People, ideas, machines VIII: CIA counterintelligence chief James Angleton, 'a wilderness of mirrors', covert operations, assassinations, moles & double agents, disinformation
Lessons from/for the deep state for those thinking about AI, power, geopolitics and security
After such knowledge, what forgiveness? Think now
History has many cunning passages, contrived corridors
And issues, deceives with whispering ambitions,
Guides us by vanities. Think now
She gives when our attention is distracted
And what she gives, gives with such supple confusions
That the giving famishes the craving…
These with a thousand small deliberations
Protract the profit of their chilled delirium,
Excite the membrane, when the sense has cooled,
With pungent sauces, multiply variety
In a wilderness of mirrors…
Gerontion, TS Eliot
[T]he myriad of stratagems, deceptions, artifices and all the other devices of disinformation which the Soviet Bloc and its co-ordinated intelligence services use to confuse and split the West have confronted our policy makers with an ever-fluid landscape where fact and illusion merge – a kind of wilderness of mirrors, where honest statesmen are finding it increasingly difficult to separate the facts of Soviet actions from the illusion of Soviet rhetoric.
Angleton
Even though the President himself is very much against starting a war over Cuba, an irreversible chain of events could occur against his will… If the situation continues much longer, the President is not sure that the military will not overthrow him and seize power. The American army could get out of control.
Bobby Kennedy to Ambassador Dobrynin, October 1962
Kennedy was trying to get to Castro, but Castro got to him first.
LBJ to Howard Smith of ABC, 1968
It is inconceivable that a secret intelligence arm of the government has to comply with all the overt orders of government.
Angleton
There is always a question of whether a democratic country is capable of having an intelligence service of any great merit… It usually takes a national crisis or a Pearl Harbour before people then understand what national survival means.
Angelton
If you control counterintelligence, you control the intelligence service.
Angleton
Quis custodiet ipsos custodes?
Juvenal
The educated person seeks exactness in each area to the extent that the nature of the subject allows.
Aristotle, quoted by Sherman Kent of CIA
[Updated 23/7: 1975: Church hearings, Zapruder emerges, Angleton gives evidence, Colby fired
Updated 22/7. Operation CHAOS & domestic surveillance. Watergate. The Church hearings. The ‘family jewels’. Nixon resigns. Angleton resigns. The ‘family jewels’ gathered. Details on assassination planning leaks everywhere, Rosselli and mafia links explored.]
CONTENTS
1947: The shift to ‘containment’ and birth of the CIA (Weiner)
Angleton shifts from OSS to CIA, covert operation on Italian election 1948
1951: Burgess and Maclean skip to Moscow, tipped off by Philby
1960: Beginning of operations against Castro, Gary Powers, hiring mafia hitmen
1961-2: Enter GOLYTSIN AND NOSENKO: defectors, double agents, moles?
Watergate and the CIA, attempted pressure over ‘the whole Bay of Pigs thing’
1975: Church hearings, Zapruder emerges, Angleton gives evidence, Colby fired
Epilogue
James Angleton worked in the OSS during the war, switched to the newly formed CIA, then was head of CIA counterintelligence for 20 years from the creation of the post in 1954. He was present at its creation and involved in many of the most controversial episodes in its history. He is better known than many CIA directors.
A recent biography by Morley explores these controversies. And his career raises many basic questions about intelligence services:
How best to balance the core mission of ‘defend the country from the greatest perils’ and another core mission ‘defend the country’s constitution and fundamental rights of citizens’?
How far should an intelligence service be allowed to go? How to define ethical and legal limits, e.g on blackmail, murder, and torture? (The CIA not only ran assassinations but also hired the mafia to assassinate people including Castro.)
How can it be controlled? In an autocracy intelligence is controlled by the ruler but in a democracy/oligarchy how do you balance control by the executive, check and balances, the potential for abuse? Quis custodiet ipsos custodes? What defences are there against a normal problem, that the guardians/oversight itself fails and/or is corrupted?
