAISON REPORT INTRODUCTION: Upon conclusion of a liaison contact, a report of the liaison has to be prepare to include all the identification data of the Source; all the information on previous contact reports; a description of the circumstances of the contact and operational matters; data of the Source's background; a list of all the other reports prepared in relation to this contact; all the information related to the financial and logistic support, remarks (if applicable) and the signature of the Agent. GENERAL: A. First determine whether the liaison report is necessary or allowed/authorized (Some countries prohibit the documentation of information by the citizens of the same country). 1. Prepare the liaison report after the contact has been completed. B. Complete the heading of the report (See Figure No. 1) 1. TOPIC/SUBJECT: Write down the name, position, organization, and other data that identifies the Source, as requested by the local SOP. If a code number has been assigned to the Source, use only this number for identification. 2. REFERENCES: a. Write the date and control number of the last Liaison Report prepared in regard to this Source. b. If there are no previous reports on this Source, make a note of it in the Report you are preparing. c. Note down all the documents and material that were originated by, or related to, the Source. 3. DATE: Note down the date of preparation of the report. 4. NUMBER OF THE REPORT: Write down the number of the report, it depends on the SOP of the unit. Usually, the CI section keeps a record of all the sequential numbers used for Liaison Reports. 72
LN324-91 Figure #1 (CLASSIFICATION) LIAISON REPORT SUBJECT: DATE: REFERENCES: REPORT NO.: PROJECT NO.: ---------------------------------------------------------------------- (WRITE A WARNING NOTE IF NECESSARY) 1. ( ) CIRCUMSTANCES OF THE CONTACT: a. Purpose b. Date, Hour, Place of contact c. Persons present 2. ( ) OPERATIONAL MATTERS 3. ( ) INFORMATION OF PERSONALITY 4. ( ) PRODUCTION 5. ( ) FINANCE/LOGISTICS 6. ( ) COMMENTS: (NAME OF THE AGENT) (ORGANIZATION/UNIT) (COUNTRY) REMARKS BY THE REVIEWER: (CLASSIFICATION) 73
LN324-91 5. NUMBER OF THE PROJECT: In the CI cases, usually, each investigation or project has a number assigned to it. The unit's SOP assigns those numbers if applicable. C. WARNING NOTE: If necessary, include in this section of the Report a note that will indicate the sensitivity of the investigation or the contact, as shown in the following example: "WARNING: SOURCES AND SENSITIVE METHODS INVOLVED" D. COMPLETE PARAGRAPH 11: "CIRCUMSTANCES OF THE CONTACT" (SEE FIG.#1) Describe the circumstances of the contact including: 1. Purpose 2. Date, hour: use the expression: "from ... to ... of May 19.." 3. Place where the contact occurred. 4. Persons present: Whether there were other persons present during the contact, note down their complete physical description and other pertinent details. E. COMPLETE PARAGRAPH #2 (OPERATIONAL MATTERS) 1. List in chronological order all the events and subjects discussed during the contact. 2. Mention briefly any operational information that has not been included in other reports. 3. Write down all additional information and the identification of new leads or Sources with as much detail as possible. F. COMPLETE PARAGRAPH #3 (INFORMATION OF PERSONALITY) Give information related to the Source as completely as possible. This will include, but not limited to, the following: 1. Personality or personality traits. 2. Idiosyncracies, peculiarities of the Source. 3. Sense of humor, or lack of it. 4. Type of information that the Source is willing to discuss. 74
LN324-91 5. Topics that must be pursued or disregarded. 6. Background information on the Source that has not been reported before. NOTE: If a code number has been used to identify a Source in this report do not give information of personality that might compromise or identify the Source. G. COMPLETE PARAGRAPH #4 (PRODUCTION): List, according to the report's number, all the documents that were produced as a consequence of the contact with the Source. H. COMPLETE PARAGRAPH #5 (FINANCES AND LOGISTICS): If applicable, include a list of: 1. Incentives used 2. Amount of expenses: a. Official funds b. Personal funds I. COMPLETE PARAGRAPH #6 (COMMENTS) 1. Write down comments that the Agent believes are applicable but cannot be confirmed (personal opinions, intuition, etc.) EXAMPLE: "During this contact the Source appeared to be very nervous. In previous contacts the Source never showed to be nervous." 2. Explain the specific purpose of all the expenses paid in cash by the Agent, disregarding "when", "where" or "why" J. FILL OUT THE SIGNATURE BLOCK 1. Name of the Agent 2. Official title or position 3. Office to which Agent belongs 4. Country where the Agent's office is located K. CLASSIFY THE REPORT L. PREPARE THE REPORT IN TWO COPIES: 1. Sign both copies 2. Forward one copy to the Higher Control Office 3. Keep a copy for your office files. Back to Top 75
LN324-91 CHAPTER 7 INTRODUCTION - INVESTIGATION OF PERSONNEL SECURITY INTRODUCTION A definite concept with regard to security is that no person, merely because of rank or position, has the right to know or possess classified information or material; and that such material will be entrusted only to those individuals whose official or governmental functions require knowledge; and that all persona that require access must be authorized to received classified information or material. These individuals must be of undisputable loyalty, integrity and discretion; must posses excellent character and have such habits and associations that leave no doubt at all of its good judgement in the handling of classified information and material. GENERAL: A. SECURITY is the responsibility of the Command: 1. The Commanders may delegate work and functions, but responsibility cannot be delegated. One of the most important functions of Military Intelligence is to assist the commander is establishing and maintaining security. The Investigation of Personnel Security (IPS) is one of the methods used to attain that security. The investigation is done of the individuals occupying sensitive positions and are under the jurisdiction of the military service, or of individuals considered for filling out positions of confidence that require access to classified information or materials. B. SENSITIVE POSITION 1. A sensitive position is any post within the military services whose occupant could cause an adverse effect to national security by virtue of the nature of his responsibility. 2. All sensitive positions require an Investigation of Personnel Security (IPS) a. Any positions whose functions or responsibilities require access to classified defense material. b. Functions related to classified systems and cryptographic equipment. c. Functions related to studies and investigations and/or classified development. 76
LN324-91 d. Duties that encompass the approval or the process of cases of presumed disloyalty, subversive activities or disaffected personnel. e. Any other activity or position designated as sensitive post by the senior command chiefs. 3. Usually, we refer to those functions that require access to CONFIDENTIAL information or to higher security classification. In order to occupy a sensitive position it is not necessary for the individual to be involved in the creation of classified information , nor to act in making decisions related to it. For example, the typist that copies classified documents has access to the information and therefore, occupies a sensitive position. The keeper of files does not have to read the classified documents that he handles has access to classified information and also occupies a sensitive position. All positions of officers, NCO's, and enlisted men are considered sensitive by virtue of their rank. a. Up to this point, the sensitive positions that have been mentioned have something to do with classified information. However, it is possible to occupy a sensitive position or perform in a sensitive post without having anything to do with classified information. These functions or duties concern the teaching programs, briefing of personnel of the armed forces, including the training for such duties. b. In this case, the sensitivity of the position is not determined on the basis of access to classified information, but on the basis of the influence that the personnel of instruction programs may have on the military personnel and their ways of thinking. The sensitive classification is reserved to persons of the military personnel that produce or administer the program. The recipients, the military personnel receiving training are not considered participants of a sensitive function or position. c. Finally, the sensitive positions involve the process of investigation of allegations of disloyalty, subversion, and disaffection. Because of our duties and responsibilities, we, the intelligence personnel, are included in the category of sensitive positions. d. These are the sensitive functions that required a Security Certificate. The commander decides whom to authorize such certificate based on the information that we, as Agents, provide through our investigations of personnel security. 4. WHY ARE INVESTIGATIONS OF PERSONNEL SECURITY NECESSARY? ARE ALL MILITARY PERSONNEL CONSIDERED DISLOYAL? a. Senior chiefs of Military Intelligence have given some reasons for carrying out investigations of personnel security. Among them: 77
LN324-91 (1) Any intelligence agency that does not believe it could be penetrated any day, by any of its officials, from the concierge to the director, would be very complaisant and we would be criminally negligent if we do not function under such supposition. (2) We have to act under the supposition that our adversaries are as cunning as we are and that they will be able to enter every now and then. (3) The security of the nation demands constant vigilance in order to maintain our adversaries outside, and prevent them from obtaining information and to uncover and remove them as soon as possible. 4.[sic] How can we keep our adversaries from entering? (1) The proper authority will be the one who determines the need for a personnel investigation of an individual. This authority usually is the commander. (2) The request is sent to the Intelligence Officer of the Staff at national level, who in turn orders his control office to initiate an investigation and refer it to the CI unit for investigative action. 5. An investigation of personnel security is used to find out the following: 1. Loyalty 2. Discretion 3. Character 4. Integrity 5. Morale of an individual that will give information upon which a decision would be made on whether the individual will be posted to a specific position that requires access to classified material which is consistent with the interest of national security. 6. The action agency will be the same commander who made the request. The commander must take a decision in each investigation. The decision will be based on the information contained in the investigative reports provided by Counterintelligence. 7. The fact that the person enters voluntarily into one of the armed forces is no proof of loyalty, because: a. The individual could be intending to accomplish an illegal/nefarious act. b. Could be intending to gain access to classified military information. 78
LN324-91 c. Could be intending to deliver such information to an enemy agent, present or potential, to obtain military experience in order to be able to apply it against us when the occasion arises. 7.[sic] Acts like swearing allegiance (in writing), going to church, etc. are only manifestations of loyalty and respect that could be used to over up ulterior motives. These manifestations cannot be accepted as proof of loyalty, although they have much value as indicators of the right direction. D. INVESTIGATIVE REQUIREMENTS: 1. (How does an investigation start? EXAMPLE: a. Suppose a new typist will have to work with classified information, and therefore, needs access to same. Since he never had previous security authorization to work with classified material, the commander, responsible for the security of his command, requests a security investigation of personnel for the new typist. The request goes up to national level to the Staff Intelligence Officer whose function is to provide information on security. On the other hand, the counterintelligence of the unit directs the investigation of personnel security of the new typist. b. In order to establish the loyalty of a person, the lack of disloyalty has to be proven. In order to prove it, the qualities and weaknesses that might lead a person to commit a disloyal act are searched. c. Among the things looked for to prove disloyalty are: 1) Vengeance 2) Desire for material gains 3) Desire for more prestige 4) Friendship 5) Ideological tendencies d. Among the weaknesses that make a person susceptible to committing a disloyal act under pressure are: 1) Close relatives in foreign countries. 2) Big financial investments in foreign countries. 3) Jealousy 4) Credibility 5) Weak character 6) Serious guilty episodes in the past 7) Debts 79
LN324-91 8) Use of Narcotics e. Absence of the factors indicated above is an indication of loyalty and confidence on the individual under investigation. Only a small percentage of the investigations of personnel security show that an individual is disloyal. Our work as CI Agents is to find that small percentage of disloyal persons, and prevent them from getting access to the type of information that could be damaging to the national security. We discover the weak points within the national security, it is up to the commander and the agency to act, eliminating them from sensitive positions. f. Description of each one of the factors mentioned above, which could affect the loyalty of a person: 1) VENGEANCE: Could be one of the strongest motives. Hate corrupts the moral value in such a way that the person could do the utmost to betray his country in order to take revenge against a person or group he hates. 2) MATERIAL GAIN: Some people yearn so much for personal gains that do not stop at anything to attain their goals. We do not condemn ambition and the innate desire to advance in life, but we do condemn the persons that want to amass riches without taking into consideration the ethics of society. 3) PERSONAL PRESTIGE: This motivation applies to those persons whose main ambition is for power, power above all, to demonstrate the work their superiority as leaders. 4) FRIENDSHIP: Some persons of high integrity commit acts against national security because of friendship ties to another persons. 5) IDEOLOGICAL BELIEFS: A person that has hostile beliefs against its own country is very vulnerable to be approached by agents or subversive groups. 6) CLOSE RELATIVES IN FOREIGN LANDS: For a long time, threats of mistreatment against loved relatives who are under the regime of a threatening power have been used. The Soviets have widely applied similar techniques, currently, as a means to obtain support and cooperation. 7) INVESTMENTS IN FOREIGN COUNTRIES: Due to human nature, there are many persons who consider that material riches are more important than the integrity of moral principles. When these persons are in danger of losing their investments in foreign countries, they can be persuaded to betray their own country. 8) JEALOUSY: One of the strongest motivations used by cunning agents in order to induce loyal persons to commit hostile acts against their own country. 80
LN324-91 9) CREDIBILITY: In this category are classified those persons that believe in everything literally and do not find anything wrong in other persons. This type of person is almost always an idealist and sometimes could be used as an instrument by unscrupulous agents. Credulous persons by stupidity are not used frequently because of the poor quality of information that they might obtain, although in some occasions they could be used as "bait" for sabotage acts, strikes, and public disorder. 10) A person with a weak character can be easily dominated by another one and is an easy prey for subversive elements looking for a servile assistant. 11) DEBTS: The persons that have gotten into substantial debts always try ways to recover their losses quickly and easily. These persons constitute a definite security risk, and is very vulnerable because he can be persuaded by a considerable sum of money. We all know the saying: "EVERY ONE HAS A PRICE," therefore, the price of all persons in this category is relatively low. 12) USE OF NARCOTICS: This category does not need explanation. We all know that the drug addicted commit crimes in order to maintain their habit. 13) GUILTY COMPLEX: As human beings, many of us have experienced certain episodes in the past for which we may feel ashamed. The enemy agents that have the mission to recruit agents/sources, do not hesitate in taking advantage of such experiences to force the cooperation of the individuals for subversive conspiracy. The threats to divulge such episodes has always been a powerful wedge to force a person to commit illegal acts. g. These are some of the factors that we must look for during an investigation of a person to be employed in a confidence position. When we discover indications in any of them, the investigation is broadened in order to: 1) approve them 2) reject them. h. Looking for the bad side of a person might seems like a cynical act, but we are in a cynical occupation that has demonstrate throughout the years and by experience, that this is the only way to approach an investigation. i. The experienced investigator does not accept from the start any information that has not been checked. j. A very important part in the life of a CI agent is his behavior during an investigation of personnel security. The behavior of the agent ensures whether he will obtain the information or not. The interview is 81
LN324-91 a very emotional situation for many persons. Even though you identify yourself as am agent of Military Intelligence, they will take it as though you are an agent of criminal investigations (police). It depends on you and your behavior during the interview whether it will have positive results or not. 5. CERTIFICATE OF SECURITY AUTHORIZATION a. After the action agency (the commander) finishes with the study of the personnel security investigation results, he proceeds to carry out one of several lines of action: 1) He might ISSUE a certificate of security authorization 2) He might DENY the certificate of security authorization 3) He might REVALIDATE a certificate previously invalid. 4) He might INVALIDATE a security authorization previously issued. 6. TYPES OF INVESTIGATIONS OF PERSONNEL SECURITY a. Usually we are interested on two types of investigations of personnel security: 1) To check National Agencies (CNA) 2) Investigation of Personal History (IPH) b. The type of investigation required at any time depends on the category of the classification of the defense information to which access is required, and the citizenship of the individual concerned. c. CHECKING THE FILES OF NATIONAL AGENCIES 1) It consists on an examination of the files of those national agencies that might have information related to the loyalty and reliability of the individual. The Control Office determines which agencies shall be checked in all the cases: a) The Internal Security Agency (DNI) b) Index of Investigations of the Armed Forces 2) Internal Security Agency: The files of crimes and subversive activities will be checked during all the investigations. It should include fingerprints of each applicant. 3) National Level of the Army: a) Staff Intelligence Office b) Director of Personnel Administration (military) 82
LN324-91 c) Chief of the Military Police d) Index of Central Archives (Minister of Defense) These are checked when there are indicators that the individual is or have been employed by, or is owner of, a company that has had classified contracts with the Minister of Defense. 4) National Level of the Navy 5) National Level of the Air Force 6) Archives of the Government Ministries 7) Other Investigative Agencies. 7. CHECKING NATIONAL AGENCIES (CAN) AND INQUIRIES IN WRITING: a. We have already discussed CAN. Parts of the investigations of files include the Inquiries in Writing. This is done for the following agencies and individuals: 1) Local Agencies of Law Enforcement 2) Previous supervisors of the individual 3) References given by the individual 4) Learning schools and institutions b. The Written Inquiry is usually a mimeographed letter distributed to the character references and credit references given by the individual, requesting from them a written report on everything that they know about the individual. 8. INVESTIGATION OF PERSONAL BACKGROUND: The second type of investigation of personnel security is the investigation of personal background. This category constitutes the majority of the investigations that you will perform as CI Agents. a. Components of an investigation of Personal History (Background): 1) Checking with National Agencies (CAN) 2) Birth certificate 3) Education 83
LN324-91 4) Employment 5) References 6) Investigations in the neighborhood 7) Criminal background 8) Military service 9) Connections abroad 10) Citizenship 11) Credit Record 12) Organizations 13) Divorce record b. Checking National Agencies (CAN) is to verify the files of national agencies with regard to the loyalty, morality, discretion, character and integrity of the individual. c. Birth Record: Usually we do not check birth records, unless there is discrepancy in the birth dates of other recorded files. d. Education: The files of all the schools and learning institutions attended by the individual. Interviews can also be had with teachers and professors of the individual in order to get more personal and intimate information of the individual. e. Employment (occupation): We are interested in the degree of efficiency at his work and the reason why he terminated his employment. f. References: In the majority of the cases we must assume that the personal references given by the individual will be partially or totally in his favor. There are three reasons why we verify the references: 1) It is possible that the person indicated in the Personal History as a friend, might not be so friendly with the individual. 2) A friend might reveal damaging information without being conscious of it. 3) The references are a good source to obtain "developed sources." These are persons that have knowledge of the background of the individual but have not been given as references in his application. g. Investigations in the neighborhood: Valuable information is obtained of the personal life of the individual. Mainly what is done is a compilation of gossip (rumors). But if this gossip come up again in other agencies, they could be taken as valid. h. Record of criminal background: It could be requested by mail or through Liaison investigations. The information obtained from these records must be verified with the court register and judicial procedures. 84
LN324-91 i. Military Service: The type of leave or discharge is checked in order to verify if it was because of disloyalty, subversion, indiscretion, or moral perversion. j. Connections abroad: 1) Determine up to what point the individual has investments in foreign countries. What is the amount of money invested by the individual in these countries. 2) Another point that should be examined is whether the individual has relatives in those countries. It is possible that the foreign country may put pressure against the individual by using his relatives as an excuse. k. Citizenship. The citizenship of an individual and his parents could be verified through the records of the Immigration Service. 1. Travel abroad: 1) Dates of departure 2) Destination 3) Purpose of Travel. Activities that the individual was involved in during his stay in that country. It is possible for the individual to have been involved in some difficulties in that country. m. Credit Record: Credit agencies are contacted, credit loaners, where the individual has resided for considerable periods of time. Through these records the integrity of the individual can be determined. n. Organizations: Investigate whether the individual was a member or was affiliated or sympathizer, with any organization, association, movement, group or combination of foreigners or locals that have adopted or manifested a policy of defending or approving enactment of actions by force or violence in order to deprive other persons of their rights as dictated by the country' s constitution. o. Divorce records: It is used to prove or contradict the information already included in his Personal Background (history). 9. EVALUATION OF THE INFORMATION OBTAINED: a. It is the duty of the investigator to point out if the information obtained during the investigation are "Facts", "Opinions." or "Rumors." There are three ways to comply with this requirement: 1) Description in Words: Indicate by means of a description in words the degree of Reliability of the confidential informants, when submitting the information received from them. The description in words is used only to describe the information obtained from reliable sources. EXAMPLES: 85
LN324-91 a) The Source (So and so), who has submitted confidential information in the past informed the following: b) The Source (So and so), reliability unknown, who knew the Subject for the past ten years, informed the following: 2) Notes or Remarks by the Investigator (Agent): are remarks by the agent which can be included in the report to add validity to the information provided by the source, or else to detract validity to such information. EXAMPLE: a) " The source was very nervous during the interview. b) "His statements (the Source's) regarding dates and places were very generalized and sometimes gave the impression of not being sure of himself." 3) Appropriate phrases: Using certain appropriate phrases in the report will help the control agency to determine more accurately the validity of the information provided. EXAMPLES: a) "The Source said that ...." b) "The Source provided the following rumor... 10. ENDING THE INVESTIGATION: a. The action agency bases its determination regarding issuance of authorization certificates to classified material on the investigation carried out by the CI Special Agents: b. The investigation that you have carried out will determine the future of the individual, and therefore each investigation must be as complete as possible. c. In an effort to provide a superior investigation, the Agent should: 1) Obtain all possible information. 2) Support all the conclusions with facts. 3) Identify all the opinions as such in the investigation report (Agent's Report) 4) Explain all the leads that were not followed. 86
LN324-91 5) Obtain enough information during the course of the investigation in order to enable the Action Agency to adopt a final action upon receiving the results of the investigation. 11. AGENT'S ATTITUDE In order to combine all the desirable requirements of a CI Special Agent, while performing his functions in the field of intelligence, you should always have: a. Know the significance of the words loyalty, discretion and reputation in order to be able to gather the required information for the Action agency. b. Keep in mind the purpose of the investigation so that the findings will reflect the information required by the Action agency. c. Be impartial, absolutely, in order to do justice to all; to the SUBJECT of the investigation and to the national government. d. Be diplomatic while performing your duties as investigator, in order to obtain the information desired without wasting any time. e. Maintain a professional stance at all times because it will reflect your quality as an agent, the quality of the CI service and of the Army. f. Avoid accusing the interviewee because you need to obtain certain information from that person, and if he becomes scared, he will not be able to talk. Back to Top 87
LN324-91 CHAPTER VIII INTERROGATION PHASE/TECHNIQUES INTRODUCTION: The interrogation phase/techniques for questioning have a very unique value because they will cover all the interrogatives. The ability to ask questions is as important as the investigation that is being carried out. Without a good knowledge of how to address his questions, many times valuable intelligence information could be lost or answers are given that are contrary to what the source provided. GENERAL: a. Usually, the interrogation phase/questioning techniques starts when the source starts answering questions pertinent to the specific objectives of the interrogation/interview. b. The questions must be sufficiently comprehensive to ensure that the subject of interest has been completely exploited. c. All the answers obtained from the Source must established the basic interrogatives which are: (1) Who (2) What (3) When (4) Where (5) Why (6) How d. All your questions must be presented in a logical sequence in order to be sure that the significant topics or objectives have not been neglected. e. Frequently a series of questions are used, following a chronological sequence of events, but it is by no means the only logical method of making an interrogation. (one page missing from the original) (3) Non Pertinent Questions: (a) Non pertinent questions are those that have nothing to do the with objectives of the interrogation/interview. When pertinent que non- pertinent questions are carefully mixed, the Special Agent [SA] could hide 88
LN324-91 the real purpose of the investigation and make the Source believe that a relatively insignificant matter is the basis for the interrogation/interview by asking pertinent questions in a casual manner. For example: * Emphasizing questions and details that are not important. * Dwelling on non-pertinent topics that the Source seems unwilling to discuss. (b) One of the techniques for which non-pertinent questions are used is to make the source relax, and then go back to pertinent questions in order to obtain the information desired. (c) Another use for non-pertinent questions is to break the "train of thought" of the source. This is particularly important if there is suspicion that the source is lying. Always have in mind that the Train of Though is an effort by the Source to concentrate possibly to come up with a lie. The SA could break the concentration by introducing suddenly a completely unrelated question, and afterwards returning to the pertinent topic. (4) Repeated Questions: (a) The repeated questions are used as a means to ensure precision, particularly when the SA suspects that the Source is lying. (b) One of the techniques is to repeat the same question in another way or disguised. (c) The repeated questions also are useful to ensure precision in the details, such as places, names, dates, team components and similar topics. (5) Direct or tricky questions: (a) The way you express the questions have a direct relationship with the response of the Source. A question can be made in different ways. Example: "Where did you go last night?" "Did you go last night to general headquarters?" "You did go to general headquarters last night?" "Didn't you go to general headquarters last night?" (b) The first example (where did you go last night?) is a direct and simple question that requires a narrative answer. This type of question usually produces the maximum amount of information and provides a great number of leads that can be followed or exploited by the SA. 89
LN324-91 (c) The other three examples are tricky questions in that they are suggesting the answer. (d) Tricky questions tend to suggest the source the response that he thinks the SA wants to know, and also limits the number of- details given in the answer. (e) As a general rule, the tricky questions are not good for the purpose of interrogation/interview, but could be used efficiently as a means of verification, means of strategy, or as a means of pointing out with precision at specific details. (6) Combined Questions: (a) Combined questions are those that contain more than one question. This type of questions should be avoided because they could be evaded easily and sometimes are difficult to understand. For example: "What kind of training did you receive at the basic training center of the enemy forces, and what kind of training did you receive afterwards at the advanced training center of the enemy forces?" (b) As you have noted in the above example, the source may answer only one, both or none of the questions, and the answer given may be ambiguous, incomplete or both. (7) Negative Questions: (a) Negative questions are those that confuse and give deceiving or false answers. This type of question could suggest two answers. For example: "Don't you know whether Col¢n went to General Headquarters last night? (b) If the SA is not aware of the negative question, with all probability he will extract an answer that the source never wanted to give. (8) Precise and Brief Questions: (a) All questions should be precise, brief and to the point. There should be no doubt in the mind of the source of what the SA wants to know. This type of question is identical to the direct question and limit the level of the Train of Thought of the Source since it should require a narrative response. (9) Questions Expressed Simply: 90
LN324-91 (a) The SA must use simple questions. Avoid convoluted words (words whose meaning other persons might not know). (10) Reinforcement Questions: (a) The reinforcement questions are those used to impart emphasis at a certain point of the interrogation/interview. During the interrogation/interview the SA must remain alert to detect and exploit the statements by the Source that indicate that he has valuable intelligence information, besides the one which is pursued in the present interrogation/interview. 3. Information from Rumors: (1) Rumors can provide valuable information. However, rumor must be classified as rumors. 4. Conclusions: (1) The last step of the interrogation/interview is to obtain any additional conclusions, statements, remarks or evaluations of a specially qualified source. (2) When the SA receives such information, he must also obtain the facts on which the source based his conclusions and/or evaluations. 5. Interrogation/questioning techniques Phase a. The interrogation/questioning techniques phase is what "truly makes a Special Agent" since it would be worthless to have an excellent "planning and preparation" and a wonderful "approach plan" if the "Interrogation/Questioning Techniques Phase" is not exploited to the maximum advantage in order to obtain the greatest intelligence information possible. b. Types of Interrogations/Interviews: The SA usually follows two general rules (the direct or indirect interrogatory/interview). The essential difference between the two lies on whether the source knows or does not know that he is being interrogated/interviewed. c. The Direct Interrogation/Interview: When we use the direct interrogation/interview, the source is conscious of being interrogated/interviewed, but knows or does not know the real objective of the interrogation/interview. d. Advantages of the Direct Method: (1) Consumes less time. 91
LN324-91 (2) Easier to carry out (nothing to hide) (3) Allows the SA to make continuous verifications of the information that he is receiving from the source. e. Disadvantages (1) The source does not want to be a stool pigeon. (2) He is afraid for his life (or his comrades') (3) Thinks that he can obtain something in exchange for the information offered (his own benefit). f. Indirect Interrogatory/Interview: This form of interrogation/interview is characterized by getting information through deceit and trickery without the source knowing that he is being interrogated. g. Advantages: (1) The information extracted is almost always true (no reason to lie.) (2) It is useful for extracting information (even) from the most difficult sources. (3) It serves for exploiting a big human weakness (the desire to talk). h. Disadvantages (1) A great deal of skill is needed. (2) It consumes too much time and personnel. (3) We do not know really whether the source really wants to cooperate/confess everything. 5. Use of techniques: a. Have in mind that both types of interrogation/interview can be used at the tactical as well as strategic level. b. Determining factors for the direct interrogation/interview: (1) Very limited time (TACTICAL LEVEL) (2) To use for immediate operation 92
LN324-91 (3) SA does not have much training c. Determining factors for indirect interrogation/interview: (1) Said operation/mission does not have immediate tactical importance. (2) The goal to be attained is at strategic level. Example: To know the enemy capabilities to sustain hostilities for long periods of time. 6. Selection of the Source: a) The criteria for the selection of personnel to be interrogated/interviewed could vary for innumerable reasons: 1) Time limitations 2) SA availability 3) Skills of the Ae (who in general serve as selecting officers). 4) Quality and quantity of information that the sources could have. Back to Top 93
CHAPTER 9 LN324-91 INVESTIGATION OF PERSONNEL SECURITY INTERVIEWS INTRODUCTION: The interviews of personnel security enables us to obtain truthful information to help us in our determination to offer a person access to classified information that might affect national security. These interviews are done normally with a person that has known the SUBJECT being investigated. GENERAL: l. Before beginning the interview we have to do good planning and preparation for the interview. The following steps must be taken if at all possible: a. Identify the individual that will be interviewed. NOTE: FOR THIS KIND OF INTERVIEW, A PRELIMINARY DATA SHEET WILL GIVE US THE CHARACTER THAT WILL BE GIVEN TO THE INTERVIEW. b. Prepare the questions that will be made. 1) Develop questions que will extract information regarding the following matters related to the SUBJECT: a) His loyalty b) His character c) His reliability d) If he is or is not adequate to fill a position of confidence. c. Prepare questions that will allow the source to answer in an open and spontaneous manner (narrative form). d. Avoid questions that only require "YES" or "NO" as an answer. Examples: Is your name Miguel? e. Prepare your questions using the basic interrogations (always have in mind the basic interrogations during the interview): 1) How 2) When 3) Who 4) What 5) Where 6) Why 94
