The line between Open-Source Intelligence (OSINT) and Human Intelligence (HUMINT) comes down to one question: are you observing, or are you engaging? OSINT is derived from publicly available information that anyone could access without interacting with the people involved. HUMINT requires human interaction, particularly when the person providing the information doesn’t know why you’re asking. That distinction is clean in doctrine. In practice, the terminology has gotten muddled in ways that create real legal, ethical, and operational risk for practitioners across intelligence, law enforcement, corporate investigations, and journalism.

The term “active OSINT” is the clearest example. Practitioners who learned intelligence work outside formal IC or military training programs use it to describe activities like creating sock puppet accounts (fictitious online identities used to conceal the investigator’s real identity), sending direct messages to targets, or infiltrating private online groups. Those activities involve deception about identity and engagement with human subjects. By every doctrinal definition available, that’s HUMINT tradecraft. Calling it “active OSINT” doesn’t change what it is; it obscures the authorization, oversight, and ethical obligations that come with it.

Practitioners on both sides of this boundary face different rules. An investigator who reads someone’s public social media posts is conducting OSINT and generally needs minimal authorization. An investigator who creates a fake profile to befriend that person and extract information through conversation has crossed into HUMINT territory, where the rules around deception, authorization, and oversight are substantially more demanding. The medium doesn’t matter. Online or in person, the distinction depends on whether you’re observing what’s already public or engaging with a human being to get something that isn’t.

What Doctrine Says

Joint Publication 2-0, the foundational U.S. intelligence doctrine document, defines HUMINT as “a category of intelligence derived from information collected and provided by human sources” (JP 2-0 2013). The legal definition of OSINT, codified in Public Law 109-163 and adopted by the OSINT Foundation, a professional association for IC OSINT practitioners, defines it as “intelligence that is produced from publicly available information and is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement” (OSINT Foundation 2022). The two definitions carve out distinct collection disciplines: one rests on what’s already available to anyone; the other rests on what people tell you.

The Department of Defense defines “publicly available information” (PAI) with specificity that matters for practitioners drawing this line. Under DoD Directive 3115.18, PAI is information that has been published or broadcast for public consumption, is accessible online to the public, could be seen or heard by a casual observer, or was obtained by visiting a place or attending an event open to the public (DoD Directive 3115.18 2019). That definition draws a boundary around what qualifies as the raw material for OSINT collection. If you had to interact with someone, deceive someone, or gain access to something restricted to get the information, it doesn’t meet the PAI standard.

JP 2-0 defines elicitation as “the acquisition of information from a person or group in a manner that does not disclose the intent of the interview or conversation” (JP 2-0 2013). That definition is critical because it captures exactly what distinguishes much of what practitioners call “active OSINT” from actual OSINT: the concealment of investigative purpose during a human interaction. Army doctrine on HUMINT collection fills in the operational picture. FM 2-22.3 describes HUMINT as using “human sources as a tool and a variety of collection methods, both passively and actively, to gather information,” including debriefings, screening, liaison, and tactically oriented collection activities using human sources (FM 2-22.3 2006). The emphasis on human sources as a tool, combined with methods that include active engagement, places HUMINT squarely in the domain of interaction rather than observation.

The OSINT Foundation’s Definitions document establishes that OSINT “is almost exclusively an activity where information is acquired second-hand,” meaning the information must have already been collected, processed, and disseminated by someone else for other purposes before the OSINT practitioner encounters it (OSINT Foundation 2022). The Foundation draws the boundary in a single sentence: “PAI collection, therefore, is an activity wherein the OSINT practitioner does not directly interact with the target or source to elicit a response” (OSINT Foundation 2022). The only exception is requesting additional information in public forums, since the resulting new information is itself publicly available, a practice the Foundation traces back to the original 1992 Community Open Source Program directive (OSINT Foundation 2022). If you’re observing information that’s already out there, you’re doing OSINT. If you’re interacting with a person to get them to tell you something, you’ve crossed into a different discipline.

Why “Active OSINT” Describes HUMINT

The term “active OSINT” has spread through practitioner communities, training programs, and security conferences to describe activities that involve engaging with targets rather than observing them. The activities commonly grouped under this label include creating sock puppet accounts with fictitious identities, sending friend or follow requests from fake profiles, direct messaging targets, joining private or closed groups under false pretenses, commenting on or engaging with target posts to build rapport, and extracting information through conversation where the target doesn’t know who they’re actually talking to.

