On April 21, 1963, three emaciated Americans walked out of Cuba’s LaCabana prison and flew to freedom, released in a prisoner exchange after being held for 949 days under brutal conditions. The three men were undercover CIA officers, who the Cuban authorities had caught seemingly red-handed in a bugging operation. The Fidel Castro regime put them on trial, convicted them of “activities against the security of the Cuban state” and threw them in jail. But throughout their ordeal the trio had clung grimly to their cover story that they were tourists, a cover that their alias documents—driver’s licenses, visas and credit cards—backed up. The Cubans never even discovered their real names: David L. Christ, Thornton J. Anderson, Jr., and Walter E. Szuminski.
At the time of their release the CIA was only 15 years old. It turns 70 on September 18. Yet their story could have occurred any time during the CIA’s first four or five decades, when successfully placing agents undercover relied on three basic activities: creating a plausible alias identity or “legend” for an undercover officer; that officer’s ability to convince anyone who cared that he was the person he said he was; and having the documents to buttress that legend. Now, in the digital age, when background information can be easily checked—and movements tracked on a minute-to-minute basis—creating and maintaining cover poses a far greater challenge.
But 50 years ago, manufacturing that paper trail was the job of men like Antonio J. “Tony” Mendez, an artist hired by the CIA to become, essentially, a professional forger. (The agency used the term “artist/validator.”) In his book, “The Master of Disguise,” Mendez says that when he joined in 1965, the CIA maintained more than 15,000 alias identities—a number that has surely grown in the wake of the agency’s expansion since 2001. The work involved in maintaining those legends was enormous, requiring the forging of ID cards, birth certificates, school records, military-service dossiers and travel documents, including fake passports, visas and plane tickets.
Gradually, according to Mendez, the CIA improved its ability to build aliases for its officers that allowed them to pretend that they were from neutral “third countries”—i.e. neither the United States nor the country in which they were operating. But always, the paperwork had to fit the legend exactly. “If you say that you traveled through Botswana, your documents have to show that you traveled through Botswana,” says Mark Kelton, a 34-year CIA veteran who retired in 2015.
Different kinds of cover
When Kelton joined the CIA in 1981, little had changed from the time that Mendez had started with the agency. Most CIA case officers worked under official cover, meaning that they
pretended to be working for another branch of the U.S. government, typically the State Department. But some were non-official cover officers, ostensibly working abroad in the private sector, without the benefit of diplomatic immunity. Supporting a non-official cover identity required a lot more effort, said Kelton, whose last CIA assignment was as a senior counterintelligence official. “It’s harder for someone from the outside to query a government agency,” he says. “But anybody off the street could walk in and ask the ACME Widget Company ‘Does John Smith work here?’ so that made it much more complicated.”
The CIA backstopped some non-official cover legends by manning telephones that rang whenever someone called the numbers that case officers had given out as their work phone. “Somebody would pick up and they would say, ‘This is the ACME Widget Company’ or whatever it is, and then forward messages to you,” Kelton says.
This lifestyle placed enormous pressure on the individuals required to live their cover. “[Crossing] borders can be very stressful. Being challenged by people on the street can be very stressful. Having somebody walk up to you who knows you in another name, that can be very stressful,” says Kelton. The latter situation happened to him twice when he was meeting with someone under his assumed name—but in neither case did the unwanted intrusion blow the operation. “You have to think quickly,” he says, to explain the situation away to all parties.
When diplomats became movie producers
One of the CIA’s most famous operations involving the classic use of disguises and forged documents was the mission to exfiltrate six American diplomats from Tehran, chronicled in the Academy Award-winning film “Argo.” Having managed to avoid being trapped in the U.S. embassy and taken prisoner when Iranian radicals stormed the facility, the Americans took refuge in the homes of two Canadian diplomats. Meanwhile, the CIA went to work figuring out how to spirit them out of Iran.