LN324-91 f. Obtain the required forms, such as Sworn Statement, signed. 2. Once planning and preparation have been completed CONTACT THE INDIVIDUAL TO BE INTERVIEWED. a. Try to make contact and carry out the interview during working hours at the individuals work place (or where appropriate depending on the situation, if necessary make an appointment with the Source). 3. Once the meeting has been arranged and you meet the Source, carry out the interview. a. Identify yourself and show your official credential (always remember that you are the representative of a national government and that you are a Special Agent). b. Ensure/certify that the Source himself knows the SUBJECT (if necessary ask him for an identification card). c. Inform the Source of the purpose of the interview (Example: the purpose of this meeting is to obtain information onwho is considered for a confidence and responsibility position with the national government.......) d. Obtain positive identification from the Source. e. Try to gain and keep the confidence of the Source in such a way that he will feel at ease with you. f. Make the arrangements for the interview to take place in a quiet place and free of distractions. NOTE: IF YOU HAVE A RECORDER AVAILABLE AND THE SOURCE DOES NOT OBJECT, EXPLAIN TO ;HIM THAT YOU WANT TO USE TO PREPARE YOUR REPORT OF THE INTERVIEW IN THE MOST ADEQUATE WAY. g. Obtain and make notes of the information of the identification of the Source, including: 1) Name and rank 2) Position 3) The complete designation of the unit and its location or place of work and position. h. Inform the source that the interview is considered official business and warn him that he cannot discuss its content with strange persons to Military Intelligence. i. Ask questions to obtain information from the Source regarding: 95
LN324-91 1) Day, time, place and circumstances when he met the SUBJECT. 2) Day, time, place and circumstances when he last saw or communicated with the SUBJECT: 3) Frequency of contact between him and the SUBJECT: 1) professional contact 2) social contact 4) Any length of time over 30 days when he did not have contact with the SUBJECT: 5) Number of times and frequency of contact since he saw the SUBJECT last and method of communication. j. Ask the Source questions to determine his knowledge of the following regarding the SUBJECT: 1) Date of birth 2) Place of birth 3) Use of nicknames 4) Military units to which he belonged (if applicable). 5) Residences 6) Education (where did he study and to what level). 7) Civilian employment 8) Family 9) Hobbies/interests 10) Partners/business associates k. Questions asked to obtain the Source's opinion regarding: 1) The honesty of the SUBJECT 2) The confidence on the SUBJECT. 3) Can de SUBJECT be depended on? 4) Maturity of the SUBJECT 5) Morality of the SUBJECT 6) Mental and emotional stability of the SUBJECT. l. as the Source if he has knowledge of any problem that the SUBJECT might have had with police authorities. m. Ask the Source if he has knowledge of: 1) whether the SUBJECT uses or has used illegal drugs 2) whether the SUBJECT abuses prescription drugs 3) whether the SUBJECT has the habit of gambling. 4) The financial stability of the SUBJECT. 5) Use or abuse of alcoholic beverages 6) If he is member, goes to meetings or support any organization that intents to overthrow the national government. 96
LN324-91 7) If he is a member, or support any organization that tries to deny civil rights to a person or group of persons. 8) What is the professional reputation of the SUBJECT. 9) Whether the SUBJECT has made previous trips or long trips abroad. 10) Social reputation 11) Relatives living abroad 12) Business contacts in foreign countries. n. Ask the Source if the SUBJECT is loyal to the government. o. As the Source if he would recommend the SUBJECT for any position of confidence and responsibility with the national government. p. THE SOURCE SHOULD BE ASKED TO PREPARE A SIGNED, SWORN STATEMENT; .sworn statements are required when: 1) The source does not recommend the SUBJECT for a confidence position. 2) The source gives negative or derogatory information on the SUBJECT. 3) The information given by the Source does not conform with the negative information previously received. q. Obtain leads (additional contacts). Determine whether the Source knows other persons that know the SUBJECT and his activities. r. Determine whether the Source wishes his name to arise as provider of this information in case the SUBJECT requests it. s. End the interview. 1) The Source has to be reminded that none of the contents of the Interview should be commented with anybody else. 2) Thank the Source for his cooperation and bid good-by. 4. Prepare the required reports. Back to Top 97
CHAPTER 10 HOW TO OBTAIN A SWORN DECLARATION INTRODUCTION: During its functions as a Counter Intelligence Special Agent you must get a sworn declaration from the persons whom you have interviewed. These sworn declarations will help you determine the truth of the persons interviewed as well as recognizing if the information that they have given has any connection with your investigations. DEVELOPMENT: A. Definition of a Sworn Declaration: A Sworn Declaration is a written statement about facts, given voluntarily by a competent person who is a witness, who states under oath that the content of the statement is true. B. The Sworn Declarations must be obtained from the following categories of interviews: 1. Witnesses with direct or personal knowledge of the incident. 2. Sources who provide credible unfavorable information. Credible unfavorable information is defined as: Information related to loyalty and attitude of a person, who appears to be honest, and so who could make a probable base to take adverse action. e. The sources who refuse credible unfavorable information. Information that has been refused its defined as: That information that was refused (without validity). 4. SUBJECTS of an interview. 5. Suspicious persons who are citizens of the country. 6. Persons who have been accused and that are not citizens of the country. C. You may obtain this information during the interviews using the interrogation basic techniques in an efficient way. 98
LN324-91 5. The next four blocks will note the complete information about a person who is making a sworn declaration. The following information is included in block E. a. Complete name of the person b. Personal identity number c. Grade or civil rank d. Military unit or civil residence F. You must aid the interviewee to write a declaration using one of the following methods: 1. Narrative method a. The narrative method allows the interviewee making a declaration to write the information in his own words. This method is normally used when preparing the declarations of Sources, Witnesses, or Unscheduled persons. b. The Sworn Declarations made by a source must have a summary declaration explaining the social degree or professional association between the source and the subject. This must have the facts and circumstances of the facts that support or contradict the unfavorable credible information and answer all the basic interrogations. 2. Question and Answer Method a. When you are preparing a sworn declaration for a subject, accused or suspicious person use the question and answer method so as to ensure the verbal file in the interview. The question and answer method has both questions that you make and answers from the interviewee. This method allows you to limit to just the information contained in the declaration that is pertinent. b. The sworn declarations made by a subject, source or accused persons must contain, in addition to the facts and circumstance the following information: 99
LN324-91 1. An explanation of the purpose of the interview. 2. A declaration of recognition of the provisions of privacy according with the national government and these provisions must be explained. 3. A declaration of recognition that the SUBJECT was advised of his constitutional rights and that he denied these rights in writing noted in the certified text of the SWORN DECLARATION/LEGAL RIGHTS/USE OF A LAWYER. 4. A petition to have an interview under oath and the answer. 5. A complete personal identification of the interviewee. 6. A final question to find out if the interviewee wishes to add or change the declaration. 3. A combination of the two methods mentioned above normally provides the best result. The person interviewed is allowed to express himself and afterwards you may use the method of questions and answers to obtain specific information that has been omitted previously. This method also allows you to clarify the areas where the interviewee has not been clear in the declaration. G. All sworn declarations will be written in first person. The vocabulary and the grammar of the interviewee must be used during the entire process, including vulgarities if they are pertinent or provided as part of the actual interviewee's appointment. Expressions written in parenthesis, abbreviations, facts in military style and investigative jargon or the use of capital letters only used by the counter intelligence agents must not be used. H. Use additional pages to complete the body of the declaration. The additional pages are used when the sworn declaration does not fit in the second page of the document. I. When typing the sworn declaration, write the declaration as close as possible to the margins of the document, or write a line towards the margin when the declaration or sentence does not reach the margin. 100
LN324-91 J. At the end of the sentence of the sworn declaration, include the phrase, "Declaration Finished". K. In a sworn declaration that has been typewritten, have the interviewee put his initials at the beginning of the first sentence and in the last sentence of each page, as well as putting his initials on the side of any correction or errors. The sworn declarations made in handwriting do not need the initials unless there are corrections. Corrections made to the sworn declarations must be done in ink and ball point pen preferably in black ink, but keep in mind that the interviewee must put his initials next to the corrections. L. Complete the section under the page including the number of the page and the total of pages (page from page) and then you must make the person making the declaration put his initials in the upper part of each page in block F. M. Complete the section of the declaration writing down the name of the interviewee in blank sections in block H. N. Make the interviewee read the sworn declaration and make sure that he understands it. 0. Make the interviewee repeat the oral oath. If the interviewee does not wish to take the oath, you must not try to persuade him to change his mind. But, you must explain that a declaration that is not under oath could be used as evidence as well as you must explain that the meaning of the oath, and the penalties for submitting a false declaration. P. Make the interviewee to sign the sworn declaration. If the interviewee took the oral oath but does not wish to sign the sworn declaration, do not try to change his mind. Explain to him that the oral oath and not his signature is what makes this document a sworn declaration and that such document will be sent to the appropriate destination. Allow him the opportunity of making any changes to his first declaration. But, never destroy the original declaration. Q. Write down the place and the date where the oral oath was obtained in block J. R. Sign the document in block K, and typewrite the complete name of the counter intelligence agent in block L. 101
LN324-91 S. Write down the authority that the counter intelligence agent has in block M. T. Make the witness (if it applies) sign the sworn declaration. The witness signs the sworn declaration affirming that the interviewee understands the content of the sworn declaration and that the interviewee signed such declaration in your presence. THE WITNESS DOES NOT HAVE TO BE PRESENT DURING THE INTERVIEW, ONLY ONE WITNESS IS REQUIRED DURING A SWORN DECLARATION, UNLESS THE INTERVIEWEE WISHES A WITNESS TO BE PRESENT DURING THE INTERVIEW. U. If the interviewee wishes a copy of the sworn declaration provide him with a copy under the conditions that the sworn declaration is not classified. NOTE: If the sworn declaration is classified make sure that it is classified according to the SOP. V. Complete the appropriate reports, write down and add all the details. NOTE: When a sworn declaration is taken from a person that does not speak the national language, copies of the declaration must be prepared in the language spoken by the person. If necessary, use an interpreter for this purpose. Both declarations must have a statement indicating that the content of the declaration is complete and without errors. The person who transfers the document must sign the declaration and indicate that he is competent. The counter intelligence agent must supply the oath to the interpreter before the interpreter signs the declaration. Back to Top 102
CHAPTER 11 UNSCHEDULED INTERVIEWS INTRODUCTION: Frequently you will find an interview in which the person comes to the counter intelligence office to give information. This interview is not prepared beforehand, but it must be professional at the moment it takes place. GENERAL FACTS: 1. Once the person comes into the office you must: a. Be courteous and professional. b. Show your official badge (credentials). c. Obtain any personal identification. NOTE: GAIN THE PERSON'S CONFIDENCE AND BE NICE AND ALERT. THE EFFORT TO WIN THE PERSON'S CONFIDENCE MUST COME FROM THE MOMENT THE PERSON ENTERS AND CONTINUE THROUGH THE INTERVIEW. d. Determine the purpose of the source's visit. 1. Definition of an unscheduled interview An unscheduled interview is that in which the person comes voluntarily to the Counter Intelligence office and offers information that he thinks has value to the military intelligence. Frequently the person has some personal interest (money) in giving this information to the Counter Intelligence. 2. Some persons that fall within this category (unscheduled interviews) are: a. Native persons (residents of the same area where the incident occurred). b. Deserters c. Refugees or displaced persons d. Tourists and other persons visiting the area. 103
LN324-91 e. Participants in international conferences. f. Enemy agents under low rank, or importance. g. Persons who are only a nuisance to military intelligence. That is those who give constant information that is useless to the CI. 2. Once the person has come to your office start a Review of Files (the review is done normally when a person is busy and this review is done normally by his assistant): a. Determine if the name of the person appears in the list of persons that are only nuisances to the CI. b. Determine if the National Police, Military or Treasury has a file about this person. 3. If the review of the files indicate that the person is a nuisance to military intelligence: a. Thank the person for his information. b. Close the interview and walk out the person, be polite when doing it. 4. If the review of files does not indicate anything negative regarding the person, continue with the interview. 5. Once the assistant gives you the results of the review of files you may carry on with the interview: a. Ask the person permission to use a tape recorder during the interview. Explain to the person that this will help you prepare the report for this interview, and obtain all the information that he brings without making mistakes. b. Turn on the tape recorder only if the person allows you to. c. Take the oath of truth from the person (Example: You pledge or swear to tell the truth, the whole truth and nothing but the truth). The oath of truth must be taken standing up (if applicable) and with the right hand raised (if applicable). 104
LN324-91 d. Ask the person to tell you the whole incident, or whatever information he has. 1. Encourage the person to give you information in his own words. 2. Listen carefully and take mental notes of the areas of interest from the information given by the person. 3. Don't take written notes while the person is telling you the incident. 4. Don't interrupt the person. NOTE: IF THE PERSON GOES OFF THE SUBJECT, TACTFULLY LEAD HIM TO THE MAIN THEME. e. Go over the story the person has given you: 1. Assure the person that the information he brought will be kept in strict confidentiality. 2. Go over the story the person has given you covering all the points of emphasis and to clarify all discrepancies or contradictions. 3. Write down all leads that come up. f. Obtain information from person's history to help in the evaluation of the information. This information of history must include: 1. Identity (complete name, rank, and personal identity number.) 2. Date and place of birth 3. Citizenship 4. Present and past addresses 5. Occupation 6. What motivation he had to come to report the information g. Develop the secondary information: Frequently the story and history of the Source indicate that it is possible that he would have additional information of interest to military intelligence. 105
LN324-91 NOTE: IF DURING THE INTERVIEW, THE SOURCE OF INFORMATION IS NOT WITHIN JURISDICTION OF THE MILITARY INTELLIGENCE, PUT THE SOURCE IN CONTACT WITH THE AGENCIES OF GOVERNMENT THAT COULD BE INTERESTED IN SUCH INFORMATION. IF THE SOURCE DOES NOT WISH TO TALK TO ANYONE ELSE, MAKE NOTE OF THE INFORMATION AND PASS IT ON TO THE INTERESTED AGENCY. h. Obtain a sworn declaration, signed by the source. i. Explain to the person the official nature of the interview and caution him not to talk with anyone about what happened during the interview. 6. Close the interview: a. Advise the Source that it is possible that he may me interviewed again. Determine if he is willing to participate in another interview. b. Make arrangements for the new contact. c. Close the interview in a nice manner. d. Walk with the Source to exit the office. 7. Prepare the reports/necessary reports. Back to Top 106
LN324-91 CHAPTER 12 WITNESS INTERVIEW INTRODUCTION: Interviewing the witnesses of an incident offers the CI agent the opportunity of verifying information that is provided by another source. It helps us clarify doubts that we may have about the truth of the information collected. GENERAL FACTS: 1. DETERMINE THE NEED TO HAVE A WITNESS INTERVIEW: a. You must answer the incidents/activities and interview all the existing witnesses, who were in the area where the incident occurred. b. You must answer the tasks that are presented by the preliminary sheet. 2. You must determine if the witness had personal knowledge of the incident. 3. Plan to carry out the interview in a quiet place, free of interruptions. 4. Identify yourself to the witness and show the Official badge. 5. Identify the witness examining his badge and any other identity card that he may have. 6. Try to win his trust and make him feel secure. 7. ASK PERMISSION FROM THE WITNESS TO USE A TAPE RECORDER DURING THE INTERVIEW. EXPLAIN THAT THE TAPE RECORDER WILL HELP YOU TO COMPLETE THE REPORTS MORE ADEQUATELY. 8. Turn on the tape recorder if the witness allows you. 9. Ask the witness to tell you his story. 107
LN324-91 a. Take general (mental) notes about the information brought by the witness. b. Take detailed notes of the unclear or doubtful areas to develop them later in more fully. 10. GO OVER THE STORY WITH THE WITNESS: a. Discuss the story with the source in detail, covering all outstanding points. b. Ask questions in detail (use the basic interrogations) about specific areas that you noted while the witness told the story. c. Clarify any doubtful area d. Take detailed notes. e. Use drawings, sketches, charts as supplements if these may help to clarify any information, or to interpret the incident as it happened. 11. OBTAIN ADDITIONAL LEADS: a. Determine if the witness knows any other person that might have knowledge of the same incident. Obtain names, addresses, if possible, telephone number of these persons. b. Determine if the witness know any other person or persons that were present in the area of the incident and get a complete description of these persons. 12. OBTAIN A SWORN DECLARATION, SIGNED BY THE WITNESS. 13. ASSURE THE WITNESS THAT THE INFORMATION THAT HE HAS BROUGHT WILL BE KEPT IN STRICT CONFIDENTIALITY AND THAT HE WILL NOT DISCUSS IT WITH ANYONE ELSE. 14. MAKE ARRANGEMENTS FOR ANOTHER CONTACT OR INTERVIEW IN THE FUTURE WITH THE WITNESS. a. Advise the witness that you may need to contact him again. b. Obtain address and telephone number of the witness and determine where you may be in contact with him if you cannot find him at home. 108
LN324-91 c. Determine if there is any hour in which the witness may not be available for an interview. 15. CLOSE THE INTERVIEW: a. Explain to the witness that the interview that was just over is considered as an official matter of the government and that he must not discuss it with anyone. b. Bid the witness goodbye. 16. MAKE THE Review OF FILES. 17. WRITE THE NECESSARY REPORTS. Back to Top 109
CHAPTER 13 LN324-91 PERSONAL INTERVIEW WITH THE SUBJECT INTRODUCTION: An interview of the SUBJECT takes place after having completed an history investigation. The office of personal security provides us a preliminary sheet (see example #1), which indicates the purpose of the interview, the type of interview or investigation that is taking place, leads we must follow or develop, history information of the SUBJECT (person to be interviewed), and other special instructions. GENERAL FACTS: A. The first thing we must do upon receiving the preliminary sheet is to read it and study it carefully. The following is the order in which we must carry out the preparation and how to conduct the interview of the SUBJECT: 1. Determine if the information in the preliminary sheet is a valid requirement. To do that, we must: a. Verify if the preliminary sheet has a pardon date. b. Look up in the sheet, the identification of the unit that sent the same, the name of the person who signed it and if such person is authorized. 2. Identify the requirements of the interview: a. Determine what type of interview will take place. [page missing in original document] 110
LN324-91 e. Use or abuse of drugs. f. Abnormal sexual contact. g. Criminal behavior. h. Hostage situation. i. Security matters. c. Subject interview, in complaint style: 1. This type of interview allows the person to deny, tone down or explain any accusation or allegation against him. 2. These interviews take place to respond to the requirements of the preliminary sheet. 3. These interviews are required when information is obtained that the SUBJECT participates in, or is in a position which he is exposed to blackmail or coercion to participate in: a. Sabotage b. Espionage c. Treason d. Insurrection e. Subversive activities 3. Review the personal file of the SUBJECT to identify areas or affairs that will develop during the interview. 4. Develop questions that will be used during the interview: a. EIA/ES [missing translation): For these interviews use the subject's HP [missing translation] and obtain the areas (affairs) to be develop during the interview. b. Interviews about specific affairs/and complaints: Use the preliminary sheet and the subject's file to develop the questions that could fulfill the requirements. c. Use the basic interrogative words: who, what, when, why, where, and how. Make sure that all areas of interest are exploited. 111
LN324-91 5. Make arrangements for the interview: a. Call the SUBJECT to arrange a date. b. Try to find someone that could act as witness during the interview, if necessary. 6. Select and prepare the interview place: a. Select a room that provides privacy and eliminates distractions during the interview. b. Select a room that allows the interviewer to control the physical environment. c. Select a room where you could keep a nice temperature during the interview. d. Arrange the furniture in the room. The furniture must be just a small table, and three chairs. e. Select a room that does not have a telephone and if it does, lift the receiver f. Install and test recording equipment. 7. Greet and Identify the SUBJECT: a. Greet the SUBJECT in a professional manner and try to win his trust. b. Identify the SUBJECT orally and take him to the interview room. 8. During the interview: a. Verify the SUBJECT'S identity examining his identification card. b. Identify yourself and your position as representative of military intelligence. c. If the SUBJECT is of the opposite sex, determine if he/she wishes to have a witness of the same sex present during the interview. NOTE: IF THE SUBJECT IS OF THE OPPOSITE SEX YOU MAY ADVISE THAT A WITNESS OF THE SAME SEX MAY BE PRESENT DURING THE INTERVIEW. 112
LN324-91 d. If the SUBJECT is of the opposite sex and wishes to have a witness of the same sex present during the interview we must do the following: 1. Call the witness 2. Introduce the witness and the SUBJECT and explain the responsibility of the witness to the SUBJECT. e. If the subject does not wish a witness, write this in your Agent's Report. NOTE: EVEN THOUGH IT IS NOT REALLY A REQUIREMENT TO HAVE A WITNESS OF THE SAME SEX PRESENT DURING THE INTERVIEW, IT IS ADVISABLE TO USE ONE, SINCE WE PROTECT OURSELVES FROM BEING ACCUSED BY THE SUBJECT OF USING ABUSE, COERCION AND THREATS. f. Inform the SUBJECT of the purpose of the interview. g. Ask the SUBJECT if he will allow to use a tape recorder during the interview. Explain that the tape recorder will help you in preparing the final report. h. Turn on the tape recorder only if the SUBJECT has given permission to use it. i. Advise the SUBJECT of the civil rights that he has: (See example #2) 1. Advise the SUBJECT of his civil rights when: a. A specific matter of complaint is the subject of the interview. b. At any time during the interview, the SUBJECT says incriminating things. 2. Make sure that the SUBJECT understands all his rights. NOTE: IF THE SUBJECT DOES NOT UNDERSTAND HIS RIGHTS, DETERMINE WHAT HE DOES NOT UNDERSTAND AND CLARIFY HIS DOUBTS. 113
LN324-91 NOTE: YOU MUST NOT INTERVIEW THE SUBJECT UNDER ANY CIRCUMSTANCE IF HE DOES NOT UNDERSTAND HIS RIGHTS. 3. Ask the SUBJECT if he does not wish to contact a lawyer. a. If the SUBJECT wishes to talk with a lawyer, do not continue the interview until he has the opportunity to talk with his lawyer. b. If the SUBJECT does not have a lawyer, obtain a sworn declaration from the SUBJECT indicating that he wishes to continue the interview. NOTE: IF THE SUBJECT DECLARES THAT HE DOES NOT WISH TO HAVE A LAWYER BUT THAT HE DOES NOT WANT TO SIGN A SWORN DECLARATION, CONTINUE WITH THE INTERVIEW AND INDICATE THIS IN THE AGENTS REPORT. c. After establishing if the SUBJECT wishes or not to have a lawyer, before starting to question, give the SUBJECT the oath to truth. If the SUBJECT refuses to swear ask him if he is willing to continue with the questions. 4. Inform the SUBJECT of the following privacy rights in regards with the interview: a. The authority you have to carry out the investigation and obtain the information desired. b. The main purpose of the obtaining such information. c. How you will use that information. d. Why it is obligatory or voluntary to give that information. 5. Have the SUBJECT sign a sworn declaration or document that indicates his understanding of these privacy rights in regards with the interview and the search for information. 114
LN324-91 j. Ask the SUBJECT about information concerning history information. k. Ask the SUBJECT about the matters under investigation: a. Use the questions developed during the preparatory phase. b. Use the control questions, non-pertinent, repeated and follow-up questions. c. Examine carefully all the new areas presented by the SUBJECT. d. Follow a logical sequence of questions to avoid overlooking significant themes. 1. Concentrate in recognizing and interpreting the non-verbal communication of the subject. a. Listen to how the SUBJECT talks. Audio leads include changes in tone, speed of the voice. b. Be alert of visual leads, such as facial expressions, body position, hand, legs and head movement. c. Interpret the subject's non-verbal leads with the verbal leads to obtain a clear idea of the real message. NOTE: EXPLOIT ALL THE DISCREPANCIES IN THE SUBJECT'S ANSWERS UNTIL EVERYTHING IS CLEARED UP. d. Use your own non-verbal communications to gain and keep the control during the entire interview. m. Review the entire matter and affairs discussed up to that point during various intervals of an interview. 1. Identify the areas of interest that have not been discussed. 2. Identify and bring up the inconsistencies and discrepancies in his answering to the SUBJECT . 115
LN324-91 n. Obtain a sworn declaration: Make the SUBJECT sign a sworn declaration with all the information he brought during the interview. o. Close the interview. The interview could end by any of the following reasons: 1. The SUBJECT is sick and requires medical attention. 2. You need more interviews to cover all the areas of interest. 3. The SUBJECT refuses to cooperate with you. 4. All the requirements have been met and the SUBJECT has answered all the questions. 5. You lost the initiative and decide to postpone the interview. p. Use the closing phase to obtain facts that perhaps were not able to discuss during the interview. The SUBJECT perhaps will calm down more when you end the questioning and turn of f the tape recorder or put your notebook away. It is possible that he could bring additional information if he believes that you are not going to record or write down. 8. Say goodbye to the SUBJECT. 9. Prepare the reports/corresponding reports necessary. 116
LN324-91 EXAMPLE #1 PRELIMINARY SHEET FOR SUBJECT INTERVIEW __________________________________________________________________________ PRELIMINARY SHEET DATE/START OF THE INVESTIGATION __________________________________________________________________________ 1. Subject 2. Date Name: Rank, personal identity number:3. Control number __________________________________________________________________________ 4. Type and purpose of investigation: 5. Leads to be verified: 6. PAST HISTORY INFORMATION: 7. SPECIAL INSTRUCTIONS: ________________________________________________________7. Agency requesting investigation|Agency preparing investigation __________________________________________________________________________ OFFICE OFFICE __________________________________________________________________________ ADDRESS ADDRESS __________________________________________________________________________ SIGNATURE (AUTHORIZATION) SIGNATURE (AUTHORIZATION) __________________________________________________________________________ NAME OF AUTHORIZED PERSON NAME OF AUTHORIZED PERSON __________________________________________________________________________ ADDITIONAL DOCUMENTS ENCLOSEDADDITIONAL DOCUMENTS ENCLOSED __________________________________________________________________________ 117
LN324-91 EXAMPLE # 1 CONTINUED PRELIMINARY SHEET FOR SUBJECT INTERVIEW ____________________________________________________________PRELIMINARY SHEET DATE/START OF INVESTIGATION ____________________________________________________________ 1. SUBJECT 2. DATE: May 15, 1988 QUINTANILLA, Roberto A. CPT, PPP-00-000 3. CONTROL NUMBER Chalatenango, 10 Dec. 54 ____________________________________________________________ 4. TYPE AND PURPOSE OF INVESTIGATION: INVESTIGATION TO DETERMINE IF THE PERSON IS STILL SUITABLE TO HAVE ACCESS TO CLASSIFIED INFORMATION. The SUBJECT at present is assigned to the 4th Infantry Brigade and has access to classified information up to the level SECRET. 5. LEADS TO BE VERIFIED: Interview Mr. Quintanilla to give him the opportunity to deny, mitigate, or explain the negative information that was obtained during the present investigation. 6. INFORMATION ABOUT PAST HISTORY: (See the SUBJECT'S personal history) 7. SPECIAL INSTRUCTIONS: a. Determine the circumstances of subject's arrest by the National Police on 9 April 1980, for driving a vehicle while intoxicated. b. Determine the financial stability of the SUBJECT. c. Determine how much he participates in extramarital relationships. d. Determine if the SUBJECT has used, owned, or traffic illegal drugs including marihuana and hashish. e. Determine his present and past use of alcoholic beverages. f. Determine the SUBJECT'S mental and emotional stability. g. Inform the SUBJECT of his legal rights. h. Carry out the interview under the SUBJECT'S oath. i. Send a copy of the interview report to our offices not later than 30 May 1988. 118
LN324-91 _______________________________________________________7.Agency requesting investigation|Agency preparing investigation ______________________________________________________________________ OFFICE OFFICE _______________________________________________________ ADDRESS ADDRESS _______________________________________________________ SIGNATURE (AUTHORIZATION) SIGNATURE (AUTHORIZATION) _______________________________________________________ NAME OF AUTHORIZED PERSON NAME OF AUTHORIZED PERSON _______________________________________________________ ADDITIONAL DOCUMENTS ENCLOSEDADDITIONAL DOCUMENTS ENCLOSED 119
LN324-91 EXAMPLE #2 HOW TO INFORM THE SUBJECT OF HIS LEGAL RIGHTS NOTE:THE LEGAL RIGHTS OF A SUBJECT ARE INFORMED IN THE FOLLOWING MANNER: 1. "BEFORE STARTING TO MAKE QUESTION, YOU MUST UNDERSTAND HIS LEGAL RIGHTS". a. "You are not under obligation to answer my questions or anything else". b. "Anything you say or do could be used against you in a court or criminal court of law". c. "You have the right to talk privately with a lawyer before, during and after an interview. You also have the right to have a lawyer present during the interview. Although you will have to make your own arrangements to obtain a lawyer, and this will not be at any cost to the national government. d. "If you decide to discuss the charges under investigation, with or without a lawyer present, you have the right to finish the interview at any time, or to take privately with your lawyer before continuing to answer, unless you sign a sworn statement testifying that you do not wish a lawyer". 120
LN324-91 EXAMPLE #3 SWORN STATEMENT/LEGAL RIGHTS/USE OF LAWYER _____________________________________________________________PLACE OF INTERVIEW DATE TIME FILE NO. _____________________________________________________________ NAME UNIT OR ADDRESS _____________________________________________________________ IDENTITY NUMBER RANK _____________________________________________________________ THE INVESTIGATOR WHOSE NAME APPEARS IN THIS DECLARATION INFORMED ME THAT HE WORKS IN MILITARY INTELLIGENCE OF THE ARMED FORCES OF EL SALVADOR AND WANTED TO QUESTION ME ABOUT THE FOLLOWING ACCUSATIONS/OFFENSES TO WHICH I AM ACCUSED OR SUSPECT:__________________________________________________ BEFORE STARTING TO QUESTION ME ABOUT THE OFFENSES, HE INFORMED ME THAT I HAVE THE FOLLOWING LEGAL RIGHTS: 1. I DO NOT HAVE TO ANSWER OR SAY ANYTHING 2. EVERYTHING I SAY COULD BE USED AGAINST ME IN A COURT OF LAW. 3. I HAVE THE RIGHT TO SPEAK PRIVATELY TO A LAWYER BEFORE, DURING AND AFTER THE INTERVIEW AND TO HAVE A LAWYER PRESENT DURING THE INTERVIEW. NEVERTHELESS I UNDERSTAND THAT IF I DESIRE A LAWYER PRESENT I HAVE TO PROCURE HIM AND PAY HIM ON MY OWN. THE GOVERNMENT WILL NOT PAY THE EXPENSES. 4. IF I AM NOW WILLING TO ANSWER QUESTIONS UNDER INVESTIGATION, WITH OR WITHOUT A LAWYER PRESENT, I HAVE THE RIGHT TO REFUSE TO ANSWER QUESTIONS OR TO SPEAK PRIVATELY WITH A LAWYER, EVEN WHEN I HAVE DECIDED NOT TO USE A LAWYER COMMENTS: _______________________________________________________________________ I UNDERSTAND MY RIGHTS MENTIONED ABOVE. I AM WILLING TO DISCUSS THE OFFENSES UNDER INVESTIGATION AND TO MAKE A DECLARATION WITHOUT SPEAKING TO A LAWYER BEFORE AND WITHOUT THE PRESENCE OF A LAWYER DURING THE INTERVIEW. ___________________ WITNESSES SIGNATURE OF INTERVIEWEE (SUBJECT) 1. NAME: ___________________________________ 2. UNIT: SIGNATURE OF AGENT (INTERVIEWER) 1. NAME: ___________________________________ 2. UNIT: SIGNATURE OF INVESTIGATOR ___________________________________ INVESTIGATOR'S UNIT ___________________________________________________________________ I DO NOT WISH TO RELINQUISH MY LEGAL RIGHTS: _______ WISH TO HAVE _______DO NOT WITH TO BE INTERVIEWED A LAWYER. NOR TO ANSWER ANYTHING. Back to Top 121
CHAPTER 14 LN324-91 INTRODUCTION TO SUBVERSION AND ESPIONAGE AGAINST THE ARMED FORCES (SEAAF) INTRODUCTION: The knowledge about subversion and espionage against the Armed Forces (SEAAF) has a very important role for counter intelligence agents. The counter intelligence agent must recognize the weaknesses generally sought by a hostile agent and use these weaknesses to get valuable information about the Armed Forces. When the espionage agent of the counter intelligence does not identify these weaknesses he has lost the first battle which is to avoid the collection of intelligence information. (COUNTER-INTELLIGENCE). GENERAL FACTS: a. The term "SEAAF" means subversion and espionage against the Armed Forces. A SEAAF incident or a contact is an effort by a foreign intelligence agent to get information, classified or non-classified, using you as the source to obtain the information. b. First we must have knowledge of the two key SEAAF words which are espionage and subversion. 1. Espionage. Generally, espionage is the act to obtain, give, transmit, communicate or receive information regarding the national defense with the intent or purpose to believe that this information will be used to harm the national government and to the benefit or advantage of the foreign country. Likewise we must keep in mind the following when we talk about espionage terms: a. Any person or persons in legal, illegal possession, access or control over or he is receiving information regarding the national defense which the person in possession believes such information could be used to harm the national defense and to the benefit or advantage of a foreign country, voluntarily communicates, transmits, or intents to communicate or transmit such information to any non-authorized person, is guilty of the act of espionage. 122
LN324-91 b. Any person or persons in charge of having legal possession and control over national defense information who by their own negligence allows the same to be lost, stolen, misplaced, destroyed, or removed from the safekeeping place or gives such information in violation of faith, trust, and responsibility, is guilty of an espionage act. 2. Subversion. Generally, the elements of subversion are: (a) Actively induce the military and civilian personnel of the defense forces to violate laws, disobey legal orders or rules and behavior regulations or to interrupt military activities. NOTE: "To actively induce" is defined as advising, alerting or requesting in any manner that causes or intents to cause the acts mentioned above. This includes the distribution or intent to distribute the written material that alerts, advises, or requests. (b) The voluntary intent to intercept, or diminish the loyalty, moral or discipline of the defense forces. (c) The subversion acts occur during war time or during peace time. (d) The subversion includes all the voluntary acts with the intent to harm the interest of the national government and that do not fit the categories of treason, insurrection, sabotage or espionage. c. Having knowledge of the two SEAAF key words, we must recognize also the importance of the insurrection acts. 1. Insurrection. There are four types of specific activities which are taken place with the intention of overthrowing the government through force or violence are acts of insurrection. These four types are: (a) Training about the need to overthrow the government. 123