What are common pitfalls of counter-intelligence? What is the proper relationship between a) the team trying to penetrate enemy X and b) the team defending against penetration by enemy X? How do you manage the problem of Golitsyn and Nosenko and figuring out who is genuine and who is a double/triple agent? Angleton’s approach was formed by his experience watching Bletchley and ENIGMA, watching the British deception operation for D-day (including turning Nazi agents in Britain into messengers for our deception), and the VENONA revelations of many Soviet agents at work in America. (NB. contrary to the standard media story today, McCarthy was right about widespread Soviet infiltration/subversion, and in fact under-rated the problem.) In the counter-action to Angleton after he was fired, counter-intelligence was diminished and the CIA had many disasters. How do you avoid the CIA’s problem with Aldrich Ames, a leader of CIA counter-intelligence against the KGB who was himself working for the KGB, or Robert Hansen, an FBI agent responsible for finding Soviet moles who was himself a mole and at one point was put in charge of finding himself? (Both betrayed many secrets and condemned agents to torture/execution.) What’s the right relationship between counter-intelligence and an ‘office of security’?
What sort of incentives work well? How to handle contradictory incentives of those collecting intelligence (promoted for agents recruited etc) and counter-intelligence (promoted for exposing errors, moles etc)?
How best should an intelligence agency be organised? Is the CIA model a good one? What have other services demonstrated? What are the pros and cons of having collection, analysis and operations in the same organisation? What’s the best answer to inevitable trade-offs?
How can such an agency best deal with the inevitable problems of all large organisations?
Where and how did American intelligence go wrong after 9/11? Is it better to think of ‘reforming’ the CIA or ‘replacing’ the CIA?
How should we think about ‘disinformation’ and claims of ‘disinformation’ from intelligence agencies? NB. the CIA’s evidence to the Warren Commission was disinformation. So was the CIA’s, FBI’s, NSA’s public statements about ‘Russian disinformation’ in 2020. So have been many claims from US and UK intelligence and other government sources during the Ukraine war. Although Angleton’s operation in Italy after the war was successful, generally hopes and fears about CIA psychological operations are misguided — it’s harder to persuade normal voters than the intelligentsia thinks and western intelligence services post-1945 have not been good at this (cf. Afghanistan). Though it’s easier to persuade the intelligentsia itself.
If significant elements of intelligence agencies start running disinformation campaigns against their own voters, who is responsible for doing what?! How do such agencies retain public confidence in such circumstances? (A very live issue given the behaviour of senior CIA, NSA and other officials in participating in the 2020 election to help Biden by making public claims about Hunter Biden and the Biden family’s dealings with Ukraine, supposedly on the basis of secret intelligence, that they knew were false and have had to admit were false subsequently in court under oath.)
How should governments integrate intelligence in overall policy? How to balance and integrate information across a lot of different agencies, for example the NRO, NSA, FBI and many others?
How will intelligence and counter-intelligence change as technology rapidly change the games, such as AI-enabled cyber-attacks, new surveillance, new weapons? As seen in the RVJ blog, new technology generates new forces. What sort of new forces will emerge and how will intelligence be affected? (E.g there is a strong argument for experimenting with a hybrid force that is part intel agency/special forces/psyops/AI & drone specialists, particularly given how bad the RAF and MOD have been at adapting to AI and drones. We started to discuss such a new force in No10 with parts of the deep state in 2020.)
Below I summarise this book and intersperse with notes from Legacy of Ashes (Weiner) [in square brackets] and other interesting snippets {in squiggly brackets}.
Previous in this series:
VII: On RV Jones, Scientific Intelligence in World War II, how Whitehall vandalised the successful system immediately after the war. Many issues explored in the RVJ blog are seen from a different angle in this blog.
VI: Alanbrooke diaries, incredibly relevant to today’s problems and what military ‘strategy’ really is
V: Colin Gray and defence planning
IV: Notes on The Kill Chain — US procurement horror, new technology, planning for war with PRC
III: More on fallacies of nuclear thinking / strategy / deterrence. If you read this and the earlier one you’ll see that almost everything the media says about Putin and nuclear threats is wrong / misguided and, worse, so is much of what is said by international relations/historians/military academics.
II: Thinking about nuclear weapons
I: On innovation in militaries, when does it succeed/fail — e.g why US got ahead on aircraft carriers, RAF defence in 1930s.
