OPSEC, PERSEC and Keeping Folks Back Home Updated
April 23, 2007 by Michael A. Romig, Baghdad, Iraq

So my web updates stopped. I don’t mean a little, I cut them off completely. Why? Well I hope this update explains, at least in part, for some of you who wondered what happened. For those that don’t know OPSEC stands for operational security and PERSEC stands for personal security. As some back home know, I’ve been a civilian contractor deployed in Iraq for the last 9 months. When I was preparing to deploy and even right after I did deploy I didn’t “know” what these terms meant. I knew what they stood for but couldn’t completely grasp the concept. I’d heard of this kind of “stuff” before and figured most of it was just paranoia and overreaction by big brother. Now, I’m happy to say, I firmly understand OPSEC and PERSEC is no joke. Now what can I say to you to try and get you to see as well.

I guess I must say I started this journey with the belief that total visibility into the US Government, the military and war events should be the ideal strived for. Unless specific information caused harm, violated a person’s personal privacy or was otherwise illegal, I thought everything should be disclosed that could be. I still believe this, I suppose, it’s just now I recognize that in a combat situation that amount of “information” which can cause harm is a lot larger than one might realize. A large part of what changed my mind was the realization of the sophistication of the enemy in terms of their aggressive tactics in getting and analyzing information. I heard these kinds of things from counter intelligence officers during security briefings, but it was when I started to hear the same stories from local Iraqis that it came together in my mind.

Did you know, for example, that everything thrown away in the green zone in Baghdad gets taken outside to trash dumps where each bit of trash could be examined? “Why?” you might ask. Well the main reason is money. Like many emerging nations or nations in transition, there are very poor lower classes. People in these situations will do anything to survive, including finding that used up container of deodorant; with just the tiniest bit left, and selling it in a market for a little bit of money. The same people are completely willing to pass along papers with information on them to groups interested in that kind of thing; aka the enemy.

It’s not just the trash that did it for me, it is transparent emails, mobile phone calls, and ultimately all forms of communication are potential sources of information leaking which could costs lives. After you’ve been deployed a while and have the unfortunate reality of knowing people that have been killed, or knowing of people killed, or knowing you could have been killed, the reality of this kind of caution really starts sinking in, especially when you start thinking about "How did it happen?”. How did the enemy know to attack in that way, at that location, and at that time? The answer is because someone talked, someone emailed, posted a web story, or shared a story back home. In a war, most tacticians aren’t going to rely on “chance” that their attacks will work; they want a bit more than that; which is what intelligence is all about. Now most of us don’t think of ourselves as willing vessels of intelligence leakage to the enemy, which is why we blab. It’s why bloggers and even some media pros cavalierly write stories which go a bit too far with details about operations or situations on the ground. Naturally I can’t change all of that, but I did think I should mention my own situation and why I clammed up for a while.

Now for the uninitiated I’ve written up just a few items of help to those going to be deployed, or for people back home that will help keep people safe.

Practical tips for maintaining OPSEC and PERSEC:

1. Don’t ask. I know you are curious, especially when the news finally reports that story about that bomb, mortar or rocket landing near the one you care about. The reality is that all of us on the ground, sometimes witnessing these events, could talk about them. Sometimes we can talk a lot too. Asking us if we are ‘OK’, is fine, and obviously needed, but going beyond that can provide the enemy with information such as the accuracy of the attack, resources affected by the attack, how important the target was, etc.

2. If we forget and tell you something, DO NOT PASS IT ALONG! We are only human, so sometimes we will slip. A good rule of thumb I know my wife is practicing is to try not to say anything about events in Iraq I might mention. She’s in a further distant place to be able to gauge what detail might provide the enemy with tactical information, so the best policy is to not pass along anything second hand.

3. Don’t talk shop on mobile phones or email, ever. Most by now should realize that email is transported in clear text, which, if intercepted can be read directly. It should also come as no surprise that mobile phone calls can also be snooped. Due to technological advancements and the available of those technologies on the Internet, it is trivial to buy equipment for this task. Whether speaking or emailing with someone directly overseas in a deployed area, or just talking on the phone back home about them, you need to always be thinking “Is this information being intercepted?” The best rule of thumb, just don’t talk shop!

4. Never throw personal information away. I take my stuff home, burn it, or chipper shred it. All of it. I know people are going through this information and I don’t want my deployed address or my address back home ever making it onto a hit list. When you mail a package to someone overseas use a mailing label which can be removed, or at least a paper label taped to the box, which can be removed after the package is received. Writing directly on boxes with permanent markers is convenient for you, but now I’ve got to carry around half of a box lid with me until I can find a fire, a secure shred facility for cardboard or mail it back to you. See where I’m going with this; make it easy to keep personal and work information secure and always assume someone is looking for your information.

5. Don’t journal or update web sites unless you’ve got the time and discipline to consider what you are saying. On my web site, I just quit updating when I got real busy. It’s not that I didn’t have stories, I had many. I just didn’t have the energy to “censor” myself appropriately and to make an effort not to let anything out. Professional journalists have military resources to help them review their material and make sure it doesn’t reveal too much. I’ve actually looked myself for contact information for these people, to have my content reviewed, but it seems “normal” folks are going to have a bit harder time getting their stories into these peoples hands. In light of that, it’s each one’s responsibility to be the filter yourselves and to be very careful about what you disclose.

6. Keep the stories for later. Many of us have great stories, some of which will affect OPSEC for a while yet. Just be patient with us. Eventually years will pass and we’ll gain some comfort level about sharing details and we will share. We’ll get together with old friends and colleagues and talk about the good ole days, and then you’ll learn why we were so stressed out that week on the phone, or why it seemed we were “distant” and “distracted” by “something”.

I hope many deployed, like me, have come to realize the necessity of keeping things quiet in a combat situation. It’s fun to be on the inside! It might be fun to share, but I can speak from experience it’s just as much fun to know things and keep them to your self! After all who doesn’t like keeping secrets; especially when doing so saves lives?