LN324-91 (b) The publication, sale or distribution of written material plotting or training to overthrow a government. (c) Organizing a society or group with the purpose of plotting or training to overthrow a government. (d) Members or initiation members or affiliation with this type of society knowing the purpose of such organization. d. An agent looks for weaknesses to trap, to see if you could be convinced, bribed, threatened, or trapped in a difficult or embarrassing situation so to make you work for him. He must realize some general weaknesses looked for by an agent. These are: (1) Doubts, financial problems and bad credit. (2) A criminal file or present criminal activities. (3) Homosexuality. (4) Immoral behavior, past or present. (5) Abuse of drugs or alcohol. (6) Marriage infidelity. (7) Routinely boasts and brags. (8) Mentally or emotionally unstable. (9) Going with persons of weak character. (10) Relatives or foreign friends. e. SEAAF/SAEDA incidents and situations you must report: 124
LN324-91 (1) Intents of non-authorized personnel to obtain classified or non- classified information about the facilities, activities, personnel or materiel of the armed forces using questioning techniques, seduction, threats, bribe or trapping a person in an embarrassing or difficult situation by personal contact, direct or indirect or by correspondence. (2) Intent of non-authorized personnel to obtain classified or non- classified information by photography, observation, collection of material or documents or any other means. (3) Intent by known persons, suspicious persons or with possible foreign intelligence history or associations. Intent to establish any type of friendship, association or business relationship. (4) Every incident where members of the defense forces, his relatives, travel by or to a foreign area of special consideration (figure 1) who are exposed to: (a) Questioning regarding their work. (b) Provide military information. (c) Bribe, threats or trapped in a difficult or embarrassing situation of any type so as to cooperate with the foreign intelligence services. (5) Incidents known, suspicious, or possible acts of espionage that result or resulted in danger to documents, information or classified material. (6) Other acts by members of the armed forces to involve, intent or consider the communication of classified information, documents or material to a non-authorized person. (7) Non-official contact by members of the defense force with: a. Personnel they know or suspect are members of a security service or foreign intelligence. 125
LN324-91 b. Foreign political or military organization. c. Any member of the countries mentioned in figure #1. (8) Official contact with personnel mentioned in paragraph #7 when these persons: a. Show knowledge or curiosity about members of the defense forces. b. Intent to obtain classified or non-classified information from a member of the defense forces. c. Intent to establish any type of friendship or business relationship with members of the defense forces outside the official tasks of the defense forces. (9) Information regarding with international terrorism plans which present a direct threat to personnel, activities, facilities or material. (10) Known acts or suspicious acts to harm or destroy property of the armed forces by sabotage acts. f. What you must do if you suspect to have come in contact or someone made contact to obtain information: (1) Do not deny or accept to cooperate. Ask for some time to think about the proposition. (2) Remember the person's details. Try to remember things as the description of the person, the place and circumstances of the meeting, identification or description of the vehicle. NOTE: Do not try to ask the suspect for more information or suggest another meeting in the future. This, may surprise the agent. (3) Report the contact to the counter intelligence agency. If you cannot contact them, contact the S2 or an intelligence official and tell them about the details of the contact. If you are travelling to another country or abroad, report the contact to the closest consulate of your country or to the office of the Defense (military) Attache. 126
LN324-91 (4) Do not investigate the matter by your own efforts. Let the investigation up to the qualified counter intelligence agents. Do not tell the contact events to anyone except the departments mentioned above. Figure 1 GEOGRAPHIC AREAS OF SPECIFIC CONSIDERATION Afghanistan Albania Angola Bulgaria Cambodia Republic of China and its adjacent islands Cuba Czechoslovakia Ethiopia German Democratic Republic (Communist Germany) Hungary Iran Iraq Laos Lebanon Arab Republic of Libya North Korea and adjacent demilitarized zones Nicaragua Republic of Mongolia Poland Democratic Republic of Yemen Romania Soviet Sector of Berlin Syria Soviet Union Vietnam Yugoslavia Back to Top 127
CHAPTER 15 LN324-91 INSURRECTION AND ESPIONAGE INTERVIEWS AGAINST THE ARMED FORCES (SEAAF) INTRODUCTION: In criminal cases, the identity and the capture of the person is the main objective. In espionage cases the identity of the person is only the first step. The most important thing is the knowledge of his contacts, objectives, information sources and communication methods. The capture and public news of the incident must be the last resource used by the counter intelligence agencies. It is better to identify these persons, what they are doing, and stop the movement of their efforts than to expose them to the public and then try to find out who are their successors. GENERAL FACTS: A. Receiving the source. 1. The counter intelligence agent must be professional and courteous with the source. 2. Identify yourself and show your badge. 3. Obtain identification facts about the source. NOTE: Establish harmony, be friendly and alert, this will help the source to feel confident. Once the harmony has been established with the source, you must be able to hold this confidence during the interview. 4. Determine the purpose and intention of the source. a. An unscheduled source is a person who comes to a counter intelligence agency to offer information he believes is of interest to military intelligence. b. The information the source provides must fall within the intentions of SEAAF. 5. Once you obtain the identify data from the source you must start the review of files to: 128
LN324-91 a. Determine if the source appears in the nuisance files. b. Determine if the Military Police or other agencies have information about the source. 6. If the review of files reveal that the source is in the nuisance files you must: a. Thank the source for the information. b. Close the interview and say goodbye to the source. 7. If the files do not have information about the source, continue the interview. B. Carry out the interview. 1. First ask permission to the source to use a tape recorder to record the content of the interview. Explain that the tape recorder will help you to prepare the final report as a verbal transcription which the source will have the opportunity to review, correct and sign. 2. Turn on the tape recorder "only" if the source agrees to let you use it. 3. Give the source the oath of truth. 4. Have the source tell you the incident. a. Encourage the source to tell you the incident in their own words. b. Be alert and listen to the source and take mental notes of important points to explore these points during the review of the incident with the source. c. DO NOT write notes while the story of the incident is told. d. DO NOT interrupt the source while telling the incident. NOTE: If the source goes of f the incident theme he is telling, tactfully make the source return to the main theme. 129
LN324-91 NOTE: If during the interview the source tells you information outside your jurisdiction, ask the source to go to the appropriate agency. If the source does not wish to go to that agency, continue the interview and collect the information and send it to the proper agency. C. Carrying out the review of the incident. 1. Assure the source that the information will be kept in strict confidentiality. 2. Review the incident with the source point by point to clarify discrepancies, contradictions, and holes in the information. 3. Write with precision the additional sources. D. Obtain history information about the source to help you evaluate the information of the source. The history information must include: 1. Identify 2. Date and place of birth 3. Citizenship 4. Addresses (past and present) 5. Occupation 6. Reasons that motivated the source to provide information E. Develop secondary information. Frequently the information and the source's history could indicate that he could have more significant information and it could be of value or interest to military intelligence. F. Obtain a sworn declaration. G. Advice the source that the interview has an official nature and that he must not tell about the incident or nature of the incident to any other person. 130
LN324-91 H. Closing the interview. 1. Notify the source that the investigation could require a subsequent interview and new contacts with him. 2. Make arrangements to have new contact with the source. 3. Again notify the source about the official nature of the interview. 4. Close the interview in a friendly note. 5. Exit or say goodbye to the source. I. Start the evaluation of the incident to make sure that it is in your jurisdiction. J. Prepare the appropriate reports. 1. Prepare an initial report for SEAAF. NOTE: Make an effort to send a detailed complete report. If a detailed report takes much time, submit an intermediate report with the available information. Afterwards submit the complete report. 2. Classify the SEAAF report according to the Normal Operation Procedures. NOTE: All SEAAF reports will receive limited distribution. 3. Write down the unit that will receive the SEAAF report. 4. Write down the unit that sent the report. 5. Write down the instructions to send the report. NOTE: All the SEAAF reports require one of the following sending instructions: "Required Night Actions" or "Hand during the first hours of the day". 6. Complete paragraph A and 1-6 of the SEAAF report. 131
LN324-91 a. Write down the references in A. b. Write down the date of the incident in paragraph 1. c. Write down the place of the incident in paragraph 2. d. Write down the following information from all the involved persons in paragraph 3: 1. Complete name (father's last name, mother's last name, first name and initial) 2. Date of birth 3. Place of birth 4. Identity card 5. Unit assignation 6. Position 7. Day when separated from the Armed Forces 8. Type of access to classified information e. Write down in the subsequent paragraphs to paragraph 3: 1. All the sources 2. All the witnesses 3. All persons who have knowledge about the SEAAF incident. NOTE: If there is more than one person written down in any of the categories mentioned above, write down as #1, #2, etc. (Example: Source 1, Source 2). NOTE: If the data identification from the witnesses or suspects are not known, write down a physical description available. 132
LN324-91 4. The description must include: a. Age b. Sex c. Nationality/citizenship d. Complexion f. Height g. Weight i. Hair color j. Eye color k. Appearance 1. Physical built m. Outstanding characteristics. f. Write down in paragraph 4, a detailed description of the incident as described by the source(s). Start the paragraph with details in regard to as how the source came to the attention of your agency. g. In paragraph 5, write down all actions taken, such as review of files or interviews. NOTE: You will not carry out more actions except as directed by a proper higher agency. h. In paragraph 8, write down any commentary or pertinent recommendation about the source, suspect or the incident. K. If applicable prepare the Agent Report with the appropriate exhibits. 1. Send copy or the original and a copy directly to the appropriate higher agency. 2. Send copy of the information, when instructed by the higher investigation elements to the chain of command. 3. Do not do anything else, nor spread information unless it is addressed to the appropriate higher agency. 133
LN324-91 CLASSIFICATION REPORT ABOUT INCIDENTS ____________________________________________________________________ PAGE______FROM_____ DATE AND TIME_______PRECEDENT_______________________ ___________________________________________________ FROM: TO: INFO: INSTRUCTIONS FOR SENDING: (CLASSIFICATION) TITLE OF REPORT: REFERENCES: 1. ( ) DATE OF INCIDENT: 2. ( ) PLACE OF INCIDENT: 3. ( ) PERSON(S) INVOLVED: A. ( ) SOURCE(S): B. ( ) WITNESS(SES): C. ( ) OTHERS WHO HAVE KNOWLEDGE: D. ( ) SUSPECT(S): 4. ( ) NARRATION: 5. ( ) ACTIONS TO BE TAKEN: 6. ( ) COMMENTARIES: 7. ( ) POINT OF CONTACT: ____________________________________________________________________NAME, ORGANIZATION SPECIAL INSTRUCTIONS AND TITLE OF ORIGINATOR _____________________________________________________________ NAME, ORG., REVIEWER'S TITLE, TELEPHONE NUMBER _____________________________________________________________ SIGNATURE OF REVIEWER REVIEW DATE _____________________________________________________________ 134
LN324-91 CLASSIFICATION 135
LN324-91 ( ) REPORT ABOUT INCIDENTS ____________________________________________________________________ PAGE______FROM______ DATE AND TIME__________PRECEDENT_______________ ____________________________________________________________________ FROM: TO: INFO: ___________________________________________________________________NAME, ORGANIZATION SPECIAL INSTRUCTIONS AND TITLE OF ORIGINATOR _____________________________________________________________NAME, ORG., REVIEWER'S TITLE, TELEPHONE NUMBER _____________________________________________________________ SIGNATURE OF REVIEWER REVIEW DATE _____________________________________________________________ ( ) Back to Top 136
CHAPTER 16 LN324-91 ESPIONAGE INVESTIGATIONS INTRODUCTION: As counter intelligence special agent you must have specific knowledge of the aspects of an espionage investigation to get security information for a Commander of the Armed Forces responsible for the safety of his command. You as espionage agent must always have in mind that all information must be developed in detail, even though the information is favorable or unfavorable for the SUBJECT. GENERAL FACTS: A. Preliminary Sheet (Figure 1). 1. Review the preliminary sheet (PS), found in the control office for the investigation requirements. The PS has specific leads or leads that must be investigated. a. A PS has collected information during an investigation and could: (1) Require a development of more investigative leads. (2) Identify a source that will provide additional information about the case or leads about additional sources that could have information. b. Areas of interest in the PS are: (Figure 2) (1) Block 1, SUBJECT: Contains information about the identity of the SUBJECT of the investigation. (2) Block 4, TYPE AND REASON FOR THE INVESTIGATION: Contains the specific leads or the leads that must be developed. This block also contains information of history and special instructions that will help the special agent in the requirements to develop the leads. 137
LN324-91 (c) SIGNATURE BLOCK: Make sure that each PS is signed with the signature of the official in charge of the case or authorized person. (d) BLOCK 8, CONVINCING DOCUMENTS: Identify all convincing documents that are not considered necessary to the development of the required leads. 2. Review the initial report prepared by the personnel of the Armed Forces (AF) involved or who have knowledge of the incident or situation. NOTE: With the exception of obtaining the initial details of the incident and submitting the priority report, only elements of counter intelligence are authorized to investigate SEAAF cases without the approval of the higher department. 3. Start the espionage investigation when you have the approval from the higher control office, based on the leads originated from various information sources, including: a. Reports from confidential sources. b. Reports from other intelligence agencies, security, or police agencies or national guard. c. OPSEC evaluations, CI technical inspections or reviews. d. The review of refugees, border crossers, displaced persons, PGE and other similar groups. e. Routine security personnel investigations. B. Identify the type of security investigation that you will conduct. 1. Incident investigations a. These are activities or specific actions. b. Implications are suspected from acts of espionage. 138
LN324-91 c. This case will be kept as Type of Incident during the investigation, although, the identity of the person implied will be established at a later date. 2. The Personal SUBJECT investigations. a. Imply one or more known person. b. They originate allegations about the specific activities of the person. c. This case will be kept as personal SUBJECT investigation, although information has developed about an act or specific activity. 3. Investigative jurisdiction. The jurisdiction for the CI section will take place according to the SOP laws. C. Review of legal statutes which applied to the espionage acts. 1. Espionage - Is the act of obtaining, giving, transmitting, communicating or receiving information regarding the national defense with the intention or reason to believe that the information is going to be used to harm a national government or for the benefit or advantage of a foreign country. a. Any person or persons with legal or illegal possession, access, control over, has been given confidential information regarding the national defense, which the person in possession has reason to believe the information could be used to harm the national defense and for the benefit or advantage of a foreign country, voluntarily communicates, transmits, or tries to communicate, or transmit this information, to any person who is not authorized to receive it, is guilty of an espionage act. b. Any person or persons in charge, or in legal possession and control over national defense information, who by negligence allows the same to be lost, stolen, displaced, destroyed, or removed from the place of safekeeping, or gives this information in violation of faith and trust, is guilty of a espionage act. 139
LN324-91 D. Review the operative methods (OM) of the hostile intelligence agents regarding the activities of the espionage acts. 1. Review the types of hostile operations. a. Legal Operations. Involve espionage networks which are controlled by a representative from the foreign country who is official charge and is sanctioned by the host country. Frequently, the person possibly has diplomatic immunity, and is not subject to inspections, detentions, or trials for ilegal activities committed. b. Ilegal Operations. Involve espionage networks that are not in direct contact or relations with the foreign country. Most of these persons are native of the country or of another country. Ilegal operations are more difficult to detect and have the advantage that the operation is continued during war time or in countries that do not have diplomatic relations. 2. Review the control methods of the hostile intelligence. a. The centralized control procedures require approval from the central headquarters from all the espionage activities. Many countries for security reason regarding the espionage activities have a central control point. b. The internal control method. Involve operations conducted totally within the host country. All hostile agents are controlled by a general headquarter or by a residence that has been established in the same country. This method is the most outstanding in the external method. c. The external control method. Involve operations conducted within the host country controlled by another country. This is the safest method to control personnel. 3. Review the type of hostile agents used in a hostile operation. a. Penetrating Agents have direct access to the information required by the hostile country. 140
LN324-91 b. Recruited agents in massive form are badly trained and belong to echelon of low category; these agents are infiltrated within the country in great numbers when there are favorable opportunities within that country. c. Confusion agents are used to deceive the intelligence agencies to waste their efforts in useless investigations. d. Provoking agents are used to provoke the intelligence agencies to take inappropriate actions for their disadvantage. e. Sleeping agents are kept inactive for a long time until the hostile country has a mission for them. 4. Review the espionage network used by the hostile country. a. The single system of agents involves collective intelligence efforts from a person. These agents operate only with the support of the administrative personnel, but only one person is involved in the collective operations. b. The echelon system are networks that provide security when great number of agents are being used in operation. Only the leader of the network knows the identities of all the members of the network. Contact is initiated only by the higher echelon and code names are normally used. There is no lateral contact because the members of the network do not know each other. c. The cell system could be simple or complex depending in the number of agents that each cell has. The members of a cell know the identities and the places of each member involved in espionage acts. They have the liberty of coming in contact with each other and as minimum a member of a cell keeps contact with the supervisor. It may or may not be that they have arrangements for unilateral contacts. d. The echelon network could degenerate in emergencies in a cell type system. Unilateral contact could develop and a member of a segment could be instructed to establish contact with members of another segment. 141
LN324-91 NOTE: Most of the hostile intelligence services use more than one espionage network to cover or operate in the same area. 5. Review the hostile recruitment methods a. Acquisition techniques are used to find a person who has been coerced or made to accept recruitment by force. b. The analysis of sources/potential recruits makes a detailed study of the files and information of past history to identify the potential the person has as agent and his reactions to contacts or possible methods of contact. The motivation of the recruitment also is determined (ideology, money, coercion and selfishness). c. The recruitment by contact is used to obtain contact with the person and through him obtain his cooperation and involve him in espionage acts. The contact could occur in the person's own country or while the person is traveling in a communist country. The customary way of hostile agents is to allow another person to make the contact and not to involve the agents that did the consecutive process and the analytical steps. NOTE: The "Small Hook" is the favorite method used by the hostile intelligence service to prepare the potential agent. In this method, the subject is requested to provide innocent information and material of no value to intelligence or classification. 6. Review of the hostile camouflage method. a. The natural camouflage is the way of legal residence or entry to a country, the use of a real name frequently, occupation or legal ways. The local persons who are recruited normally operate under the natural camouflage because they have established in the community and are employed in the country. b. The artificial camouflage involves the fabrication of history and position of an agent and the falsification of identification documents in a way that matches the fabrication of history and camouflage history. 142
LN324-91 7. Review the hostile communication method. a. Conferences are normally kept to the minimum, but when used, these conferences take place in public areas so as not to arouse the public curiosity. b. Official messengers are used to transport information to the control official. Diplomatic bags are considered as the safest method to carry material obtained for espionage acts. c. The post is used to carry information, using codes, secret writing and microfiche. d. Radios or communications systems are mainly used during operations in war time, but instructions could be transmitted to agents using lateral communication systems at any time such as CB radios or Motorola. The communications through cryptographic systems are used to transmit messages in a safe way. e. "Mail drops" are hidden secret places used to transmit or safekeep information and material. Most of the services of hostile intelligence put considerable emphasis in the use of "mail drops". NOTE: Always keep in mind that mail drops could be done by a middlemen and moved to another mail drop to provide necessary security to the controlling officer. 8. Review the Financing Method for espionage activities. a. Limited or unlimited resources are normally available for espionage operations to the hostile agent. b. The financial resources will come from the hostile country. c. The financial resources will be obtained by organizations or hidden business. d. The financial resources will we obtained by ilegal activities (black market, drugs, etc). 143
LN324-91 e. The financial resources or money of the target country are transferred to the country by diplomatic bags, official messengers, or by hostile agents. f. Bank accounts are established in the target country for the access of the agent. E. Prepare an interrogatory plan (Figure 2) NOTE: Depending on the type of investigation that will be conducted, the available time, the investigation plan could require only a mental study, or could be a written formal document requiring approval previous to the continuation of the investigation. 1. Plan an investigative agenda detailed for each step of the operation to: a. Define the requirements of the information. b. Define the pertinent aspects to be considered. c. Prevent unnecessary investigative efforts. 2. When the plan develops, consider: a. The reason or purpose for the investigation. b. The assigned phases of investigation. c. The investigation type (open, covered). d. Priority and suspension time. e. The restrictions or special instructions. f. A definition of the problem. g. The methods and sources that could be used (review of files, interviews, etc.) 144
LN324-91 NOTE: There is no fixed procedure that could be recommended for treatment of an espionage investigation. One must determine the specific method to each individual case based upon the circumstances of the case. h. The coordination requirements. 3. Update the investigation plan. a. When new data is discovered. b. As a result of continuous analysis. F. Conduct an investigation of the incident based upon the type, if appropriate. 1. Go to the incident's place. 2. Protect and safeguard the incident place giving appropriate orders and isolating the place physically. All non-authorized persons must be taken out of the place. 3. Find out the circumstances of the incident by visual observation to determine the investigative approach that will be most appropriate. 4. Identify and segregate the witnesses. 5. Obtain photographs of the place, if required, provide a series of photographs to give the maximum amount of useful information and to help the reviewer to understand what had happened. 6. Search the place and collect evidence, if appropriate. Evidence is defined as articles or material found in connection with the investigation or that could help establish the identity of the person or circumstances that caused the incident, in general, facts that will help uncover the events. 7. Control the evidence obtained. G. Coordinate and conduct ties with other investigation agencies. Coordination is a continuous activity during many of the espionage cases. H. Interview the witnesses. 1. Conduct interviews of witnesses in the place, if appropriate, to obtain all the pertinent information. 145
LN324-91 2. During investigations of the subject, conduct interviews of all the witnesses who could have pertinent information or knowledge of the case. NOTE: The most time-consuming part of the investigation is the interview, because through the interview we obtain the greatest part of the information sources. I. Conduct the review of files. J. During investigations of incident type, it will be desirable to make contact with the confidential sources for any information that comes to your attention. NOTE: Information regarding the espionage incidents or the present espionage investigations will be limited only to few persons and only to persons who need to know the information. K. Conduct the investigative analysis of the facts of the case. Although, an investigation is basically a collection of facts, the secondary function is also important; the analysis of the facts. The analysis is established in the review and comparison of facts from the case to develop a hypothesis and come up with conclusions regarding the identity of the suspects, circumstances surrounding the incident, and future actions. NOTE: There are no established procedures to analyze the information from the case to come up with a solution. One method could work as well as another method. All must include the basic function of review, comparison, and hypothesis. 1. Review all information available of the case. a. Placement and correlation of all information. b. Examine the information to identify the pertinent facts. c. Determine the dependability of the information. d. Determine the truth of the information. 2. Compare the information already known. (Figure 6) a. Compare the available information with the legal espionage elements. (1) Identify the information that supports or show the legal espionage elements. (2) Identify the holes in the information that could be completed with further investigations. 146
LN324-91 b. Compare the information obtained from witnesses to the information from other witnesses or sources. c. Identify the possible suspects by comparison of the information. (1) Identify persons with connection to the incident. (2) Identify the "opportunity" forpossible suspects. ("Opportunity"--the physical possibility that a suspects has of committing espionage acts). (3) Develop information to prove the motive of each suspect. (4) Develop information that proves the intent of each suspect. (5) Develop all the circumstantial evidences and associations of each suspect. NOTE: In cases of personal subject, the suspect, or possible suspect, is identified therefore. Therefore all efforts are directed to identify his connections in espionage acts, his opportunities, motives, and intents. Show all information and evidence in terms of elements of required evidences to support the charges. 3. Show one or more hypotheses. Hypotheses are theories that explain the facts and that could be examined in later investigations. The best hypotheses are selected to resolve the problem between the information available. a. Apply inductive or deductive reasoning to show the hypotheses. 147
LN324-91 (1) Inductive reasoning involves moving the specific and the general. Develop generalities, from observations that explain the relationship between events under examination. (2) Deductive reasoning involves procedures from general to specific. Starting with the general theory and applying it to the particular incident to determine the truth contained in the theory of the incident. NOTE: In both processes, the steps must follow a logical manner point by point. b. If you come to a point where the deductive reasoning is not productive, consider using the intuition. Intuition is the quick, unexpected act which clarifies a problem when the logical process and experimentation has stopped. Intuition must not be ignored, particularly in difficult cases where little progress is evident. c. Put your hypothesis to a test of considerations of probability, additional information of the witnesses and other known facts. d. Eliminate various possibilities systematically considering each hypothesis between: (1) The opportunity (2) The motive (3) Observed activities (4) Corroboration of the alibi. e. Select the best hypothesis based in the consistency with the known facts and the high degree of probability. f. Examine the hypothesis objectively. g. Modify and refute the hypothesis if contradictions to the evidence are discovered. 4. Determine the direction of the future investigation activities. 148
LN324-91 a. Identify future actions that will examine or verify the selection of the hypothesis. b. Ask approval from the higher control office to complete the identified actions. L. Conduct vigilance, if appropriate. M. Conduct interviews of the SUBJECT, if appropriate. N. Conduct interrogations of the SUBJECT, if appropriate. 0. Prepare the appropriate reports. P. Consider an investigation successful when: 1. All information and pertinent material or allegations from the case are discovered. 2. The physical evidence available is completely handled. 3. All witnesses were appropriately interviewed. 4. The suspect, if he allows, is interrogated in an effective way. 5. The report of the case was understood, clear and detailed. 149
LN324-91 EXAMPLE #1 PRELIMINARY SHEET _____________________________________________________________________ PRELIMINARY SHEET DATE/START OF INVESTIGATION _____________________________________________________________________ 1. SUBJECT 2. DATE NAME: RANK, RANK NUMBER IDENTITY BADGE: 3. CONTROL NUMBER: PLACE/DATE OF BIRTH: _____________________________________________________________________ 4. TYPE AND PURPOSE OF INVESTIGATION: 5. LEADS TO BE VERIFIED: 6. INFORMATION FROM HISTORY: 7. SPECIAL INSTRUCTIONS: ______________________________________________________________7.AGENCY REQUESTING INFORMATION AGENCY PREPARING REPORT ______________________________________________________________ OFFICE OFFICE ______________________________________________________________ SIGNATURE (AUTHORIZATION) SIGNATURE (AUTHORIZATION) ______________________________________________________________ PERSON'S NAME NAME OF AUTHORIZED PERSON ______________________________________________________________ ADDITIONAL DOCUMENTS ENCLOSED ADDITIONAL DOCUMENTS ENCLOSED ______________________________________________________________ 150
LN324-91 EXAMPLE #2 INVESTIGATIVE PLAN 1. REASON FOR INVESTIGATION: 2. TYPE OF INVESTIGATION: LIMITED 3. INVESTIGATION WILL BE CONDUCTED: DISCRETELY (Safety will be t h e main factor during the invest igatio n). 4. PRIORITY: 5. SPECIAL INSTRUCTIONS: a. b. 6. INFORMATION GIVEN: 7. SEQUENCE OF INVESTIGATION: a. Conduct review of local files. b. Examine the subject's military and medical files. c. Interview the following persons: (1) Carry out the review the neighborhoods (2) Carry out the review of the financial or credit reports. NOTE: The plan mentioned above must have flexibility, it is only a guide. Each case must be treated individually. Your plan could be similar, shorter or longer, but this will depend upon the requirements dictated in the Preliminary sheet. Back to Top 151
CHAPTER 17 LN324-91 SABOTAGE INVESTIGATION INTRODUCTION: To understand the importance of a sabotage investigation you must always think that the sabotage act is the intent to cause harm, intercept, or obstruct by the desire to cause harm or destroy or intent to destroy material, installations, or utilities with regards to the national defense. GENERAL FACTS: A. IDENTIFY THE INVESTIGATION REQUIREMENTS: 1. Use various reports from other agencies to identify the requirements so that the counter intelligence elements could start an investigation of the sabotage act. These reports could be found in the following agencies: a. Military police b. Criminal Investigation Divisions c. Local Civil Authorities d. The superior authority/supervisor in charge of the facility where the sabotage occurred. e. Confidential sources that could testify that a particular incident was indeed a sabotage act. 2. Review the Preliminary Sheet (PS), prepared to be distributed by the Central Intelligence Office, to identify the investigative requirements: a. The PS has information collected during an investigation that may: (1) Require further investigation and development. 152
LN324-91 FIGURE/EXAMPLE #1 PRELIMINARY SHEET _____________________________________________________________PRELIMINARY SHEET DATE INVESTIGATION STARTED _____________________________________________________________ 1. SUBJECT/THEME 2. DATE 3. CONTROL OR FILE NUMBER _____________________________________________________________4. TYPE AND REASON FOR INVESTIGATION 7. AGENCY REQUESTING 8. AGENCY PREPARING REPORT _______________________________________________________________________ OFFICE OFFICE _____________________________________________________________ ADDRESS ADDRESS _____________________________________________________________ FOR G2 ACTION FOR G2 ACTION (IM) _____________________________________________________________ AUTHORIZED SIGNATURE AUTHORIZED SIGNATURE _____________________________________________________________ NAME AND RANK NAME AND RANK _____________________________________________________________ 8. CONVINCING DOCUMENTS CONVINCING DOCUMENTS _____________________________________________________________ 153
