It’s time to set up your organization’s Intelligence Unit

Some days ago, new evidence showed up in the Uber's Waymo case. I won't talk about the situation per se, but what came to light was shocking.

Richard Jacobs, former head of Uber's Global Intelligence unit, explains in a formal letter, how Uber's Intelligence operations work.

The letter is worth reading. It covers, not only Uber's Intelligence unit's structure but what they did and how. Some revelations are shocking due to their illegality. Others are striking because of how advanced they are.

Uber's Intelligence operations went from data leak protection to counterintelligence, cyber attacks, covert operations and infiltration. The list is exhaustive.

I won't delve into the illegality of Uber's acts. Nor I'll defend them. What impressed me, above all, was the level of sophistication of the whole operation.

As I've mentioned before, our current world is highly connected. Such global stage enables world competition on a scale we haven't seen before. Business, as usual, doesn't cut it anymore. I've argued that to survive in the current competitive landscape, data and intelligence is a must.

Within this frame, having an Intelligence unit isn't such a crazy idea. Prominent organizations have had, for years, Market Research and Competitive Intelligence groups. In a way, they're the precursors of a capable Intelligence operation. Smaller companies have outsourced such capabilities on a need to basis. There is a small but profitable market for private intelligence agencies (PIA).

The Uber case highlights two things. The first one is that Intelligence operations aren't unique to corporations. The technology industry is becoming such a cutthroat space, where any advantage can have a massive impact.

"Jacobs was struck by the incredibly talented people at the company, the unmatched level of challenges and threats they faced and energized by the opportunity to build a holistic intelligence team, across the spectrum of threat intelligence, geopolitical analysis, and strategic insights. He would go on to build capabilities to serve a constantly growing community of interest at Uber, and deliver insights to shape engagement strategies, advise business decisions, and continually protect his colleagues and the community of riders and drivers they served in cities across the globe."

The second one is that outsourcing these operations isn't cutting it anymoreBuilding your own Intel unit is a necessity.

"These independent contractors were given the meaningless acronym LAT to protect discussions about this resource and poke fun at TalGlobal, a former vendor who provided intelligence collection support to Uber. LATs were seen as the opposite of Tal, who Uber had discontinued working with due to their low quality work."

Who needs Intelligence?

The question, though, is who needs this kind of intelligence? A decade ago only world corporations would need such services. Here are some factors that can determine if an organization needs Intelligence or not.

  • Global footprint. Companies undergoing an expansion, such as growth startups, are an excellent example. There is a need to understand the geopolitics of each new country and region.
  • Stiff competition. Organizations that operate on very competitive spaces need comprehensive competitive intelligence.
  • Strategic leadership. The use of intelligence is the primary input of strategy, only companies that have a strategic thinking mindset will benefit.
  • Well funded companies. Building an Intelligence unit entails an investment, both regarding manpower and tools. 

How do you setup your Intelligence unit?

Intelligence units respond to the need for gathering information that serves a set of organizational goals. The first stage, before establishing any team is to have a distinct idea of what do you need the information for.


Once with a clear mission, we can set up the collection process. These are the inputs of the process. There are many ways of collecting information some of which are:

  • Open-source intelligence (OSINT): Refers to data collected from publicly available sources.
  • Human Intelligence (HUMINT). This is, intelligence gathered using interpersonal contact.
  • Signal Intelligence (SIGINT). Refers to intelligence-gathering by interception of signals. These signals can be communications between people (COMINT) or from electronic signals not directly used in communication (ELINT).

The easiest to deploy is OSINT. It's not only free in most cases, but it's also legal. On the other hand, Human Intelligence can border illegality depending on the country and regulations. Signal Intelligence is by far the most expensive one. One that is certainly illegal for anyone except government intelligence agencies.

Information gathering has always existed, but organizations need to put particular attention on how they gather it. Some practices, while legal, border the unethical. Others are outright illegal.

Setting up a collection process isn't a one time exercise. The organization needs to create a stable, repeatable method to keep the information flowing. This includes not only the inputs but a way to store the data.

