From an intelligence perspective the Cold War never ended. While the term for Russian intelligence and influence operations, ‘active measures’, was replaced with terms like ‘measures of support’, their primary intelligence targets – the United States, NATO and China – have remained the same. Today, as Sweden and Finland have joined NATO, Russia actively engages in a further escalating hybrid campaign of espionage, subversion and sabotage. New technologies and the changing information landscape have introduced new vulnerabilities in our digitally dependent societies. As NATO officials warn, the threats to free public debate and critical infrastructure are part of a growing pattern the West is not sufficiently prepared to counter.
Hybrid threats place new demands on military intelligence, requiring a wider focus and a revaluation of traditional collection priorities. Of course, secret electronic and signals intelligence on adversarial military activities are still crucial. Yet, the focus potentially widens to the total defence of society, and collection includes more and more open source intelligence (OSINT). The democratization of digital technology has significantly expanded the relevance of publicly available information. Online reporting demonstrates how investigative journalists and citizen collectives can expose and map the extent of Russian sensitive activities. For example, identifying the systematic spying at sea by ‘shadow fleet’ ships, by utilizing public AIS signals and intercepted Morse code messages, or going out to sea to film antennas and armed guards. Other private initiatives debunk Russian disinformation and influence operations, or gather information on military tactics and evidence of war crimes on the Ukrainian battlefield.
A tension exists between the speed and availability of public information and what military intelligence bureaucracies can process and deliver. The increasing relevance of open sources has led to a growth of OSINT units within European militaries and the development of new OSINT training programs. In addition, for example in the Dutch military, some informal grassroots OSINT initiatives by individual service members and small groups have emerged, to gather relevant publicly available information themselves. [1] These initiatives are driven by a sense of urgency, the lack of operational and tactical intelligence on Russia to model military exercises, or more personal motives to develop online investigative skills. Service members partly conduct these activities in their own time and as private citizens, bringing what they find into their work context. This information is then sometimes even transformed into formal products and reporting. Despite appreciation of ‘grassroots products’ from some military commanders and peers, military intelligence professionals also have raised concerns about the validity and quality of information, and lack of control. Perhaps these local and informal activities are unavoidable – or even useful to some extent. Yet, many military commanders lack the understanding and overview to effectively guide these practices.
Acknowledge grassroots practices, address legal gaps, and improve safeguards
Developing and organizing new practices of military OSINT is essential. However, their regulation requires strengthening. At present, the blurring of military intelligence and different forms of public information makes already existing challenges more prominent. These include the need to create adequate mechanisms for mitigating mistakes, and considering risks, necessity, proportionality, and subsidiarity of collection. When does gathering information become unauthorized violation of privacy or systematic surveillance, for example?
A key underlying problem, in several European countries, is the legal gap that exists. [2] Current laws regulating intelligence services and the armed forces have restraints in terms of scope, and limits to authorizing military OSINT activities. In addition, the European Convention on Human Rights, the General Data Protection Regulation, and other conventions, safeguard the protection of fundamental rights such as privacy of citizens. The current hybrid conflict increases the need for OSINT collection activities. Yet, for military units, these are now often only regulated in legal frameworks designed for deployment in times of war, during out of area missions, or in ‘peacetime’ when seconded to the intelligence services for a specific assignment.
To improve armed forces readiness and training in the Netherlands, a new Defence Readiness Act has been submitted to Parliament. The current draft would allow for military units to create an adequate ‘information position’ on the relevant operational environment, and to train for this by collecting information – including personal data – from open sources. In line with earlier evaluations, the Dutch Ministry of Defence is also further developing its privacy organisation and broader institutional oversight. A challenging task, given the extensive size of the armed forces compared to national intelligence services, and one that becomes even more complicated as new information technologies develop, or if informal grassroots OSINT initiatives proliferate without improving safeguards.
Compared to the Netherlands, the governance system in Finland seems more robust. The defence intelligence agency and the service intelligence units all reside under the control of the Defence Command Chief of Intelligence – with expert and parliamentary oversight. Still, OSINT is approached as a distinct collection discipline, referring to sources such as social media, official statements and documents, as well as research literature. [3] The diplomatic work of Defence attachés, while formally considered a form of human intelligence, also involves openly collecting such official reporting and monitoring the media. In day-to-day reality the distinctions between formal military intelligence collection, informal grassroots OSINT practices by service members, and other investigative initiatives in civil society could prove blurred. Hence, addressing gaps in national legal frameworks with regard to military OSINT, while investing in professionalism and safeguards, should be a priority for European military and intelligence leaders.
Netherlands Defence Academy and Radboud University
The Netherlands