LN324-91 4. To condemn a person for an act of sabotage during peace time, you have to prove that he had tried to cause harm described above. In war time it is sufficient to prove that the person had knowledge that his act will affect the "war effort". 5. If more than one person conspires to carry out a sabotage act and one of them is captured while carrying out the plans of the act, all could be accused and condemned for the sabotage act. C. DETERMINE THE TYPE OF SABOTAGE INVESTIGATION THAT WILL TAKE PLACE: 1. PASSIVE SABOTAGE: This type of sabotage involves the passive resistance of the population and it could be local or at national level. The passive sabotage is not so organized so that persons or groups are assigned specific missions: nevertheless, the population reaction is the result of propaganda, well organized propaganda by a subversive group that is well organized. In other words, the passive sabotage is when a population locally or nationally has been convinced by a propaganda group to carry out or to allow the acts previously described that could be classified as sabotage acts. 2. ACTIVE SABOTAGE: This type of sabotage is characterized by violent sudden actions with visible results and which commonly turn into conflicts with military forces. Within this category, we found the following physical forms of sabotage: a. Fire sabotage: Is when combustible materials are used to cause fires and destroy government properties. This is normally considered as an act of vandalism or a common criminal act. (1) This act changes from vandalism to sabotage when it is proven that it took place with the purpose of affecting the national defense, the war or the war effort. b. Explosive sabotage: (1) In this type of sabotage explosives are used to destroy or neutralize targets that are resistant to fires and to obtain the maximum quantity of destruction at the minimum time. 154
LN324-91 (2) Targets that are sensitive to explosive sabotage are: (a) Bridges (b) Tunnels (c) Railroads (d) Ships/boats (e) Heavy equipment (f) Industrial machinery c. Mechanical sabotage: (l) the mechanical sabotage is easier to maintain since it does not require instruments or special tools, and normally is directed against railroads, ships or industrial facilities. (2) The mechanical sabotage is normally classified within one of the following categories: (a) Destroy/break/tear (b) Inserting materials or abrasive substances such as, sand, soil, etc., into lubricants and vehicle's fuels. (c) Omission acts. This consist of not doing something so that a mechanical equipment stop working. Not lubricating a motor so as to damage it, not adjusting a mechanical part so that when the motor is turned on it will stop working. (d) Substituting real parts for fake parts in apparatus or vehicles. Ce) Contamination of lubricants or fuels. d. Biological, chemical and nuclear sabotage: (l) The sabotage with biological agents is know as "biological warfare", and is considered as the introduction of living organism and its toxic products in the environment with the purpose of causing death, impede, or harm people, animals or crops. (2) Sabotage using chemical agents is know as "chemical warfare: and is considered as the introduction of chemicals to the environment to cause death, impede, or harm people, animals or crops. 155
LN324-91 (3) Sabotage using nuclear weapons, could just with its destructive capacity, cause serious damage or destruction to property, materials and persons. D. PREPARE AN INVESTIGATION PLAN: (See example #2) 1. Initial plan: a. Determine the purpose of the investigation. b. Determine the place of the incident. c. Determine what official documents are required to travel to the place where the incident took place (passport, visa, etc.) d. Make arrangements to get these documents. e. Determine priorities, if any, that exist in regards to the case being investigated. f. Determine if any restrictions or special instructions are necessary. 2. Modify the investigation plan according to how you could obtain more information. F. CARRY OUT THE INVESTIGATION: 1. Go to the place where the incident took place. 2. Write down the date and time you arrived to area and the weather conditions. 3. Visually search the area to try to find wounded persons and: a. Coordinate medical attention. b. Write down identity of the wounded, so as to possibly question them later. c. Coordinate transportation of wounded persons to medical facilities. 156
LN324-91 (FIGURE/EXAMPLE #2) INVESTIGATION PLAN 1. PURPOSE OF THE INVESTIGATION: 2. TYPE OF INVESTIGATION: Limited 3. THE INVESTIGATION WILL TAKE PLACE IN THE FOLLOWING MANNER: (Discretely) 4. PRIORITY: 30 days after having received the preliminary sheet. 5. SPECIAL INSTRUCTIONS: a. b. 6. INFORMATION PROVIDED: 7. INVESTIGATION SEQUENCE: a. Carry out the review of files. b. Examine the medical and military files of suspect. c. Interview the following persons: (l) (2) (3) d. Carry out the investigation of the neighborhood. e. Carry out the review of credit bureaus. NOTE: THE PLAN DESCRIBED ABOVE MUST BE FLEXIBLE AND ITS INTENTION IS ONLY TO BE USED AS A GUIDE. EVERY CASE MUST BE TREATED INDIVIDUALLY. YOUR PLAN COULD BE SIMILAR, SHORTER OR LONGER ACCORDING TO WHAT THEIR OWN REQUIREMENTS. 157
LN324-91 4. Coordinate work with other investigation agencies that are present in the incident area, or if they should arrive later. 5. Identify and search a road for the medical personnel to use when arriving to the place where there are wounded and/or dead persons. 6. Do not allow the corps to be covered since this could destroy evidence. 7. Protect the area of the incident using persons to maintain the curious passersby away from the area and to avoid that witnesses, suspects and victims destroy evidence. 8. Protect all that could possibly be destroyed by fire, rain or any other thing, such as footprints, etc. 9. Find the possible witnesses in the area. 10. Ask and write down the identity of the witnesses. 11. Separate the possible witnesses and take them outside the incident area. 12. Carry out questioning/preliminary interviews of witnesses to determine: a. How much knowledge they have of the incident. b. Movements that the witnesses have done in the incident area. c. Any tool that the witnesses or other persons have possibly touched. 12. Write down all the pertinent facts: a. Identify the persons involved or that were involved in the area. b. Initial impressions or observations. c. Take photos of the area in all angles. d. Take photos of the persons in the vicinity of the area. 13. Search the incident area and adjacent areas to collect all evidence using the search patterns more useful in the area. a. Pay particular attention to fragile traces of evidence that could be destroyed if not collected immediately. 158
LN324-91 b. Carefully examine all objects or areas where there may be latent fingerprints and make sure that a follow up is done of this fingerprints. c. Take photos or prepare imprints that could have value as evidence. (Example: shoe prints, or boot prints on the ground could indicate the amount of persons involved in the incident). d. Treat stains or accumulation of liquids as evidence and write down its place and take photos of them. e. Treat any tool as evidence until this could be found to the contrary. 14. Collect, mark for identification and process the evidence. F. Transfer the evidence to the criminal laboratories and proper agencies to evaluate such evidence. G. Carry out the review of files. H. Carry out the interviews with "Witnesses" that are necessary: 1. To obtain more information about the incident. 2. To develop new leads and/or sources. I. Prepare Preliminary Reports, if necessary. NOTE: THE PRELIMINARY REPORTS ARE PREPARED WHEN THEY ARE REQUIRED BY THE SOP OR IF AN ORDER IS RECEIVED FROM THE HIGH COMMAND. J. Contact your confidential sources of information. K. Carry out an analysis of the information in the case to identify the suspect. Even though an investigation is basically a collection of information, the analysis of such information is a secondary function. This analysis is the review and comparison of information obtained to develop a hypothesis and come up with conclusions that could be used in identifying the suspects and determining the circumstances of the incident and future actions. NOTE: THERE IS NO FIXED PROCEDURE IN THE ANALYSIS OF INFORMATION OF A CASE TO 159
LN324-91 ARRIVE AT A SOLUTION. ONE METHOD COULD WORK AS WELL AS THE NEXT. NEVERTHELESS, ANY OF THE METHODS USED MUST HAVE THE BASIC FUNCTIONS OF: (REVIEW, COMPARE, AND MAKE A HYPOTHESIS). 1. Review all the information in the case: a. Arrange in an orderly fashion all the information. b. Examine the information in detail to identify the pertinent facts. (1) Determine the dependability of the information. (2) Determine the truth of the information 2. Compare the information known: a. Compare the available information with the legal aspects of sabotage. (l) Identify facts/evidence that support or prove the legal elements of sabotage. (2) Identify vulnerabilities in the information that could require further investigation. b. Compare the information obtained from witnesses with such obtained by other witnesses and sources. c. Identify possible suspects through the information comparison. (l) Identify such persons that have connection with the incident. (2) Identify information that supports or proves the "OPPORTUNITY" that possible suspects may have. (Ask yourself: Is it physically possible that the suspect could have committed the act of sabotage?) (3) Identify information that supports or prove "MOTIVATION" by each suspect. (4) Identify information that proves "INTENT" by part of the suspects. (5) Identify all circumstantial or association information related with each suspect. (6) Evaluate all information and evidence in regards to the test elements required to support the sabotage accusation. 160
LN324-91 3. Show one or more hypotheses. The most possible hypotheses are selected to solve a problem according to the information and available evidence. a. Apply deductive and inductive reasoning to show your hypothesis. (l) Inductive reasoning involves moving from the specific to the general. Develop a generalization of the information being evaluated that could explain the relationship between events under investigation. (2) Deductive reasoning involves moving from the general to the specific. Start with a general theory and apply it to the particular incident to determine if the truth of the incident is part of the theory. NOTE: WHEN USING DEDUCTIVE AND INDUCTIVE REASONING, THE MOVEMENT FROM ONE POINT TO ANOTHER MUST BE DONE LOGICALLY. b. During the study of information to show a hypothesis, the concept of intuition must be considered. Intuition is an internal and sudden solution towards a problem. Intuition frequently clarifies a problem when there is no progress through logic. c. Submit the hypothesis to probability tests, additional information of other witnesses, and other data already known. d. Eliminate the possibilities through the systematic comparison of the hypothesis with the following considerations: (1) Opportunity (2) Motivation (3) Observed activities (4) Corroboration of the suspects' bribes e. Select the best hypothesis based in the consistency of data compared and the high degree of probability. f. Test the hypothesis objectively. g. Modify and/or refute the hypothesis if information to the contrary is found. 4. Determine the requirement/direction of the future investigation activities. 161
LN324-91 a. Identify what could support or prove the hypothesis selected. b. Get the approval of the Control Office to initiate actions that have been identified. L. Carry out the follow up, if necessary. M. Carry out the personnel interviews if necessary. N. Carry out a CI interrogation of suspects, when there is suspicion in regards to the identity of a person. 0. Prepare and distribute the required reports. P. You may consider that the investigation was successful when: 1. All the information and material related to the case has been discovered and developed. 2. The physical evidence available was handled. 3. All the witnesses were interviewed. 4. The suspect was properly interrogated. 5. The case has been reported in a clear, exact and intelligible manner. Back to Top 162
CHAPTER 18 LN324-91 PREPARING AGENT'S REPORTS INTRODUCTION: After the CI agent finishes an investigation or part of the investigation, the following step is to write down all the information in a report, which is known as the Agent's Report. The preparation of this report requires a great effort and skill from the agent. To know how to prepare a good agent's report is one of the requisites and duties of any counter intelligence agent. In this chapter we will discuss all the areas and rules that govern the proper preparation of an agent's report. GENERAL FACTS: NOTE: For effects of this chapter we will use as example an agent's report, see the format that appears in EXAMPLE #1. A. COMPLETE BLOCK #1: (NAME OF SUBJECT OR TITLE OF INCIDENT) NOTE: Typewrite all the information in this block as close as possible to the left margin arid below block #1. 1. THE TITLE BLOCK in this report is always the same that appears in the preliminary sheet (refer to previous examples), or of any pertinent investigative report, with only two exceptions: a. Change the title block to include alias or any other essential information developed during the investigation. b. Change the title block to change any error in the preliminary sheet. All changes and corrections will be written down in Section "Agent's Notes" of the report. 2. When there is no preliminary sheet, or any other investigative reports in regards to this case, prepare the title block in the following manner: 163
LN324-91 (2) Write down the answer to the question "Where" in the second line. (3) Write down the answer to the question "When" in the third line. B. Write down the date in which the report was prepared in block #2 (day, month, year). C. Write the control number in block #3 (CONTROL NUMBER OR FILE NUMBER) 1. If you have a preliminary sheet the name that appears in block #3 of the sheet could be used in this report as well. D. Complete block #4 (Report of Findings): (SEE FIGURE/EXAMPLE #1) 1. Use this block to write down the information obtained during the investigation. This is the most important part of the Agent's Report and must: a. Show in detail all the facts that the source brought. Write down as facts as facts and opinions as opinions. b. It must be pertinent and directly related to the investigation. c. Be written clearly, orderly and clearly understood to avoid wrong interpretations of facts. d. Be impartial, and include favorable and unfavorable information developed during the investigation. e. Be concise and to the point. Describe exactly the activities and attitudes of the SUBJECT. Avoid unclear phrases. f. Be complete. 2. Normally, write the report: (1) In narrative style (2) Using third person (grammatically) (3) Using the simple past. 165
LN324-91 3. PRIVACY PHRASES: (SEE FIGURE/EXAMPLE #2) a. According to Figure #2 select and write down the most appropriate privacy phrase. b. Write down the phrase in the third line where block #4 starts. c. Leave 15 spaces where the left margin of the report. d. This phrase is written entirely in capital letters. 4. DESIGNATION OF PHRASES: (SEE FIGURE EXAMPLE #3) a. Select the appropriate phrase on Figure #3 and write down in parenthesis according to the description in Figure #1. b. It is written two spaces under the Privacy Phrase. 5. Start the Introduction paragraph which has the information about the SOURCE, including identity, employment and address. a. This paragraph starts in the same line of the Designation Phase. b. In the right margin of the report, allow a blank area of at least five spaces to write down the word (LEAD) if necessary. (A LEAD is any information collected during the investigation that requires further development. It could be a name, address, or whereabouts of a person or organization. c. Write down the specific information in the Introduction Paragraph according to the type of report. (SEE FIGURE/EXAMPLE #4, TO SEE WHAT INFORMATION COULD BE USED ACCORDING TO THE REPORT TYPE AND IN WHAT ORDER) d. Write the last name of the SUBJECT in capital letters in the report's text always. 166
LN324-91 FIGURE/EXAMPLE #1 ______________________________________________________________________ AGENT REPORT FROM ______________________________________________________________________ 1. SUBJECT NAME OR TITLE OF INCIDENT2. DATE RAMIREZ. Juan O. 15 May 1988 TCC: TORRES, Antonio O. 3. CON. NUMBER CPT, 000-00-000 FLDN: 9 March 1956, San Salvador, ES ______________________________________________________________________ 4. REPORT OF FINDINGS: WRITE HERE THE PRIVACY PHRASE USING CAPITAL LETTERS. (PHRASE DESIGNATION) Here starts the introduction paragraph under the privacy phrase and in the same line of the designation phase. Allow a space in the right margin to write the word (LEAD) when one comes up during the investigation. (LEAD) If there are more than one paragraph allow two spaces between the paragraphs and prepare the first the same as the second. (RUMORS IDENTIFICATION) Rumor information is written down in a separate paragraph and is indicated with the phrase RUMORS INFORMATION in parenthesis. AGENT'S NOTES: Here you write down all the notes or commentaries that the agent has in reference to the source or the case. The agent's notes are used only once in the report. ______________________________________________________________________ 5. NAME AND ORGANIZATION OF AGENT 6. AGENT'S SIGNATURE ______________________________________________________________________ 167
LN324-91 FIGURE/EXAMPLE #2 PRIVACY PHRASES THE SOURCE DID NOT HAVE AN OBJECTION THE INFORMATION CONTAINED IDENTIFYING HIS IDENTITY TO THE IN THIS REPORT IS OBTAINED SUBJECT. FROM CIVIL FILES. THE SOURCE RECEIVED A PROMISE OF THE INFORMATION CONTAINED IN CONFIDENTIALITY AS A CONDITION THIS REPORT IS FINANCIAL OF HIS COOPERATION WITH OUR INFORMATION AND WILL NOT BE INVESTIGATION. REVEALED TO ANY OTHER AGENCY. THE INFORMATION CONTAINED IN THIS REPORT WAS OBTAINED IN OFFICIAL FILES FROM THE GOVERNMENT. THE INFORMATION CONTAINED IN THIS REPORT WAS OBTAINED FROM PUBLIC FILES. THE INFORMATION CONTAINED IN THIS REPORT WAS OBTAINED FROM MILITARY MEDICAL FILES. THE INFORMATION CONTAINED IN THIS REPORT WAS OBTAINED IN MILITARY FILES FROM THE PERSONNEL OFFICE. 168
LN324-91 FIGURE/EXAMPLE #3 DESIGNATION PHRASES (SUSPECT'S INTERROGATION) (EMPLOYMENT SUPERVISOR) (FILE REVIEW OF LOCAL AGENCIES) (CO-WORKER) (MILITARY SERVICE) (EMPLOYMENT FILES) (MEDICAL FILES) (EDUCATION FILES) (MILITARY FILES) (EDUCATION INTERVIEW) (CIVILIAN PERSONNEL FILES) (DEVELOPMENT/EMPLOYMENT SOURCE) (CITIZENSHIP) (DEVELOPMENT/RESIDENCE SOURCE) (BIRTH) (DEVELOPMENT/EDUCATION SOURCE) (CREDIT REFERENCE/WRITTEN DOWN) (MILITARY COMRADE) (CREDIT REFERENCE/DEVELOPMENT) (MILITARY FILES REVIEW) (PERSONNEL REFERENCE/WRITTEN DOWN) (MILITARY SUPERVISOR) (PERSONAL REFERENCE/DEVELOPED) (COMMANDER) (NEIGHBORHOOD CHECK) (FIRST SERGEANT) (SUBJECT'S INTERVIEW) (POLYGRAPH TEST) 169
LN324-91 e. Use the complete name of the SUBJECT in the first sentence of the introduction paragraph. 6. Complete the rest of the report, writing down all the information about the SUBJECT obtained during the investigation. The exact report format will be determined by the type of report. Below, we list various formats for the different types of reports: a. INVESTIGATION REPORT OF PERSONNEL SECURITY: 1) Enter the association paragraph which has a complete and concise description between the Source and the SUBJECT. (a) This paragraph must be answered with the questions in figure #5 as a minimum, which will establish the nature, degree and length of its association. (SEE FIGURE/EXAMPLE #5) _______________ (b) Write down the last name of the SUBJECT the first time it comes up in the association paragraph. After mentioning for the first time, it could be referred to it with the word SUBJECT. 2) Between the history paragraph which contains information of the SUBJECT'S history, such as: (a) Date and birth place (b) Family situation/marriage (c) Military service (d) Residences (e) Education (f) Employment (g) Associates NOTE: Information areas that are not covered during the interview could be used to include the first sentence like: (The source could not provide more information about the education, residence, employment of the SUBJECT). NOTE: The history information must be written down chronologically, that is in the time frame they occurred. 170
LN324-91 3) Between the LIDMC paragraph, which contains favorable and disfavorable information in regards to loyalty, integrity, discretion, moral and character of the SUBJECT. (This is known as LIDMC) Areas that enter or are discussed in the LIDMC paragraph are: Sexual moral Non-prescribed medications Ethics Financial stability Honesty Improper gains Integrity Police agencies Maturity Government overthrow Discretion Deny civil rights Character Other organizations Mental stability Foreign travels Emotional stability Friends/foreign friends Betting Foreign business connections Alcoholic beverages Loyalty Drugs NOTE: Answer all the questions on the themes mentioned above even though the SUBJECT gives you a negative answer such as (I DON'T KNOW). The negative answers are included in the report in the last sentence, ("THE SOURCE did not provide information about the SUBJECT'S foreign travels"). 4) Between the RECOMMENDATION paragraph such as the last paragraph of the personal security investigation report. (a) This paragraph contains the recommendation from the source in regards to if he recommends that a position of trust and responsibility is given to the SUBJECT. (b) Use the SUBJECT'S complete name and not the word SUBJECT in the first phrase of the recommendation paragraph. (c) A source could be give one of four recommendations: (1) He could decline to recommend him: "The Source refused to give a recommendation in regards to Arturo G. RIVAS, for a job in a position of trust and responsibility since he has only known hin for (8) weeks. 171
LN324-91 (2) Could give a favorable recommendation: "The Source recommended Arturo G. Rivas for a position of trust and responsibility with the national government". (3) Could give a non-favorable recommendation: "The Source did not recommend Arturo G. RIVAS for a position of trust and responsibility with the national government due to his dishonesty and lack of integrity. The Source made a sworn declaration and was willing to appear before a hearing or trial in regards to the SUBJECT." (4) Could give a qualified recommendation: "The Source recommended that Arturo G. RIVAS is considered favorably for a position of trust and responsibility with the national government, under the condition that he (RIVAS) control his drinking habits. The Source made a sworn declaration and was willing to appear before a hearing or trial in regards to the SUBJECT. b. Files review: 1) The format will depend upon the type of file being reviewed: (a) The information obtained from the normal files will be presented in a tabulated manner (SEE FIGURE/EXAMPLE #6). (b) The information was also presented in a narrative manner. (SEE FIGURE/EXAMPLE #6) (c) A combination of narrative and tabulation could be used. (SEE FIGURE #6). c. Incident, complaints, or limited investigations: (1) Write down one or more information paragraphs that describe the clear and complete story. 172
LN324-91 (2) Present all information in chronological order. (3) Answer the following questions to develop all the information: (a) Who (b) What (c) Where (d) When (e) Why (f) How d. When a report is long and there is not enough room in the first page: (1) Allow at least half inch of space in the lower part of the report and write down (continued) between parentheses on the lower part below the report. (If there is need to include classified information in this report, allow at least one inch of space. (2) The report could be continued using the same format on the first page with the same information in blocks 1-3 and from 5-6. 7. Write down the Rumors' Information if applicable: (SEE FIGURE/EXAMPLE #1): ________________ a. Use this paragraph when developing rumors or information such as that. b. When the original source of the information could not be determined. c. When leads that could verify or deny this information could not be identified. NOTE: Put the paragraph (Rumors' Information) in the Investigation of Personal Security reports between the LIDMC paragraph and the Association paragraph. 8. Enter the agent's notes paragraph: a. This paragraph helps officials that review the report to evaluate the information, and call the pertinent discrepancies to attention. (1) Discuss the reason why a lead was not developed or why a particular lead could not be developed. 173
LN324-91 (2) Write down facts of your (Agent) personal knowledge that could help to clarify the incident. (3) Write down the pertinent information from the Source and do not discuss the rest of the report. (4) From your personal opinion of the SUBJECT, or the information acquired from him, if it is necessary to clarify some doubts. It must be specified that this is only the Agent's opinion. (5) Discuss any existing discrepancies in the Personal History of the SUBJECT. (6) Discuss the condition in which the files reviewed were found, if this affects its validity or not. (7) Explain and discuss any work or phrase that is difficult to understand normally. (8) Call attention to conflicts or discrepancies in the different stories that come up from the investigation in regards to the same information. Write down your personal opinion about which of the stories you personally think has more validity. (9) Indicate if any of the sources have the same last name or are related. (Only if it applies in the report). b. Do not use the Agent's notes to: (1) Provide much information that is not pertinent to the case. (2) Point out the minor discrepancies in the Personal History of the SUBJECT. (4) Describe the difficulty you had to find a source. (5) Indicate recommendations. E. COMPLETE BLOCK #5: (NAME AND ADDRESS OF THE ORGANIZATION OF THE SPECIAL AGENT) (SEE FIGURE/EXAMPLE #1) 174
LN324-91 F. EDIT/REVIEW YOUR REPORT ACCORDING TO THE FOLLOWING RULES: 1. Structure of the sentences and their contents: a. The sentences must be: 1) clear 2) concise 3) simple 4) impartial b. The sentences must not contain: 1) Local idioms 2) Vulgar words (Unless you are quoting the SUBJECT'S exact words). 2. The correct use of the work SUBJECT, and the name of the person who is interviewing: a. Always write the name of the person interviewed in capital letters. b. The word "SUBJECT" in capital letters could substituted the name of the interviewee, except: 1) In the first sentence of the introduction and recommendation paragraphs. 2) The first time the interviewee is mentioned in the association paragraph. c. Write in capital letters all the pronouns that are used to refer to the SUBJECT. EXAMPLE: (HE, SHE). 3. The appropriate use of the word "SOURCE": a. Write down the name of the source normally when it its mentioned in the report, without using capital letters. b. You may substitute the word "Source" with only the "5" in capital letters when mentioning the source in the report. 175
LN324-91 c. If you wish to use the pronoun to refer to the Source, write the first letter in capital letters, "He", "She". 4. The appropriate use of the names of other persons mentioned in the report that are not the "SUBJECT or the Source a. The first time another person is mentioned in the report, you must completely identify him, including the complete name, employment address, residential address or any manner in which we could contact him. b. After identifying the other persons for the first time, you could refer to them in the rest of the report using only their last name, unless when two persons have the same last name, then you must identify them with their complete name. c. If only the last name of the person is known, write down FNU which means, FIRST NAME UNKNOWN, EXAMPLE (FNU Gonzalez). d. If you only know the first name of the person, write down LU, which means LAST NAME UNKNOWN, EXAMPLE (Raul LU). e. Never use FNU, LU, together. If you do not know the name of the person, indicate it in the following manner. "The SUBJECT was married with a woman, unknown name... f. If a source is not sure as to how to spell a name, write down the word "Phonetics" in parenthesis after the name. This means that the name was spelled by sound only. g. Indicate the maiden names of the women in the following manner. (Maria Gomez, N: Gonzales) This means that the maiden name of Maria is Gonzales. h. Do not identify the confidential sources by their proper names. Use the numbers or code names only. Do not use phrases in the report that could identify, or help find a confidential source in your reports. 176
LN324-91 5. CAPITALIZATION: When you are preparing the Agent's report you must follow the following rules in regards to writing words and capital letters. Capitalize: a. The first word of each sentence. b. The first letter of the word "Source". c. The first letter of proper names, places, countries, races, languages, months, and days of the week. d. All letters of the SUBJECT'S last name. e. All the words in the PRIVACY PHRASE. f. The word SUBJECT. g. All the PHRASES OF DESIGNATION. h. Al the classifications of security (CONFIDENTIAL, SECRET, ULTRA- SECRET). i. Pronouns when they are substituted by the SUBJECT'S name (HE, SHE). j. Names of all the political parties and organizations (Liberal Party). k. All the titles before the names (Dr., Att., Md.) 1. Titles of rank, office, or profession if accompanied by names, (GONZALES, Raul, JCS, Joint General Staff). m. Names of regions, locations, or geographic structures, (East, West, North). n. The names of organizations formally structured and established. (Joint General Staff, Department of National Investigations, National Police, etc.) o. The names of languages, (English, Spanish, French, etc.). 177
LN324-91 p. The names of schools, universities, (Santa Maria School, University of El Salvador, etc.) q. University degrees, (Master in Medicine, Law, etc.) 6. DO NOT CAPITALIZE THE FOLLOWING: a. Names of studies/courses (mathematics, history, biology, chemistry) except languages (English, Spanish, French, etc.). b. Descriptive terms to show addresses, (over, below, at left, at right). 7. The use quotation marks " " " a. Do not use quotation marks to show common nicknames, unless it is used with the full name of the person. (Herman "Babe" Ruth). b. Do not use quotation marks with names of newspapers and magazines, underline them: (El Diario). 8. Use of commas: a. Use commas between cities and country, (San Salvador, El Salvador). b. Use a comma to separate absolute phrases, (Juan Jimenez, the richest man in the world, was arrested yesterday). 9. Underline: a. Underline words in another language, followed by the translation to Spanish in parenthesis, (He worked at the Post Office (Correo). b. Underline any information developed during the interview that is different than that which appears in the SUBJECT/TITLE block. 178
LN324-91 9. The use of short titles: a. To use short titles means to take the first letter in each name of an organization or theme and to write them in parenthesis, later, the short title could be used in the report: EXAMPLE: "The Source works in the Joint General Staff of the Armed Forces (JGSAF), of El Salvador (ES). b. As soon as the short title is established it could be used without the parenthesis. Only use the parenthesis when mentioning the short title for the prist time. EXAMPLE: The Source said that the SUBJECT also worked at JGSAF, ES. c. The short titles are used for schools, units and military installations. d. Never use short titles for person's names. e. Do not use short titles if the phrase will only be used once in the report. 10. Abbreviations: a. Do not use many abbreviations in your reports. b. If you use abbreviations, spell out the complete word the first time mentioned in the report, and later use only the abbreviation. c. Do not abbreviate military ranks if they are mentioned alone without a name, (The man was a captain). You may abbreviate when it is accomplished by a name, (The CPT Ramirez is a good soldier). d. Never abbreviate the months in the year and use the complete year in your reports, (the 15 May 1988). 11. The use of numbers and numerals: a. When using numbers from one to nine, spell them out, (one, two, three, four,...nine). b. From nine on you may use numerals (10, 11, 12, 13, etc.). c. Use numerals to describe: (1) Sums of money. The amount does not matter always use numerals. 179
LN324-91 (2) Numbers in streets in addresses, (50th Street). (3) Apartment and room numbers. (4) Temperature degrees, prices, percentages, etc. d. Do not use numerals: (1) When starting a sentence, spell out the number, (Four terrorists were captured yesterday). e. Use the following rules for the military reports: (1) Use the military form of writing the time (According to your SOP). (2) The units, companies, squadrons, regiments, etc., could be abbreviated and are not placed in numerical order when mentioned in the report. (He belongs to the 1st Squadron, 2nd Company, Cavalry Regiment). G. Complete Block #6 (SIGNATURE): 1. Sign your name the same way in which it appears written in block # 5. 2. All reports require an original signature in each page, do not use carbon paper or stamps when signing the report. H. Mark all the pages of the report with its appropriate classification. (The classification will be selected according to the requirements of your SOP). I. Send the completed report to the Control Office. 180
LN324-91 FIGURE/EXAMPLE #4 EXAMPLES OF INFORMATION FOR THE INTRODUCTION PARAGRAPH _______________________________________________________________________ 1. SOURCE'S INTERVIEW (INVESTIGATION OF HISTORY): (DESIGNATION PHASE): Interview date; identity of interviewed person (name, occupation, residence, rank, serial number, position); and the place where the interview took place. The reason for the interview, and the association and period of knowledge between the SUBJECT and the interviewer. 2. SOURCE'S INTERVIEW (INVESTIGATION OF THE INCIDENT): Interview's date; complete identity of the source; interview place, and if necessary, the reason for the interview. 3. FOLLOW-UPS: Date, length, follow-up type and any information with respect to persons under follow-up (observation); place, and the identity of the persons that are handling the follow-up. If the situation requires the protection of the identity of the persons (without counting the agents), a code reference must be used. 4. SUBJECT INTERVIEWS: (DESIGNATION OF PHASE); date of the interview, identity of the SUBJECT (complete name, rank, serial number/identity number, position, employment place and residence address and employment place); sworn declaration of truth; interview place; purpose for the interview; notice of legal rights; notice of need to have a written sworn declaration by the SUBJECT. 5. REVIEW OF FILES: (DESIGNATION PHASE); review date; finding the files, office or any place, name and position of the person who brought access to the files, complete identity of the file (title, page, or any other information that helps in the identification of the file). 181
LN324-91 CONTINUATION OF FIGURE/EXAMPLE #4 6. SEARCHINGS, SCRUTINIES, SEIZURES: Date of activity, identification of persons and/or units carrying out such activity; and the authority to carry out this authority. In scrutinies and seizures you need the name of the official that serves as witness. (Normally this person is the SUBJECT'S commander). 7. INVESTIGATIVE INTENTS: Date of intent, identity of the persons whom they tried to interviewed; identity of persons to whom they talked; reason for which the person was not able to be interviewed; and any other possible lead. The explanation must show that everything possible was done to find the source or the person but it was not possible. 8. CONFIDENTIAL SOURCES: Sources that have codes for identification purposes will not be identified, neither phrases nor information that could give leads as far as identity or location will be included in the report. The confidential sources will only be mentioned by its code, or designated symbol. To help evaluate the information, the Agent indicates through a phrase the security level the source has. EXAMPLE: "The Source, who has brought confidential information in the past... "The Source, who has brought information that has been corroborated partly by other sources "The Source, whose security is unknown, but who has known the SUBJECT during the last five years.... 182
LN324-91 FIGURE/EXAMPLE #5 ASSOCIATION PARAGRAPH 1. The first time they met (were introduced) and the circumstances of such meeting. 2. The last time they met and the circumstances. 3. Type of contact (professional or social, or both). 4. Contact frequency. 5. Closest association period, if any. 6. Moments in which they did not have contact for 31 days or more. 7. Communication between them during the period in which they did not have contact. 8. Communication or correspondence from the date of last contact. 183
LN324-91 FIGURE/EXAMPLE #6 ______________________________________________________________________ AGENT REPORT FROM ______________________________________________________________________ 1. SUBJECT'S NAME OR TITLE OF INCIDENT 2. DATE RAMIREZ, Juan O. 15 May 1988 TCC: TORRES, Antonio O. 3. CONT. NUMBER CPT, 000-000-000 9 MARCH 1956, San Salvador, ES ______________________________________________________________________ 4. REPORT OF FINDINGS: WRITE HERE THE PRIVACY PHRASE USING CAPITAL LETTERS. (MEDICAL FILES) El (DATE), Juan O. RAMIREZ'S military medical files at the Military Hospital, San Salvador, El Salvador were reviewed by (rank and Agent's name), Special Agent, Joint General Staff, substantially and revealed the following information: NAME: RANK: SERIAL NUMBER: UNIT: DATE OF LAST MEDICAL CHECKUP: The SUBJECT'S file did not have information that could indicate the ilegal use of drugs or marihuana; abuse of prescription medicines or any other medicines; the chronic use of alcoholic beverages, or mental or nervous disorders. No physical disorder or medicines indicated in the file give any abnormal indications. ______________________________________________________________________ 5. NAME AND ORGANIZATION OF AGENT 6. SIGNATURE OF AGENT 184
LN324-91 REPORT FROM AGENT _____________________________________________________________________ 1. NAME OF SUBJECT OR TITLE OF INCIDENT2. DATE ___________________________ 3. CONT. NUMBER _____________________________________________________________________ 4. REPORT OF FINDINGS: ______________________________________________________________________ 5. AGENT'S NAME AND ORGANIZATION 6. AGENT'S SIGNATURE Back to Top 185