The AI Hierarchy of Needs


Once the collection process is in place, then we need to filter it. Collection will create an inhuman amount of information. The team needs to process the sources, normalize data, test its relevance, etc.


After cleaning the raw data, the unit integrates many pieces of Intel into a coherent picture. The assembled information will be then bundled under different formats, depending on the needs of the organization.

It's important to understand though, that Intelligence only informs decisions. What actions to take with the gathered Intel is management's prerogative. And as such, ethical questions rest upon executives and not the actual Intelligence

Intelligence operations business case

How will a regular business take advantage of an Intelligence Unit? Here is a fictional example of the retail industry.


Imagine an international brick and mortar retailer. The business has a global footprint with multiple stores in many different countries. They want to keep hold and grow their current markets. At the same time, they want to expand beyond their present countries, opening new regions.

The top executives have decided to start a global Intelligence Unit to support all locations with on the ground Intel. Each country is expected to consume and factor in Intelligence reports from the unit.


These are some of the challenges they'll need to resolve.

  • International footprint. Global operations require a constant pulse of what's happening in each country. A change of government or legislation can have significant consequences for the business.
  • New openings. To proceed with their expansion, it's crucial for them to know where and when they should open a new shop.
  • Strategic relocations/cost control. Maintaining a physical store is very costly. They need to keep an eye on customer displacement areas and potential opportunities to move within a different area of a city.
  • Price analysis. The firm needs to keep their prices within competitive margins. They need to track the competition's prices, not only globally, but on a country by country basis.
  • Competition analysis. It's important to know what the competition is doing. They want to predict potential threats like new store openings, offers, promotional events, etc.
  • Information leaks. It's also vital to prevent critical leaks. They want to inoculate employees against poaching, information extraction or mystery shoppers.

The organization operates hierarchically. Information needs to flow from the headquarters to the regional managers, to the country managers, to the city managers.


The first step for the Intel team is to set up some collection processes. They want to be able to monitor specific things:

  • Retail news feeds. They want to store all retail news for further analysis.
  • Global news about each country. They'll be storing global news from each country. Both political and international.
  • Real Estate news feeds. They'll keep track of all the new openings, relocations, and real estate offering feeds for each city they operate in.
  • National Bureau of statistics. They want to store all macroeconomic metrics of each country they operate in. Unemployment rates, employment growth, GDP, education level, inhabitants growth, etc.
  • Social Media feeds. They'll establish feeds for social media streams, both for the competition, as well as any brand mention or employee engagements.
  • Competitor's web scrapping. They'll set up automated scrappers to detect changes on the competition's web. They'll also store product information and price information.
  • Financial Reports. Whenever possible, they'll feed annual financial reports of the competitors in each country.

The team will also establish a small Human Intelligence operation. They will assess customer's buying patterns on the ground. They'll also act as mystery shoppers for other brands. This will allow them to establish competitor's metrics like top sales, customer estimation, average customer ticket, etc.


All the intel will be stored in an isolated and encrypted computer network. Access to it will require specific gear to prevent unauthorized access. This isolation will minimize any leaks if hackers compromise the corporate system.

  • Filter systems. The team will filter each feed so it can highlight, through statistical models, potential leads. The filters will target competitors, the brand, employees, countries, cities, and potential competitors.
  • Prediction models. The team will build prediction models that can use the filtered data to assess potential risks to the organization.


The team will create periodic reports that will send to the local heads. Each report will contain the following:

  • Current geopolitical situation. A brief on the existing domestic situation highlighting the top news and potential threats.
  • Potential relocation opportunities. Based on the analysis, possible new areas that can lower rental costs while maintaining a competitive location.
  • Potential new locations. Analysis of likely new stores to open in the area.
  • Price analysis. Price fluctuation of similar products in the country.
  • Demography analysis. A study of the evolution of the target customer within the country. i.e., Evolution of tourism in the region or city. Top nationalities, top expenditures, etc.
  • New competitors. Prediction of potential new competitors looking to enter the country or city.
  • Competitor's strategies and statistics. Research on the top competitors with typical customer behavior, average ticket, customer type, etc.