Prediction: 1) lessons from UKR will overwhelmingly support the arguments of those who in 2020 argued for radical MoD changes (including taking money from old tank projects that everybody privately admitted were a multi-billion pound disaster) and 2) the correct criticism of the review and connected documents will be seen as a) they did not go nearly far enough, b) the collapse of No10 follow through on defence reform in 2021 was — like the collapse of 2020 plans for planning reform, tax cuts, deregulation, Project Speed, intense focus on R&D and skills etc — a disaster for the country (and a political disaster for the Tory Party). (Me, 3/2020)
And some other related stuff pre-No10…
On high performance government, ‘cognitive technologies’, ‘Seeing Rooms’, UK crisis management (2019)
On AI, nuclear issues, Project Maven (2019
On the ARPA/PARC ‘Dream Machine’, science funding, high performance, and UK national strategy (2018)
On China vs US, the ‘Thucydides trap’ book (2017)
And obviously I think that if you’re thinking through AI and geopolitics you should study my chronology of Bismarck, a month of study and you’ll be in the top 0.01% of people who really understand high performance politics, an incredible shortcut, and one that ~100% of those in politics are too lazy or deluded to grasp!
AI, power, intelligence, security: there are no ninjas, there is no door…
You might think somewhere [in No10/Cabinet Office] there must be a quiet calm centre like in a James Bond move where you open the door and there is where the ninjas are who actually know what they are doing. There are no ninjas. There is no door. (Me, 2014)
But the scariest realization is that there is no crack team coming to handle this. As a kid you have this glorified view of the world, that when things get real there are the heroic scientists, the uber-competent military men, the calm leaders who are on it, who will save the day. It is not so. The world is incredibly small; when the facade comes off, it’s usually just a few folks behind the scenes who are the live players, who are desperately trying to keep things from falling apart. (Leopold Aschenbrenner, in a widely read paper and podcast over the last week, June 2024)
I would bet a lot that Deep Mind et al are all hacked and spied on by China and Russia (at least) so I think it’s safest to plan on the assumption that dangerous breakthroughs will leak almost instantly and could be applied by the sort of people who spy for intel agencies… Given someone can hack the NSA without their identity being revealed, why would they not be hacking Renaissance and Deep Mind, with a bit of help from a Milla Jovovich lookalike who is reading a book on n-dimensional string theory at the bar when that exhausted physics PhD with the access codes staggers in to relax? (Me, 2019)
The nation’s leading AI labs treat security as an afterthought. Currently, they’re basically handing the key secrets for AGI to the CCP on a silver platter… They measure their security efforts against “random tech startups,” not “key national defense projects.”… Currently, labs are barely able to defend against scriptkiddies, let alone have “North Korea- proof security,” let alone be ready to face the Chinese Ministry of State Security bringing its full force to bear… Too many smart people underrate espionage. (Leopold’s paper, June 2024, cf. p89ff. Leopold worked at OpenAI until recently and was removed, he says, partly for raising security issues.)
Honeytraps + blackmail = a security nightmare, real security is very very very hard and imposes a lot of friction
Like others in this series, considering the development of the CIA and Angleton’s role is also very rewarding if you’re trying to think through the incredibly complex issues surrounding AI, the top-human then super-human models that are coming (though initially only super-human in a few domains, not generally super-human), politics, geopolitics and war.
I’ve followed this since I read Bill Joy’s famous piece in Wired in 2000. I wrote about it in my 2014 essay. After the referendum I went to San Francisco and visited OpenAI. Back then the conventional wisdom in academia and Whitehall was that the claims and plans made by companies like OpenAI were laughable. Senior academics kept saying models like GPT were ‘a toy’ and they failed to update Oxford and Cambridge computer science courses (which remain behind the curve). It seemed to me likely that people like Dario, Demis and Sam were more likely to be right than the conventional wisdom. Since then much of academia and Whitehall has kept predicting ‘scaling will break’. It has not broken. Those building these models expect it to continue for at least another 2 years which will be huge even if it then does start breaking. I wore my OpenAI T-shirt on my first day in No10 in 2019 to make a point about the confluence of technology and politics/power (the political media’s response was to laugh at GPT!). In 2022 after a visit to San Francisco I predicted on this blog it would go mainstream in 2023.