CHAPTER 19 LN324-91 INVESTIGATION REPORT INTRODUCTION: As CI espionage agent you must have the knowledge of how to prepare an investigation report. An investigation report is an accumulation of agent's reports in a concise summary of basic interrogations in which only the facts are written down. GENERAL FACTS: NOTE: Example #1 is the format for the investigation report. A. PREPARE THE REPORT'S HEADING: 1. Write down the date in which the report was prepared in the block "DATE SUBMITTED" in the report. 2. Write down the "focus" information if it applies in this report. This block is pertinent if the report deals with an investigation of history. If this is not an investigation of history, leave this block blank. 3. Write down the category of the case in block "CASE CLASSIFICATION". (Example: Espionage, Sabotage, Subversion, etc). B. If this is a Personal investigation of a SUBJECT (that is, in which the SUBJECT is known) fill out blocks 1 to 10. If the SUBJECT is not know, enter N/A (Not applicable) in these blocks. 1. Write down the name (last name in capital letters, first name, and initial) of SUBJECT in block #1. 2. Write down the serial number, identity number, of the SUBJECT in block #1. 3. Write down SUBJECT'S race in block #3. 4. Write down the rank, that is military or civilian, in block #4. 5. Write down the branch of the Armed Forces to which the SUBJECT belongs, in block #5. 6. Write down the position that the SUBJECT occupies in block #6. 186
LN324-91 7. Write down the date of SUBJECT'S date of birth in block #7. 8. Write down the SUBJECT'S place of birth in block #8. 9. Write down the unit or the employment address of SUBJECT in block #9. 10. Write down the SUBJECT'S residential address in block #10. C. If this is an INCIDENT case (Person or unknown persons), fill out blocks 11 to 15. If this is not an INCIDENT case, write down N/A in these blocks. 1. Write down the incident's title in block #11. 2. Write down the incident's date in block #12. 3. Write down incident's time in block #13. 4. Write down the place where the incident occurred in block #14. 5. Write down the register numbers or serial numbers of any equipment that was involved in the incident in block #15. D. Complete the Control Section: 1. Write down symbol/control number or the file number in block #16. 2. Write down the name of organizations that are involved in carrying out the investigation in block #17. 3. Write down the name of the control office in block #18. E. Complete "Investigation Facts" section: 1. Write down the name of the person or organization that requested the report in block #19. 2. Write down the reason for which the investigation is being carried out in block #20. 3. Write down the information about the date of investigation in block #21: a. Write the date in which the investigation started. 187
LN324-91 b. Write down the date in which the investigation ended (If it has not ended yet, write down N/A in this space). F. Write down the "Present Situation of the Case" in block #22: 1. CLOSED: An investigation is indicated as "CLOSED" when there is no need for further investigative activities for the authorities to make a decision upon the case. 2. FINISHED/ELIMINATED: An investigation is considered FINISHED when the investigation has stopped for any reason that is not the conclusion of the case. 3. SUSPENDED: An investigation is considered SUSPENDED when the information obtained is not complete and all the tangible leads have been exhausted, but there is a possibility yet that new information will spring up in the future. 4. PENDING: An investigation is considered PENDING when the investigation is continuous. (or that there are many facts and leads to be resolved and developed yet). F. Complete the "Synopsis" Section: NOTE: THE Synopsis IS A SUMMARY, CONCISE, IN PARAGRAPH FORMAT, WRITTEN IN A LOGICAL SEQUENCE OF INVESTIGATIVE ACTIONS, AND ANSWERING TO THE MOST COMPLETE MANNER TO "WHO", "WHAT", , "WHERE", "WHY", AND "HOW" OF THE INVESTIGATION. RECOMMENDATIONS, OPINIONS, OR CONCLUSIONS MUST NOT BE INCLUDED IN THIS REPORT. THESE COMMENTARIES MUST BE INCLUDED IN THE TRANSMISSION LETTER OF THE INVESTIGATION REPORT. 1. Margins: a. Start the report three (3) lines below de black border in the upper part of the Synopsis block. b. The black border in this report will serve as the left margin of the report. 2. Enumeration of Paragraphs: The paragraphs in the Synopsis Section of this report will not be enumerated. 188
LN324-91 3. Classification of paragraphs: Each paragraph of the Synopsis will have the Specific Classification of that paragraph at the beginning. This is done by writing the classification of each paragraph in quotes at the start of the paragraph. (Example: (C) THE STUDENTS WERE 4. Convincing documents to the report: a. All convincing documents (or additional documents) to the report will be named in parenthesis within the Synopsis paragraph that these support. For Example if Agent #1's report supports the first paragraph of the Synopsis, you will include something like this within the paragraph: (Agent #1's report). 5. Classification of the report: The report will be classified according to its content, and what is stipulated in the SOP. G. Continuation pages: If the report could not be finished in the first page, it is continued in another page in blank, using the normal margins according to the SOP. 1. In the upper part of the continuation page, write the Title (Theme), or the name of the SUBJECT in the lower part and the Date and number of the file in the right portion of the paper. EXAMPLE: BENITEZ, Wilfredo D. DATE: 1 May 1988 FILE NUMBER: 50-88-0-1 H. Complete the "Distribution" Section in block #24. The distribution of the report will be made according to its SOP. I. Complete the "Reviewed by" section in block #25. The typewritten name and signature of the authority that reviewed the report is written down in this section. 189
LN324-91 INVESTIGATION REPORT DATE SUBMITTED _________________________________________________________________FOCUS (HISTORY) CASE CLASSIFICATION _____RAL _____RAG _____IAE _____IAI _________________________________________________________ IDENTIFICATION DATA 1.LAST NAME FATH. MOTH. NAM., INIT. 2.I.D. 3.RACE 4.RANK 5.BRANCH _________________________________________________________6 .POSITION7. DATE OF BIRTH 8. PLACE OF BIRTH _________________________________________________________ 9. UNIT OR EMPLOYMENT ADDRESS 10. RESIDENTIAL ADDRESS _________________________________________________________ 11. INCIDENT'S TITLE 12. INCIDENT'S DATE 13. INCIDENT'S TIME _________________________________________________________14.LOCAL (BUILD. UNIT) 15. EQUIPMENT, ETC. SERIAL NUN. _________________________________________________________ CONTROL DATA 16. CONTROL SYMBOL OR FILE NUMBER __________________________________________________________________17. INVESTIGATION DONE BY (ORG.) 18. CONTROL OFFICE INVESTIGATION DATA 19. INVESTIGATION REQUEST BY20. REASONS FOR INVESTIGATION ________________________________________ 21. INVESTIGATION DATE START COMPLETION ________________________________________ ________________________________________ 22. PRESENT CASE SITUATION _____CLOSED _____FINISHED ______SUSPENDED ______PENDING _______________________________________________________ 23. SYNOPSIS 24. DISTRIBUTION Back to Top 190
CHAPTER 20 LN324-91 25. REVIEWED BY NAME AND TITLE SIGNATURE PREPARATION OF SUMMARY REPORTS INTRODUCTION: A summary report (SR) is the vehicle used to summarize certain aspects of an investigation, or give emphasis to key points of actions in an investigation. This report is not as detailed and is not designed to replace the Agent's Report. It is as the title implies, a summary. The (SR) must contain certain favorable or derogatory (unfavorable) concise information declarations, if it applies, this way the perspective of the case or investigation will not be altered. GENERAL FACTS: A. Preparing the heading. 1. Write down the preparation date in the "Date" section. 2. Write down the identity of the "Preparing Office". 3. Write down the SUBJECT'S information using the same rules in the Agent's Report. a. Father and mother's last name in capital letters, name, initial. b. Identification number. c. Date and place of birth (FDLN). EXAMPLE: PEREZ-RIVERA, Juan A. I.D. NUMBER: 111-11-1101 PDOB: 1 January 1947, San Miguelito, ES 191
LN324-91 B. Write down the information to be reported in the "Summary Report" section. The text starts in the third line of the black line in the upper part of the block titled "Summary Report", leaving two lines in the upper part. The line or black border to the left of the document is used as a margin for all items. 1. Write down the numbers in sequence. For example: 1. 2. 3. 2. Write down the classification contained in each paragraph. For example: 1. (C) 2. (S) 3. (NC) 3. Write down the evaluation code (key word) of the information content of each paragraph using the evaluation system shown in the SR. The evaluation code must be written down in the last line of the paragraph in the right edge (Figure 1). NOTE: If there is not enough space to write down the evaluation code in the last line of the paragraph, the evaluation code will be written down in a line below the last line of the paragraph and in the extreme right of the document. Example:________________________________________________________________ _____________________________________________ ________________________________________________________________________ ______he left in a Toyota with Cuban license plates. (F-6) 192
LN324-91 C. Information Sources. Information sources normally are not revealed in the SR. If the report is kept within military intelligence, the source could be identified if the identification is necessary to establish the truth of the information. When the source is not identified, for security purpose, an indication of the access to the information could be included while the information about the source is not as explicit that it identifies the source. When the SR does not reveal the source's identity the copy of the office files should write down the source(s) identity. A code number must be used when the source's identity requires protection. Bibliographies of the sources could be added in the files when using more than one source for the same report. D. Information from other government agencies. Information obtained form other government agencies, except from the Armed Forces, will not be included in the SR. If other agencies outside the Armed Forces solicit the information obtained in the SR, the originator or the source must give permission for the information to be divulged. If the SR contains information that has been authorized to be divulged to other agencies, this information will be written in capital letters and underlined. Example: THE SOURCE WHO IS CONSIDERED TRUSTWORTHY INFORMED THE __________________________________ ___________(Figure 1, Paragraph 4). When this type of information appears in the SR, the following declaration must be included and must appear as a non-numbered paragraph and at the end, written in capital letters. (Figure 1, Paragraph 4). Example: INFORMATION FROM OTHER SOURCES OUTSIDE THE SOURCES FROM THE ARMED SOURCES ARE INCLUDED IN THIS SR. THIS INFORMATION WILL NOT BE DIVULGED TO ANY OTHER AGENCY OUTSIDE THE ARMED FORCES. E. Additional space. If you need additional space, two lines in the lower part of the document will be left blank and the text will continue in blank paper with normal margins. In the upper part of the white paper, the SUBJECT'S block will be placed at left with the date and reference files. 193
LN324-91 Example: 1 August 86 PEREZ-RIVERA, Juan A. I.D. NUMBER: 111-11-1101 PDOB: 1 January 1947, San Miguelito, ES he came into the restaurant and sat down at the corner table where was accompanied_____________________________________________ F. SR distribution. The last item of the SR is the distribution. The distribution will be indicated according to the SOP. (Example in figure 1). G. Closing the SR. The SR is not signed. The file copy will have the person s name who prepared the SR typewritten in the upper part at the document's right corner. H. The SR will be classified according to its content. 194
LN324-91 ____________________________________________________________ SUMMARY REPORT DATE ____________________________________________________________ PREPARING OFFICE ____________________________________________________________ SUBJECT SOURCE'S EVALUATION CODE ABOUT THE INFORMATION COMPLETELY TRUSTWORTHYA CONFIRMED BY OTHER NORMALLY TRUSTWORTHY B SOURCES 1 COMFORTABLY TRUSTWORTHY C PROBABLE TRUTH 2 NORMALLY NON-TRUSTWORTHY D POSSIBLE TRUTH 3 NON-TRUSTWORTHY E DOUBTFUL TRUTH 4 TRUST NOT KNOWN F IMPROBABLE 5 TRUTH CANNOT BE JUDGED 6 ___________________________________________________________SUMMARY REPORT ___________________________________________________________________ DISTRIBUTION ___________________________________________________________________ Back to Top 195
CHAPTER 21 LN324-91 SCRUTINY OF CI INFORMATION INTRODUCTION: The scrutiny process and CI interrogation allows us to identify and explore the persons/targets of interest to CI. This process allows us to detect these persons or targets, it helps us in the imposition of the same in an effective manner. GENERAL FACTS: A. DETERMINE THE PURPOSE OF THE SCRUTINY AND CI INTERROGATION: 1. The CI scrutiny operations, submit, in a systematic way, the civilians in the combat area to a series of questioning/interviews/interrogations with the purpose of: a. Find and segregate suspicious persons. b. Identify persons of interest to the CI. (See Example #1). NOTE: THE CI SCRUTINY OPERATIONS ARE CARRIED OUT TO INTERCEPT ENEMY INTELLIGENCE AGENTS, SABOTAGE AGAINST, INSURRECTION TRYING TO INFILTRATE OUR AREA OF OPERATIONS. c. Obtain information of immediate value to the intelligence. d. Obtain information that normally will not be available to the intelligence units. 2. The CI interrogation operations are carried out to obtain the maximum amount of information about the enemy's intelligence operations in the least possible time. B. Determine the types of scrutiny operations necessary to satisfy search requirements and CI operations. 196
LN324-91 EXAMPLE #1 VARIED CATEGORIES OF PERSONS THAT ARE OF INTEREST TO CI 1. REFUGEES AND DISPLACED PERSONS 2. BORDER CROSSERS 3. ENEMY UNITS DESERTERS 4. CIVILIAN PRISONERS AND WAR PRISONERS 5. CONCENTRATION CAMP CAPTIVES 6. RESISTANCE ORGANIZATIONS MEMBERS WHO ARE INTERESTED IN JOINING OUR LINES 7. ENEMY COLLABORATORS 8. CI TARGETS, SUCH AS THOSE APPEARING IN BLACK, GREY AND WHITE LISTS 9. VOLUNTARY INFORMANTS 10. PERSONS WHO HAVE TO BE INTERVIEWED BECAUSE THEY ARE UNDER CONSIDERATION FOR EMPLOYMENT WITH THE DEFENSE FORCES OR WITH THE CIVILIAN AFFAIRS OFFICE. 197
LN324-91 1. You must establish operations with a central scrutiny focus normally in the area of collection of war prisoners. This central scrutiny point: a. Has as purpose to receive, segregate, investigate and classify war prisoners, border crossers, refugees, etc. b. Receive persons captured by combat troops, support and logistics within the operations area. 2. Fixed checking points, are permanently occupied by combat troops or military police with the support of interrogation agents or CI personnel, in the entrance to towns, crossing of rivers, and in other similarly strategic areas. 3. Mobile checking points, (in vehicle, or on foot) are used as a mobile system for choosing persons of interest at random. This point must be located in various places and should not be fixed in the same place for longer than a day. 4. Wall in and search operations are used to segregate the town, area or valley, investigate the inhabitants and search residences and public areas. D. Determine the personnel requirements: The normal investigation equipment are Military Police, combat troops, civilian affairs personnel, interrogation agents and CI agents. E. Determine the specific method of identifying persons of interest to CI: 1. Carry out initials interrogations of chosen civilian and military personnel. 2. Use the black, grey and white lists. 3. Use an informant/source who is infiltrated in prison cells or detention centers/war prisoners. 4. Place recording or sound equipment in the detention areas of refuges or war prisoners. 5. Distribute a list of CI indicators of interest among the military police, interrogation agents, civilian affairs personnel and any other personnel involved in investigations. (SEE EXAMPLE #2). 198
LN324-91 EXAMPLE #2 CI INDICATORS OF INTEREST 1. PERSONS IN MILITARY AGE 2. PERSONS WHO TRAVEL ALONE OR AS A COUPLE 3. PERSONS WITHOUT PERSONAL IDENTIFICATION 4. PERSONS WITH STRANGE DOCUMENTS 5. PERSONS WHO HAVE GREAT AMOUNTS OF MONEY, JEWELS IN THEIR POSSESSION. 6. PERSONS WHO SHOW UNUSUAL ACTIONS 7. PERSONS WHO TRY TO AVOID DETENTION OR INTERROGATION 8. PERSONS WHO USE ENEMY'S METHODS OF OPERATION 9. PERSONS KNOWN AS ENEMY SYMPATHIZERS 10. PERSONS WITH A SUSPICIOUS HISTORY BACKGROUND 11. PERSONS WITH RELATIVES IN THE ENEMY'S AREA 12. PERSONS WHO HAVE TECHNICAL SKILLS OR SPECIAL KNOWLEDGE 13. PERSONS WHO HAVE COLLABORATED 14. PERSONS WHO DISOBEY THE LAWS IN THE ENEMYS AREA 199
LN324-91 E. Examine the files of the data base from the infrastructure of the enemy's intelligence so as to become familiar with: 1. Operation methods 2. Procedures/rules 3. Objectives 4. Offices and sub-offices 5. Known agents F. Study the areas under the enemy's control so as to become familiar with: 1. The geography 2. Points/historical or tourist areas 3. Distances and road conditions 4. Political situation 5. Social and economic traditions 6. Traditions and customs 7. Racial problems G. Analyze the operations area to determine: 1. Curfews 2. Movement restrictions 3. Rationing 4. Obligatory service for army 5. Labor civilian programs 6. Requisite to become a member in political organizations 7. Other restrictions that have been imposed by the population 200
LN324-91 8. Acquiring knowledge of all the restrictions that have been imposed to the population could help you to: a. Detect discrepancies b. Recognize changes in enemy activities c. Maintain control H. We must study the situation and the files of the order of battle to become familiar with: 1. Enemy units in the area of operations 2. Enemy units adjacent to area of operations 3. Dispositions 4. Capacities 5. Weaknesses/vulnerabilities 6. Composition 7. Training 8. Equipment 9. Activities or recent operations 10. History 11. Personalities and commanders I. Analyze the intelligence priority requirements of the commander to recognize, detect, explore and report the facts of the Order of Battle (OB). NOTE: THE CI AGENT DOES NOT QUESTION THE SUSPECTS WITH THE PURPOSE OF OBTAINING INFORMATION FROM OB; NEVERTHELESS, EACH CI AGENT MUST FAMILIARIZE HIMSELF WITH THE COMMANDER'S RPI/RI TO RECOGNIZE PERSONS WHO POSSIBLY HAVE THE OB INFORMATION. J. Prepare a list of indicators to help the investigations personnel in identifying the hostile infiltrators/enemies. 201
LN324-91 L. Coordinate WITH: 1. The commander in regards to the segregation of refugees and war prisoners in your area of operation. 2. The military police for the control of evacuation of refugees and war prisoners. 3. WITH the G5 for the support of civilian affairs and psychological operations. 4. The civilian authorities if the control of the area has been returned to them. 5. WITH the interrogation agents to: a. Agree on the categories of persons that will be transferred to CI control for further questioning. b. Decide where to place the CI interrogation agents and the methods use to transfer the detained from one place to another. M. To carry out the initial investigation of the persons: 1. You must segregate the detained, if they are more than one, according to the following manner: a. Civilians from military men b. Officers from troop soldiers c. You must segregate them even more if necessary according to: 1. Nationality 2. Sex 3. Rank 4. Branch of military service NOTE: YOU SHOULD SEGREGATE PERSONS IF THERE IS ENOUGH PERSONNEL AVAILABLE TO CARRY OUT THIS OPERATION. 202
LN324-91 2. Determine the apparent level of knowledge of the person evaluating the following: a. His physical appearance. b. All documents, arms and equipment held that was captured WITH the person. 3. Select personnel of CI interest, comparing the person WITH the indicators in Example #2 and the type of persons in Example #1. N. Carry out the interrogations of specific persons O. Make a disposition of the persons: 1. Exploit persons who have access and are settled in areas of interest. 2. Transfer these persons to the central point of investigation to be reintroduced to the flow/group of war prisoners and refugees. P. Complete the required reports. Back to Top 203
CHAPTER 22 LN324-91 CI INTERROGATION OF SUSPECTS INTRODUCTION: The CI (espionage) agent in combat could only have a minimum amount of information with which to conduct the work or have minimum knowledge of the situation and the area. In spite of his conclusions been based in that minimum amount of information, he must be impartial in the search for facts. As a CI espionage agent you must have two things in mind in working as an interrogator, the detection and prevention of a threat and the security of the armed forces and the collection of information of interest for the departments of intelligence. GENERAL FACTS: A. Carry out an exhaustive study of all the material available in the case under investigation: 1. The interrogation is the art of questioning and examining a source to obtain the maximum quantity of useful information. The goat of interrogation is to obtain true and useful information in a legal manner and in the minimum amount of time possible. 2. To do effective work and carry out a logical sequence of questions, you must always have in mind all that you know to that moment about the case under investigation. a. Identify yourself to all persons involved in the incident, including witnesses, victims, and investigations. b. Identify the exact circumstances of the incident occurred. c. Determine where each incident happened or activity. d. Identify how it happened. e. Identify why it happened. 2. Pay particular attention to all the details of the case, especially those details that are not of public knowledge as yet. 204
LN324-91 d. Become familiar WITH the legal aspects and procedures that apply to the case. a. Identify the elements of the crime that could help you determine the objectives of the interrogation. b. Identify the illegal or prohibited methods. Do not use force, mental torture, threats, insults or exposition to cruel or inhuman treatment of any sort. NOTE: IN CASE THAT THERE IS DOUBT IN REGARDS TO THE LEGALITY OF A METHOD, CONSULT WITH AN AUTHORITY IN A HIGHER ECHELON TO CLARIFY THE DOUBTS. B. Identify possible suspects for interrogation: 1. Become familiar completely WITH the history of the suspects. History data of particular interest during the interrogation include: a. Age, place of birth, nationality and race. b. Rank, or position in the community. c. Level of education. d. Present and past occupations. e. Habits. f. Associates (business partners) g. Criminal history. NOTE: IF IT IS POSSIBLE TO OBTAIN THIS INFORMATION BEFORE THE INTERROGATION, OBTAIN IT FROM THE SUSPECT DURING THE INITIAL PHASE OF THE INTERROGATION. 3. Use the history of the suspect information to: a. Develop the best method of questioning b. Prove the truthful intention of the suspect 205
LN324-91 c. Impress the fact to the suspect that the detailed fact is the investigation of the case. 3. Determine the available information, what type of attitude is expected from the suspect. a. Cooperative and friendly: Offers little resistance and he will talk freely about almost any theme. b. Neutral and non-sharing: Will cooperate up to a certain point. Direct questions and to the grain of the matter will have to be used to obtain the answers. c. Hostile and antagonistic: Frequently, will refuse to talk and will offer much resistance. 4. Classify the suspects according to the following: a. Persons WITH previous offenses and whose guilt is almost certain according to information already available. b. Persons whose guilt is doubtful or uncertain due to the weak evidence available or the lack of essential facts. 5. If possible, carry out a visual observation of the suspect before the interrogation takes place to identify weaknesses that could be exploited during the interrogation. C. Prepare an interrogation plan: 1. Identify the objective of the interrogation: All interrogation must have a defined purpose. This purpose must be kept in mind during the entire preparation process and when the interrogation is carried out. But, it must not be concentrated so much in the objective as to allow another valuable information to be overlooked during the interrogation. 2. Identify the type of interrogation: a. Direct interrogation: The suspect knows that he is been interrogated. Nevertheless perhaps he does not know the true objective of the interrogation. This method takes less time than the other one. 206
LN324-91 b. Indirect interrogation: Obtain information through deception. The suspect does not have any idea that he is been interrogated. This method requires a careful planning, extreme discretion, and must be applied WITH much skill. 3. Identify and obtain the helpful things required for interrogation: a. Files b. Documents c. Maps/charts d. Pencil, notebooks, tape recorder, etc. e. Any other equipment that could facilitate the process of interrogation. 4. Identify the approximation methods that will be used during the interrogation: NOTE: SELECTING AN INITIAL APPROXIMATION IS NECESSARY, BUT YOU MUST KEEP THE FLEXIBILITY OF MOVING FROM ONE APPROXIMATION METHOD TO ANOTHER. 5. APPROXIMATION METHODS: a. DIRECT APPROXIMATION: Do not try to hide the purpose of the interrogation. It works better when it is used WITH persons whose guilt is almost certain and WITH those persons that have little knowledge of what security is. It is a good method to interrogate persons of low level or rank in organizations. This method takes little time and is simple. This method offers the best opportunity to demonstrate empathy and understanding to the suspect. Act as if the offense is something that the suspect will not commonly do. Treat the suspect as a rational person who was only exposed to the circumstances of the case. 207
LN324-91 b. FILE AND DOSSIER: Prepare a file that contains all the information collected about the suspect. A careful arrangement of the information in the file could give the appearance of having much more information than it really has. Put additional papers, although they do not contain information to just give the appearance of an enormous file. Mark the file WITH different sections/areas of interest about the history of the suspect. Confront the suspect WITH the file and warn him that it contains detailed information of his background history and activities and that it is useless for him to refuse to cooperate in the interrogation. The triumph of this method depends upon the immaturity of the suspect, the amount of information available, and the skills used by the interrogation agent to convince the suspect. c. WE KNOW IT ALL: Make questions based upon information that is already known to us. When the suspect refuses to answer, hesitates, or provides incorrect information, you yourself provide the information or correct answer. If it is used correctly, you may convince the suspect that we know it all and that his answers are not of real importance. When the suspect starts to answer truthfully, weave other questions, of which we do not have the answers. Always verify the truthfulness of the suspect starting to make the questions of which we know the information. This method could be used WITH or without the files and dossier method. d. FUTILITY/USELESSNESS: You must convince the suspect that resisting to answer to the interrogation is useless. Present true information to the suspect in a persuasive and logical manner to exploit the psychological and moral weaknesses of the persons. e. QUICK SHOT: Make a series of questions to the suspect in a way that he will not have time to answer one before the next one is made. Since the suspect does not have time to formulate his answers he will get confused and could contradict himself. Confront him WITH the inconsistence of his answers, so that perhaps he may reveal more information than he wishes. This provides leads to further questions. Prepare all questions beforehand. Use a competent experienced interrogator. Use this method immediately after his arrest to take advantage of his state of confusion. 208
LN324-91 f. INCENTIVE: To reward the suspect's cooperation and the fact of telling the truth, this is attained normally by providing him WITH some physical commodity, (cigarettes, sweet, coffee, etc.) that normally is not given to him. Do not make promises or commitments that are beyond your ability to fulfill. Use caution to avoid that the suspect gives false information WITH the intention of getting the article he wishes. Never deny the basic articles of human needs. Do not use the threat of taking food so as to obtain his cooperation. g. REPETITION: Make a question, wait for the answer, and repeat the question and the answer several times. This is done WITH all questions until the suspect is totally bored and starts to give unexpected answers so as to break the boredom. This method works better WITH a hostile person. Generally it does not work WITH an introverted or timid person. h. MATT AND JEFF: You must use two experienced interrogators that could develop two different personalities towards the suspect. The first interrogator acts very formal, little sympathetic, and at times rude, noisy and aroused. The second interrogator appears when the suspect feels lost and alone. The second scolds the first interrogator for his poor professional conduct and orders that he leaves the interrogation room. The second interrogator apologizes WITH the suspect and tries to calm him. He shows empathy WITH the suspect and tries to establish some common ground between the two, for example: both are intelligent and sensitive, while the first interrogator was not. The idea is that the first interrogator could return to the interrogation and help if the suspect stops to cooperate. i. PRIDE: This method could be used in two ways. Attack the pride of the suspect accusing him of being weak or insinuating his poor ability to do anything. The suspect who is proud will hurry to defend his abilities. Frequently this will explain why he did or did not do something just to defend his honor. You may obtain important information from his answers. The other way to use this method is to praise the suspect until you get him to admit certain information as a way of reclaiming responsibility/credit. This brings the suspect an opportunity to boast what the has done. 209
LN324-91 j. SILENCE METHOD: Do not say anything to the suspect, but look at him fixedly in the eyes. Do not move your gaze, but make him break the eye contact. As the suspect gets nervous, he will start to make questions, but do not break the silence until you are prepared to do so. Keep this method for some time and the suspect will get nervous. When breaking the silence you must question the suspect WITH questions that indicate his guilt. k. CHANGE IN SCENARIO: Take the suspect out of the interrogation room environment. Take the suspect to a more peaceful but controlled area that could give the opportunity to have a peaceful and nice conversation during which you may pull the necessary information from the suspect. 1. ESTABLISH HIS IDENTITY: It is alleged that the suspect is not the person he claims to be, but that he is a person who the police authorities are searching for political assassinations and acts of terrorism and treason, or any serious accusation. In his intent to establish his identity, the suspect could give valuable information and leads for further investigations. m. EMOTIONAL: Determine what emotion motivates the suspect (hate, love, vengeance, desire to make money) and exploit that emotion. This method is very effective when you use immature and timid persons. 5. Develop detailed questions to use during the interrogation: a. Develop questions that guarantee that the area of interest is exploited. b. Develop questions that establish all facts (who, what, when, where, why and how). c. Develop control questions of which the answers are already known. d. Develop non-pertinent questions if the true objective of the interrogation is been hidden from the suspect. Use non-pertinent questions to break the suspect's concentration. 210
LN324-91 e. Develop repeated questions making the same questions but in a different way. f. Develop direct questions that require a narrative answer. g. Develop follow-up questions that allow the expansion of themes/areas as they become necessary. D. Select the interrogation personnel based in the selected approximation, type of suspect, and the ability of the interrogation agents. 1. Select an interrogation agent that has personality characteristics that are adequate and an interest in human nature. Personal qualities desired in an interrogation agent are: 1) Motivation 2) Be alert 3) Patience and tact 4) Objectivity 5) Credibility 6) Adaptability 7) Perseverance 8) Linguistic skills 2. Select an interrogation group, if possible. It is necessary to have a group to successfully use much of the approximation methods already discussed. Additionally, an interrogation agent could notice that he cannot obtain the necessary information after having used various approximations and techniques, or is tired in the middle of a long interrogation. This could cause the loss of control of the interrogation and another interrogation agent must replace the first. E. Guide the interrogation group in the approximation methods already selected and the role that each one will play in the interrogation. 211
LN324-91 F. Make all the arrangements in regards to the suspect: 1. Coordinate the arrest of the suspect. a. Make arrangements WITH the police to detain the suspect. 2. Make the arrangements to locate the suspect and give him board after the arrest. 3. Coordinate the use of facilities to give food to the suspect. 4. Coordinate the services of an interpreter if necessary. 5. If the suspect is of the opposite sex coordinate the presence of a witness of the same sex if necessary. It is also good to coordinate the presence of a witness to observe how the information is obtained; and so as to avoid that the suspect accuses us of using ilegal tactics such as torture, coercion and mental abuse. a. Obtain the authorization of the commander to use a witness in the interrogation. NOTE: IF THE SUSPECT IS OF THE OPPOSITE SEX, INFORM HIM OR HER OF HIS OR HER RIGHT TO HAVE A WITNESS OF THE SAME SEX PRESENT DURING THE INTERROGATION. IF THE SUSPECT DOES NOT WISH TO HAVE A WITNESS OF THE SAME SEX PRESENT, OBTAIN A SIGNED SWORN DECLARATION, INDICATING THIS WISH. (ALTHOUGH THE SUSPECT REFUSES TO USE A WITNESS, PLACE A WITNESS OF THE SAME SEX AT A DISTANCE THAT COULD LISTEN TO WHAT GOES ON DURING THE INTERROGATION WITHOUT BEEN SEEN BY THE SUSPECT. G. Select and prepare the interrogation room: 1. Select a room that gives privacy during the interrogation. Eliminate all distraction possible. 2. Select a room that allows you to control the physical environment. 212
LN324-91 3. Select a room that has a nice constant temperature. 4. Arrange the furniture in the interrogation room. The furniture must be only a small table to write, but that does not give an area in which the suspect could hide under, and three chairs. 5. Place all material necessary during the interrogation in the room. Materials such as paper, pencil, reference manuals and other interrogation aids. NOTE: DO NOT HAVE A TELEPHONE OR ANY ARTICLE THAT COULD BE USED AS AN ARM IN THE INTERROGATION ROOM. H. Install and test the recording equipment. Use the recording equipment so that you could keep your concentration during the interrogation. Taking notes during the interrogation could break the rhythm of the questioning and it could cause you to loose the sequence of the questions and the concentration. 1. Install the recording equipment so that it is looks as if it is part of the furniture of the office. NOTE: TO USE THE RECORDING EQUIPMENT, FIRST CONSULT WITH THE SUSPECT AND GET HIS PERMISSION. 2. Test the equipment to make sure that it is functioning correctly. I. Receive and identify the suspect: 1. During the initial contact keep a professional posture and try to gain the trust of the suspect. 2. Verify the identity of the suspect and examine his personal documents. J. Identify yourself and the other members of the interrogation equipment. Use your official badge to make sure that the suspect knows your identity as a member of the military intelligence. K. Explain to the suspect that the nature of the accusation is against his behalf. 213
Page Missing w/L-M-N-O LN324-91 b. Try to identify contradictions and weaknesses in the history of the suspect. 5. Change interrogation agents if the first interrogation agent cannot obtain true information or a confession after having used various approximation techniques. 6. If all the approximations fail with the suspect, confront him with crime witnesses if possible. 7. If necessary, make a final convincing appeal against the suspect's continuous resistance. a. Insist in appealing the existence of all evidence against him. b. Confront the suspect with the contradictions and weaknesses in his history. Q. If the suspect admits culpability, obtain a sworn declaration signed by him. R. CLOSING PHASE OF THE INTERROGATION: 1. Close the interrogation for any of the following reasons: a. If the suspect is sick, wounded, or advanced age and needs medical attention. b. Various interrogations are necessary to obtain all the necessary information. c. The suspect is bored and denies to cooperate. d. All the questions have been answered and the requirements of the interrogation have been satisfied. e. The initiative has been lost and you as interrogation agent decide to close the interrogation. 2. When the interrogation is closed, always consider the possibility of interrogating the suspect again. a. Finish the interrogation in a nice manner. 214
LN324-91 b. Re-emphasize the approximations used to gain confidence from the suspect. c. Give opportunity to the suspect to add additional information to the one already given. 3. Use the time dedicated to the Closing to try to obtain information that may have not been discussed during the interrogation. A suspect could relax a little more after knowing that the interrogation has been finished and he could reveal additional information. S. Disposing of the suspect: 1. Have the police put him under custody. 2. Give the suspect to pertinent civil authorities. 3. Give the suspect to the commander's custody. T. PREPARE THE REQUIRED REPORTS Back to Top 215