The operation is an evolving one. The more information gathered, the more Intelligence can be generated. At first, the Intelligence team will push information to each local player. Initially, they also operate as sensors that determine what would be useful for the local organization. With time, they'll start incorporating new reports and intelligence based on the unfolding needs of each local team. 

Conclusions on Corporate Intelligence

As I commented before, Intelligence operations aren't for big corporations anymore. Global competition, data gathering, and stiff competition are forcing organizations to be smarter. If your rivals are making informed decisions and you're not, you'll lose and become irrelevant.

The irony is, companies are already digitalizing their businesses and are incorporating more and more data. The need for data is allowing them to build comprehensive collection processes already. Some are already using it to create competitive Artificial Intelligence systems. Why not use it for Intelligence purposes too?

Leadership must enforce caution around building their Intel operations. Not everything is acceptable. Some methods are illegal or borderline unethical. Is imperative that organizations establish a clear ethical code around their Intelligence efforts. This will prevent unnecessary investigations or legal complications.

There is an information war happening as we speak. Those that don't arm themselves will be victims of the current information warfare. In the best case scenario, they'll see an erosion of their market share. On the worse case scenario, they'll be wiped out from the market. Don't wait. Start building necessary Intelligence capabilities now.

If you like this article, please share it, and invite others to follow the newsletter, it really helps us grow! 

Does anything go in pursuit of scale?

Does anything go in pursuit of scale?

We live in the age of scale. Everything has to be scalable. Everything has to accelerate. It seems that if your business, division or team isn't achieving rapid growth, it's not successful.

Scale, though, isn't always creating more opportunities. It induces an effect called aggregation. The more prominent a business is, the more people flock to it. The more information it gets, the better it gets. The further it improves, the larger it gets. And so on.

For businesses to compete with aggregators, they need scale. Without scale, it's hard to make enough money to sustain operations. But scale depends upon two things, automation and data. Automation requires both automated artificial intelligence systems and crowdsourced ones. Data is also a combination of automated and user-generated content.

The question is, who controls the generated content? What happens when the amount of information exceeds human oversight? Can we trust an algorithm to vet what content exists and what doesn't?

Scale and content

Most companies are investing heavily in scalability. They're increasing their capacity, their infrastructure and their quality of service. But hidden among this growing frenzy, content assessment and security are being abandoned.

"Over the course of this year, we have invested significant resources to increase trading capacity on our platform and maintain availability of our service. We have increased the size of our support team by 640% and launched phone support in September. We have also invested heavily in our infrastructure and have increased the number of transactions we are processing during peak hours by over 40x."

But as these services grow, content quality and security assurance are becoming critical. Facebook is under fire due to unsupervised ad purchases and filter bubbles. YouTube is getting hell for their lack of content control, especially, around children's content. Users are accusing Twitter of becoming the home of trolls, Nazis, and armies of soulless botnets. The FCC is being questioned on the truthfulness of their Net Neutrality probe comments.

All these aggregator companies struggle with content. They feed on it but their scale is so massive, it's impossible for them to control the flow of it anymore. And the most problematic aspect is that they still don't know how to fix it.

Twitter's Verification system, originally designed to solve the problem of impersonation, has been under fire since its inceptionThe lack of clear guidelines has plunged the program into suspended animation.

Facebook isn't much better. Their obsession with curating our news feeds has led to the so-called filter bubbles.

"A filter bubble is a state of intellectual isolation that can result from personalized searches when a website algorithm selectively guesses what information a user would like to see based on information about the user, such as location, past click-behavior and search history. As a result, users become separated from information that disagrees with their viewpoints, effectively isolating them in their own cultural or ideological bubbles."

How We Broke Democracy by Tobias Rose

Facebook is trying to ease the situation. The truth though, is that Facebook, by design, creates filter bubbles.

"A bridging weak tie in a web context is a link to a source of information that you might not normally look at, you may not agree with, and challenges your ideas. Facebook and Google algorithms do the opposite: They show things we will like and agree with, so they are basically erasing our weak, bridging ties, at least in our digital networks."


