When Tom Cruise had to break into police headquarters in Minority Report, the futuristic crime thriller, he got past the iris scanners with ease: He just swapped out his eyeballs.
CIA agents may find that just a little beyond the call of duty. But meanwhile, they've got to come up with something else: The increasing deployment of iris scanners and biometric passports at worldwide airports, hotels and business headquarters, designed to catch terrorists and criminals, are playing havoc with operations that require CIA spies to travel under false identities.
Busy spy crossroads such as Dubai, Jordan, India and many points of entry in the European Union are employing iris scanners to link eyeballs irrevocably to a particular name. Likewise, the increasing use of biometric passports, which are embedded with microchips containing a person's face, sex, fingerprints, date and place of birth, and other personal data, are increasingly replacing the old paper ones. For a clandestine field operative, flying under a false name could be a one-way ticket to a headquarters desk, since they're irrevocably chained to whatever name and passport they used.
"If you go to one of those countries under an alias, you can't go again under another name," explains a career spook, who spoke on condition of anonymity because he remains an agency consultant."So it's a one-time thing — one and done. The biometric data on your passport, and maybe your iris, too, has been linked forever to whatever name was on your passport the first time. You can't show up again under a different name with the same data."
The issue is exceedingly sensitive to agency operatives and intelligence officials, past and present. "I think you have finally found a topic I can't talk about," said Charles Faddis, a CIA operations officer who retired in 2008.
"I can't help you with this," added a former intelligence agency chief. "I do think this is a significant issue with great implications for the safety and security of our people, so I recommend you not publish anything on this. You can do a lot of harm and no good."
Other former operatives would not even allow their polite refusals to comment to be quoted. The CIA, naturally, refused to comment for this story.
But several intelligence sources speaking on condition of anonymity agreed to discuss the issue with Danger Room, on the grounds that the problem is already well known to foreign spy agencies and terrorist groups, since it effects everyone seeking to operate covertly or illegally across a border.
In "the old days", as one put it — that would be before 9/11 — deep-cover CIA operatives could use and discard false passports like hand wipes. "The only way immigration could tell if the passports were fake was to look at the stamps, paper, photo and so on," said another recently retired CIA operative, whose worked on sensitive projects under non-official cover. Operatives could land at, say, Dubai, with a passport with one false name, then pick up another from the local CIA station to register at the hotel and conduct a mission. Then the same operative could return the country several times under different names, repeating the process.
Biometrics are making that impossible. Even crossing the border with a real identity, then donning a fake one in-country, presents its own risks. "When you go to check into a hotel room for a meeting with an asset, or even rent a car to drive to the meeting — or hold the meeting in the car — many hotels and car rental agencies upload their customer data, including passport number, to immigration every day," the former spook notes. "Most countries are looking for visa overstays. But when you show up on the list as never having entered the country … it brings the police around to ask questions."
If the CIA is working in concert with a local intelligence agency, as it commonly does in EU countries, Jordan, Thailand and other spots, undercover entries and exits can be smoothed over.
But "unilateral ops" — where the agency is trying to conceal its activities from the host country — "have deteriorated significantly" because of the new technologies, the career spook said.
The agency saw the windows closing, of course: the clamour for new counterterrorism border controls reached high decibels after 9/11. By mid-decade, the EU was requiring member states to issue biometric passports and testing iris scanners.
Right away, the new world of border controls loomed as a big headache for the CIA. The ability to travel under false identities is as basic to spy work as motor oil is to engines. The day of the trench-coated, fast-talking spy easily slipping in and out of countries on false papers multiple times was coming to an end.
Often, a CIA operations officer travelling under nonofficial cover (so-called NOCs) can pick up a new set of documents from a CIA courier or dead drop once he or she is in the country. There's nothing new about that. But since the better hotels require guests to present their passports, which are scanned into the system, that ruse is increasingly rendered moot, especially in hostile climes like Iran, where the interior ministry's computers are assumed to be hard-wired into the airline passenger and hotel guest lists.
