Surveillance Detection – Tips & Suggestions For Field Operators


This article is a follow-up to some of my earlier articles on the subject of surveillance and surveillance detection. For those of you who haven’t done so, it might be best to start with those earlier articles, since they explain more about the fundamentals of SD and covert operations. For those who have read my earlier articles, those who already know all about SD, or those who would rather skip the theory and just get some of my field recommendations, feel free to jump right in and read away.

The following tips and recommendations come from actual operational experience, and address a few common points that come up in private sector surveillance detection operations. The recommendations I give here are not, strictly speaking, focused on covert protection, but on surveillance detection. Neither I nor anyone else knows everything there is to know about surveillance detection, but if you disagree with what I wrote, or want to offer a correction, please feel free to express this in the comment section below (I’ll be very grateful for the feedback).

As always – no article, book, or seminar can actually teach people how to perform surveillance detection. Though some of the wording in this article might seem instructional, please keep in mind that this article is not intended to teach anyone how to execute surveillance detection operations.

Old Habits

undercover 3Cell phone 2

Old habits die hard. For many of us with military, law enforcement and security backgrounds, it’s hard to stop operating the way we’re used to. At some situations, we still tend to take positions close enough to be in control of the client, or fall into the habit of patrolling around the client. It’s important to keep reminding ourselves that SD is not, strictly speaking, security – it falls in the realm of intelligence. It’s got a protective function but it’s not security, and the distances, actions and postures we need to assume should reflect that. By falling back into old security habits, you’ll actually be providing your client a much less effective – and therefore less valuable – field intelligence service. If the client wanted another security officer, they would have hired one. You’re there to provide a function that security cannot; to be the eyes and ears that security cannot have; to detect and report what security cannot detect and report. And though it might feel odd – and go against old security habits – to do such things as sit back and play with your phone (or at least appear to do so) at some cafe’ a block away from where your client is, keep in mind that you’ll be much less effective as an SD operator if you revert back to your old security habits.


dark-brown-dress-vintage-shoes-green-ben-sherman-shirt_400covert tactical 1

Most people (especially security professionals), when told they’re going to spend a considerable amount of time outside on a covert operation, tend to take this to mean that they should “dress the part”. I’ve seen people go with jeans, hoodies, all black clothing, 5.11 gear, and “casual/covert tactical” clothing and apparel. Needless to say (or unfortunately not so needless), this is not the best look for the job.

One of the most useful aspects of the business-casual look (which I always advocate for) is the fact that it can cover the widest range of environments, and do so without attracting attention, looking suspicious or even getting noticed. It easily blends into downtown/financial district environments, but it also works very well in residential areas (especially in quiet high-end ones), where people tend to be more suspicious of an unfamiliar person in their neighborhood. The business-casual look works in most city parks, cafes and restaurants (where most other appearances work as well), but it can also easily get you in and out of high-end hotels, stores, boutiques, galleries and the all important office or apartment building lobby. Business-casual isn’t a guaranteed pass into any location of course (nothing is), but on the whole it can give you the advantage of looking harmless and uninteresting to the widest range of people – from police officers on patrol to hotel lobby employees, to shopkeepers, homeowners and most people on the street.

There’s a bit of a range to what’s considered business-casual, but what I mean by it is a buttoned-up business shirt tucked into slacks with dress shoes or possibly nice walking shoes. A full suit and tie will overshoot the mark, and might make you more noticeable rather than less. You can scale it down by replacing slacks with jeans, but make sure it’s a nice/dressy pair. Don’t wear sneakers or hiking shoes, don’t untuck that shirt. There aren’t all that many people who can detect it, but those who know what to look for (which also includes street-smart criminals) will immediately notice the combination of comfortable or sporty shoes with an untucked shirt (the kind that’s good for concealing a weapon or a radio). Doesn’t this mean you won’t be able to conceal your weapon in the way you’re used to concealing it? Yes, it does; which is another reason why I advocate not carrying weapons when conducting SD. You won’t need it to protect anyone else, since you’re job isn’t security, it’s field intelligence; and if you personally feel too uncomfortable going out on a covert operation unarmed, then I recommend you either work on getting more comfortable with it or consider whether or not private sector field intelligence is the right fit for you. Don’t wear any tactical gear: no comfortable tactical boots (yes, we can see what they are, no they don’t just look like ordinary black shoes – not even when they’re half covered by your pant legs), no 5.11 “Covert” shirts, pants, vests or jackets (please don’t trust 5.11 to tell you what is or isn’t covert in the real world. If the product has “Covert” in its title, it usually isn’t). If it looks like a sharp piece of clothing or gear that you think will look good on you during a covert operation, you should probably leave it at home.

