The rise of private-sector intelligence providers
Or how some corporations already knew to bolt from Ukraine ahead of the war
In short: A just-published study by Harvard Kennedy School researchers lifts the lid on private intelligence services, that is, the vendors who collect and operationalize intelligence outside of classified national security environments. The authors shine light on intelligence services that have entrenched themselves in corporate security and risk analysis, but which operate outside of formal ethical and professional codes.
While the seemingly miraculous possibilities of open-source intelligence (e.g. Bellingcat) are grabbing headlines, far less attention has been paid to the rise of private intelligence services that operate like government national agencies, but privately for corporate clients.
In a new study, “Intelligence outsourcing for non-traditional clients: the rise of private sector intelligence providers,” researchers Katherine Tucker and Maria Robson-Morrow of the Harvard Kennedy School document how national and international security challenges are being addressed by non-state actors.
As the authors tell it: “31 days before the invasion, private security firm Global Guardian was encouraging private sector clients to evacuate Ukraine and provided departure assistance and emergency supplies. Meanwhile, intelligence firm Sibylline warned clients of the likelihood of invasion and potential impacts, and then, remarkably, opened up their intelligence reporting for free to firms with interests in the region, providing insights that protected infrastructure and helped save lives. Many firms were doing the same. The Ukraine case is but one example where timely and actionable intelligence came not just from governments, but from the private sector.”
Private sector intelligence operators are for-profit companies including, the article tells us, Control Risks, Sibylline, Emergent Risk International, Dragonfly, Global Guardian, S-RM, Max Security, and Recorded Future who offer services such as intelligence analysis of geopolitical and security environments, investigating potential business partners, or running embedded intelligence analysts. (This is the consulting side of the private intelligence industry: the paper in passing also mentions a “rapid expansion of in-house intelligence teams within multinational corporations – such as United Airlines, the Walt Disney Company, Royal Caribbean Group, and many others – that seek to identify and mitigate against security and geopolitical threats to their companies’ people, assets, and operations.”)
Tucker and Robson-Morrow’s research design is here appropriately qualitative, relying on semi-structured interviews and industry surveys. This allows them to get past input-output correlations or hypothesis-bound perspectives, to better get to grips with some of the industry’s character, compromises and trade-offs.
Using principal-agent theory (potential misalignment of interest between principals and the operational agents they employ) they find mismatch between the private intelligence firm knowledge of sources and methods and the client’s, creating an information asymmetry between the them whereby companies are nearly entirely reliant on the vendor for understanding the quality and authenticity of the intelligence.
This is compounded by a lack of formal ethical or professional codes in this field. One of the client risks that emerges is a propensity of the vendor to groom their intelligence findings towards managing their own potential for follow-on work or professional referrals.
What’s not apparent here – perhaps subject for a further study – is the overall scope of the private intelligence industry and its growth rate, which would be necessary background for judging where we are at right now in the government vs. private intelligence industry divide, and with this how much political security and business continuity will come to depend on private intelligence services in the coming decades.