(Nearly) Useless OPSEC Measure: Route Variation
Note: This is a re-print of an article I wrote on my security blog, Operational-Security.com. If you like this content I have a deep backlog (several hundred posts) of similar content there, so check it out! ~ Justin
The practice of varying your routes between home and work is sometimes touted as an OPSEC measure. This is sometimes advocated by law enforcement or military organizations as a measure their members should take, and in some instances it may actually be a good idea. I began to think seriously about this, however, when I read a few articles that explicity or implicitly seemed to recommended the practice to average citizens in the prepping or “tactical lifestyle” communities. Except in limited circumstances (explained near the end of this piece) I am not sure what the perceived purpose of this is. It may be to defeat surveillance, make yourself unpredictable, or satisfy some other, less immediately perceptible rationale, but I can accurately tell you the practical value of such route variation: zero, or very near it. This article will make some assumptions about this advice to whom this information is usually targeted. They are as follows:
The reader is a law-abiding resident of a first-world nation,
has a relatively predictable pattern of life, going to work a nominal five days per week, and
travels by automobile.
This is written with the understanding that not every individual will fit within these parameters. But it should also be pointed out that advice concerning route variation is usually intended for individuals who do. Individuals who do not live a “conventional” lifestyle – those who work from home, and/or travel exclusively for work – will have naturally varied routes and need not be advised to expend additional effort to do so.
Let us consider the attacker that would conduct surveillance of a target for long enough that route variations would become a meaningful security measure.
Actor(s): Presumably the threat actors in this perceived scenario are criminal or terroristic in nature. These techniques would be all but useless to evade detection or capture by law enforcement or other government organizations who can simply track the movements of the user’s mobile device, the vehicle’s integral GPS, or other through other methodology if they care about his or her route(s). Alternatively, they may intercept and arrest him or her at home or work if they don’t.
Focus: High. An attacker who will conduct surveillance on his or her victim for more than a 24 hour period can be considered focused. If the attacker only observes routes over a single 24-hour period (or less) route variations are nearly* irrelevant.
Sophistication: Moderate to high. An attacker with the patience, time, and resources to conduct route surveillance on a potential target exhibits the capability to form a complex plan and is fairly sophisticated.
Goal(s): Murder, rape, robbery, kidnapping, other (?), all targeted against a specific individual. Again, if an attacker is expending this level of time and resources to conduct surveillance on you, you and you alone are the target of the attack and there is a compelling goal in the attacker’s mind. Specifically targeted murder may be motivated by some perceived wrong, a romantic entanglement that has gone badly, or failed association with a criminal organization. It should also be noted that murder, though not the ultimate goal, may occur incidentally in the pursuit of rape, robbery, or kidnapping.
Rape is perhaps the most realistically plausible of these potential goals; the attacker in this case has focused on his intended victim for a very specific set of reasons as is common with sexual criminals. Robbery makes much less sense in this context. Most valuables are likely stored in the home - not the car - and in any case such a targeted effort seems unlikely unless the individual in question is storing something like art, large quantities of precious metals, cash, or other easily liquidated valuables. If an individual is targeted for robbery because of the valuables that he or she owns then other, more meaningful OPSEC and PERSEC measures (like keeping this ownership secret) have failed. Kidnapping seems similarly implausible, unless the individual is a public figure, exceedingly wealthy, or is on poor terms with powerful criminal organizations.
Likelihood: Vanishingly small.
Caveats: *I use the qualifier “nearly” because an attacker could potentially monitor only your route to work and intend to initiate the attack on your way home along the same route. In this instance he or she would have to wait a maximum of 24 hours to reacquire and plan an alternate attack, or wait until you travel the planned primary route again, which you almost certainly will, probably within a few days. In any city there are a finite number of routes from Point A to Point B. What exactly is route variation intended to protect you against? Honestly, in this context it is unclear as this is another area of this security measure on which authors and “experts” are notoriously vague (note: I am NOT an expert). Reading between the lines there are two major categories of “things” that route variation may be designed to protect you from: surveillance and some form of “attack”. I don’t believe that varying your normal routes provides any real protection from either of these things.