Every one of those activities involves deception about identity and direct engagement with a human subject. When you map them against IC doctrine, they correspond directly to recognized HUMINT tradecraft. Creating a sock puppet with a fabricated identity and backstory is cover identity development. Joining a private group by misrepresenting who you are is infiltration. Engaging a target in conversation to extract information without revealing your purpose is elicitation. Building a relationship with someone to gain their trust and access to their information is source development. Operating throughout without disclosing your investigative intent is clandestine collection.

Relabeling these activities as a subcategory of OSINT doesn’t change their character. It changes how practitioners think about the authorization they need, the oversight that applies, and the ethical obligations they carry. A corporate investigator who believes they’re conducting “advanced OSINT” when they create a fake LinkedIn profile to connect with a target’s employees and extract information through casual conversation is conducting HUMINT under a different name. If that investigator works for a law firm, they may be violating professional ethics rules. If they work for a government agency, they may be conducting an activity that requires supervisory authorization they never sought. If they work for a private firm, they may be creating liability their client doesn’t know about.

Under the OSINT Foundation’s formulation, OSINT collection does not involve direct interaction with the target or source to elicit a response (OSINT Foundation 2022). The medium doesn’t alter the category. Elicitation conducted through a chat window is still elicitation. Infiltration accomplished by clicking “Join Group” instead of walking through a door is still infiltration.

Boundaries in Other Sectors

Professional communities outside the Intelligence Community have developed their own frameworks for distinguishing passive research from active engagement, and they converge on the same principle: the transition from research to engagement occurs when there is active communication with, or deception of, a human subject. Competitive intelligence practitioners operate under the Strategic and Competitive Intelligence Professionals (SCIP) Code of Ethics, which requires members to accurately disclose all relevant information, including their identity and organization, prior to all interviews (SCIP n.d.). Reviewing publicly available information about a competitor requires no disclosure. The moment you pick up the phone and call someone at a competitor’s firm to ask questions, the disclosure requirement applies. The SCIP framework treats the identity and purpose disclosure requirement as the functional boundary between competitive research and something that demands a higher standard of conduct.

Legal ethics create an even sharper line around social media investigation. DC Bar Ethics Opinion 371 holds that a lawyer’s review of a represented person’s public social media postings does not violate professional rules because no communication occurs (DC Bar 2016). Requesting access to information protected by privacy settings, such as sending a friend request to a represented person, does constitute a communication subject to ethical constraints (DC Bar 2016). The distinction is precise: looking at what someone has made public requires no special authorization or ethical consideration. Sending a friend request, even without a word of conversation, crosses into communication because it initiates a relationship under potentially false pretenses. Courts have enforced this boundary. An Ohio assistant prosecutor was suspended for twelve months for creating a fake Facebook profile to friend a defendant and a witness in an active case. The act of creating a false identity to gain access to restricted information was itself the violation, regardless of what the prosecutor did with the information afterward.

The Society of Professional Journalists Code of Ethics directs journalists to avoid undercover or other surreptitious methods of gathering information unless traditional, open methods will not yield information vital to the public (SPJ n.d.). Journalism doesn’t prohibit undercover work outright, but it treats it as a last resort that requires justification, holding deceptive methods to a higher standard than any other form of reporting. A journalist who reads someone’s public posts is doing ordinary reporting. A journalist who creates a fake persona to infiltrate a group and build relationships with sources is doing undercover work, and the SPJ framework requires that the story justify the deception, that no other path to the information exists, and that the methods be disclosed to the audience.

Law enforcement has developed its own frameworks for distinguishing overt monitoring from undercover activity online. The Brennan Center for Justice holds that undercover accounts should be used extremely sparingly if at all, and only with a policy in place that requires documentation and supervisory confirmation that no less invasive means are available (Brennan Center 2019). The Attorney General’s Guidelines for Domestic FBI Operations distinguish three tiers of investigation with different authorization requirements (DOJ 2008). The lowest tier, assessments, permits obtaining publicly available information and accessing online services but does not authorize assuming false identities. Preliminary investigations require information or an allegation indicating criminal activity or a threat. Full investigations require an articulable factual basis and permit the full range of investigative techniques, including undercover operations, with supervisory approval that escalates based on sensitivity (DOJ 2008). The pattern across all three tiers is consistent with every other sector: passive collection of publicly available information requires minimal authorization, while active engagement with individuals under false pretenses requires progressively higher levels of justification and oversight.

The Attorney General’s Guidelines on FBI Undercover Operations also define an undercover operation in terms that capture what crosses the boundary: an investigative technique in which an operative assumes a covert identity or purpose and takes action to gain evidence or information that would be unavailable without the target’s reliance on the operative’s covert role (DOJ 1992). That definition describes what happens when an investigator creates a sock puppet account to befriend a target and extract information through conversation. The target provides information because they believe they’re talking to a peer, a potential friend, or a fellow group member. The information would be unavailable without the target’s reliance on the investigator’s false identity. Whether the investigator is an FBI agent, a corporate investigator, or a freelance OSINT researcher, the activity is structurally identical.

