Nongovernmental actors that conduct intelligence collection, analysis and operations increasingly are being shown to operate in parallel and at times in place of traditional intelligence agencies. This creates a more complex informational, analytic and operational environment that offers tradeoffs for policymakers. A variety of nonstate actors, including for-profit companies, private groups and even individuals, always have provided intelligence functions. Recent news coverage and broader global trends — such as diffusion of open-source information, online social media and digital capabilities — are drawing growing attention to their activities.

• Bellingcat, an international collective of independent researchers, has made headlines multiple times in recent years for its open-source investigations of high-profile incidents that provide strong evidence for assumptions that had yet to be confirmed, at least in public, by government officials. Most recently, its 2020 investigation of the poisoning of Russian opposition leader Alexei Navalny provided robust proof of Russian culpability.
• The NSO Group, an Israeli company, has been subject to repeated media scrutiny after various cybersecurity experts and reporters uncovered that many governments have used its spyware to target political opponents, journalists and other critics. In 2018, separate researchers provided evidence that Saudi Arabia had purchased NSO Group spyware, which it allegedly then used in a surveillance operation that led to the killing of Jamal Khashoggi.
• Many cybersecurity companies, such as U.S. firms FireEye and Crowdstrike, routinely publish analyses of malicious cyber activity that offer the clearest public attributions of responsibility and reportedly inform intelligence agencies’ classified assessments. Last year, FireEye was the first to alert the government and publicly report on the SolarWinds cyberattack, while Crowdstrike’s work related to the U.S. 2016 presidential election was cited by national security officials as informing their assessments of Russian meddling.
• Law enforcement agencies increasingly have sought help from the public in identifying suspects by releasing images and other relevant information so that private citizens can conduct open-source inquiries. Federal authorities have charged more than 200 people involved in the Jan. 6 violent siege of the U.S. Capitol in part by relying on crowdsourced requests to match images from the day with social media profiles.

Nontraditional collectors, analysts and operators are taking advantage of an explosion in useful open-source and easily acquirable information, the technological and specialized means to access and exploit it, and opportunities to provide alternatives to traditional spy agencies. Until the end of the Cold War, the last major era of evolution in espionage, most useful secrets were held by a relatively small number of people or entities and typically were not easily accessible. This meant that the means to collect, analyze and conduct intelligence operations were nearly entirely in the hands of powerful state-backed spy agencies that could devote significant resources for these activities. Since then, this model has frayed.

• The amount of useful information that is available entirely publicly or obtained easily has greatly expanded, especially with the spread of digital technologies and communications tools. Bellingcat’s researchers combined telecom, travel, residential and other forms of data — all of which are publicly available or attainable after nominal fees to well-placed insiders — to uncover the identities of Russian intelligence officers allegedly behind Navalny’s poisoning; in so doing, they focused global attention on the incident.
• The diffusion of valuable open-source information has coincided with growing means to analyze it, including in unconventional but highly impactful ways. Forensic Architecture, a British organization, combines publicly available data — such as videos, photos and witness testimony — with specialized architecture tools and techniques to investigate human rights abuses and other wrongdoing; in some cases, the group’s inquiries have directly led to changes in government policy and admissions of fault.
• The increasing operational capabilities of private companies offer competitive options beyond those of official intelligence agencies. Private satellite operators like U.S. firms Maxar and Planet Labs publish high-resolution images that can be publicly released, unlike those taken from classified government satellites. These companies’ offerings are so effective that the National Reconnaissance Office, the U.S. intelligence agency responsible for satellites, plans to increase purchases of their commercial imagery.

The activities of unofficial collectors, analysts and operators can provide policymakers with certain short-term advantages compared to traditional intelligence agencies. In some cases, these actors can complement and even act in place of spy agencies, because they offer several things, including:

• Deniability. Private entities, especially those engaging in operations, give governments at least some plausible deniability, both to audiences abroad and at home, which is much harder when state-backed intelligence agencies carry out these activities. Russia has been accused of using mercenary groups, such as Wagner, in multiple conflict zones, but observers remain divided by their precise ties to the Kremlin. Unlike using its own soldiers, this ambiguity enables Russia to project power in a way it nominally can disavow to foreign adversaries and its own public, especially when casualties occur.
• Creativity. Nongovernmental actors unbound by bureaucracy can be more innovative in ways that traditional spy agencies at times struggle with. The Committee for Human Rights in North Korea, a U.S. nonprofit, has combined its unique accesses to North Korean escapees with publicly available satellite imagery and other open-source information to publish visually evocative details about North Korea’s vast detention system. Some of these revelations have never before been disclosed publicly and reportedly informed U.S. officials’ understanding of — and policy toward — the notoriously opaque country.
• Agility. Outside entities at times can be far more efficient than spy agencies with more cumbersome processes or inadequate coverage. Particularly during the initial years of the Syrian civil war, which began in 2011, the Syrian Observatory for Human Rights (SOHR), a British nongovernmental organization run by a single activist with an extensive network of contacts in Syria, provided casualty figures that were by far the most cited by media networks and even within intelligence agencies. This information helped policymakers overcome traditional spies’ operating constraints to grasp what was happening on the ground.
• Publicity. Unofficial intelligence actors that openly publish their activities can enable policymakers to engage in public discussions about matters they typically cannot due to concerns over compromising classified sources and methods; this is especially important for sensitizing and educating citizens about threats. The findings of cybersecurity firms like FireEye and Crowdstrike are often cited publicly by government officials to justify and explain their warnings about adversaries’ cyber intentions and capabilities.

In the long-term, however, nongovernmental actors will not replace the greater resources and inherent advantages of official spy agencies, and in some ways may complicate their efforts by introducing new risks. Even as they in some cases offer advantages to the work of traditional spies, they will never match official agencies’ overall capabilities. In addition, they will not satisfy policymakers’ perennial desire to collect secrets, analyze them and conduct operations out of the public eye using organizations they control. Their work, even while offering potential benefits, can also create challenges for policymakers.

• Public disclosures, even if they serve some utility in bringing intelligence into the public sphere, can simultaneously undermine policymakers’ ability to take private action without having to worry about public pressure and scrutiny. Bellingcat’s inquiries into the Yemeni Civil War have on multiple occasions provided strong public evidence implicating arms made by British and U.S. defense companies in controversial bombings conducted by the Saudi-led coalition, forcing policymakers to respond publicly to allegations they probably would prefer to handle privately.
• Nontraditional intelligence actors can have political biases that influence their activities. While official agencies can also suffer from this problem, at least theoretically they have mitigation procedures in place, whereas private entities are unencumbered. Although the SOHR offered the most widely cited casualty reporting during the Syrian Civil War, its head was also widely acknowledged to be anti-Damascus and received some criticism for allegedly framing reporting to support the opposition’s perspective. Absent additional context or disclaimers, coverage of the work of these and other monitoring groups can provide policymakers with incomplete or slanted information to influence their thinking.
• Open-source investigations, particularly those that frequently occur on social media in the aftermath of violent incidents, can produce faulty information that complicates official investigations. Of course, intelligence agencies can also arrive at incorrect conclusions, but at least nominally they have robust processes to arrive at their conclusions in a more considered way than those crowdsourced online. Amateur internet sleuths ostensibly acting in good faith have misidentified perpetrators in multiple violent incidents, including the U.S. Capitol siege and terrorist attacks in France and the United Kingdom.