But after a flurry of interest and nonsense over Chat-GPT, political-media Insiders have almost entirely returned to their default mode: no big deal, doesn’t mean any fundamental changes to politics or government, ‘AI is a hype bubble, they’re just building chatbots, the Bay Area is a cult, VCs are charlatans, GPT won’t be hacking GCHQ haha’. (NB. GCHQ recently declared a ‘critical incident’ over this subject but hasn’t remotely got the plan, people, money or freedom to build what’s needed and the Cabinet Office’s perpetual role of collectively pouring sand in everybody’s petrol tank continues, notwithstanding valiant individual efforts.) The lack of interest — even as massive amounts of capital is allocated to chip manufacture and training runs, with huge implications for energy grids and geopolitics — is the latest episode of how widely believed conventional wisdom among the SW1 Insider-herd almost always proves wrong.
I think that A) beliefs about imminent capabilities of AI, and possibilities for the PRC and Russia, will soon freak out much more of the National Security network across the world, B) it will destabilise (already destabilised and worsening) WMD deterrence as states start to fear scenarios of pre-emptive action that now seem highly implausible (e.g ‘is it possible new AI-enabled technologies will allow part X of the nuclear weapon system to be neutralised?’), C) it will become clear that cyber-defence and cyber-attack, and intelligence services more broadly, will be transformed much more rapidly than most senior Whitehall Nat-Sec types think is likely.
Covid showed how bad politics-world is at exponentials and the exponentials of model improvement are not much appreciated in Whitehall or Washington, and are wildly unknowable to those building the models! NB. a technology does not have to be deployed or even near-term-actually-feasible for it to be destabilising — an obvious example is the way Reagan’s rhetoric on Star Wars combined with US rapid advances in chips and aerospace convinced the KGB and Soviet leaders that Star Wars may destabilise deterrence.
From Leopold’s paper, forecasts vs actuality for model maths performance
There are influential voices calling for versions of nationalisation of AI labs and ‘Manhattan Projects’: i.e OpenAI, DeepMind, Anthropic getting merged, moved out to famous deep state desert bases, put behind barbed wire with extreme security, air-gapped SCIFs etc. I have discussed security with some of the top 20 most important people in this field for years and warned them of the consequences of a state deploying its most aggressive capabilities against them. For many years this field has not thought much about how extreme things will get when entities like Chinese and Russian intelligence deploy their most aggressive attacks — not just cyber attacks but honey traps, blackmail, threats against researchers’ families and so on.
AI’s security culture has been (with few exceptions I won’t name for obvious reasons) similar to other Valley startups. This problem was largely invisible until recently. A rare public case occurred recently when Google had to admit that a Chinese operation trivially evaded their security and stole a lot of sensitive IP. The lack of seriousness about security has undermined confidence in claims from some leading labs: if you publicly say ‘AI may kill vast numbers so there should be regulation for safety/security’ yet you do not actually take security seriously, then some will conclude you are either idiots or you’re lying about security to justify regulations that hurt your competitors. A lot of people at DeepMind have responded over the years ‘we have Google’s cybersecurity’. This is not a good answer. States go around such defences.
A normal corporate security culture is hopeless when issues of war, nuclear and biological attacks, state espionage, state destruction and so on are involved. And even the security culture of the actual Manhattan Project — which was run with extreme competence that it’s practically impossible to imagine Washington-as-it-exists-today mustering now — was insufficient to prevent significant penetration by the Soviets. As this blog describes below, even when the security culture is taken as seriously as America can take it, security disasters are routine. And nuclear weapons security continues to see blunders exposed by Red Teams and bio-security is farcical (cf. the recent exposure of a hidden biolab in California run by Chinese scientists experimenting on engineered viruses including Ebola and the total lack of mainstream interest).
I’ll write further (over summer if I have time) on Leopold’s paper and some other papers on AI, bio-security etc, and the attempt by some to push the UK in a better direction via the AI Task Force and Safety Institute. It’s good these issues are finally getting more discussion. The goal should be to improve western discussion — don’t worry about ‘are we alerting the PRC’ (as some have suggested to me), you should assume PRC is already highly alerted and already stealing much more than is realised!
My recent RV Jones blog on scientific intelligence in World War II and US intelligence post-1945 will also provide food for thought for those trying to get ahead on this.