CHAPTER 23 LN324-91 EXTRACTING CI INFORMATION INTRODUCTION: Wheedling is applied always with a specific purpose in mind. The objective, or the information desired, is the SUBJECT'S determining factor, of the wheedler, and the environment. GENERAL FACTS: A. Definition of WHEEDLING: Wheedling is the technique of obtaining the greatest amount of information/useful intelligence, from a person or source, so that the person does not know our purpose. 1. Before starting the wheedling there are requirements of CI collection to be reviewed: a. Identify the required specific information. b. Identify the wheedling objective. 2. Select the SUBJECT of the wheedling according to his access to, or knowledge of, the information desired. 3. Obtain and evaluate all information available in regards to the SUBJECT in the wheedling: a. Carry out the review of files and try to obtain the following information about the SUBJECT: 1) History 2) Motivations 3) Emotions 4) Psychological nature 5) Habits or patterns 6) Favorite visiting places. (bars, restaurants, discos, etc.) 7) Favorite hobbies 216
LN324-91 8) What level of knowledge he has about security that person has. 9) If he has been previously used in other wheedling intents by other CI agents. 4. Determine in what place/specific environment the wheedling will take place. a. Select the place where the approximation to the SUBJECT/Source will take place. NOTE: A SUBJECT must be approached in a natural environment to avoid raising his suspicion. b. Obtain al the information about the place selected: 1) Identify all the place's irregular traces or facts. 2) Identify what type of clothes will be required to enter that place. (Formal: shirt and tie; Informal: shorts, jeans, etc). 3) Identify the money requirements. (It is a place where food or products are expensive or cheap). 4) Identify possible security problems 5) Identify if the place has been used previously as a wheedling place. c. Select the date and time more desirable for the approximation. 5. Select for yourself a logical story (cover), one that could be credible and is according WITH the situation. The history must explain: a. The reason you have to be in the chosen place for the approximation. b. The agent's actions during the conversation. 6. Carry out the approximation using one of two approximation techniques: Flattery and Provocation, or any variation of these two techniques as mentioned below: 217
LN324-91 a. Use the flattery method: 1) Appeal to the ego, pride of the SUBJECT. Give him (SUBJECT) the opportunity to show pride or so that he flatters himself about his triumphs and gains. 2) Insinuate that the SUBJECT is an expert in a specific area, topic or theme. In this manner you will give him the opportunity to feel as if he is the teacher and you are the pupil. 3) Offer him (SUBJECT) valid and honest assistance. 4) Discuss areas of mutual interest. (Hobbies, work, sports, etc.) NOTE: The agent must have a good knowledge of the theme he thinks he will choose to show mutual interest (that is to be able to follow the conversation professionally) b. Use the approach method of provocation to open the conversation WITH the SUBJECT: 1) Adopt an attitude as if you do not believe what the SUBJECT says: "What you say, is very difficult to believe, you have to explain it to me in more detail to see if it is true". 2) Insinuate that the SUBJECT really does not know anything of what he is talking about. 7. Once the approach has taken place, take the conversation to the area of interest: a. Try to obtain more information give him answers that the SUBJECT finds obscure and that require more information to clarify them. b. Ask the SUBJECT for more. information when his answers are not clear enough: ("I agree WITH you, although, what does it mean...."). NOTE: Be persistent without being abusive, bored or insolent. 218
LN324-91 c. Present a hypothetical situation that could be associated WITH an idea or thought expressed by the SUBJECT. NOTE: Many persons that normally do not make comments about a real situation, will give his opinion about hypothetical situations. d. Use your imagination and initiative to keep complete control of the conversation at all times. 8. Finish the (unclear]a. Use the flattery method: 1) Appeal to the ego, pride of the SUBJECT. Give him (SUBJECT) the opportunity to show pride or so that he flatters himself about his triumphs and gains. 2) Insinuate that the SUBJECT is an expert in a specific area, topic or theme. In this manner you will give him the opportunity to feel as if he is the teacher and you are the pupil. 3) Offer him (SUBJECT) valid and honest assistance. 4) Discuss areas of mutual interest. (Hobbies, work, sports, etc.) NOTE: The agent must have a good knowledge of the theme he thinks he will choose to show mutual interest (that is to be able to follow the conversation professionally). b. Use the approach method of provocation to open the conversation WITH the SUBJECT: 1) Adopt an attitude as if you do not believe what the SUBJECT says: "What you say, is very difficult to believe, you have to explain it to me in more detail to see if it is true". 2) Insinuate that the SUBJECT really does not know anything of what he is talking about. 7. Once the approach has taken place, take the conversation to the area of interest: a. Try to obtain more information give him answers that the SUBJECT finds obscure and that require more information to clarify them. b. Ask the SUBJECT for more information when his answers are not clear enough: ("I agree WITH you, although, what does it mean...."). NOTE: Be persistent without being abusive, bored or insolent. 219
LN324-91 c. Present a hypothetical situation that could be associated WITH an idea or thought expressed by the SUBJECT. NOTE: Many persons that normally do not make comments about a real situation, will give his opinion about hypothetical situations. d. Use your imagination and initiative to keep complete control of the conversation at all times. 8. Finish the wheedling as soon as you obtain all the information desired: a. Change the conversation theme to others before leaving and bidding goodbye to the SUBJECT. b. Present various non-pertinent themes to avoid that the SUBJECT discovers its true purpose. (Wheedle intelligence information). c. Finish the conversation in a normal manner. 9. Take notes of all the official funds expenses. B. Prepare the required reports. Back to Top 220
CHAPTER 24 LN324-91 DETECTING CI TARGETS INTRODUCTION: The identification of CI targets are done through the intelligence rules. A data base WITH a line and block box, used in connection WITH existing black, grey and white lists, intelligence reports and additional information from the police agencies, army and other agencies, provides us WITH basic information required to identify the potential CI targets. GENERAL FACTS: A. Review the CI estimate to determine the hostile threat: 1. Identify those threats to security that are of an immediate nature. 2. Identify anticipated future threats. NOTE: The selection of CI targets must be based in an evaluation of a complete hostile threat. B. Identify the specific CI targets of the local area: a. The CI targets are of interest due to the threat that they present, or the usefulness to the Armed Forces. CI targets include: a. PERSONALITIES (SEE FIGURES #2, 3 and 4): that could or not be friendly or hostile. b. INSTALLATIONS (SEE FIGURE #5): that represent a threat to the national security. c. ORGANIZATIONS AND TeamS (SEE FIGURE #6): that represent a threat to the national security. Its threat perhaps is not openly detectable due to their undercover operation methods. d. DOCUMENTS AND MATERIALS (SEE FIGURE #7): WITH value to the intelligence or the counter intelligence. NOTE: Use the CI Work Sheet (SEE FIGURE #1) as the principal paper to assist in the development of the targets: 221
LN324-91 3. Obtain information about the potential CI targets in the local area: a. Extract the local targets from the CI target lists at national level. b. Extract information from the existing Black lists (SEE FIGURE #2), White (SEE FIGURE #3), and Grey (SEE FIGURE #4). c. Extract information from the intelligence files, CI data base, and similar files. d. Obtain information from: 1) Civilian Affairs and Psychological Operations (G5) 2) Local intelligence units 3) Police elements C. Categorize the CI targets identified by the specialty or function. Examples: 1) Espionage agents 2) Sabotage specialists 3) Messengers 4) Camps or bases 5) Communications and link routes NOTE: To categorize the targets in this manner, it is essential that the history detailed information is obtained from the same source that was used to identify them. D. Assign priorities to the targets: 1. Determine the priority of each Target based on: a. The threat to the national security that the target represents. b. The urgency or the need to neutralize or exploit the target. c. The future capacities that await the target. d. The capacities of the units responsible to neutralize or exploit the targets. 222
LN324-91 2. Assign a numerical priority to each target: a. The numerical designations are always expressed in roman numerals (I, IV, XI). b. The numerical designation emphasizes the relative importance or the value of the CI targets. c. The numerical designation expresses the level of interest of the target. NOTE: If a target has been assigned a priority at a level higher than the Command, you at your level cannot alter this priority designation. The local CI elements will assign priorities to targets locally developed. E. Assign the responsibilities of the units to neutralization or exploitation of each target: 1. Determine the capacities of the units to carry out neutralization or exploitation missions based on: a. Amount of personnel b. Equipment available c. Specific experience 2. Identify the need, if any, to request support from the military police, infantry, national police, etc. NOTE: The tactical effort, except in special cases, takes precedence over the neutralization and exploitation of the targets. F. Notify the units of their mission(s). 223
LN324-91 FIGURE #1 CI TARGETS WORK SHEET REFERENCES TO CHARTS, MAPS DATE: _________________________________________________________________ KEYS TO CHART: 1. Target 2. Target classification 3. Priority 4. Localization 5. Team task 6. Team mission (Comments) 7. An administrative number that is written down in chronological order. 8. The classification identifies the target by type, name and provides specific data for identification about the target. 9. The priority is designated WITH roman numerals and is assigned based upon the target classification. 10. The localization will identify the place where you may find the target or if this is not known, it is identified where the target was found the last time. 11. The team's task of identifying the CI team whose mission is to neutralize the target is based in the number of persons available and could include tactical forces, military police and para-military forces. 12. This column is used to make a list of the coordination requirements, communications, specific details of the mission or other specific information required so that the team could fulfill its mission. 224
LN324-91 FIGURE #2 BLACK LISTS THESE CONTAIN THE IDENTITIES AND LOCALIZATIONS OF PERSONS WHOSE CAPTURE AND DETENTION ARE OF FOREMOST IMPORTANCE TO THE ARMED FORCES: EXAMPLES a. Enemy agents known or suspects, persons involved in espionage, sabotage, politics, and subversive persons. b. Hostile para-military guerilla team leaders, known or suspects. c. Political leaders known or suspected as hostile toward the Armed Forces or the political interests of the National Government. d. Known or suspected leaders of enemy governments whose presence in the area of operations represent a threat the national security. e. Collaborators and sympathizers of the enemy, known or suspects whose presence in the area of operations represent a threat to the national security. f. Military and civilian enemies, known or suspected of having participated in intelligence activities, counter-intelligence, security, police or political indoctrination between the troops or among civilians. g. Other personalities identified by the G2 as of immediate detention. This could include local political personalities, chiefs of police, and municipal leaders or leaders of the enemy's government departments. 225
LN324-91 FIGURE #3 GREY LISTS CONTAINS THE IDENTITIES AND LOCALIZATION OF THOSE PERSONALITIES WHOSE INCLINATIONS AND ACTIVITIES TOWARD THE POLITICAL AND MILITARY OBJECTIVES OF THE GOVERNMENT ARE OBSCURE (THAT IS, NOTHING IS KNOWN ABOUT THEM). THEIR INCLINATIONS OR ATTITUDES DOES NOT MATTER, IF THEY HAVE SOME INFORMATION OR SKILLS THAT ARE OF INTEREST TO THE NATIONAL GOVERNMENT. THOSE PERSONS WHOSE INCLINATIONS OR POLITICAL MOTIVATIONS REQUIRE MORE EXPLORATION OR EVALUATION BEFORE THEY COULD BE USED EFFECTIVELY BY THE GOVERNMENT CANNOT BE INCLUDED. EXAMPLES a. Defectors or potential defectors of the enemy cause whose motivation or loyalty has not been yet established. b. Persons that have resisted or are believed to have resisted the enemy government and that perhaps are willing to cooperate WITH the Armed Forces of the National Government, but their motivation or loyalty has not yet been established. c. Nuclear scientists, physicists and technical personnel suspected of having participated in development of nuclear projects for the enemy, or nuclear missile programs, against their will. 226
LN324-91 FIGURE #4 WHITE LISTS CONTAIN THE IDENTITIES AND LOCALIZATION OF PERSONS IN AREAS CONTROLLED BY THE ENEMY WHO HAVE BEEN IDENTIFIED AS OF INTEREST TO THE INTELLIGENCE OR TO THE COUNTER INTELLIGENCE, AND IT IS EXPECTED THAT THEY COULD PROVIDE INFORMATION OR ASSISTANCE IN THE ACCUMULATION OF INTELLIGENCE OR IN THE EXPLOITATION OF AREAS OF INTEREST. NORMALLY THESE PERSONS AGREE WITH, OR FAVORABLY BEND TOWARDS THE BELIEFS OF THE NATIONAL GOVERNMENT. THEIR CONTRIBUTIONS ARE BASED IN A VOLUNTARY AND COOPERATIVE ATTITUDE. THE DECISION TO PLACE A PERSON IN A WHITE LIST COULD BE AFFECTED BY THE COMBAT SITUATION, THE CRITICAL NEED FOR SPECIALISTS IN THE SCIENTIFIC FIELDS AND OTHER INTELLIGENCE NEEDS. a. Ex-political leaders of a hostile government that were deposed by the hostile political leaders. b. Intelligence agents employed by the National Government. c. Key civilians in the scientific development areas could include members of university faculties, whose loyalty has been established. d. Religious team leaders and other humanitarian team leaders. e. Other persons who could give significant material support to political objectives, scientists and military personnel of the National Government and whose loyalty has been established. 227
LN324-91 FIGURE #5 INSTALLATIONS 1. COMMAND POSTS. 2. COMMUNICATION CENTERS. 3. INVESTIGATION AND DEVELOPMENT CENTERS, LABORATORIES. 4. INSTALLATIONS THAT FORMERLY OR AT PRESENT ARE OCCUPIED BY ENEMY ESPIONAGE AGENCIES, SABOTAGE, AND INSURRECTION, OR ENEMY POLICE ORGANIZATIONS INCLUDING PRISONS. 5. INSTALLATIONS OCCUPIED BY ENEMY INTELLIGENCE ORGANIZATIONS OR SECURITY. 6. BELLIGERENT DEPOTS. 7. EMBASSIES OR HOSTILE GOVERNMENT CONSULATES. 8. MILITARY INSTALLATIONS. 9. PARA-MILITARY Team CAMPS FIGURE #6 ORGANIZATIONS AND TeamS 1. Local or national political party teams, or parties that have goals, beliefs or ideologies contrary or in opposition to the National Government. 2. Para-military organizations including student teams, police, military and veterans, or ex-fighter teams that are hostile towards the National Government. 3. Teams or hostile organizations whose objective is to create dissention or cause restlessness among the civilian population in the area of operations. 4. The central offices of these hostile organizations according to what the Commander of the Armed Forces says will be immediately neutralized. Personalities related WITH these offices will be arrested and detained. 5. Teams that operate undercover or clandestinely and their infrastructure. 6. Intelligence networks. 228
LN324-91 FIGURE #7 DOCUMENTS AND MATERIALS 1. Files at bases, training centers and enemy intelligence schools. 2. Court files (Judicial), prisons, police, and the political administrative executives. 3. National intelligence agencies' files, para-military organizations, and the enemy's secret police agencies. 4. Products or other materials that, if left unguarded could provide support to the enemy guerrilla in the area. 5. Special war materials: a. Chemical war products b. Harmful materials c. New combat products d. Rockets and rocket control centers e. Airships f. Charts and maps warehouses g. Communication equipment, including radios, radars and electronic equipment. Back to Top 229
CHAPTER 25 LN324-91 NEUTRALIZING CI TARGETS INTRODUCTION: When identifying the potential CI target, those are categorized by their corresponding types. It is imperative to know not only the identity of the target or the team, but also all the possible history information and functions of the target. Experiences have shown us that a follow-up of a specific target, the best methods are traps and intercept tactics. GENERAL FACTS: A. Determine what Target is going to be neutralized. B. Analyze the CI target work sheet (SEE FIGURE #1) to be able to identify: 1. The target that has been assigned to your CI team (columns 2 and 5) 2. The target localization (column 4). 3. The necessary requirements for this coordination (column 6). C. Determine the method for neutralization of personalities: 1. Select the method to neutralize personalities: a. Place the identity of the target in the black grey and white lists (REFER TO CHAPTER XXIII). NOTE: Placing the target identity in the above-mentioned lists do not neutralizes him if the target is "undercover" or "clandestine", but it constitutes the first phase of this type of neutralization and allows the friendly forces to detain the target if they find him in the area of operations. b. Carry out the investigation operations and or approach and search and review to segregate, identify and detain the target personalities. [REFER TO CHAPTER XXIV, DETECTING CI TARGETS, FIGURE #1--CI TARGET WORK SHEET) 230
LN324-91 c. Carry out the psychological operations against the personalities: 1) Carry out the propaganda operations to discredit the target. NOTE: Operations of this type must be prepared in detail and coordinated through the G5 (Civilian Affairs). 2) Carry out operations so as to make the target supervisors loose trust in him. 3) Carry out operations so that the enemy believes that his agent(s) has been uncovered or committed. d. Carry out Deceit/conceal operations. Neutralization through deception could work WITH the use of false information to confuse the target. e. Neutralize the personality target through the capture, detention or the exile. f. Use the population control and other resources: 1) Use controls to locate and capture the target, such as: a) Search all persons in the target's area. b) Give identity badges to the population. c) Impose rationing of resources, such as, provisions, the food, etc., and give the population rationing cards. NOTE: The targets that are of CI interest will try to avoid all these controls so as to avoid been captured or identified. Persons that do not have the badge in their possession or the rationing card, automatically will become suspicious. 2) Use controls to limit or slow down the movements of the target, such as: a) Requiring official passes to access specific areas. 231
LN324-91 b) Implement a curfew which will restrict all movement during specific hours of the day. c) Use restricted areas to deny the target to have access to certain activities. 2. Select methods to neutralize the teams. The same methods that are used to neutralize the personalities could be used for the teams. An additional method is to infiltrate an agent within the infrastructure a team to spread rumors and false information. 3. Select a method to neutralize the installations: a. Carry out approach, search and review operations to: 1) Segregate and contain the persons or teams in the particular installation or area. 2) Investigation, identification, and detention of a CI target. b. Carry out combat operations to: 1) Segregate and contain the installations. 2) Detain the occupants. 3) Destroy the installation. c. Carry out deception and conceal operations that cause the CI target to change the direction of his intelligence collection and to prevent him to concentrate WITH his main mission. 3) Select methods to neutralize documents: a. The two basic methods to neutralize documents are: 1) Capture 2) Destruction b. Any of the two methods could be carried out using the operations of review, investigation and combat mentioned above to effectively neutralize the documents and so prevent the enemy from using them. 232
LN324-91 D. Determine the operational requirements: 1. Determine the personal requirements (How many persons you need for the operation): a. Determine the number of persons b. Determine what qualifications and skills will be needed to fulfill the mission (interrogation agents, interpreters, etc.) c. Determine what special support you need for the mission: 1) Support from the combat troops to close the area where the search and review operations will take place. 2) Military police to give support during the review operations. 3) Determine (if possible) if the installation area is mined or if it has traps (booby traps). 4) Determine what other additional support you may need. 2. Determine the team requirements: a. Identify the arms that the teams will need to carry out the review and detention. b. Identify what type of communications you will use. c. Determine if you will need any codes or special key words. d. Identify what transport support you will need. e. Identify how you will transport the targets, or how you will evacuate the area. 3. Determine the time frame: a. Determine how much time you will need to carry out the neutralization. b. Identify the ideal time to carry out the attack against the target. 233
LN324-91 c. Determine if vigilance is needed and if there is enough time to carry out the same. d. Determine on what date should the mission be completed. E. Prepare the operational plan: 1. Coordinate WITH the appropriate commanders to get the support personnel. 2. Arrange the procurement of the specialized team. 3. Procure the official funds for the operation. 4. Procure the communication equipment. 5. Coordinate WITH the combat commanders in the area the whereabouts of the target. a. Inform the commander when, where, what and how the operation will take place to avoid conflicts in your responsibility area. b. Make arrangements for any assistance you may need while in that area. c. Coordinate the support of (short and long arms) in case it would be necessary. 6. Guide the team over the concept of the operation. Make sure that all the members of the team are aware of their responsibilities. 7. Guide the support troops: a. Explain in detail the role they will play in the operation. b. Indicate if they need arms or specialized equipment. c. Emphasize the need to fulfill the time frame requirements. F. Carry out the operation: 1. Move towards the target. a. Carry out a final check to make sure that all the participants understand their responsibilities. 234
LN 324-91 b. Carry out a final coordination if necessary. 1. Safeguard the target: a. Make sure that the troops are in their assigned positions. b. Carry out the review and detention. 2. Dispose of the target: a. Arrange the transfer of the target personnel and or the documents. b. Destroy the target installations. Back to Top 235
CHAPTER 26 LN324-91 OBSERVATION AND DESCRIPTION INTRODUCTION: Our ability to perceive depends upon our innate ability, experience and the training in regards to our surroundings and the environment. You must keep in mind that the word perceive means to see and understand. GENERAL FACTS: a. Definition: OBSERVATION: Is the ability to recognize what is happening around us and the environment. This is attained through the maximum use of the five senses. Carrying out a detailed observation allows a person to remember any object, or situation in a complete, clear and exact manner. b. Observation requires a mental effort to identify, analyze and relate what as happenang an our surroundings and the environment. c. It is a normal thing that a person perceives or understands only that which interests him or what does not require much effort. Example: (1) Women, in general, are more interested in colors, since their physical appearance depends on the exact combination of colors, therefore, a woman, may have more knowledge in describing something she saw, although only for a few seconds. She knows the different colors better and could bring an exact description of what she saw. 236
LN324-91 (2) In contrast, men normally do not know colors well, or do not pay much attention when they observe them. Men normally remember the basic colors. If a man observes an automobile involved in an incident and wishes to describe it he will probably say "it was a blue automobile", but if a woman makes the same description about the same automobile, maybe she will do it in this manner: "it was a light blue automobile, WITH black and white trims". This does not mean that all mean and women are the same, but it is something that happens often and could be considered as a patter in regards to observation. d. To train in observing WITH exactness the CI Special Agent (SA) must: (1) Practice continually and in detail to recognize what happens in his surroundings and environment and in that manner try to observe and understand the personalities, situations, objects and incidents. (2) Replace the casual observations wit the studies and detailed observations. (3) Train yourself and practice estimating: a. The time (hours) b. The speed of an object that is moving c. The distance (4) The SA must be familiar WITH colors, the variety of colors, and the intensity of the light. (5) The SA must have the ability to observe objects and incidents in such manner that it will become potential evidence in an investigation. e. The SA must keep in mind that his senses could fail, and he should know that not all persons will give a detailed description of what was observed, although they are telling about the same incident. The SA must know that the witnesses are telling the truth, but that each person sees things in their own way. f. To become an expert observer the SA must learn to pay attention and concentrate in particular details in the face and characteristics of an object or scene. 237
LN324-91 g. When the SA questions a witness about an incident, his questions could be addressed only about what the person remembers and not make suggestions that could influence the description the witness gives. h. The power to listen well is also required in training. The SA could train his "ear memory" practicing to listen the conversations intently WITH the purpose of obtaining the greatest amount of information possible. One particular way is to have the ability to listen to sermons in church, school, political meetings, or any speech in a way that after listening to these speeches the SA could later write down in a paper what he listened to. i. The visual observation training does not require that the SA intently observes all and remember each face or each scene, but, he must concentrate in such details that could be useful in his investigations. j. Functions of the senses during the observation: The exactness of an observation will depend upon the senses used to make the observation. You could trust some senses more that others, and the SA must take this into consideration when evaluating their observations. The senses that are used during the observations are: (1) VISUAL: It is considered as the most precise sense. WITH just observing some characteristics of a person the SA could complete the image WITH known facts. (2) HEARING: This is the most objective sense. When making and observation based in the sound there is not always precision. Frequently, you do not know the origin of the sound or the distance from where it came. The variety of sounds also are difficult to describe. When listening to a sound, the witness normally tries to associate it WITH some other known sound so as to make a comparison later on. (3) TACT: In most people, the sense of tact is not well developed and it must be considered as a limited means of perception. Without the help of a visual perception the sense of tact could confuse us, in such way that an observation in the dark using the sense of tact could be very doubtful. Nevertheless, the sense of tact of the blind persons is well developed. 238
LN324-91 (4) SMELL: The sense of smell is not to be trusted much. Many things have the same smell and for that reason an observation based on this sense must not be taken very seriously. (5) TASTE: The sense of taste is not very trustworthy since this sense is very personal and the objective observation of taste is easily replaced by the persons s individual sensation. k. Psychologists indicate that: (1) 85% of what we learn is through the visual sense. (2) 13% is learned through the sense of hearing. (3) 2% is through the sense of tact, smell and taste. l. Psychological elements of observation: The SA must know both elements of observation and the observation's psychological obstacles so as to properly evaluate an observation. m. The observation process in order of occurrence is: (1) The SA must have the ability to obtain a complete physical description of a person in a few seconds. This ability could be acquired through: a) Knowledge of the meaning of words used to describe the characteristics. b) Practice the description of one or two characteristics, such as the eyes and the nose, of different persons and continue this until all the characteristics have been completely studied. c) Train to define the descriptions in a precise order. Example: from the head to the feet (hair, forehead, ears, eyes, etc.) 239
LN324-91 n. The SA does not always have time to obtain a complete description of a person, in this case he must concentrate in the following: (1) Outstanding characteristics, such as moles, scars, lack of an arm, leg or other limbs. (2) Height (3) Built (4) Weight (5) Age (6) Race (7) Sex (8) Eyes (9) Hair (10) Complexion (11) Nationality or citizenship (12) Clothes Back to Top 240
CHAPTER 27 LN324-91 PLANNING AND CONDUCTING A MOBILE (ON FOOT) VIGILANCE FIXED VIGILANCE AND PATROL CAR VIGILANCE INTRODUCTION: As a counter intelligence (CI) Special Agent (SA) you must know how to plan and conduct a vigilance. It is probable that during your career as a SA you will be assigned to missions to conduct a vigilance. It is your duty to establish the personnel, time and equipment that will be needed to carry out this mission. GENERAL FACTS: 1. Determine the vigilance objectives: a. The vigilance is an investigative tool that consists of keeping a person, place or target under physical or technical observation to obtain evidence or information pertaining to an investigation or CI operations. b. When more simple methods and financial expenditures have not been successful, the vigilance is used to fulfill the specific objectives of the investigation. The objectives of vigilance include: (1) Establish the identity of the person involved in activities of interest to CI. (2) Detecting ilegal activities that fall under the jurisdiction of CI section. (3) Obtain information to use in an interrogation. (4) Develop leads for future investigations. (5) Confirm or refute information. (6) Obtain admissible evidence in a legal manner. 241
LN324-91 [page missing] d. Detailed description of the name and addresses of associates, contacts and relatives of the SUBJECT. e. Professional training of the SUBJECT in the countervigilance techniques (Figure 1). FIGURE 1 COUNTERSURVEILLANCE SUBJECT ACTIONS COUNTER MOVES ______________________________________________________________________ Using convoy techniques Using reserve personnel so they be aware of the convoy techniques Changing direction many times Constant change of watch persons in a short time Re-tracing a course Constant change of watch persons Using the reflection on windows Allow quite a distance and take up innocent actions, such as passing the SUBJECT and entering a store Using baits (throwing paper or Use reserve personnel to extract the similar objects) and observe if articles an hour later any person picks it up Changing the pace as you walk Maintain harmony with the area and act in a natural way Using public transportation Maintain at least one watch person and immediately getting off without climbing on public transportation Getting off public transportationMaintain the vehicle or get off and in a deserted area walk in the opposite direction of the SUBJECT Climbing up various public Using support vehicles transportation in succession 242
LN324-91 4. Conduct a study of the area to obtain and analyze detailed information of the place where the vigilance took place. Consider the area where the SUBJECT lives, works or spends time. a. Obtain a map and take notes of: 1) Road constructions 2) Police control points 3) One-way streets 4) No outlet streets 5) Other articles of potential interest (Shopping centers, markets, etc.) b. Identify the nature, place, structure and type of building that is most frequently found. Put emphasis in: 1) The residence of the SUBJECT. 2) The working place of the SUBJECT. c. Study the population of the area to identify particular or potential problems. 1) Race 2) Custom and cultural habits 3) Religion 4) Language 5) Reaction of the people to strangers d. Identify the traffic pattern 1) Change of workers 2) Movement of vehicles a) One-way streets b) Changing directional lines c) Congested areas d) Zone considerations (commercial, residential or industrial) e. Identify the public transportation systems including: (1) Type (bus, taxi, railroad) (2) Tolls (cash or special coupons) (3) Timetable (4) Loading and unloading places 243
LN324-91 f. Review the local laws (1) Identify the local laws and their impact in the personnel and method regarding vigilance. (2) Identify the application methods. (3) Identify the local police agencies, including their appearance. g. Obtain the weather reports during your vigilance. h. If possible, conduct a search of the area. 5. Prepare a vigilance plan that includes all the operational considerations and instructions to make sure that the objective of the watch is achieved. The plan must be detailed to avoid wrong interpretations, but it must not be so restricted that it eliminates flexibility and the initiative of the individual watch person. NOTE: The vigilance plan could be formal or informal, oral or written, depending upon the circumstances and time availability. a. Identify the personnel requirements. (1) Identify the number and type of persons that would be required. (2) Select qualified personnel to participate in the vigilance. Main qualifications include: (a) Previous experience in conducting a vigilance. NOTE: It is essential that a maximum number of personnel have previous experience in conducting a vigilance, because operational and technical methods cannot be learned completely from a book. A person without qualification could harm the vigilance. (b) Physical appearance that does not attract curiosity. (c) Ability to stay without being recognized and ability to mix WITH his surroundings or environment. 244
LN324-91 NOTE: Select persons from the area to be used in the area where other persons will attract attention. These other persons must be used to control and supervise the vigilance of a place from a safe distance. (d) Expedients (ability to adapt quickly to any situation) (e) Physical vital strength and patience (f) Detailed perception (g) Retentive memory b. Determine the requirements of the logistics and administrative supports. (1) Relief vigilance personnel from other duties (2) Obtain special documents, if required (3) Provide financing to cover the project and for contingent financial expenses (4) Arrange to obtain the vehicles (5) Obtain and examine the support equipment (6) Arrange for food and other commodities, if appropriate, for the vigilance personnel (7) Prepare one or more cover stories to explain each presence and activities of the watch persons in a particular place (8) Plan the relief for the watch crew (9) Give them arms, if necessary c. Determine the control and communication procedures (1) Establish the control procedures (a) Establish a central control point to direct the vigilance operations (b) Clearly tell the watch personnel what is the chain of command from the watch man to the control point. (2) Establish the procedures for communication. (a) Establish radio communications, when possible, as the foremost method of communication between the operative elements and the control 245
LN324-91 point. 246
LN324-91 NOTE: The use of the safe communication systems could be necessary in some circumstances. EQUIPMENT AND PROVISIONS Radios Cameras and accessories Binoculars Tape recorders Books and pencil Maps Small transmitter in SUBJECT'S car Receiver for the transmitter Change of clothes (b) Establish visual signals when the radios do not work or there are no radios available. 1 Limit the number of signals and keep them simple. 2 Visual signals must be natural gestures that do not attract attention to the watch person (Example: taking a paper from your pocket, lighting a cigarette, etc.) (c) Establish the procedures for emergency communication. d. Determine the specific mission that will be assigned to each group or individual watch person. NOTE: The planning and preparation must consider all the possible contingencies that could develop during the vigilance. 6. To direct the members of the team about vigilance. NOTE: The watch team must know as much as possible about the case so that in such way they could interpret the SUBJECT'S actions. a. Inform the participants of the vigilance objectives. b. Inform the participants of the type, methods and techniques that will be used in the vigilance (Figures 3 and 4). 247
LN324-91 c. Inform the participants of the role they will play in the vigilance. d. Provide the participants WITH the target information and the area. Use photographs, maps, sketches to familiarize the participants completely WITH the target aspects and WITH the area that will be watched. e. Provide additional training and preliminary training in the vigilance and counter vigilance methods. VIGILANCE METHODS a. A fixed vigilance is when a watch person(s) is kept in a place or fixed position to observe the activities of an specific place. b. A vigilance in action is when the watch person(s) follow the SUBJECT from one place to another to keep the continuous observation of his activities. The vigilance in action could be: (1) A mobile vigilance (feet) (2) A car patrol vigilance c. A technical vigilance is when technical visual equipment, electronic bugging equipment, and photographs are used. d. A mixed vigilance is when there is a combination of methods mentioned above. This method is more expensive in money terms and personnel, but will give us the best result. 248