Route Variation as a GENERAL OPSEC MEASURE
This technique is occasionally advocated as a general OPSEC measure in the interest of being “the grey man”, i.e. an individual that is non-alerting and would not attract undue attention. Varying your route to and from work offers at best a dubious contribution to this goal.
Route Variation as ANTI-SURVEILLANCE
Route variation is occasionally touted as a way to foil a surveillance effort against you. In the context of the domestic citizen who is neither extraordinarily wealthy nor famous, this surveillance, should it occur, would most likely be in preparation for an attack of some sort. It is unlikely that anyone has the time, patience, and financial resources to conduct surveillance on you for any period of time just for the sake of conducting surveillance. (There are some instances in which you may be the subject of surveillance: if you have filed a disability or worker’s compensation claim, if you are going through a contentious divorce, if you are wealthy or famous and a target of media/tabloid scrutiny, or if you are under a law enforcement investigation. In none of these instances will varying your route make a significant difference to the final outcome.). Route variation is also inadequate in these and other instances for three reasons:
Mobility of Surveillance Teams: If you are under physical surveillance they will probably move with you, regardless of the specifics of the route you take. Taking an unexpected route may cause them to act erratically and reveal their presence if you are alert to such action. This line of thinking may have some minor merit, but it is unlikely that even a moderately good surveillance team would be noticed by a layman using such amateurish tactics. And the very presence of surveillance again begs the question, “what is its underlying purpose?”
Route Limitations: Without adding significant time to your commute there are a finite number of routes that you can take to and from work. Regardless of how random you attempt to be humans are notoriously poor at generating true randomness and predictable patterns will emerge (i.e. Monday route, Tuesday route, etc.). Even if there are a huge variation in the number of routes you can take you will almost inevitably encounter the “last mile” problem: traveling the last street in and out of your home or office, of which it is pretty likely there is only one.
Time/location predictability: Even if we assume that a.) it is possible to take a completely different, randomly-generated route to work every single day, b.) you have the discipline to do it without fail, and c.) you lose surveillance immediately after leaving home in the morning and work in the afternoon, you will still be predictable in (at least) two time windows at two locations: your home and your work. If you are active in a church, a bowling league, a softball team, a community organization, or participate in other extra-curricular activities you will set a weekly and monthly pattern of other locations and times at which you are time/place predictable, depending on the length of time the surveillance team is willing to spend developing your pattern of life. This assumes, of course, that your attacker is not so sophisticated that he or she can track the location of your mobile device, place a GPS tracking device on your car (a variety of which are for sale on Amazon.com for under $100), or find geotagged social media content that you, your spouse, or your children have posted that would reveal information about your route(s).
Again, the question arises: why bother? If you are under surveillance there is little point in hiding the routes you take between work and home. The only time you would truly need to know that you are “clean” is if you are going to conduct an act that would be compromising in some way.
ROUTE VARIATION TO PREVENT PHYSICAL ATTACK
This is probably the most frequently cited reason for route variation: the risk of a nebulously defined “attack.” Unfortunately, regardless of how varied the routes are, the individual will always be predictable in two locations: at home and at work. With this knowledge it is reasonable to assume that if you are being specifically targeted for whatever reason, it is unlikely that an attacker will attempt to attack you while you are on the road. There are some good reasons that an attack against you while on the road would not be advantageous to the attacker.
Ease of Execution: Though most of us are perpetually distracted by our phones, radios, coffee, and everything else going on inside the passenger compartment of the vehicle, we are all possessed of some level of situational awareness while driving, otherwise none of us would ever make it home. It is much more likely that the victim will have some early warning (how much is debatable) of an attack in progress, even if it is as minimal as visual contact with an individual approaching the vehicle on foot. Even if the vehicle’s occupant didn’t notice the attacker until his own vehicle’s window is being broken, he or she would still be given milliseconds to seconds to mount a defensive reaction.
Perhaps the strongest reason that an attack “on the road” is so incredibly unlikely is that you are a much softer target at home or at work. The most advantageous time from the attacker’s viewpoint is probably just after you have removed the keys from the ignition, opened the door to step out, and are distracted by juggling your iPhone, coffee, keys, briefcase, etc. With the keys out of the ignition and the vehicle safely parked it poses no threat to the attacker and the victim’s ability to flee the scene is greatly diminished. Since the door is has been opened voluntarily there is no damage to the car should the attackers wish to minimize evidence of a struggle or forensic leavings. The victim also has far less time to prepare for a physical altercation, whether mentally or by producing a weapon, etc.
