Let's Talk About Surveillance Detection

Between December 1st and 3rd, I attended the fantastic Close Protection Conference 2016 in Las Vegas, which was organized by the International Protective Security Board (IPSB). In the conference, I was hugely honored to do a ‘Tac-Talk’ (think TED Talk, just for security professionals) about surveillance detection, and I thought it might be a good idea to put the central points I covered in writing.

Before I get into it, though, I wanted to give a big shout-out to the board members of the IPSB. I think it’s an extremely important organization—one that’s going to shape the future of the protective security industry. And to anyone who hasn’t yet signed up to it, consider this your personal invitation to do so. (Seriously, get on it right away…)

The goal of this article (and the ‘Tac-Talk’ it was based on) is to touch on a few central points regarding surveillance detection and to spark people’s curiosity about it. I want to get you interested in SD so that you can then go and find out more about it: read up about it, talk to people about it and figure out how you can get value from it.

1. Surveillance detection vs follow-up

At its core, Surveillance Detection is the attempt to provide a Yes/No answer to a Yes/No question—is hostile surveillance being conducted? People often assume that SD should do more than just answer that question since it doesn’t make sense to detect something like hostile surveillance and then not do anything about it. And though it’s true that you should definitely do something about hostile surveillance, whatever you end up doing is no longer part of your detection efforts. It’s going to be a follow-up step.

One of the more common follow-ups that get conflated with SD is counter surveillance (CS). Counter surveillance (as I’ve explained in an earlier article) is when you turn the tables on a hostile surveiller that’s been detected; it’s when you go on the offensive and start surveilling them back, following them, collecting intel’ on them, etc.

It’s an easy enough conflation to make since the same operators can seamlessly flow from surveillance detection to counter surveillance (provided they’re trained on both), but there’s a very important line you’d be crossing; one that has operational and legal implications. SD is basically a defensive measure, one that falls in the preview of protective operations. But as soon as you go on the offensive with CS, you cross into the realm of investigations, which means you’ll need a Private Investigator license, and will be taking on new risks, liabilities and logistical requirements.

I’m not saying that counter surveillance (or any other follow-up step) should be avoided, I’m just saying that it should be understood as a follow-up step to SD, and executed correctly and responsibly.

1. The purpose of SD

The first thing to understand here is that hostile surveillance is not the primary threat we should be worried about. Our primary concern is an actual attack. But attacks don’t just come out of nowhere, they come as a result of hostile planning. And one of the most important parts in hostile planning—the one we have the best chance to detect—is hostile surveillance. This is because it might be the only part of the hostile planning process where someone has to actually show up. It’s the only part that necessitates physical presence in the area of the target. All the other parts could be conducted remotely (possibly even in a different country).

SD is therefore not an attempt to detect hostile surveillance for its own sake; it’s our attempt to detect hostile planning that can lead to an attack.

1. Field Protective intelligence

Surveillance detection more or less straddles the two realms of security and intelligence, which makes it a form of protective intelligence. But unlike most other types of protective intelligence that are collected remotely, SD is conducted in the field. This is why I view it as a form of Field Protective Intelligence. It’s not meant to replace physical protection, it’s there to augment it by adding an external intelligence layer around it.

Interestingly enough, SD can be employed by a physical protection program that sends operators out to take positions around it (from the inside, out); or it can be employed by a protective intelligence program that sends operators to the field, to be closer to the action (from the outside, in). I’ve actually done it both ways for corporate clients; in some cases reporting to the physical protection team, and in others, reporting to the protective intelligence center.

There’s no definite right or wrong way to do it. It just depends on the situation (and on client requirements), but I think field protective intelligence can provide a great way to bridge the gap between the physical protectors in the field and the protective intelligence managers in the office.

1. The SD equation

The general way to detect hostile surveillance is to detect people who correlate to the target (discussed at length here and here). There are various ways someone can correlate to a target, be it by observing it, moving in conjunction with it, and more.

A good way to visualize the situation is as an equation, with the target on one side and the hostile surveiller on the other. The correlation is what connects the two sides. So if we have a correlation of observation (a surveiller observing the target), we can look at the surveiller’s line of sight as the correlation. If a surveiller is following a target, their deliberate movements in conjunction with those of the target can be seen as a correlation of movement. And in some cases, even with no movement or direct observation, the mere presence of a surveiller in the area of the target (for long enough periods of time) can be seen as a correlation. If the surveiller’s presence is then detected in multiple locations, with the common denominator to those locations being the presence of the target (principal), then this can be seen as a correlation over time and distance.

1. Be “the bad guy”

An important part of learning how to detect hostile surveillers is to first experience how it’s like to be a hostile surveiller yourself. Not just to learn about it—to actually experience it.

There are a number of reasons why you’ll get value from this. First, by looking at your client from the outside—as a target—you can notice certain vulnerabilities that would not have otherwise occurred to you if you just view things from the inside out. If, when you do this, you want to also maintain covertness (as is usually the case), then you’ll have to look for good vantage points that will provide cover. These are important locations for SD operators to pay attention to, and you might not know where they are if you don’t first do your best to find them as a hostile surveiller.

Another important thing you learn from being "the bad guy" is a certain “X-Factor” about hostile surveillance—the difficult to describe feelings and psychological pressure that are involved in hostile surveillance, especially on a well-protected target. Hostile surveillance is way more stressful than most people realize, and these types of stresses tend to manifest themselves in various ways; even if just in nuanced ones. These could be nervous tics, shuffles, double-takes and various other idiosyncrasies that would not be apparent to those who have not gone through the experience themselves. We want to experience these things in order to then be able to detect them in others. And while these might not be correlations to the target, if we see them in people who are occupying vantage points (that we now know about), we can pay more attention to them and have a better chance to spot correlations to the target if they occur.

1. Where to look from?

Keeping the SD equation idea going, the ideal way to detect a correlation to the target is to observe both sides of the equation—simultaneously if possible. And if you want to do this while remaining unseen by a surveiller, the areas where you’ll want to be in are behind the surveillance vantage points (outside the surveillance “Red Zone” as we sometimes put it).

This takes some getting used to because it puts the SD operator at a weird angle for seeing the SD correlation (looking along the equation/correlation line rather than seeing it perpendicularly). It also involves much longer distances, and it necessitates that you let a potential hostile surveiller be closer to your client than you are (something that’s very difficult for security-minded professionals to get used to). This is where you have to remind yourself that SD is not physical protection but rather a form of field protective intelligence. The value SD brings to the table is in the form of information; implementing the age old idea that Knowledge Is Power.

This article has hopefully clarified a few fundamental principles in regard to SD, but I mostly hope it has opened up more questions that it has answered. Good! Now it’s your turn to go and find out more about it and figure out in what specific way you can get value from surveillance detection.