LN324-91 FIGURE 4 VIGILANCE TECHNIQUES DISTANCE: The distance between the watch person and the SUBJECT will depend upon the circumstances and the watch person's judgement and must vary during the course of the vigilance. Normally, the more people there are in the street the closer the watch person will be from the SUBJECT. TURNING ON CORNERS: Do not make immediate turns after a SUBJECT in corners. A suspicious SUBJECT could "examine and observe" a watch person by just standing in the corner and observing attentively these persons that turn around the same corner. Making a wider turn will help keep our pose and will allow us to review the area. CONVOY: Valuable SUBJECT(s) to a vigilance could use convoys while conducting important activities. The convoys will keep a position in the back of the SUBJECT, keeping him on view, and is alerted about watch persons. Be attentive and alert about the utilization of convoys and take appropriate action to prevent the commitment of the vigilance. DECOYS: The SUBJECT uses a substitute of similar physical appearance so as to act as a decoy and to confuse the watch person. This is an efficient method when it is used in the residence or work place of the SUBJECT. CLIMBING BUSES AND TAXIS: If the SUBJECT climbs a bus or taxi, the watch person "A" must try to climb the bus or taxi, but always keeping a distance behind the SUBJECT if possible. RESTAURANT:Obtain a chair out of the direct SUBJECT'S view range, but so as you can see the SUBJECT, if possible, in a place where you could listen to the SUBJECT. Order according to the type of service ordered by the SUBJECT to be sure that you can pay the bill and leave the restaurant without looking track of the SUBJECT. RADIOS: The use of communication equipment must be without attracting attention to the public's curiosity. Do not bend to approach the microphone. RECOGNIZING THE SUBJECT: The SUBJECT must be physically shown to the watch person, if possible. Study and be prepared to recognize the appearance and the SUBJECT'S mannerisms. Do not depend in the SUBJECT'S dress manner. 249
LN324-91 VIGILANCE TECHNIQUES COMING INTO A BUILDING:The size, nature and surroundings are significant considerations to determine future actions. Small buildings, if any, could be kept under vigilance, it is not necessary to follow the SUBJECT to this building unless the SUBJECT made a contact WITH other persons there in the past. In large buildings, follow the SUBJECT and use the inside of the building to your advantage. Keep in mind that lazy persons attract attention. ELEVATORS: Follow the SUBJECT to the elevator only if there are other persons and if the SUBJECT does not suspect he is been observed. Stop in the floor above or below the SUBJECT and use the stairs to get to the same floor as the SUBJECT'S. In department stores or similar buildings, the watch person could leave the elevator on the same floor as the SUBJECT. If the SUBJECT enters an elevator alone, stay in the lobby and determine the direction the SUBJECT went to by observing the floor indicator of the elevator. Use the stairs and another elevator to reach the same floor as the SUBJECT'S. Figure 4 (cont.) 7. Conduct the vigilance using one of the methods mentioned below: a. The method of a watchman NOTE: Avoid this method in a moving vigilance, if possible, because it does not allow flexibility. (1) Operate in behind the SUBJECT and in the same street. (2) Operate in the street adjacent to the SUBJECT when it is operationally necessary to avoid the commitment of the vigilance. The circumstance will dictate if we must operate in front, behind or next to the SUBJECT. (EXAMPLE: Operate next to the SUBJECT when he turns around the corner to observe if he makes contact or enters into a building). (3) Keep close to the SUBJECT to observe his actions. 250
LN324-91 (4) If the SUBJECT turns around in a corner and the area is not too crowded continue crossing the street in the intersection. Observe the street in the direction of the SUBJECT, write down the position and action of the person and act according to the situation. (5) If the SUBJECT turns around in a corner that is crowded, stop in the corner, in a casual manner and observe the SUBJECT'S actions. Unless the SUBJECT is stopped in a corner, continue the vigilance in the same street. b. The two watchmen method ("AB" method) (1) A watchman is kept in position "A" directly behind the SUBJECT. (2) A second watchman is kept in position "B" behind "A" or in the street next to the SUBJECT and next to him. (3) The distance is kept according to the situation. (4) If both watchmen are in the same street and the SUBJECT turns around in the corner, watchman "A" continues to walk in the original direction and crosses the street at the intersection. From the adjacent street, watchman "A" points out the appropriate procedures of following the SUBJECT to watchman "B". (5) If watchman "B" is operating in the adjacent street and the SUBJECT turns around in the same corner that he is at, watchman "B" must cross the street behind the SUBJECT and take watchman "A"s position. It is not necessary to use signals because this arrangement must be established beforehand. (6) If watchman "B" is operating in the adjacent street and the SUBJECT crosses the street in the direction of watchman "B", watchman "B" must limit his step to avoid contact WITH the SUBJECT. Watchman "B" must enter in a store or continue walking straight ahead, keeping visual contact WITH watchman "A" to look for a signal indicating his next move. 251
LN324-91 c. The three men method (The "ABC" method). (1) A member of a group is placed in position "A" at a short distance from the SUBJECT. Watchman "A" observes WITH detail and writes down the SUBJECT'S actions. (2) The second watchman is placed in position "B" behind watchman "A". Watchman "B" keeps the constant observation of actions of both watchman "A" and the SUBJECT and prepares to assume the position of watchman "A" when it is required. Watchman "B" also observes to see if there are any convoys and takes appropriate action against these convoys. (3) The third watchman is placed in position "C" in the street adjacent and next tQ the SUBJECT. Watchman "C" directs the actions of watchman "A" and "B" WITH signals arranged beforehand and prepares to assume the watchman "A"s position if the SUBJECT crosses the street and leaves watchmen "A" and "B" alone. NOTE: If the group of watchmen have more persons, they will follow behind watchmen "B" and "C". (4) If the subject turns around the corner directly on the side he is walking (out of watchman "C"), watchman "A" crosses the street in the intersection and assumes the position of watchman "C" and watchman "B" places himself in position "A" and watchman "C" crosses the street and places himself in position "B". (5) If the SUBJECT turns around the corner and crosses the street in the direction of watchman "C", it is not necessary to change positions. (6) If the SUBJECT simply crosses the street in which he is walking, without turning around any place, then watchman "C" is placed in position "A", and watchman "A" assumes the position of watchman "C" and watchman "B" crosses the street and places himself in position "B". NOTE: All position changes must be directed depending upon the circumstances and the watchmen judgement and they will be done in a way so as not to attract the attention of the population or the SUBJECT'S attention. 252
LN324-91 d. The progressive vigilance is used when the SUBJECT has counter- vigilance experience and it is expected that he will use any technique to avoid the vigilance. (1) Locate the SUBJECT'S place to start (residence, office, etc). (2) After locating this point, start to pick up the SUBJECT from any place outside out of his sight. (3) Continue and observe the SUBJECT only at short distances on the first day. (4) In the following days, pick the SUBJECT at the time and place where you left him the last time, and again follow him at a short distance to a new point. NOTE: This method will be painful and slow if the SUBJECT changes his daily routine occasionally, but will eventually take the watch persons to the places and contacts that the SUBJECT wants to keep secret. 8. Write down all the observations regarding the SUBJECT and his activities. Write down in a manner that does not attract attention. The small tape recorders are a valuable tool during vigilance. Writing notes in maps or newspapers also works. 9. Carry out the fixed vigilance. a. Establish an stationary position to avoid the SUBJECT'S detection or the curiosity of other persons. Conduct the vigilance in one of these positions: (1) A fixed place could be used during a short term or during a stop in a mobile vigilance. (2) WITH a parked vehicle in the vicinity of the target. a) Do not park in the same place for a long time. b) Warn the police agency if the vigilance involves parking a vehicle for a long time. 253
LN324-91 c) Do not keep the vehicle's motor running while parked. It is very dangerous (carbon monoxide could enter inside the car) and will attract attention. d) Unplug the light inside the vehicle. e) After parking the vehicle, you must open the door and close it, many persons unconsciously listen to determine if they open and closed the vehicle's doors right after parking. (3) In a room or an apartment located next to the SUBJECT. (a) This place must be one or two floors above the SUBJECT'S place. (b) This place must be accessible to entrances that are not visible by the SUBJECT. (c) This place must be occupied all day to avoid the entrance of non- authorized persons. (d) The observer must seat in a dark room away from direct view of the window to get the best advantage that the shade in the room offers. (e) Limit the number of watch persons to two or three in a position, because a larger number could attract attention. (f) Frequently relieve the personnel to avoid fatigue. 10. Carrying out the vehicle's vigilance method: a. The vehicle's method. NOTE: Avoid this method in the mobile vigilance, if possible, because it does not allow flexibility. (1) Prepare the vehicle. (2) Operate in the back side of the SUBJECT'S vehicle. 254
LN324-91 (3) Maintain close to the SUBJECT to observe his actions. (4) If the SUBJECT'S vehicle turns around in a corner follow him or continue crossing the intersection and make a "U" turn and continue following him. Observe the street and the direction of the SUBJECT, write down the position and persons's action, and act according to the situation. b. The two vehicle method ("AB" method) (1) Prepare the vehicle. (2) The first vehicle is kept in position "A" directly behind the SUBJECT, while this vehicle must be kept at least two or three vehicles behind the SUBJECT'S vehicle. (3) The second vehicle is kept in position "B" directly behind "A" or in the street parallel the SUBJECT'S vehicle and at his side, while receiving directions, by radio from vehicle "A". (4) The distance is kept according to the situation. NOTE: It is possible to keep the vigilance through the back mirror of the watch person's vehicle when traveling in front of the SUBJECT'S vehicle. (5) Change positions of watch person's vehicles frequently to avoid that the SUBJECT recognizes these vehicles. c. The three vehicle method ("ABC" method) (1) Prepare the vehicle (2) In a vigilance through vehicles using the "ABC" method, the watch person's vehicles are lined in the same manner that in "ABC" techniques for mobile vigilance (on foot). Vehicle "C" operates in a known parallel route. (3) If the circumstances dictate it both vehicles "B" and "C" could operate in the SUBJECT'S parallel route. Change vehicles "B" and "C" frequently WITH vehicle "A". 255
LN324-91 (4) A watchman's vehicle could be placed in a position in front of the SUBJECT'S vehicle to avoid that the SUBJECT could recognize the watchmen's vehicles. 11. End the vigilance when: a. The vigilance objectives have been attained. b. The SUBJECT of a discreet vigilance knows that he is under vigilance and takes actions that indicate that he recognizes that he has been watched. 12. Prepare the vigilance reports using the Agent's Report. The report must have the following information: a. Introduction paragraph (1) Date and time when the vigilance started and ended. (2) Identify the person under vigilance, if he is not the SUBJECT of the investigation. (3) Complete identification of other agencies or person(s) that provided assistance during the vigilance. (4) Type of vigilance (5) Specific place or general area involved. b. Detailed description of the SUBJECT, including his mannerisms, and defined habits. c. Chronological details of events or activities in a narrative form or tabulation, identifying each contact and building by number (For example, Contact 1); a summary of all the conversations that were heard about the SUBJECT. Including an exact transcript, if possible. d. Description of each contact. e. Description of each building implied. 256
LN324-91 f. If there is a formal report, include the date, time and reasons for which the vigilance was discontinued. g. The SA in charge of the vigilance team signs the report. Back to Top 257
CHAPTER 28 LN324-91 TERRORISM INTRODUCTION: In this chapter you may describe terrorism, the phases of the conflict under low intensity, who were the terrorists, the characteristics of the terrorist operations, the terrorist organization, the arms used by the terrorists, the security methods of the terrorist's groups. GENERAL FACTS: QUESTIONS TO BE COVERED IN THIS CHAPTER: 1. What are the phases of the low intensity conflict? 2. How is terrorism defined? 3. Who are the terrorists? 4. What are the characteristics of the terrorist's or rebel's operations? 5. How is the organization of a terrorist's movement? 6. What are the methods to provide security to a terrorist organization? 7. What arms are used by the terrorists? 8. What are some of the targets that are most attacked by terrorists? 9. What are some of the most common terrorist activities ? 10. What is the terrorist's goal? 258
LN324-91 BASIC DATA ABOUT TERRORISM AND REBELLION THE REBELLION OR CONFLICT PHASES OF LOW INTENSITY: 1. PHASE I: (Latent or Incipient Insurrection) This phase rotates between the circumstances of the subversive activities is only a potential, latent or incipient threat, and situations in which the subversive incidents and activities occur frequently and in an organized way. This does not include a violent burst of activity or chaotic activity. a. EXAMPLES OF ACTIVITIES THAT COULD BE CARRIED OUT IN PHASE I: 1) The rebels starting from a relatively weak position, plan and organize their campaign and select urban or rural areas of objectivity. 2) The open or clandestine organizations are established. If the insurrection party is ilegal, the organizations will be clandestine. 3) Psychological operations are carried out WITH the purpose of exploiting complaints and people's wishes. 4) Then the organization starts WITH a ghost government. 5) Once the party is established, they concentrate in gaining the influence of the population and infiltrating in the government, economic and social organizations, and in presenting a threat to the administrative ability of the government. 6) During the last stage of Phase I the importance of recruiting, organizing and training the armed elements is emphasized. 7) The police forces are attacked, other activities terrorist (groups) and some other military operations of less importance to try to influence additionally over the population, or to provide arms for the movement and confronting the government's ability to keep peace and order. 2. PHASE II: (Guerrilla warfare) This phase is reached once the subversive movement has gained sufficient local and external support and starts to conduct an organized guerrilla warfare, or forms of violence against the established authority. 259
LN324-91 a. EXAMPLES OF ACTIVITIES THAT COULD BE CARRIED OUT DURING PHASE II: 1) Phase I is continued and expanded. The rebel's political and military control is intensified over the territory and the population. 2) Guerrilla warfare is used in a great scale and in some areas a limited defense is mounted. 3) According to what the situation allows a rebel's government is organized in areas they dominate, and in areas that have yet to be under their control. 4) The most important military goal is the control of the greatest area. The rebels try to understand the government troops in static defense and interdiction operations and they try to destroy the communications lines and take or destroy the government's supplies and resources. 3. PHASE III: (Movement war) The situation advances from Phase II to Phase III when the insurrection has mainly changed to a movement war between the organized rebel's forces and the government forces. a. EXAMPLES OF ACTIVITIES THAT COULD BE CARRIED OUT DURING PHASE III: 1) The activities that were initiated in Phases I and II, are continued and increased. 2) The largest units in size are used to combat the government forces and gain key geographic and political objectives that will help overthrow the government forces. 3) If the rebels try to win the military sector over and the government is overthrown, immediately they will initiate their consolidation activities. This includes removing the potential enemies, establishing additional control mechanisms and the re-structuring of society. 260
LN324-91 (4) Additional information and summary of the terrorist's personality: In general, a terrorist is a determined person who thinks that he or she is participating in a dynamic political process but that cannot distinguish the difference between the actions and moral principles; to them the objectives justify the tactics. The true terrorist is not a crazy fanatic as is commonly thought. They are hard-working persons that are prepared to give their lives for the cause. Most terrorists desire to live to see that their goals are fulfilled or carried out; to attain that objective they use persons WITH mental problems (crazy people) or common criminals to carry out risky missions such as murders. b. AGE: In general the age of a terrorist is between twenty and thirty years of age. For the local groups is even adolescents. The leaders of any type of organization is commonly older (58, 40, 35). c. SEX: For the most part in the terrorists' history, they have been predominantly males. During a period of a decade (1966 to 1976), 80% of the operations were addressed and executed by men. The role of a woman in those times was to recount (collect) intelligence, such as messengers, nurses, and the operation of safe houses. From that era on there was a dramatic change in the feminine participation in the terrorist acts. At present, the greatest part of the terrorists are still men, but WITH a great women participation. The participation of women in terrorist movements is due in part, to social changes, female liberation and youth's rebelliousness. d. CIVIL STATUS: The greatest part of the terrorist organizations have a majority of single members. The accepted general figure is between 75-80% single. This reflects that marriage is considered as an operational problem for the group. Frequently the members of a terrorist group that are married break up WITH their family once they find themselves convinced in their group's beliefs and they follow them. e. ORIGIN: The urban metropolitan areas constitute the source of the greatest part of the terrorist numbers. 262
LN324-91 f. SOCIO-ECONOMIC HISTORY: Normally they come from liberal party member parents. There is a preponderance of professionals, such as lawyers and doctors, but the other occupations include clergy, business executives, diplomats, government employees, police and members of the armed forces. The terrorist groups usually come from middle and high classes. g. EDUCATION AND OCCUPATION: There is a vast majority of students and intellectuals within the revolutionary movements and their directors. The majority of the leaders have received some university education or have taken higher education courses and then some. The social and humanity degrees seem to attract many; the students rarely come up as leaders, but the universities are a field for the revolutionary movements. h. RECRUITMENT: The universities play an prominent role in the recruitment of terrorists. They introduce anarchist and marxists doctrines and many of the student federations are controlled by radicals. The jail adds another element, although it does not play such an important role as the university's. i. RELIGION: The terrorist tend to be atheists, devoted to violence. This does not mean that all terrorist are atheists. In Latin America's case, the catholic priest's and the nuns have carried out active roles in the terrorist operations of both sectors. 263
LN324-91 COMPARISON BETWEEN THE TWO CATEGORIES OF TERRORISTS: NATIONALIST IDEOLOGICAL [millennium-oriented] Personality: Educated leader Same, preponderance of Idealist socially unadjusted youth Activist Age: From adolescence In their twenties, thirties to the 30's (leaders in their 40's) Sex: Masculine (a few activeDivided almost 50% ones from the feminine sex)women have very active roles. Civil Status: Single Single Origin: Metropolitan area Metropolitan areas Socio-economic Low and middle class Middle and higher classes history: (leaders middle to high classes) Education and Varies greatly University and Professional Occupation (Leaders are professionals) Recruitment Varies greatly in cities City, University, Prisons Religion Varies greatly None 264
LN324-91 TWO MAIN TERRORIST CATEGORIES: WITH the considerable changes that have taken place during the last twenty years, there has come into play two main terrorist categories: a. Nationalist: They take power or cause a national revolution. The control of specific territory is their common denominator. These groups have as principal goal to take a territory as a sovereign entity. They have objectives defined in a short term and frequently make do in a practical manner to attain them. b. Ideological: Revolutionaries and anarchists of an indefinite ideology that try to destroy the existing system. As a general rule they try to avoid to arouse any definite substitute government because this tends to divide the organization through dissention. METHODS OF OPERATION: Terrorist operations are being carried out in a professional manner and are executed by well-trained specialized clandestine elements, particularly by international groups. The terrorist organizations are becoming bureaucratic institutions and their members are specializing in diverse areas. There is evidence of one transnational affiliation and assistance between the groups. The terrorist groups generally operate as clandestine organizations. a. To avoid penetration and information loss about the organization, operations, techniques and plans, groups practice strict security measures. A leader is designated and guided about the mission and the support requirements. b. Procuring even more security, frequently the members of the team do not meet but until the last rehearsal and shortly before leaving towards the place where the mission will take place. In such manner, the members of the team and the support personnel will not know the location of the target until it is necessary to carry out the mission. The identity of each member of the team will be kept in secret, even from the member themselves, by using names and false identification. 265
LN324-91 c. To increase security, a special intelligence team will carry out a detailed search of the area or the target. To increase the security even more, many targets that have been recognized will not be attacked by a reason or other, so the fact that a search has taken place does not mean that the target will be attacked. Additionally, to make the hamper or prevent the detection, they plan a greater number of attacks than they will actually carry out. d. Urban local groups carry out their operations as an initiative of their local cells or their movement's central command. e. Terrorists normally look to exploit the vulnerabilities, attacking targets that have a weak security stand. Terrorist operations are characterized by: "THE VIOLENCE", "SPEED", AND "SURPRISE". Terrorists reduce their own vulnerabilities to reduce the risk of the operation. If the original target is well protected, they take into consideration the degree of risk and vulnerability of the group, select another target. This does not mean that terrorist groups will not attack a high security target and risk a suicide mission if they think that could be the last resource. TERRORISTS TARGETS: The terrorists targets are generally of two types: Symbolic or pragmatic. Targets that could serve both purposes are selected if they are available. Targets are more symbolic when terrorists are weak and vulnerable. As the movement grows, targets are more pragmatic. The definition of the two types of targets is as follows: a. SYMBOLIC TARGETS: Symbolic targets are normally prominent members of a regime or an institution. The terrorist's acts against the target are committed in highly visible places to attract the greatest degree of attention possible and they serve as principal instrument to reduce the trust, inflict fear and provoke the repression of the latter psychological use by the movement. b. PRAGMATIC TARGETS: Pragmatic targets include multinational corporation executives, key members of the opposition, whose selection has the purpose of coercing the group's objective so as to support the movement; to obtain resources, such as, money, supplies and arms. 266
LN324-91 TERRORIST ACTIVITIES: The activities of the terrorist groups include: a. Murders b. Bombs (including the use of letters and explosive packages, and fire bombs) c. Kidnapping and taking hostages d. Pre-meditated fires e. Ambushes f. Armed attacks g. Street tactics h. Robberies ADDITIONAL INFORMATION ABOUT TERRORISM: a. Terrorist goals: 1) Guide the masses not to support the government and support their movement. 2) Terrorism will give the urban insurgent a method to develop the potential for mass uprising and give the rural insurgent a method to oblige them to reduce the control of the government and to force them into the desired behavior. 3) These goals constitute the fundamental terrorist threat for governments. LOCAL LEVEL ORGANIZATIONAL CHART COMMAND INTELLIGENCE SUPPORT COMBAT SECTION SECTION ELEMENTS ________________ NATIONAL LEVEL ORGANIZATIONAL CHART COMMAND SUB-COMMAND SUB-COMMAND SUB-COMMAND INTELLIGENCE SUPPORT COMBAT SECTION SECTION SECTION Back to Top 268
CHAPTER 29 LN324-91 COUNTER TERRORISM INTRODUCTION: In the previous chapter "Terrorism" was discussed in the most important points in regards with the matter of terrorism. Now let us see what must be the government's and the Security Forces answer to the threat of terrorism. GENERAL FACTS: There is no country in the world that does not have or could have the threat of terrorism. The act of terrorism is very simple to carry out, but the operations of counter terrorism are not so simple. Counter terrorism requires preparation, training and a special execution: A failure will result in the loss of innocent lives and possibly a victory for the terrorists. Above all, the counter terrorist operations demand good military intelligence cooperation. THE FIVE COMPONENTS OF A COUNTER TERRORIST PROGRAM: a. In this space we will discuss the government actions against the terrorist activities. Before we start to discuss the components of a counter terrorist program we must mention the terrorists' goal and the fundamental threat of terrorism to governments. 269
LN324-91 1) Question: What is the terrorists' goal? And what is the government's goal? Answer: Terrorists wish to obtain the popular support for their movement. The government wishes to keep the popular support on their side. 2) Question: Taking this terrorists' and government's goal into consideration, Who could remember what is the fundamental threat of terrorism to governments? Answer: Terrorism will give the urban insurgent a method to develop the potential for mass uprising and give the rural insurgent a method to oblige them to reduce the control of the government and to force them into the desired behavior. b. A government's answer to the acts of terrorism could cause even more problems if the government does not follow the procedures of a good program of counter terrorism. For that reason it must analyze carefully the needs of a good program of counter terrorism to avoid making exactly what the terrorists wish. c. Basically, there are five components of the counter terrorism program: 1) PREDICTION: It includes the intelligence operations, and the work of analyzing the threat, the terrorists' power, and the most vulnerable targets. Our knowledge of the characteristics of terrorism and terrorism's strategy will be key parts in this job. EXAMPLE: "From our study of terrorism we know that there are many possible targets. We also know that it is not possible to know WITH certainty what will be the next terrorist's targets, but using our intelligence about the terrorists and their goals, we could make a prediction about the most probable targets and this will give us more possibility to protect these targets or react quickly against the terrorists. 2) PREVENTION: a. Eliminate the causes: It will not be possible to eliminate all the terrorism causes, but at least a government that could show the population that they are trying to better the society's condition will create an environment in which it will be difficult for the terrorists to gain much popular support. 270
LN324-91 b. DIPLOMACY: This will have much value because it will eliminate the foreign support of terrorists and their sanctuary---but it is very difficult to imagine that all governments will like to eliminate terrorism because some governments are the biggest sponsors of terrorism. (What could give examples of some countries that sponsor terrorism?) 3) DISSUASION: Block the target. Remember that terrorists like to attack targets that are not protected. As we have discussed there are so many possible targets for terrorists that we cannot get complete protection. But the analysis of terrorists could show the most vulnerable targets and then we could give our priority to those targets. Also, frequently, only in few security actions could dissuade the terrorists. a. Physical security b. Personal security c. Security Operations (OPSEC) d. It is very possible that the best way to dissuade terrorists is to find a high proportion of their detection, conviction and punishment. 4) PREPARATION: Preparing the government forces to react. INCLUDES: a. Determining authority and jurisdiction b. Planning the counter terrorism operations c. Training the counter terrorism personnel 5) REACTION: The appropriate answer to the incident. 4. MILITARY INTELLIGENCE IN COUNTER TERRORISM: a. We already know the five components of a counter terrorism program. In each one of the components the military intelligence actions are essential. 271
LN324-91 b. FUNCTIONS OF MILITARY INTELLIGENCE IN THE COUNTER TERRORISM COMPONENTS: 1) Intelligence collection 2) Intelligence analysis 3) Intelligence dissemination c. THE MILITARY INTELLIGENCE RESPONSIBILITIES: 1) Initiate investigations 2) Confirm information 3) Obtain information sources 4) Give advice to the Commander d. MILITARY INTELLIGENCE JURISDICTION: 1) Each country is different and you must study the laws of the country in which you work. e. MILITARY INTELLIGENCE NEEDS: 1) The military intelligence needs in regards to terrorism are infinite. You need to obtain all the information possible about the terrorists, their targets and the surroundings in which they operate. f. The legal aspects in regards to the terrorism acts and terrorists have to be considered taking into account that the terrorist is a criminal and that he wishes that the authorities initiate repressive actions. This is one of the tactics used by them to obtain a reaction to the government and therefore strengthen their movement. 5. TAKING HOSTAGES AND THE RESCUE OPERATION: Since hostage taking is the most difficult type of situation, we will discuss a rescue operation in a hostage taking situation to show some details of the government's reaction to the acts of terrorism. 272
LN324-91 In this situation it is very important that the government have an appropriate reaction. The use of too much force could be worst than any reaction. Remember that often the terrorist's goal is to provoke the government to use inappropriate force. This is especially important in hostage taking cases. In such a situation the government will have to react very carefully to prevent that the terrorists could attain their goals. There are four rules for a rescue operation: a. The objective is a rescue mission to save the lives of the hostages-- without giving into the impossible demands of the terrorists. In any action taken by the security forces, this objective has importance, even when one has to escape from some terrorists. b. The rescue team must be of an adequate size and must only use adequate arms to combat the situation. Having too many people in the rescue group will only difficult the operation and give more targets to the terrorists. Always try to use arms that are not lethal, if possible, to avoid killing the hostages. c. It is important to obtain and use all the intelligence possible from the terrorists, the hostages, the area, etc. d. The rescue team must have a high degree of professionalism. It must be well prepared to fulfill its mission. NEGOTIATION WITH THE TERRORISTS: a. In entering in negotiations or considering entering in negotiations WITH the terrorists, the following are some options the government has: 1) Give into all the terrorists' demands 2) Deny all the terrorists' demands 3) Controlled negotiation so as to get additional time to take appropriate actions. 273
LN324-91 b. There are varied opinions and philosophies in regards to negotiations with terrorists; the following are among them: 1) Not to negotiate under any conditions 2) To negotiate to obtain the freedom of the hostages 3) Negotiate WITH the purpose of gaining additional time to take appropriate action. CONCLUSION: The counter terrorism operations are some of the most difficult and frustrating to military personnel. But they are also some of the most common types of operations today and could have great impact in the national life. It is important for you, as members of military intelligence corps, to understand the terrorist's operations their possible effects in the insurrection's war and the counter terrorism programs that the governments could carry out to effectively control the terrorist's threat. Back to Top 274
CHAPTER 30 LN324-91 PHYSICAL SECURITY INTRODUCTION: Security, as we apply it to our classified information and defense material, is a very complex theme. In order to better understand the complete theme of security, we have subdivided the theme in three parts: PHYSICAL SECURITY, PERSONAL SECURITY, and DOCUMENT AND INFORMATION SECURITY. None of these three parts could exist by themselves. During the last chapters we introduced the other two securities; personal and documents. In this chapter we will discuss what is physical security in itself, but we wish that you always keep in mind the other two securities so that you may be aware of the relationship that exists between the three. So that you may fulfill your security function, you may have to be better prepared for the enemy. GENERAL FACTS: 1. EXAMPLES OF SECURITY: a. Physical b. Personal and anti-terrorism c. Information security d. Operations security e. Communications security f. Transmissions security 2. DEFINITION OF PHYSICAL SECURITY: Physical security is defined as "The barrier system that is placed between the potential intruder and what you wish to protect. These barriers could be of five types: (NATURAL, STRUCTURAL, HUMAN, ANIMAL, ENERGY)." 275
LN324-91 a. NATURAL BARRIERS: Are those natural topographical characteristics such as rivers, mountains, seas, ravines, cliffs, etc., that by themselves slow down or difficult the entry or access of an intruder to an installation. b. STRUCTURAL BARRIERS: Are those barriers constructed by man, without consideration to its original intention, that could delay the intruder. Some examples of structural barriers are: walls, floors, doors, windows, locks, fences, etc. c. HUMAN BARRIERS: The guards, managers in charge of lodging, office workers and workshops workers who intercept the intruder and what he wishes to protect. d. ANIMAL BARRIERS:Generally dogs such as the German Shepherd, are trained and used as guards. e. ENERGY BARRIERS:Alarms, protective illumination, any electronic devise that serves to protect an installation. 3. PRINCIPLES IN WHICH THE APPLICATION OF PHYSICAL SECURITY IS BASED: a. The enemy's agent must have access to the information or material that interests him. The type of access depends in a number of factors, and could be done in different ways: 1) When you are considering protecting information, you should not only consider protecting the physical access, but the access to discussions about these material through the use of clandestine devices to listen [bugs]. If the enemy tries to tape a conversation about an specific theme, this is so useful to him as the original document in paper. 2) You must be careful also WITH the use of long-range photographic equipment to get access through openings in structures. 3) The themes discussed above could be considered also for sabotage. The sabotage agent does not have to place the device or destructive material in the place he wishes to cause damage. He could, in many ways, throw an explosive device against its target, (riffle, grenade launchers, rocket launchers, camouflaged explosives sent through the mail or WITH supplies), or could contaminate the fuel or oil deposits to cause damage to machinery, although they keep away from him. 276
