Kim Kotlar on “Spies, Lies and Algorithms: The History and Future of American Intelligence”

When I wrote about my summer reading recommendations (“Some summer reading recommendations (especially for those interested in national security!”, I mentioned that I hoped to have full-blown reviews for you in the coming weeks regarding some of the books.  I am pleased to tell you that today you’ll be getting one as my friend Kim Kotlar agreed to review Amy B. Zegart’s, Spies, Lies, and Algorithms: The History and Future of American Intelligence (2022).

And, wow, Kim is the perfect reviewer as not only is she an adjunct faculty member in Duke’s Pratt School Masters of Engineering in Cybersecurity Program, she also has more than 40 years of national security experience, and much of it in the intelligence community.   

Here’s her take:

“Spies, Lies and Algorithms: The History and Future of Ameican Intelligence”

Reviewed by Kim Kotlar

It’s all smoke and mirrors.” That’s a quick retort members of the U.S. Intelligence Community (IC) who served during the Cold War and the Global War on Terrorism might make to friends or family members who asked about their secret work.

But times have changed and, for better or worse, the IC no longer enjoys an absolute veil of secrecy. In her enlightening book, Spies, Lies, and Algorithms: The History and Future of American Intelligence, Dr. Amy B. Zegart takes positive steps towards clearing the smoke and defogging the mirrors

She offers cogent and well-researched perspectives of the past and prescriptions for the future of the IC through a combination of clever story-telling and public policy schema.  Her views are underpinned by a career of professional academic research and observation on this topic.   Extensive interviews with current and past generations of IC leaders add interest, perspective, credibility and depth to what otherwise might be a dry subject.

Written for a casual reader, yet suitable for an academic course, Zegart argues that the public’s fascination with “spytainment” (pop-culture representation of spying) undermines public confidence in and support for the IC. She also observes that a general lack of trust in institutions contributes to, among other things, challenges the IC faces in attracting a future workforce.  This cadre must possess high-tech skills and a willingness to serve (likely at lower than commercial wages).

Although not detailed by Zegart, it’s worth noting that the IC is aware of their recruiting problems and has multiple outreach programs, academic engagements, recruiting initiatives, internships and research opportunities – all to help attract the next-generation work force. 

The National Security Agency (NSA), for example, maintains a robust outreach program that involves employees volunteering their time to tutor math and science students in elementary through high school.  NSA also collaborates with colleges and universities through its National Centers for Academic Excellence in Cybersecurity (CAE-C) program, which includes more than 300 institutions across the US with designations in Cyber Defense, Cyber Operations and Research.

The need to educate, cultivate and attract talent, particularly in the Science, Technology, Engineering and Mathematics (STEM) disciplines is not unique to the IC.  President’s Interim National Security Guidance, specifically states, “We will expand our science and technology workforce by investing in STEM education, where America is currently losing ground.”

Zegart alludes to the broader national issue of STEM education later in her book by noting that current public leaders often do not possess the knowledge to provide adequate guidance and oversight of the intelligence apparatus.  She states that Congress has “many more powdered milk experts that intelligence experts.”  These problems are “coming to a head as technology advances at breakneck speed” and overseers need to understand the intel landscape and the technology, Zegart opines.

Turning specifically to Congress and oversight, she then presents an insightful discussion by incorporating recent and historical vignettes to explain that Congressional oversight is incredibly difficult, often politically motivated, and can be viewed through a lens of “information, incentives and institutions.”  Zegart further outlines that good oversight requires legislators to serve in four distinct roles:  Police officer, board of directors, coach and ambassador.  Unfortunately, her research also indicates that “…no matter how oversight is defined, it usually didn’t work well.”

To follow up on her point, it’s important to know that oversight of the IC is not limited to Congress.  Each IC element has teams of lawyers, inspector generals, compliance officers, and privacy experts to help ensure the mission is conducted lawfully.  As a case in point, internal oversight and leadership deliberations contributed to NSA making its own cost-benefit calculation to terminate certain collection activities.

Additionally, the Office of the Director of National Intelligence and other federal agencies including the Departments of Defense and Justice also provide guidance and direction.  The top levels of the executive branch, including the President’s Intelligence Advisory Board, can help improve lawful management, operations, and transparency.  

For instance, post-Snowden, a reinvigorated President’s Civil Liberties and Oversight Board (PCLOB) held hearings and authored multiple public reports about the IC including explaining and assessing specific collection, authorities and programs related to counter terrorism.  Some of the reports can be found here: (PCLOB). 