"Not that they couldn't duplicate the technology or the bonafides of the passports themselves - watermarks, holograms, et cetera…" the retired operative added. "Their biggest worry was getting the [false] passport and travel data into the country's databases."
One obvious workaround is for operatives to book one-star hotels where such impediments are less likely. But if they're travelling undercover as, say, a prosperous Western business executive, booking a room in a seedy joint only raises red flags with the desk clerks and local gendarmes.
So after 9/11, intelligence sources said, CIA ops managers began putting renewed emphasis on recruiting spies in foreign border-control agencies — people with access to the electronic files, who can change, add or eliminate documents.
"Just before I left, they were gearing up to make a request for CIA officers to recruit foreigners with access to immigration databases," said the retired NOC. "I'm sure that several people made careers out of just this kind of operation, much as some officers did when the NSA suddenly lost millions of access points to intelligence when the world switched from microwave towers to fibre optic lines — whole departments were formed to recruit telephone company assets in foreign countries."
The challenge isn't just the CIA's, of course. Every intelligence agency faces it. The problem is especially acute for Israel's Mossad.
"That's right," says former Mossad operative Michael Ross. "I remember discussions about that in the latter part of my career, just before 9/11. Obviously for Mossad the issue of documents and identity are an ongoing huge, huge project…. You can't go into Syria, say, or basically anywhere in the Middle East, with an Israeli passport, for obvious reasons, so we have to use other documents."
Mossad puts its documents through test runs, said Ross, who retired in 2001.
"We get into, say, France, with a document, then change our appearance, then go into Germany and see if they pick up the physical change, to see if the two speak to each other and say, ‘Wait a minute, is this the same guy? Before he had a beard and glasses, and now he's clean-shaven and wears contacts.'"
"There are some very smart people in Mossad who spend a lot of time and energy ensuring that we can get our people in and out of countries without a document flap," Ross added.
But something went wrong in a Dubai hotel in January 2010. A Hamas official was assassinated, almost certainly at the hands of Mossad. As it turned out, Israeli operatives, who entered Dubai on forged passports from the United Kingdom, Ireland, France and Germany, were videotaped in the hotel by its security cameras. The resulting dust-up mystified longtime intelligence observers, who thought Mossad incapable of such sloppy tradecraft. Either Mossad hadn't locked down its relations with Dubai authorities as tightly as it thought, Ross speculated, or an Iranian mole leaked the surveillance tapes.
For day-in, day-out CIA espionage operations abroad, "biometrics is a problem only if you have the same case officer travelling into the country multiple times with multiple aliases," said the former NOC."The easy fix to that is to break up the workload among several case officers who only travel to that country under one alias."
Or to meet your spies someplace else, others suggested, where border controls are looser, such as Cyprus.
Or better yet, introducing malware into the computers of foreign immigration and border control services, to change data on demand.
But the electronic curtain is descending all over the world.
All EU countries are now required to issue second-generation biometric passports, however, the EU does not require foreign visitors to present a biometric passport. By last September, only Belgium had not complied, according to a scolding press release by the European Commission. At most American airports and seaports, foreign nationals have to produce biometric passports to submit to a fingerprint check before entering the country.
Meanwhile, a business newsletter anticipated last year that "Research analysts predict that in five years, iris scans will be commonly used for airport security and border control."
That might be a little ambitious. Britain's groundbreaking iris-scanning system is being quietly scaled back, according to reports from last November.
It's not that the machines weren't accurate. They just didn't work as fast as planned. Lines were long.
"We currently do not have any iris scanners in use," said Customs and Border Protection spokeswoman Stephanie Malin.
Testing continues. One company alone, Eyelock Corp., has deployed machinesin some US ports, as well as Mexico, Singapore and Columbia, a company spokeswoman said. It has pilot programs running in Brazil, Chile, France, Spain, the UK and unspecified "Middle East"ports.
Dubai loves it. In 2009, Ministry of Interior officials claimed its iris scans had netted 54,000 criminals and 1088 forged passports the previous year.
Did they catch any CIA operatives in their biometric dragnet? If so, no one is talking.