YouTube is another example of out-of-control content. Their case is compelling because they're mixing human moderation with Deep Learning aid. Human operators train the artificial network, and the Deep Learning system expands the reach to all the platform's content. The results, while impressive, have also generated unintended consequences.

“The thing that sucks is YouTube doesn’t tell you why it was de-monetized,” said Sam Sheffer, a 27-year-old whose career as a YouTuber began just a few months ago. “They link you to some arbitrary set of rules, and you have no idea why you were de-monetized other than the fact that you are.”

YouTube Advertising Crackdown Puts Some Creators Out of Work

Algorithmic moderation systems

The general tonic is always the same. Due to scale, content gets out of control. Automated content infests the networks. People cry out, and the operators harden the filters. Due to the immense volume, humans alone can't manually operate these filters. Operators then design new algorithms that can aid them in filtering and controlling it.

These machine-augmented moderation systems do censor plenty of subversive content. Content that shouldn't be there in the first place. But they also have unexpected effects. The diversity of content is suppressed, and only the most conservative views are allowed. Worst of all, these systems can't explain why they did what they did. When questioned by the platform's users, operators are unable to tell why the system censored their content.

Ethics, diversity, and open-mindedness aren't a black or white equation. Your upbringing, your education, your culture and your personal experiences matter. All these biases will creep into AI assisted moderation systems. And we need to be vigilant about it.

Build content moderation from the start

Learning from past mistakes has always been critical. In the age of exponential scalability, this is even more crucial than ever. There isn't much margin for error. A small slip, innocuous at a small scale, will sprout into a choking issue when the system grows.

There are valuable lessons that newcomers can learn from the current aggregators.

  1. Don't subvert content quality pursuing rapid growth. Eradicating questionable content, once it's part of the larger system, will be damaging.
  2. Establish a clear policy for content since day one. There has to be a clear set of rules people can follow. It's impossible to be objective, but at least, be transparent about the guidelines.
  3. Be straightforward about how the organization enforces the policy. Users should know how the system assess if a piece of content has infringed the platforms policy.
  4. Be impartial. It can't happen that some users, due to their status or name, can upend the rules of the platform. The recent banning of women on Facebook is a good example of what not to do.
  5. Setup moderators early on. Moderators should raise problematic issues that the current policy doesn't addresses.
  6. Under no circumstance allow moderators to make decisions if it's not objectively supported by the policy.
  7. Update the policy on an ongoing basis. It's impossible to capture all the nuisances of social conventions, so keep the guidelines alive. It's a growing organism, like a newborn learning the rules of engagement.
  8. Implement self-policing mechanisms in the platform from day one. You will need them. No matter how good your moderators are, you need to build a system to allow users to bring the attention to specific issues.
  9. Build abuse detectors. As you platform grows, rogue elements will try to abuse it. You need to have ways of detecting these behaviors from day one. It's easy to delay this until you've grown, but by then, the damage might be too widespread. Twitter bots or the FCC Net Neutrality probe are a good cautionary tales.
  10. Review the output of your abuse detectors regularly. These systems are autonomous and will make mistakes. You can't build them and forget about them.
  11. Make sure your automated systems execute on new changes to the policy. A delay between one and the other can be problematic.

There isn't a perfect recipe for humans. We are complex systems, and it's impossible to plan for everything. Nonetheless, most people forgo essential quality assurance for the riches of rapid growth

The consequences of not doing it, are dire. Advertisers flee and revenues go down. Content creators flee, traffic plummets and the market share erodes. Revenues go down even more.

PS: As a side note, I wonder how feasible it is to create a system, like AlphaZero that uses reinforced learning to devise a real-time policy that changes and adapts. 

If you like this article, please share it, and invite others to follow the newsletter, it really helps us grow! 

Fake News will knock out your business

Fake News will knock out your business

Fake news is the new black. Read any publication, and you'll encounter one or two accounts of fake news. The term is a neologism used to refer to fabricated news, propaganda or information warfare.

Despite its tiring ring, despite it not being new, despite it's imprecise and all-encompassing definition, it has never posed such a threat to society like today.

Information manipulation has been the silent weapon in many recent geopolitical conflicts. And while there's always been propaganda, its sophistication reached new heights in the US Presidential Elections of 2016.