Danger to the Attacker: Next, the driver of every car on the road is in possession of a weapon weighing several thousand pounds – the car itself. This makes an attack on a vehicle incredibly dangerous. Even if the occupant has no intent to strike an attacker with the vehicle it may happen accidentally. Many will object that a large number of Americans are heavily armed making an attack at home more dangerous attack from the attacker’s standpoint, and hold this up as the reason an attacker would choose to attack when you are on the road. I disagree with this on a couple of points: if the victim is heavily armed there is also some likelihood that he or she carries a concealed handgun on a daily basis. Regardless of where the attack occurs (home, work, or in between) this threat to the attacker remains constant.
Additionally, should the attack occur at your house, well after you have gotten out of your car, the concealed handgun is still the defensive arm that is most likely to be produced to repel the attack. Even though many own AR- or AK-pattern rifles, shotguns, and numerous other, larger handguns (in the US, at least), it is unlikely that most of them will be within easy reach when a well-planned and executed attack occurs since the attacker would know this and plan accordingly. An example of good planning (and the kind exhibited by an attacker who would surveil you long enough to be inconvenienced by route variation) would be waiting until the target is distracted by mowing his or her lawn, or choosing a time when the whole family is in the yard and away from rifles and shotguns that are stored indoors.
WHERE ROUTE VARIATION DOES WORK
The route variation technique does have some legitimate applicability in the real world but only in very specific circumstances. One scenario in which this technique may be useful is in the true high-threat/non-permissive environment where improvised explosive devices are prevalent such as Iraq. In this scenario soldiers leave the forward operating base through a predictable point in the perimeter and must travel a certain distance of a highly predictable route. Fortunately this route is protected, visually from the confines of the base, and through security patrols in the immediate vicinity. Beyond these “safe” areas any route is suspect, and one that is frequently traveled naturally makes a potentially better target for the attacker.
The permissive environment application for route variation is in situations where the home is relatively secure, the workplace is relatively secure, but the route between the two is relatively insecure. An excellent example of this is would be an embassy. The embassy staff may be housed at fairly secure locations (depending on threats in the host country) with cameras, very good locks, and perhaps armed guards. Even if an attack succeeded at the victim’s residence it would be discovered and reported very quickly. The embassy itself would doubtlessly be more secure still and reduce the chances of a successful attack occurring there to effectively zero. This arrangement forces the attacker to conduct actions outside of these two areas: while the employee is in transit between work and home becomes a very prudent opportunity around which to plan an attack. This is an entirely different scenario and the motivations of such an attack would likely be entirely different.
This post is not to suggest that there is zero chance of an attack occurring while you are driving. Car-jacking can and does occur, but these are frequently crimes of opportunity. A number of things advocated by the prepping and tactical communities will do some meaningful good in these situations: situational awareness, keeping your doors locked, avoiding high-risk areas, etc., but route variation is not one of them.
Route variation may even be counter-productive. Traveling a fixed route allows you to choose the safest route; varying your route may require that you travel through areas that are less safe and increase your risk of an opportunistic attack. Route variation may also elevate your profile to a potential attacker. This may be construed as general hyper-vigilance or specific surveillance awareness. This will likely deter an opportunistic attacker, but remember our threat mode.: an attacker who would physically surveil you for a meaningful period of time is incredibly focused on you specifically. Armed with the knowledge that you are surveillance-aware may cause the attacker to strike with much more violence in an attempt to achieve superior, overwhelming force.
Varying your route to and from work (or school, or whatever) may give you some benefit, i.e. a “placebo effect” feeling of security well-being (humans are also very poor at estimating risk and the effectiveness of risk mitigations), or increase your social status as a serious member of your “tactical” community. It is extremely doubtful that the benefit conferred from this behavior is an increase in security, and certainly not an increase in security that is equal to or greater than the effort expended. Each of us only has a finite amount of energy, attention, and resources to dedicate to security, and all of these are probably much better spent elsewhere.