LN324-91 4) You may consider all available resources that the enemy could access, and all these must be evaluated to determine how we could be able to counter arrest it. b. IS THERE ANY IMPENETRABLE BARRIER? 1) ANSWER: There is no barrier that is impenetrable. If a hostile government is set to dedicate sufficient time, money, personnel, materials and imagination to cross a barrier, they may succeed. c. SECURITY WITH DELAY DEFENSE SYSTEM: 1) Although no barrier could totally exclude an intruder, it could give a determinate delay time. It all depends upon the intruder's ability. 2) Instead of trying the exclusion through the use of just one barrier, the security could be based in a security in-depth system or accumulated delay. 3) To get optimum results it is necessary to add barrier over barrier, delay over delay, until sufficient delay time is accumulated that will allow us to control any possible penetration. This delay should be enough so that the available personnel could neutralize the intruder. 4) A fence without guards allows a short delay. If that fence is patrolled by trustworthy guards that keep it under observation within the delay time, the total delay time increases significantly. 5) In some cases it is necessary to differentiate between the need of denying access and the need to have knowledge that access has been gained. This refers to the neutralization, if a material is committed, you may take action to void its value for the enemy. 6) Physical security must be applied not just as a dissuasive means against the stealing property but also as a dissuasive means against espionage. 7) The spy only partially satisfies his purpose when he acquires information. Information looses value if the persons responsible for its custody know about the leak. Espionage does not have any value if it is revealed. 277
LN324-91 8) These considerations make the surreptitious entry the greatest danger from the CI's point of view. This makes the creation of two types of barriers necessary. One to protect those things that could be stolen and could not be neutralized and another to protect those things that could be neutralized. 9) To protect those things that could be neutralized a barrier that shows evidence of having penetrated is created. Example: (Broken window, etc.). d. Each installation must be treated as an individual entity when planning security. The location of an installation alone will bring problems that differ from those aspects of other installations. Each one must be considered as a separate problem. 4. PHYSICAL SECURITY ASPECTS: DISCUSSION OF DIFFERENT BARRIERS: a. NATURAL BARRIERS 1) ADVANTAGES OF NATURAL BARRIERS a) They provide a protection system without additional cost to the installation. b) The difficulty to penetrate an installation increases according to the barrier. 2) DISADVANTAGES OF NATURAL BARRIERS: a) Trees, ravines, vegetation, could serve as a hiding place to any possible intruder. b) Installations that have as barrier a body of water could be subject to penetration through a team of divers. 3) BODIES OF WATER AS BARRIERS: a) ADVANTAGES: (1) When the surface of the water is calm, it offers the guards or security personnel a very extensive field view range. (2) Water offers much resistance to a vehicle used by intruders by making it almost impossible to have rapid access to the installation. 278
LN324-91 (3) To gain access, the task of hiding a vehicle or boat without been detected by the guards or security personnel will be an obstacle to the intruder. b) DISADVANTAGES: (1) When the water is agitated it reduces the field of vision of the guards or security personnel. (2) It is possible to control the movement of a vehicle or boat to keep it hidden between waves. (3) The surface of the water reflects the light given by the illumination system. An intruder may use this situation in their favor when trying to penetrate an installation. 4) THE LAND AS BARRIER: a) The land where the installation sits must be evaluated and considered as much from the surface access point of view as from below the surface. b) Points to consider when evaluating the land as barrier: (1) The looser the ground the more noise it will cause when the intruder walks. (2) Muddy soil without vegetation is very difficult to cross and at the same time the intruder leaves their footprints. (3) Light colored soil provides reflection and contrast so as to allow the most efficient use of natural and artificial illumination. (4) Land that is uneven such as cliffs and ravines are difficult to cross and limit the amount of equipment and material that the intruder could introduce in the exterior perimeter area. b. STRUCTURAL BARRIERS: 1) As explained earlier, structural barriers are man-made constructions. To remove the vegetation around an installation is also considered as an structural barrier. 279
LN324-91 2) FENCES: Fences are independent structures, generally in a vertical plane, designed for the physical and or visual control of access to external areas. a) General facts about fences: (1) Define the area they protect (2) Reduce the number of guards required and facilitate the tasks of the patrol corps. (3) Cause delay in case of an intent to penetrate (4) Although they don't deny the access in themselves, they are a psychological obstacle to a possible intruder (5) They deny accidental access to innocent persons to the protected area (6) They help control the flow of vehicles towards those entrances controlled by guards 3) TWO TYPES OF FENCES: a) SOLID: They are used to deny visual and physical access to non- authorized persons. The materials normally used are bricks, concrete, wooden boards, stone, etc. (1) ADVANTAGES OF SOLID FENCES: (a) They are useful when you wish to hide certain activities within the installation. (b) They avoid the possibility of passing small items through the fence. (c) They could be built in such manner that it would be difficult to cross them without being detected. (d) For the most part, fences are built of stone, brick and concrete and they extend below the ground and make it difficult to the intruder to penetrate below. (2) DISADVANTAGES OF SOLID FENCES: (a) It is difficult to illuminate the zone around the installation because of the shadow caused by the fence. (b) They do not allow patrols within the installation to observe the activities in the external perimeter. (c) The installations that use solid fences have guards in towers. Tower guards are a disadvantage in itself. The towers confine the guard in a very limited area. Since the guard cannot move for a long time in the tower he does not stay alert. 280
LN324-91 b) COMPLETE VISION FENCES: Are built in such manner that they al]ow visual observation through the entire fence. It is designed only for the control of physical access between two areas. (1) ADVANTAGES OF COMPLETE VISION FENCES: (a) They allow the effective use of illumination since they do not cast a shadow. (b) They allow the effective use of guard patrol, since they could keep the installation's surrounding area in watch. (2) DISADVANTAGES: They allow a possible intruder to carry out a reconnaissance of the camp and could establish the installation's pattern of internal security guards. 3) PENETRATION: It is the main objective of all enemy or terrorist to attain access to the internal perimeter of an installation to carry out his mission. 4) THREE WAYS OF PASSING THE FENCES: a) ON TOP: Most fences are not high and are easy to climb. b) THROUGH THE MATERIAL: (If it is not a solid fence). Many fences are built in such manner that it is easy to break or separate them in such manner that it will allow the enemy's access without leaving evidence that there was a penetration. c) BELOW: If the fence is solid and very high, digging and penetrating below is possible. 5) CHARACTERISTICS OF FENCES: a) The minimum height of a fence is eight (8) feet. This is due to the consideration that an average man could jump or climb that height. b) It must be extended below the ground level. c) If it does not extend below the ground level, the minimum space between fences and the ground must not be over two inches. 281
LN324-91 d) Support posts: (1) Wood: Must be the best wood quality and measure at least 4 inches wide. (2) Metal: Must be at least 2 inches in diameter. They must be placed over concrete or firm ground at a depth of three feet. e) Protection - Upper part of the fence: (1) All fences must have in the upper part, additional obstacles that could prevent or delay the enemy's penetration. (2) Complete vision fences: (a) Barbed wires are placed in metal arms that extend outward, at a 45 degree angle. (b) Place barbed wires in metal arms in "V" shape. (c) The arms must be two feet long WITH three rows of barbed wire over them. (d) You may also use folding wiring. (3) Solid Fences: (a) You may use the same system as complete vision. (b) You may add glass in the upper part. (c) You may place sharp metal bars. (4) DISADVANTAGES: You must understand that the barbed wire system in the upper part of a fence does not completely prevent an intruder s entry. What this system provides is delay to the intruder and is another obstacle that he should pass through. f) GATES IN THE FENCES: The number of gates in a fence must be limited to the minimum necessary for the efficient and safe operation of an installation. Although all the gates must have the ability to be locked, when locked they must provide the same level of security that the fence itself provides. When there is considerable traffic on foot and vehicles it is preferable to provide separate gates for each type. 282
LN324-91 g) OPENING IN THE FENCES: All the openings within or below the fence (gully, sewage) that measures over 96 square inches must be sealed in such manner that they could only be penetrated from within. In the case of rivers or ravines that flow in the surroundings of the fence do not allowed this to extend over the water and it must be built parallel to the ditch. In case that fences are built through rivers or ravines, these must be dug to the river bed so as to avoid penetrations below the water. h) MULTIPLE FENCES: Multiple fences are formed by two or more parallel fences used in conjunction to form a perimeter barrier. In addition to increasing the delay time, they tend to trap the intruder and prevents our personnel from accidentally coming in contact WITH the alarms or security measures imposed around the fence. (1) The minimum rules for a fence also apply to each multiple fence unit. (2) The multiple fences must be at least 10 feet away. (3) The maximum distance allowed between two fences is determined by the ground, the illumination, and the guard's abilities, but it must not exceed 150 feet. (4) A greater distance than this, prevents the fences from being completed and could be attacked by the intruder as they treat it as a separate obstacle. 6) CLEAR ZONES: The clear zones is the area of the external or internal perimeter of the installation which is free of obstacles, structures and vegetation. CHARACTERISTICS OF THE CLEARED ZONE: a) Must extend throughout a minimum of 20 feet in the external perimeter of the installation. b) Must extend throughout a minimum of 50 feet in the internal perimeter of the installation. c) Must remain free of vegetation, structures, trash or any other material that could allow the enemy to use it as hiding place. d) There should be no trees next to a fence. The enemy could use a tree to reconnoiter the installation and to try the access over the fence. 283
LN324-91 e) It is important to keep the grass mowed around the cleared zone so that there will be no possible hiding place for the enemy. f) Do not use the cleared zone as a storage area. g) If you do not have an adequate cleared zone, you must increase the height of the fence. h) If a fence is used to protect a large area, if possible, build a perimeter road that allows the car patrols and the quick delivery of reinforcements to any point of the fence. c. HUMAN BARRIERS: (THE GUARDS AND THE GUARD SYSTEMS) 1) The physical security depends upon the use of guard systems in such a way that natural and structural barriers could be used to control and avoid the access of non-authorized personnel. 2) The guard system is the most important element of the security program of an installation. 3) FOUR BASIC FUNCTIONS OF THE GUARD SYSTEM: a) Detect the intruders b) Sound an alarm c) Capture non-authorized personnel d) Identify authorized personnel 4) TWO GUARD CATEGORIES: a) Those whose only mission is to serve as guards in the installation. These men are trained specifically to carry out this task. b) Those who carry out this task as a punishment or as additional task of their normal work, or it is the job that they have been properly trained for. 5) RECRUITING THE GUARDS: Due to the important role that they play, security guards must be very carefully chosen. ELEMENTS TO BE CONSIDERED WHEN SELECTING GUARDS: a) Experience b) Training c) Must be strong d) Must be in good physical health e) Must be trustworthy 284
LN324-91 6) TRAINING THE GUARDS: THEMES TO INCLUDE IN TRAINING: a) A general orientation that includes the orders and the authority b) Instructions about the traffic control c) Riot control d) Personal defense e) Arms handling including maintenance and security f) First aid g) Communications h) Use of special arms i) Plans and emergency procedures j) Counter espionage k) Counter sabotage NOTE: The responsibility of the training generally falls upon one of the members of greater seniority of the guard's forces. 7) THE USE OF GUARDS: a) The guards' barracks must be located where they could enforce maximum control over the guard's posts and the sensitive areas. They must use the following rules: (1) In small installations WITH one only entrance, the barrack must be near the entrance. (2) In large installations a centrally located barrack is preferable to facilitate the quick deployment to any dangerous point. b) For the perimeter's security, the most effective use of guards is in fixed points that support themselves mutually. These require that each guard be visible to the one next to him, sharing therefore the responsibility of the area they protect. These posts must also be protected by the elements; such as: wind, rain, cold weather and the sun. c) It is less costly to use the guards on foot or mounted guards. The guards could verify the barriers at irregular intervals and will make it more difficult for the intruder to penetrate the barrier. 285
LN324-91 d) No matter what method you use for the guard's service you must prepare orders for each post and patrol. These must: (1) Must be brief and easy to understand (2) Include instructions about all the possible contingencies in regards to actions during emergency situations e) A guard must have sufficient time to rest if the job must be done effectively. Must, at least, be relieved every eight (8) hours. The guards in fixed posts must be relieved each four (4) hours. 8) SUPERVISION OF THE GUARDS: a) The continuous supervision is necessary to make sure that the guards are in their posts and carrying out their security tasks. The supervisors must keep in contact WITH each post, at least four (4) times a day. b) A characteristic guard force must consist of: (1) A commander (2) His assistant (3) Administrative personnel c) If guard services are given 24 hours, three shifts must be needed. Each shift has a similar organization. d) The supervision starts WITH a personal inspection of all the guards before the start of their shift. Each inspection includes: (1) Personal appearance (2) The equipment (3) Knowledge of special orders 9) THE GUARDS' EQUIPMENT: a) Distinctive uniform b) Credentials and or appropriate identification as a guard. c) Appropriate arm d) Additional equipment: notebook, whistles, flashlights 286
LN324-91 10) COMMUNICATIONS AMONG GUARDS: a) Fixed posts and patrols joined by a communications network. b) Direct telephone may be used. c) Portable radio. d) Emergency communications depend on messengers. e) The vehicles must be equipped WITH radio-transmitters, receivers. f) The central station must be in charge of a supervisor. g) The patrols on foot could use radios. d. ANIMAL BARRIERS: 1) An animal barrier consists of an animal that is used as guard system. 2) In theory, you may use many types of animals but we have limited the use to a dog, almost exclusively a German Shepherd. ADVANTAGES OF USING DOGS AS BARRIERS: 1) Their sense of smell and hearing are much more developed than in humans. 2) They have an incorruptible character. 3) They are loyal. 4) They are plunderers by instinct, their qualities as guards are natural in him, and take precedence over their own welfare. 5) The man-dog team is the most effective method in the use of dogs as guards. 6) You may place dogs in open areas where it is necessary to limit movement. DISADVANTAGES: 1) They lose their effectiveness if they work where there are many people. 287
LN324-91 2) You could not use it near a road, since the traffic noise will distract him and cause him to lose concentration and effectiveness. 3) They must work at least 75 to 100 yards from a road, or from areas with frequent traffic. e. ENERGY BARRIERS: 1) An energy barrier is the use of mechanical, electric, or electronic energy to prevent or alert about an intruder-s entry. 2) Two important energy barriers are: a) Protective illumination systems b) Protective alarm systems 3) PROTECTIVE ILLUMINATION: a) It is used to increase the guards- field of vision, providing a visual field during the night in areas of poor or any natural light. b) DISTINCTION OF SILHOUETTES: (1) When the possible intruder uses dark clothes, he may hide behind the structure-s shadows. To aid the guard in distinguishing these silhouettes you may: (a) Direct additional illumination to the structure-s grounds and walls. (b) You may paint stripes or angles on the walls, fences and structures, that will allow the guard to detect movement. c) ILLUMINATION OF ENTRANCES: This is a special task since: (1) Provides illumination to: (a) Inspection of passes (b) Inspection of Identification cards or badges 288
LN324-91 (c) Inspection of vehicles (d) Inspections of trucks and loads (e) Illumination of the area surrounding the sentry box (2) There must be illumination in an area approximately 50 feet around the sentry box, 25 feet as a minimum. (3) The area inside the sentry box must be kept as dark as possible. In that manner the guard could see the persons, and the persons could not see who is the guard, nor how many guards there are inside the sentry box. d) SENTRY TOWERS: (1) The sentry towers must not be over 1,000 feet of distance from one another. The reason for this is that a person WITH normal vision only has a field of vision of 500 feet in which he could distinguish silhouettes. (2) The sentry towers must have flood lights, in addition of providing illumination, they must also blind and surprise the intruder, disorganizing therefore the possible attack plan. e) ILLUMINATION OF VITAL AREAS: (1) Examples of vital areas: (a) Communications (b) Warfare equipment (c) Water tanks (d) Energy plant (2) The vital areas that are considered vulnerable from a large distance must be kept dark. (3) Vital areas that are vulnerable at short distance must be kept well illuminated. (4) Other areas that must be kept well illuminated are: (a) Inactive areas: where there is no night work, areas that provide hiding places to intruders. 289
LN324-91 (b) Buildings: Illumination around the buildings is necessary to avoid that intruders come in through low windows on the first floor. (c) Parking area: In addition to providing a good hiding place to the intruder, is a good area for assault to employees of the installation. f) EMERGENCY ILLUMINATION: (1) There must be an independent-backup system of illumination when the normal energy source is interrupted. This may be: (a) A system of floodlights that operate on batteries. (b) A generator (c) A central battery system 5. PERSONNEL CONTROL AND IDENTIFICATION: a. IDENTIFICATION: 1) The most effective manner will be if the guards could personally recognize all the persons authorized to enter the installation. 2) A modified identification system could be used only at the military installations where only military personnel work. A commander could take his unit to the door and become responsible for them. 3) The artificial identification is the most widely used at present. The authorized personnel receives passes or cards where access to a determined installation or activity is authorized. These could be falsified and therefore they must be laminated and prepared WITH a complex background so as to make falsifying difficult. 4) They must have the photograph of the person, name, and date of birth, height, weight, hair color, color of eyes, sex, name of the installation, rank, title, and signature of the authorizing official. 5) When artificial identification is used, this must execute a rigid control over the devices used. 290
LN324-91 b. USING THE ARTIFICIAL IDENTIFICATION SYSTEM: 1) The employee receives a card or identification that they keep. When they enter the installation they show the card and come in. This system is used widely but it has its flaws. These are the loss of cards and possible falsifications. 2) In another system, two cards WITH the same information is prepared. a) When the person comes to the installation, they give the card that he keeps and he receives another one to be used inside the installation. If one of the two has been altered, the guard could detect the change when he has the two cards in his hands. 6. CONTROL OF VISITING PERSONS: a. The control over the visitors depends in how sensitive the installation is. b. Possible visitor's controls: 1) Escorts 2) Programmed visits 3) Visitor's registry 4) Passes for visitors 7. CONTROL OF PACKAGES: a. You must provide for the search of packages that come in or that are taken out of an installation. b. If necessary, you may prohibit carrying packages to the installation all together. 8. PHOTOGRAPHS: a. You must be careful in the areas where classified material is kept to avoid the taking of non-authorized photographs. b. Generally, only photographers authorized by the information office, or by the commander of the installation could carry cameras to the sensitive areas. 9. VEHICLE IDENTIFICATION CONTROL: a. Jointly WITH the personnel control, there must be a control of vehicles. 291
LN324-91 b. An identification system which identifies the vehicles WITH authorized access to the installation. c. It is required that the entire personnel registers their vehicles WITH the guard's general headquarters. d. When the registry is done, you may give the vehicle's owner a decal that must be placed in the vehicle's windshield. e. The declass must be renewed annually and must be rigidly controlled. 10. FIRE-FIGHTING INSTALLATIONS: a. Fire is one of the most effective tools used by the sabotage teams. b. Without knowing the cause, a fire could neutralize an installation completely. c. The security program must include the adequate installations to fight fires and a program for the prevention of fires. d. COMPONENTS OF A FIRE-FIGHTING INSTALLATION: 1) PERSONNEL: They may civilians or military men. They must be trained adequately in combat and fire prevention. 2) ORGANIZATION: It is a function of engineers. The engineer of an installation serves as commander of the firemen's corps. 3) THE EQUIPMENT: The firemen's ability depends upon the equipment they have. To determine the type of equipment necessary, you must understand the classification of the fires: a) CLASS A: Are those which consist of common fuels such as wood, paper, and similar materials. Water is the best element to fight such type of fire. b) CLASS B: Are those of the oil or gas type. Water does not work to put out this type, since water spreads this type of fire. Carbon dioxide is appropriately used to put out this type of fires. Foam extinguishers are recommended. 292
LN324-91 4) ALARMS: There are two types of alarms: Central and local. They could be automatic and manual. Their placement serves to alert the fire fighters corps and the personnel at the same time. 5) RESERVE FORCES: It is advisable to have a reserve force that consists of personnel trained in the same manner as the main corps. 6) PREVENTION OF FIRES: The entire personnel in an installation has the obligation to participate in a prevention program. You must have a training program so that everyone is conscious of their responsibilities. 7) PLANS IN CASE OF FIRES: You must prepare specific instructions for the entire personnel. You assign specific responsibilities to the entire personnel that is present at the time the fire breaks out. 11. COMMUNICATIONS: a. A security program must include provisions about communications security. b. The communications center must be designed as a restricted area and must enforce strict control over the access to this area. c. The communications center must be located in an area or building that could be easily defended, WITH some type of protection against aerial attacks. d. The maintenance and service personnel have a very sensitive position and therefore must have the security authorization according to the sensitivity of the installation. 12. GENERAL SERVICES: a. There must be provisions that guarantee that electricity and water services are protected adequately and there are emergency sources available: 1) ELECTRICITY: If an installation has its own energy plant this must be located in a restricted area and only authorized personnel should be allowed inside. A barricade system must be built to prevent the entrance of non- authorized personnel. 293
LN324-91 2) WATER: If the installation has its own fire fighting station, you must give the same protection as to the energy plant. You must protect the water from contaminations. SUMMARY: We have discussed some of the measures that could apply in an installation or activity to prevent non-authorized access to these. You must not suppose that these are the only available measures when making a recommendation to a commander during the course of an inspection or carrying out a study of physical security. The minimum rules that have been presented are preferred but are not always possible. Frequently, you may improvise to compensate for the lack of security that results when the minimum rules are not carried out. Keep in mind that there is not such thing as an impenetrable barrier. One must not depend solely upon natural and structural barriers. The key to the good functioning of any security system is personal efficiency. The barriers that are used only serve to improve the effectiveness of the guards and make the detection of intruders more possible. The physical security is not the only answer to the commander's problems in regards to security. Unless he has a good personnel security program and a good information security program he would not be successful in his intents to safeguard the information and the classified material of his installation. If there is a flaw in the security system, the intruder takes the necessary key to neutralize the whole security program. Remember this when analyzing an installation during a security inspection. Back to Top 294
ANNEX A PHYSICAL SECURITY REPORT LN324-91 (Name of the group preparing the study) TITLE: SECURITY STUDY OF (Name of the installation) I. HISTORY: A. The study of security was conducted during the period between (the times and dates) The following agents from (designation of the unit that conducted the study). 1. Last name, first name of agent(s) in charge 2. Name 3. Name B. MISSION OF THE UNIT OR INSTALLATION: 1. The unit ______________has the following mission. 2. Factors that affected the level of security. a. Discuss the mission of the unit as it affected the required security level. b. Discuss the location of the unit. c. Discuss the number and the name of similar installations. d. Discuss the security classification for information and/or material. e. Discuss the general importance of the unit studied. C. LAST STUDIES AND SECURITY INSPECTIONS: 1. Security study: (Date) 2. Security inspection: (Date) 295
LN324-91 D. UNIT MAPS: 1. Sketches of the unit or installation. 2. Map of buildings (Annex "A" convincing document number _____) II. MILITARY SECURITY SITUATION: A. PHYSICAL AND MATERIAL SECURITY: 1. Natural barriers and exterior influencing factors: a. Topographic description 1) Location of the installation or unit. General limits: a) North b) South c) East d) West 2) Ground characteristics a) According its shape (flat, mountainous, etc.) b) According to its coverage (clear, etc.) c) According to its contents (clay, etc.) 3) Type of terrain: a) Natural: (1) Hills (location, height, characteristics, photographs) (2) Ravines 296
LN324-91 b) Artificial: (1) Canals, (location, width, depth, photograph, etc.) (2) Water collectors b. Immediate areas: 1) Unit, location at __________________________areas pertaining to ___________________surrounded by the following inhabitant groups. a) Inhabitant groups -- Population (distance, characteristics, etc.) -- Settlement (main characteristic of the sector) b) Educational establishments -- Schools -- Colleges c) Social organizations -- Number (location, distance, objectives) -- Leaders (names, last names, identity number, place, address, telephone, etc.) d) Industries -- If any (description) e) Entertaining places -- Restaurants, billiard rooms, taverns, etc. (characteristics) f) Crime rate in the zone -- Common crimes in the zone 297
LN324-91 -- Police history (rubbery, crime, etc.) g) Groups WITH ideologies contrary to the constituted order or power. -- Investigations to ideologies that could affect the security of the National Unit. h) Foreigners -- Names -- Occupation -- Nationality c. Critical zones 1) Are the following installations: a) Generators b) Electricity control c) Water measures d) Fuel deposits e) War materiel 2. Artificial barriers a. Perimeter barriers 1) General Facts a) The unit borders WITH walls from north, south, east and west, extension, fencing, type of concrete. b) The limits of the installation are: -- North -- South -- East -- West 298
LN324-91 2) Fences -- The unit has barbed wire fences, etc. to the north, south, east and west, etc., describing direction, extension, type of fencing or barriers they have (include a photograph). 3) Entrances -- There are the following entrances in the unit: -- A door (characteristics, measures, role) -- An entrance (characteristics, measures, role) -- Other doors (characteristics, measures, role) 3. Human barriers: a. Guards and security systems 1) Guard personnel a) General description b) Guard service 2) Inspection and control of the guard a) Inspection system b) System for its control 3) Use of guards -- Positions, if there are or are not enough 4) Guard's equipment -- Disposition of armament, ammunition, equipment, etc. b. Control and identification of persons 1) Personnel in charge of control 299
LN324-91 2) Systems for control of persons 3) Identification cards for persons 4) Plant personnel (working inside the installation) 5) Visitors 6) Authorization to access the installation 7) Schedule of access c. Control of identification of vehicles 1) Registry and control of vehicles 2) Visitor's vehicles (parking area) 3) Systems for inspection of vehicles, entering and exiting) 4) Illumination of perimeter (if enough, photograph) d. Security of the inside area 1) There is no security 2) The unit has _______ (description of installations) 3) Built by_________ (description of rooms, floors, etc.) 4) The main doors to buildings are 5) The windows ________________ 6) The upper part, doors, windows, etc., (in regards to security) 4. Animal Barriers a. If any (type and description) 300
LN324-91 5. Energy barriers a. Illumination system 1) If any (characteristics) b. Alarm system 1) If any (characteristics) c. Services 1) Electricity a) Who supplies it b) Is it enough or not, etc. c) Water pressure d) If water supply is enough or not e) Uses f) Water tanks -- Description, characteristics, use, location, etc. g) For emergency cases, if there are any other sources or own places for collection of water. d. Special cases 1) Fire fighting systems a) Fire personnel -- Plan to put out fires -- Distance from firemen -- Composition of firemen corps -- Equipment used -- Time to reach the unit if notified of a fire. 301
LN324-91 b) Fire-fighting equipment available at unit -- If any (description and location) c) Fire alarms -- Description, auxiliary, etc. d) Water -- If the unit has water hydrants in case of fire. e) Counterintelligence plans -- If any 2. Plan for defense of the camp a) If any B. PERSONNEL SECURITY: 1. Main personnel in the unit Infantry, military intelligence, administrative, civilians, etc. 2. Number of persons a. Plant personnel 1) Plant number 2) Troop personnel 3) Recruited personnel 3. Civilian employees. (identification and authorization cards, schedule of entrance and exit) a) Doctors b) Nurses 302
LN324-91 c) Secretaries d) Workers e) Etc. 4. Others a. Address of personnel in the general area. b. Use of mobilization. (If there is any plan for mobilization of personnel in general in case of emergency) c. Investigation 1) If there have been any suspicious sinister activity, that is, sabotage. 2) If there have been intention to cause fire. 3) Any illegal authority that has been registered. d. Moral 1) Moral problems that affect the security 2) Military personnel accusations (when a military man reports to his superior about any comrade) 3) If there is a registry of damages or lost material 4) Hatred among military or civilian personnel e. Personnel identification control 1) Personnel identification method -- If none, if they intend to have one 2) Visitor's control -- If none, if they intend to have one 303
LN324-91 C. DOCUMENT SECURITY: 1. Existing situation Summary of percentage (%) of documents and classification (ULTRA- SECRET, SECRET, CONFIDENTIAL). If there is no existing classification of documents, if they wish to establish a system. a. Preparation and reproduction: 1) The sections create sensitive or classified material 2) Precautions WITH paper ribbons, carbon paper, etc. 3) Document file. (location, adequate or not) 4) Destruction of documentation 5) Access to sensitive dependencies or secret documents b. Classification and marking: 1) Markings should be placed in documents classified as: a) Photographs b) Film c) Recordings d) Letters e) Drawings f) Maps 2) They are properly stored 3) They are of easy access -- Manner in which they are stored 304
LN324-91 c. Re-classification of (classified documents) 1) If they have a higher echelon in each one of the cases 2) Registry and file of classified documentation 3) How the material is filed; ULTRA-SECRET, SECRET, CONFIDENTIAL. 4) Description of building where it is filed 5) Who files in each dependency 6) How long does it take for a person to do that work d. Transmission 1) Verbal or written communications 2) Using military mail or other mail 3) Stations and telephone numbers and extension numbers 4) They use wire methods, such as telephone, radios, etc. 5) Messengers a) Who are they b) It is always the same person c) They receive instructions for the fulfillment of their work. e. Dissemination 1) Who authorizes the handling of classified documents? 2) If documents are taken out of the office. Who gives the authorization. 305
LN324-91 3) They keep the key to the files when they leave the office. 4) Who has that key? 5) If classified documents are taken out, if they need a receipt. If they require previous authorization from their chief. f. Message center 1) If there is: a) Description and functioning b) File description c) Well or poorly attended 2) Facilities for storage of documents a) Manner of storage b) File style c) Security keys 3) Receipts: -- System for receiving documents 4) Incineration: a) There are systems for incineration b) Where does the incineration takes place? 5) Evacuation: a) Evacuation plan b) Vehicles c) Assigned personnel d) Priorities 306
LN324-91 e) Evacuation place f) Security measures g) If the classified material is identified D. SECURITY OF TRANSPORTATION AND MOVEMENT: 1. History a. They is a topographic chart of the place. b. Transportation of the installation's personnel c. Capacity for military transportation or supplied civilians. 2. Aspects to consider: a. Coverage measures 1) If identity of installation, unit, or part of the vehicles is known 2) Has signs, direction signs or posters 3) Vehicle or continuous transit and uniformed personnel 4) Principal or alternative roads 5) Main roads: a) _______________towards unit b) _______________towards unit 6) Alternative roads: a) ________________. b)_________________. b. Personnel and or security or protection means 1) If any 307
LN324-91 2) Technical transportation security measures 3) Vehicles that are used in transporting the installation's personnel. a) Vehicles b) Buses c) Civilian buses III. PHYSICAL SECURITY A. Deficiencies found in the Study of Physical Security, conducted previously, that could have effect over personnel security and the security of documents. 1. Deficiency: ______________________________________ Recommendation: _________________________________ 2. Deficiency: _______________________________________ Recommendation: __________________________________ B. PERSONNEL SECURITY: 1. Deficiency: ____________________________________ Recommendation: __________________________________ C. DOCUMENT SECURITY: 1. Deficiency: ______________________________________ Recommendation:_________________________________ D. SECURITY OF TRANSPORTATION AND MOVEMENT 1. We recommend to give the installation: a. Transportation vehicles 1) Buses 2) Ambulances 3) Jeeps (trucks) 4) Loading transportation 308
LN324-91 b. Coverage. 1) How could the unit cover the vehicles and their movement through a false story if possible. 2) Access roads to the installation. -- Main entrances for vehicles, pedestrians, etc. 3) Helicopter room -- Where it could be possible 4) Parking room -- Owned vehicles -- Visitors' vehicles -- Civilian vehicles 5) Security and protection personnel for the vehicles. IV. ORIENTATION FOR EXIT A. All the findings and recommendations were discussed during an orientation WITH unit members: (Name the participants in the group, WITH rank, last name, name, initials, role) 1. _______________________________________ 2. _______________________________________ 3. _______________________________________ V. ANNEXES: "A" Convincing document no. 1 Photograph Convincing document no. 1 Legend 309
LN324-91 "B" Physical Security: Convincing document no. 1 Photograph Convincing document no. 2 (Description) "C" Personnel Security: (Name the documents in the same manner than the ones above). "D" Document and information security: Convincing document no. 1 XXXXXXX "E" Security of Transportation and Movement: Convincing document no. 1 XXXXXXX _________________________________________________________________ 1. SUMMARY: (Study of Physical Security) 2. CONCLUSION: Back to Top 310