The problem, though, is that fake news isn't only manipulating political events. Its influence is affecting governments, strategic, innovative decisions like Net Neutrality, and indeed, industry-wide warfare.

FCC Filings Overwhelmingly Support Net Neutrality. Jeffrey Fossett.

Anatomy of fake news

There are several aspects about fake news that have changed in recent years. These have made them a terrifying threat to society. Fake news needs three components for them to work.

Content: The poisoned apple

At its core, interested parties create content designed to manipulate the audience's opinionThe more inflammatory, crude, visceral or outrageous the better

Thanks to the Internet, it's never been easier to create content. Everyone can start an online publication and start dumping their ruminations.

Fake content isn't limited to political agendas. It can touch virtually anything. It can be human trafficking claims against an enemy or lies on how a company treats their employees. 

The spread of fake news by social bots. C. Shao. et al. September 2017

Distribution: The propaganda machine

Fake news content needs to be widely circulated. It's important to deliver it to the right people at the right moment. Albeit Facebook getting all the press latelythere is another suspect always present at every single fake news incident. Yes, Twitter.

Although propaganda efforts engage many different delivery channels, Twitter's core design is the perfect distribution engine. It's anonymous, it's in real-time, it allows for easy targeting and, for the most part, it's unpoliced.

Facebook, on the other hand, restricts the distribution algorithm (the news feed), it's focused on identifiable profiles and is, slightly better policed than Twitter.

Although the later is harder to exploit, both are extensively used for information manipulation.

The Rise of Social Bots. Comm. ACM. July 2016

Email, forums, websites, chats, you name it. Anywhere there is a strategic audience; interested parties will target it.

It's important to mention that the target audiences don't need to be largePolitical misinformation, for example, tends to target sizeable audiences. Other forms of manipulation, like attacks on brands, products or business deals, might not call for a massive audience, just the right one. 

FCC Filings Overwhelmingly Support Net Neutrality. Jeffrey Fossett.

Scale: The unstoppable tsunami

The previous two elements of fake news have existed for decades. There have always been hidden agendas, and there have always been ways to reach an audience, let it be in a forum, in a book or a newspaper.

“Nothing can now be believed which is seen in a newspaper. Truth itself becomes suspicious by being put into that polluted vehicle. The real extent of this state of misinformation is known only to those who are in situations to confront facts within their knowledge with the lies of the day […] I will add, that the man who never looks into a newspaper is better informed than he who reads them; inasmuch as he who knows nothing is nearer to truth than he whose mind is filled with falsehoods & errors.”

Nonetheless, the capacity to produce fabrications and to distribute it to the broader audience has never been as dominant as today.

In other words, the scale of misinformation we can attain today is orders of magnitude more significant. Automation of content enables us to create more content than ever before. Deep Learning systems can copysummarise or even create content, at scale.

Hand in hand with this scale is the distribution capabilities of networks like Facebook or Twitter. Never in the history of humankind, we've experienced such colossal aggregation platforms.

The combination of these two facts makes the scale of information manipulation tremendous. 

Usual tweet frequency for human users
Tweet frequency for top 50 bots
Tweet frequency for top 5 bots

Fake news in the age of Artificial Intelligence

To accomplish scale, there needs to be a certain degree of automation. Automatic content creation is one part. Autonomous distribution and amplification, though, is the cornerstone.

The way propaganda automates distribution is through bots. These are computer scripts, posing as human users, that automatically distribute fake news on social networks. Sometimes a human will man a bot, others it will be autonomous. These hybrids are called cyborgs.

Twitter is, by far, the most substantial breading ground for bots. The social network's design is perfect for them. It exposes an API, which enables the automation of basic operations. It allows the creation of anonymous accounts, at scale.

Bots, though, don't operate in isolation. Bot owners cluster their creations to form swarms of bots that run in a coordinated way. These hives are called botnets.

"Twitter bots can pose a series of threats to cyberspace security. For example, they can send a large amount of spam tweets to other users; they can create fake treading topics; they can manipulate public opinion; they can launch a so-called astroturfing attack where they orchestrate false ‘grass roots’ campaigns to create a fake sense of agreement among Twitter users; and they can contaminate the data from Twitter’s streaming API that so many research works have been based on; they have even been linked to election disruption."

