The cypherpunk solution applies here too: design systems where the adversary's presence cannot achieve its goals.
quoting
naddr1qq…wlwhEvery dissident organization eventually wonders whether it has been infiltrated, and the honest answer is that it probably has been, or will be, or would be if it ever became effective enough to matter. The documented history of state counterintelligence programs reveals an uncomfortable truth that no detection checklist can fully address: when the state decides to penetrate an organization, it brings resources, training, and patience that most targets cannot match. The more important question is not how to spot the spy but how to build structures that render the spy's presence futile.
The FBI's COINTELPRO program, which officially operated from 1956 to 1971 but whose tactics continued long after its formal termination, placed informants inside virtually every significant dissident movement of its era. The Black Panthers, the antiwar movement, the civil rights organizations, the socialist parties, and the environmental groups all discovered, often too late, that trusted members had been reporting to handlers throughout. The Church Committee investigation revealed not merely passive surveillance but active provocation: forged documents designed to create internal splits, anonymous letters spreading rumors about leaders, and agents deliberately encouraging illegal activity to justify prosecution. When FBI assistant director William Sullivan testified about these tactics, he was blunt about the operational mindset: "No holds were barred. We have used these techniques against Soviet agents. They have used them against us. We did not differentiate."
The modern informant ecosystem operates with even greater sophistication. The FBI's Confidential Human Source program, formalized after 2004, represents a professionalization of the old COINTELPRO methods. Leaked guidelines reveal that agents build extensive dossiers on potential recruits before making contact, collecting "derogatory information" that can be used for leverage. They may use covert identities to approach targets, and they are not bound by the same meeting limitations that constrain standard undercover operations. A single field office can authorize payments up to one hundred thousand dollars per year to a single informant, and the guidelines explicitly permit recruiting journalists, clergy, and lawyers with proper authorization. The network is vast, and its members are selected precisely because they can blend in.
The British case of Mark Kennedy illustrates what deep infiltration actually looks like. Kennedy spent seven years living as "Mark Stone," an environmental activist. He attended protests across Europe, formed intimate relationships with multiple women in the movement, and became a trusted figure who participated in planning and actions. When he was finally exposed in 2010, activists discovered that his passport, his backstory, his entire persona had been manufactured by police handlers who monitored his movements and communications daily. The women he deceived were not naive; they were experienced activists who had known him for years. One of them later testified that "he was trained in manipulation techniques, he was trained in lying. A backstory was created for him by and with his employers. He had a back-room team of people supporting him wherever he went." Kennedy was not an outlier. The subsequent Undercover Policing Inquiry revealed a pattern spanning decades, with officers stealing the identities of dead children for cover and receiving explicit or tacit approval for their sexual deceptions.
The Brandon Darby case in the United States demonstrates how the agent provocateur operates. Darby was a celebrated activist who had co-founded Common Ground Relief in post-Katrina New Orleans. When he began working as an FBI informant in 2007, he used his reputation and his influence as an older, more experienced organizer to cultivate relationships with younger activists planning protests at the 2008 Republican National Convention. Two young men, Bradley Crowder and David McKay, constructed Molotov cocktails after extended exposure to Darby's militant rhetoric and were promptly arrested on information Darby provided. At trial, witnesses testified that Darby "was the one to suggest violence, when the rest of us clearly disagreed" and that as "an older seasoned activist, Darby had a lot of sway over Crowder and McKay." Both men went to prison. Darby, the man who by multiple accounts had encouraged the escalation, testified for the prosecution.
These cases point toward a fundamental asymmetry that detection-focused security culture cannot overcome. The state can afford to be patient, to invest years in building cover, to provide resources and training that make their agents useful to the organizations they infiltrate. The activist trying to spot the spy, by contrast, has only suspicion and intuition to work with. The standard advice to watch for inconsistencies in background stories, unexplained access to resources, or eagerness to push toward illegal activity is not wrong, but it fails against the competent infiltrator who has been coached to avoid exactly these tells. Worse, a detection-obsessed culture breeds the paranoia that COINTELPRO documents explicitly sought to create. An FBI memo from 1970 advised agents to encourage "the impression that there is an FBI agent behind every mailbox" because the resulting suspicion and internal conflict would do more damage than any individual informant. When movements consume themselves with accusations and counter-accusations, the state wins without lifting a finger.
The cypherpunk tradition offers a different framework for thinking about the infiltration problem, one that begins by accepting the presence of adversaries as a design constraint rather than a failure to be prevented. Eric Hughes wrote in A Cypherpunk's Manifesto that "we cannot expect governments, corporations, or other large, faceless organizations to grant us privacy," and the same logic applies to organizational security. The goal is not to achieve perfect exclusion of adversaries but to build systems where their presence cannot accomplish its purpose.
In cryptographic terms, this means designing for security under the assumption that the adversary knows everything except the secret keys. In organizational terms, it means decentralization, compartmentalization, and communication channels that the infiltrator cannot compromise regardless of their access. When no single person holds enough information to destroy the network, the value of infiltrating that person drops dramatically. When communications are encrypted end-to-end, the informant can report what was said in the meeting but cannot hand over the contents of private channels. When organizational structures are flat and redundant rather than hierarchical and centralized, the removal of any individual, whether by arrest or exposure, does not cripple the whole.
This is not an argument against vigilance. Organizations should still vet members, should still pay attention when someone's story does not add up, should still refuse to tolerate the aggressive and divisive behavior that documented infiltrators have consistently displayed. The point is that these measures are a second line of defense, not the primary one. The primary defense is structural: build so that even successful infiltration cannot achieve its objectives.
The historical record is clear that the state will infiltrate opposition movements whenever it perceives them as threatening. The tactical response of attempting to identify and exclude infiltrators has repeatedly failed, missing the real agents while enabling the paranoia and internal conflict the state wanted all along. The strategic response is to accept infiltration as a given and design accordingly, treating the spy not as a catastrophe to be prevented but as an environmental hazard to be engineered around. The cypherpunks understood decades ago that the only sustainable answer to pervasive surveillance was cryptography that made surveillance ineffective. The same principle applies to the spy in the room: the goal is not to keep them out but to ensure that their presence changes nothing.