And for those thinking about Leopold’s paper, here is a paper I wrote in 2017 on ‘systems engineering’ and ‘systems management’ lessons from Manhattan, Apollo, ICBMs etc that are directly relevant to developing practical plans per Leopold’s paper and others thinking similarly about how the labs and the deep state will work together.
Similarly this blog from 3/2022 is directly relevant — how does the deep state actually get ahead of technological surprise and when/why does it fail?
The election and new parties / campaigns
The campaigns are a joke, the leaders are a joke and 99% of the ‘analysis’ is a joke. This election is the apotheosis of the rotten SW1 ecosystem I’ve watched since 1999: the blind leading the blind, only those in SW1 take it seriously, the country appalled/depressed, UK politics as an international humiliation.
One example from the Telegraph’s ‘star’ political ‘expert’. As the Tories machine-gunned themselves with blunder after blunder, she managed to conjure up ‘an extraordinary comeback’ for Sunak who promptly drove himself off a cliff by operating on the governing model of every PM since Thatcher (with the sole partial exception, hated and feared across SW1, of July 2019-Nov 2020) — No10 as Media Entertainment Service — and abandoned his government responsibilities to come home for an interview with ITV:
When you wonder why MPs constantly say and do such dumb things and ignore what’s important, remember that they orient their activity and ideas almost entirely by reading analysis like her’s to understand strategy, communication, public opinion, and what’s going on in Whitehall. She is MP-reality.
Farage’s entry has, as I said it would in an interview a month ago, made it unavoidable for SW1 to discuss the possible destruction and replacement of the Tory Party. But SW1 does not know how to analyse this.
The defining feature of the SW1 Insider network since 2016 has been the remarkable way in which it has become more and more of a denial-of-service attack against its own perceptions of reality. This is part of the crackup of elite consensus reality I’ve explored a lot on this blog but won’t go into now. (I strongly recommend reading essays by Jon Askonas, one of the very few people I think understands the media now, e.g this on John Stewart).
If you want to see the rot of the old system consider this.
A week ago (5/6/24), Putin called in the international media. He told them: NATO has given Ukraine long range missiles to strike deep in Russia, why don’t we have the right to give weapons to other regimes to do the same to NATO, we are considering such options…
And what media coverage do you see?
The old UK media almost entirely censored the event. Although widely discussed globally, it is a non-event in the UK. I’d bet >95% of MPs don’t know it happened.
Not only is our Idiocracy escalating a disastrous war they’ve blundered into, they’re censoring statements from the world’s biggest nuclear power directly threatening us with reprisals for our actions, shoving celebrity gossip onto the BBC website rather than translating Putin’s words (then they claim ‘trust the BBC not disinformation’!). And funding Ukraine which is drone-striking Russian early-warning radars for nuclear weapons, of no relevance to the UKR war.
The gap between the self-perception of our elite media and the reality has not been starker since I started watching them.
The collapse of the Tories, the imminent hard and fast failure of Starmer, and the collapse of confidence in (and audiences of) the old political media is a historic combination of events and a very rare opportunity, albeit an opportunity entangled in many nightmare scenarios. Boris squandered a similar historic opportunity in summer 2020 and set the Party on its path to disintegration.
Next week I’ll publish here next steps on The Startup Party, or, rather, the precursor steps for such a Party.
IT’S TIME TO BUILD BUILD BUILD…
(Ps. If you look at reports on the new H1N1 and H1N2 flu strains, developments are BAD. And given the pathologies I’ve described you should plan on the basis that if there’s another pandemic soon it will be handled even worse than in 2020 plus public trust in what is said will be very low given all the lies from politicians and Whitehall, the disgraceful fake inquiry, the coverups over lab leak evidence and problems with vaccines etc. So it will be even more chaotic. And it may well be worse for kids than normal adults, unlike covid, adding another nightmarish angle. As I’ve stressed repeatedly (from before 2020), a) look at what our old regimes are doing on bioterror planning, b) look how easy it is to breach supposed defences (cf. recent MIT experiment showing they can easily order ingredients to build a bioweapon, and c) imagine how these regimes will cope with the far more complex problems of AI-WMD-security…)
Keep reading with a 7-day free trial
Subscribe to Dominic Cummings substack to keep reading this post and get 7 days of free access to the full post archives.