Evidence of complex contagion of information in social media. Plos One.

Smaller botnets are compromised of 30-40 bots. Bigger botnets might be as extensive as 350.000 bots (Jan. 2017). The latest discovered botnet, called Bursty, implicates 500.000 fake Twitter accounts (Sep. 2017). Depending on how conspicuous and aggressive these bots are, they can tweet between 72 to 300 times a day. That gives a throughput of 36 million tweets per day, at the lower range.

In early 2017, researchers estimated the Twitter bot population being between 9% and 15% of all usersThat translates to around 49.20 million bots. And this is a conservative approach based on current detection methods. The recent discovery of the Bursty botnet is an excellent example of some flaws in current detection methods.

Discovery of the Twitter Bursty Botnet. J. Echeverria, S. Zhou (Oct. 2017)

The primary problem is that bot-creation and bot-detection have entirely different timelines. Twitter makes it nearly frictionless to create new accounts. Nonetheless, detecting a fake account isn't easy at all.

The Rise of Social Bots. Comm. ACM. July 2016

The problem is so critical that in 2015 DARPA (The US Defense Advanced Research Projects Agency) organized the first ever Twitter bot challenge. The goal was to upgrade global cyber-defenses against fake news on Twitter.

Since then, bot detection technology has been improving, but it's not enough. The recent discoveries of the Star Wars and Bursty botnets acknowledge this.

The most worrisome aspect of it is that, despite all the efforts to detect bots and fake news amplification nodes, there isn't an easy way to stop them.

Botnet neutralization starts with being able to detect their activity. This first step is already complicated. Tweetstorms will be identified quickly, but other subtle techniques might be more subtle. If fraudulent news activity is detected, the second point is to uncover the botnet. Some bots might be obvious, but others are very sophisticated.

"Social bots can search the Web for information and media to fill their profiles, and post collected material at predetermined times, emulating the human temporal signature of content production and consumption—including circadian patterns of daily activity and temporal spikes of information generation."

Hoaxy Trends –
Hoaxy Spread Visualization –

The last step is maybe the hardest. If we managed to identify a part of the botnet, we now have to disrupt it. As most detections happen outside of Twitter, the only way to stop the botnet is by reporting them to the company. According to their policy,

"Some of the factors that we take into account when determining what conduct is considered to be spamming include:
If a large number of people have blocked you in response to high volumes of untargeted, unsolicited, or duplicative content or engagements from your account;

 If a large number of spam complaints have been filed against you;"

Therefore, it's up to Twitter to decide when they take down such accounts. The important fact though, is that the time between fake news activity detection and botnet disruption might be quiet long. Each phase might take days or even weeks. In a week, a regular not-too-aggressive botnet (~100 bots) might have pushed something between 50.000 to 100.000 tweets. That's enough to take over and disrupt a conversation, a hashtag or a Twitter trend. 

Discovery of the Twitter Bursty Botnet. J. Echeverria, S. Zhou (Oct. 2017)

Future of fake news

Although the press has devoted much time discussing the impact of fake news on politics, I feel, that is also a diversion.

Information warfare is used as we speak to influence major strategic decisions. Such powerful botnets can attack a country, but they can and will subvert any organization that lays in their wake.

It's not farfetched to think that the current backlash against the big technology companies isn't, to an extent, amplified by the fake news echo chamber.

It's easy to plant disinformation as long as it's what the audience wants to believe. Giants like Facebook are the enemy now, so any content bashing them will find massive virality.

Today it's Facebook; tomorrow could be Bayer, Unilever, Maerks or your organization.

Cybersecurity investment is on the rise, but still, I don't know of any company that's deploying bot hunters and botnet disruptors. The only way to fight scale and automation is with scale and automation.

Cyberwarfare isn't for governments anymore. Companies need to invest in cyber defenses and be able to disrupt fake news attacks in real time.

If you like this article, please share it, and invite others to follow the newsletter, it really helps us grow!