Yes, it’s true that lots of normal people out there wear jeans and hoodies and untucked buttoned shirts, but those people don’t have to worry about occupying vantage points, covertly detecting correlations, spending hours on end in the same area and possibly having to wander in and out of stores, hotels and office buildings at various times of the day. Whenever there’s a choice between appearing cool and operational or nerdy and businesslike, the latter should always win. The fact that this doesn’t suit your taste, and doesn’t represent who you are, is exactly the point. Stop trying to look good. You’re not trying to impress anyone here – look good on your own time – right now you need to be bland and boring in order for no one to notice and remember you.

One objection to all of this is that clothes you’re not used to wearing might feel uncomfortable, and if you feel uncomfortable you might look uncomfortable, which can attract attention and suspicion. My first reply to this objection is that even if you do insist on wearing the clothes you’re comfortable in, all the comfort in the world isn’t going to cover up the fact that you’d be modelling some classic version of the low-profile or “casual tactical” look. Comfort is important, but appearance is even more so. Secondly, if you can’t get comfortable, or even just appear to be comfortable, in something like business-casual, or in anything that doesn’t perfectly represent who you are and what you’re actually doing, then covert operations might not be the right thing for you. Much of this work, including many of the locations, actions and movements that are required, tend to be weird and uncomfortable. And if you can’t find a way to get comfortable with this, then clothes you’re not used to might be the least of your problems.

Correlation to the target – Yes or No?


This fundamental rule of SD becomes very apparent when trying to determine the degree of suspicion we should attribute to an individual. As soon as you start looking for hostile surveillance, you start seeing lots of people doing lots of strange and suspicious things around the target. It’s a classic form of Confirmation Bias (the reason why ghost hunters keep “finding” ghosts), and if you let it get the best of you, you’re going to drown in a sea of false-positive white noise. The defining factor you need to look for in people is correlation to the target. No correlation – no positive detection, and it doesn’t much matter how strange someone’s actions or appearance might be. I’m not saying you should ignore strange or suspicious looking people, I’m saying that if your mission is to conduct surveillance detection (as opposed to security, protective surveillance, etc.) then the only thing you should be looking for is hostile surveillance, and the parameters for establishing suspicion of hostile surveillance have to do with correlation to the target.

SD is a pretty crazy business, and the hyper awareness that operators have to get themselves into can really play with your mind. I’ve seen operators getting themselves worked up to the point of paranoia – reporting multiple positive detections of everything from hostile surveillance to other mysterious SD units every single hour. I don’t pretend to be completely immune to this, nor is it impossible that such detections might be accurate. Practice and experience can help sort through the white noise, but the most useful way to calm the SD demons in your head, and to stay on track with your mission, is to simply ask – is there a correlation to the target, and if so, what is it? If you can’t answer these questions, and can’t frame your suspicion in the context of correlation to the target, then you can’t establish a positive detection. No correlation – no detection. Make a little mental note of the person you’re suspicious of, and if you see them again, or see them correlating in any way in the future, you might want to elevate your suspicion level. But for now, let it go and move on.

Over observing and over reporting


Whenever a suspicious person is reported for actually correlating to the target, It’s very tempting for security professionals (and I’m not excluding myself from this) to not let them out of your sight, and to keep collecting as many details about them as you can. The problem with this is that the mission of an SD operator is to detect and report correlations to the target in order to determine if there’s hostile surveillance on it. This means that after a strong correlation is reported, it’s not the job of the SD operator to stay on top of the suspect, and keep collecting and reporting more and more details on them. That job might belong to counter surveillance or to protective surveillance, or (more often than not) to conventional security or law enforcement. Unless your SD mission also has a protective or counter surveillance component to it, report the correlation, give a description of the individual and his/her actions, and move on. It’s not that we want to ignore them, on the contrary, we’ll keep reporting it if we keep seeing them in the future. But after they’ve been reported, there are sharply diminishing returns to watching them closely and reporting every little detail you can see. You’re not usually going to collect additional important information that hasn’t already been reported, and you’re risking exposure by correlating to the correlating individual. Report the individual, and move on. If there’s more to report later on, report it, but don’t hover or roost over individuals who’ve already been reported. Most clients are almost as worried about their SD operators getting exposed – and embarrassingly splattered all over social media – than they are about hostile surveillance. SD is culminated in the detection and reporting of a correlation to the target, not in an incessant collection and reporting of details.