The agency’s plan, with Mendez taking a lead role, was to have the diplomats pretend they were part of a Hollywood film crew looking to shoot a sci-fi movie in Iran. It required the six to disguise themselves, memorize legends and assume fake names to match the documents Mendez brought them. The elaborate plan worked to perfection, and on January 28, 1980, the six diplomats and their CIA minders flew out of Tehran to safety.
Keeping cover in the age of Google and Facebook
As challenging as it was for spies to establish and maintain cover during the Cold War, the arrival of the digital era left case officers vulnerable in ways they had never been before. “The advent of the Internet was a huge issue,” said Kevin Hulbert, a former CIA station chief who retired in 2014.
The digital trail we all leave—credit-card transactions, car rentals, internet searches and purchases—are like digital bread crumbs for an enterprising foreign-intelligence service trying to research a case officer, said then-deputy CIA director David Cohen in a 2015 speech at Cornell University. With so many interactions, transactions and communications performed or stored online, the imperatives for the CIA, he said, were clear: “We must find ways to protect the identity of our officers who increasingly have a digital footprint from birth. Likewise, since having no digital trail can raise suspicions too, we also have to figure out how to create digital footprints to support cover identities.”
The digital age presents undercover spies with four overlapping challenges. The first is the threat posed by search engines that can trawl the Internet in a fraction of a second. “Google essentially does the research that hundreds of people used to do for an intelligence organization,” says Kelton. A quick Google search can help a hostile spy agency determine whether an American case officer working under cover is really who he says he is. “And that has, of course, complicated the lives of intelligence officers greatly,” says Kelton.
Not to mention that the average 50-year-old guy is likely to have a deep credit history and mortgages and other digital trails. “It’s enormously difficult to replicate that kind of stuff in alias travel,” says Kelton. “It’s possible to an extent, but it’s enormously time-consuming to build those types of cover legends that would endure really deep scrutiny.”
The second challenge: The ubiquity of social-media platforms like Facebook and LinkedIn. “If you’re a young person or if you’re a professional today, you almost invariably are going to have a social-media profile,” Kelton says. For an undercover officer, that profile “has to conform to whatever mission you have… It’s immensely complicated to keep that consistent.”
Creating a profile to fit a legend shortly before an operation is rarely an option. “What you don’t want is…having it just pop up one day,” Kelton says. “That’s not viable, unless you have a very good reason why.” To be credible, profiles need to date back several years.
The expanding fields of biometrics and facial-recognition technology constitute the third challenge, especially for alias travel. The installation of iris scanners at airports and other border crossings have greatly complicated the business of trying to enter a country under an assumed identity. The same goes for the adoption by many countries of biometric passports, Hulbert says.
Then there’s the creation of large databases by governments and international organizations. During the Cold War, recalls Kelton, “there weren’t computer databases and instant recall [available] to border guards and airport security people, as there are now.” If an undercover officer’s forged passport and visa passed muster with the security official visually checking it at the airport, he or she was good to go. Now the security officer can punch all the relevant information from the passport into a computer to see if it checks out.
Compounding the problem, says Kelton: These databases often link to international networks—whether it’s airline security or international police organizations. “That obviously complicates things.”
“In the intelligence world, like the military world, he that adapts slowest loses,” Kelton says. So in 2015, after senior officers reported that the agency, in Cohen’s words, was “not well prepared to leverage the opportunities of emerging digital technology,” the CIA created its first new directorate since 1963, the Directorate of Digital Innovation. A key focus, according to Cohen, would be on helping “clandestine officers maintain effective cover in the modern, digital world.”
One way to do that might be to revert to a more widespread use of officers’ true names. “Working in true name is the oldest form of espionage,” says Kelton. Having an officer use her pre-existing digital footprint eliminates the need to create a new, fake one for an alias. “The logic drives you in that direction,” Kelton says, without confirming that it was a course the CIA was taking. “Operating in true name is immensely simpler in one sense—you don’t have to remember who you are, and what you rely on then is your training and discipline.”
The risk, of course, is that agents lose the insulation and protection an alias provides for their identity—and that of their family. “But if that’s what it takes,” says Kelton, “that’s what it takes to get the job done.”