The Judiciary is also involved in overseeing the IC and the Foreign Intelligence Surveillance Court considers government applications for approval of certain electronic surveillance, physical search and other forms of investigative actions for foreign intelligence purposes.

After offering a cliff notes-like version of the IC’s history, Zegart quickly brings readers up-to-date on modern day challenges.  Many of the enduring issues she addresses such as the IC’s ability to conduct accurate analysis, catch spies, and conduct covert action are not new.

What is new, she posits, is to remain viable in the future, the nation’s intelligence apparatus must come to terms with information explosion, data overload and rapidly changing, ubiquitous technology.  As an illustration, she discusses a variety of implications for the use and maturity of Artificial Intelligence both by the IC and US adversaries, including deep fakes.

Pointing to another  Information Age challenge, she notes that individuals and private sector organizations may own, operate and control infrastructure, technology and data. These assets may rival those of a sophisticated federal government.  Similarly, data, analysis, and strong commercial encryption are available (free or for profit) by the private sector, further complicating the IC’s mission.  

Dr. Zegart

Zegart offered instances of  commercial analytic expertise such as cyber, nuclear proliferation, and even indications and warning of pending hostilities. These capabilities may compete with, augment or detract from government intelligence functions.  Zegart further contends that the IC must adapt to these challenges, (including finding new ways to collaborate with the private sector) or it will ultimately fail.

The final chapter, Decoding Cyber Threats,  Zegart provides a high-level overview of cyber threats, the implications for intelligence, and perceived challenges.  Most notably, she states, “Cyber threats are hacking both machines and minds…and cyber threats are vastly different from traditional national security threats.”  Technology is advancing at warp speed, while budget, administrative systems and government processes (including hiring and procurement) are seemingly stuck in the Bronze Age. 

Creative industry, academic, and IC partnerships are also necessary if the nation is to make significant headway in addressing these challenges.  As a step in the right direction, and although still in its early days, NSA’s Cybersecurity Collaboration Center, a hub for engagement with the private sector is designed to create an environment for information sharing between NSA and industry partners, maybe worth her review in a future study as a potential model for collaboration.

Another topic that Zegart may wish to consider for subsequent editions, is exploring the relationship between the military and the IC.  Some pundits have argued that the past focus on support to military operations and tactical systems during the Cold War and GWOT skewed resources away from broader national security matters.  As U.S. Cyber Command grows and its relationship with the NSA deepens, it may be time to reexamine priorities, lanes in the road, and organizational relationships to ensure the nation is focused appropriately.

Spies, Lies, and Algorithms is a great introduction to the IC and its issues.   The author advances several noteworthy recommendations.  The only question is: How will she get people to listen?  

Post script: Readers who are interested in a more detailed and structured treatment of intelligence basics including its various forms and the 18 elements that comprise the IC,  may turn to Jeffery Richelson’s text. 

Another excellent book to gain a more holistic appreciation of the overall intelligence cycle as well as budgeting processes may find Mark M. Lowenthal’s Intelligence From Secrets to Policy another useful resource.  In particular, his discussion of  the intelligence cycle (requirements, collection, processing and exploitation, dissemination and consumption, and feedback) serves to show that the IC is bound by structures and processes that guide actions.

About the Author

Kim Kotlar brings more than 40 years of national security experience, including diverse executive leadership positions on Congressional Staff, the National Security Agency (NSA) and the Department of Defense (DoD).  She is also a retired Navy Cryptologic Officer.  Kim is currently an adjunct faculty member in Pratt’s Masters of Engineering in Cybersecurity Program and teaches a multidisciplinary course on cybersecurity policy, law, privacy and technology.  She serves as a strategic consultant to the North Carolina Defense Technology Transition Office and the Economic Development Partnership of North Carolina.  In her spare time, she is a mentor for the student-led Duke Cyber Team and Club and also enjoys mentoring public policy students.


The views expressed herein are those of the author. They do not necessarily represent those of the National Security Agency, the Department of Defense or any other governmental or non-governmental agency.

The views expressed by guest authors do not necessarily reflect the views of the Center on Law, Ethics and National Security, or Duke University.  

Remember what we like to say on Lawfire®: gather the facts, examine the law, evaluate the arguments – and then decide for yourself!


You may also like...