Following suspects


When suspicious individuals who spend long periods of time at a vantage point start moving, security professionals (and, once again, I’m not excluding myself from this) have a natural inclination to follow them. In most cases, this is an unnecessary and risky move that should be avoided. When SD operations are properly planned, and the area is mapped out in advance, SD operators have the ‘home field advantage’. We know where the target’s vulnerabilities are, and we know where all the surveillance vantage points are. We don’t need to follow anyone to see if they’re leaving the area or moving from one VP to another. We can break visual, take a different route from that which the suspect took, make our way towards another SD vantage points, and see if we can detect the suspect at any of the other surveillance VP we know are available to them. You can do this by going the opposite direction from the one the suspect took, circle around the block and pop out behind some other surveillance VP you know of. And you can do this while avoiding the risk of conducting mobile counter surveillance on a suspect within a limited area, in proximity to the target. You only go mobile on a mobile individual if you don’t know where the individual is going. And since we already know where all the points of interest are, there’s no need for us to correlate to a suspect by mirroring their movements. They’re the ones who have to work hard to hide their movements. All we need to do is pop in and out of the picture to check the surveillance vantage points for correlations to the target.

Vantage Points (VP)


So you found a nice spot where you can sit comfortably and maintain visual control over the target – congratulations, you just put yourself in a surveillance vantage point. The problem with this is that surveillance VP are where surveillance operatives want to be. If we want to detect these surveillance operatives, we would be wise to not sit right on top of them, but at some angle where we can detect them without them detecting us (preferably behind them). If you have to find an SD vantage point behind the surveillance VP then in most cases there will be quite a bit of distance between your SD vantage point and the target. Moreover, by doing this, you’ll be allowing a potential enemy to be closer to your client than you are – something that makes many security professionals uneasy. It’s at this point that you have to keep reminding yourself that if your mission is to strictly conduct SD then you’re not, strictly speaking, doing security, you’re providing a function of field intelligence; in which case you can calm down about the distance factor.

In the not very rare cases where there’s no good SD vantage point behind the surveillance VP (or even at any other angle to it), it’s possible you’ll have to put yourself in a surveillance VP. In these uncomfortable cases, keep in mind that what you should be focusing on (covertly, of course) are the people around you – not the target.

Mistakes and lousy vantage points

Bus stop 1

So you found yourself in a lousy SD vantage point, or found yourself enacting a classic mistake you were taught to avoid during SD training – welcome to the real world of operational SD. For those who received training in SD, you probably remember some of these classic mistakes: jumping from one vantage point to another, using bus stops as vantage points without eventually boarding a bus, correlating to the target, etc. (I’ve discussed these mistakes in a number of my previous articles). Should you be happy about making any of these mistakes? Of course not. But should you abort the entire mission after realizing you’ve just made a mistake? No, not usually. There might be cases where a small mistake can indeed jeopardize the entire mission, or thoroughly expose an SD operator, but in most private sector operations this will not be the case. You’ll just need to move on, avoid appearing nervous about making a mistake, and try to avoid making it in the future.

The one good thing you have going for you is that for the vast majority of people, it’s very difficult to detect a surveillance, let alone SD – even when mistakes are made. If this were not so, SD operators would be detected right and left because it’s very rare to find someone who’s never made a mistake. The reason why it’s difficult to detect such things is actually quite simple – humans have a very limited attention span and focus spectrum. That’s why it’s so important to train in surveillance detection – it doesn’t come naturally to most people. I have conducted dozens and dozens of SD exercises over the years, and from my experience, I can say that it’s extremely difficult, even for skilled SD trainees, to actually detect a covert role-player, even when they know there’s one out there. When you transfer this to the real world, where there aren’t any dedicated trainees that are looking for you, you’ll find that the relatively few people who aren’t consumed by their cell phones these days are usually consumed by other thoughts and distractions, and are miles and miles away from ever noticing your mistake, let alone concluding that you’re an SD operator. I’m not suggesting you abandon your abundance of caution, and take it for granted that you’ll never get exposed, I’m simply saying that in the inevitable cases when you’re going to break a rule of SD methodology, 99.999% of the population is still going to be completely oblivious to it. Always try to avoid mistakes, but don’t panic when they inevitably happen.

Please consider supporting Protection Circle by going to my Patreon Page.


One thought on “Surveillance Detection – Tips & Suggestions For Field Operators

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s