IC doctrine, competitive intelligence, legal ethics, journalism, and law enforcement all draw the same boundary between what’s permitted as routine collection and what requires authorization, disclosure, or justification, even though they arrive there through different frameworks.

The specifics vary by sector, but the underlying logic doesn’t. Passive collection of publicly available information sits on one side. Active engagement with people, particularly under concealed identity or purpose, sits on the other. Every sector that has examined the question treats the transition between the two as requiring a higher standard of conduct.

Where the Boundaries Blur

The clean doctrinal line between observation and engagement gets complicated in several places, and practitioners who work near the boundary need to know where it frays. The complications aren’t rare edge cases; they come up regularly in online investigations where platform design, access controls, and the sheer variety of digital spaces create situations that doctrine didn’t anticipate.

The most common source of confusion involves the distinction between public and private online spaces. Observing conversations in a truly public online forum falls clearly within OSINT. Joining a private group that requires invitation or approval to access its content is harder to categorize. Some private groups accept anyone who clicks “request to join.” Others require answering questions about who you are and what your interest is. Still others require a referral from an existing member. The DoD’s PAI definition uses the qualifier “open to the public,” which is the right test, but applying it to the spectrum of online group access models isn’t always straightforward (DoD Directive 3115.18 2019). A Facebook group that auto-approves every join request is functionally public even though the platform labels it “private.” A Telegram channel that requires vouching from existing members is genuinely restricted. The doctrinal frameworks weren’t written with this spectrum in mind, and practitioners have to exercise judgment about where observation ends and infiltration begins in each specific case.

Passive monitoring through accounts that conceal the investigator’s identity is sometimes treated as a gray area, but the OSINT Foundation’s framework supports categorizing it as OSINT when no interaction occurs. Creating a research account under a pseudonym to follow public accounts and read public posts, without ever sending a message, making a comment, or initiating any contact, involves a degree of identity concealment, but the collection method is purely observational. No human interaction occurs, no information is elicited, and no one’s behavior is influenced by the investigator’s presence.

The OSINT Foundation’s Collection Methodologies document acknowledges that internet collection “may need to make use of specialized tradecraft and technology to obfuscate the interests, identity, and search techniques of the collector,” which it refers to collectively as managed attribution (OSINT Foundation 2023). That language treats identity management as part of OSINT tradecraft rather than an indicator that the activity has crossed into HUMINT. The key distinction is that managed attribution supports collection of PAI; it doesn’t authorize engagement with human subjects. A pseudonymous account used only for observation is managed attribution. A pseudonymous account used to send messages, join restricted groups, or build relationships with targets is a cover identity, and that’s HUMINT regardless of the platform.

Leaked databases, stolen documents that were subsequently published, and hacked materials that journalists or researchers have made accessible online all present the same problem: does the public availability of information that was illegally obtained make it legitimate OSINT, or does the provenance contaminate the collection? IC doctrine and most legal frameworks focus on the method of collection, not the history of the information. If the data is now publicly accessible and the practitioner didn’t participate in or commission the unauthorized access, most OSINT frameworks treat it as permissible to collect. But the ethical and legal picture is more complicated than that, particularly for government practitioners, and this is an area where sector-specific guidance varies significantly.

The gray area that generates the most operational confusion involves gradual escalation from observation to engagement. An analyst monitoring a target’s public social media begins by reading posts. Then they start reading the comments. Then they notice a commenter who seems to know the target well and begin monitoring that person’s profile too. Then they consider sending a connection request to the commenter to access more of their posts. Each individual step feels like a small extension of what they were already doing. No single step feels like it crosses a clear boundary. But the cumulative trajectory moves from pure observation toward engagement with a human subject, and somewhere along that path the activity stops being OSINT regardless of what the analyst calls it in their notes.

These gray areas don’t invalidate the doctrinal distinction. They do mean that practitioners need to think about where they sit on the observation-to-engagement spectrum rather than assuming that everything done on a computer is OSINT by default. The spectrum below sorts common collection activities into what falls clearly on each side and what sits in the contested middle, where organizational policies, sector-specific guidance, and professional judgment have to fill the gaps that doctrine doesn’t cover.

Most of what practitioners actually do on a daily basis falls clearly into the OSINT or HUMINT columns. The contested territory in the middle is real but narrower than it appears when the whole debate gets reduced to “is it OSINT or not.”

What This Means for Practitioners

Five questions can help locate where a specific collection activity falls on the observation-to-engagement spectrum. The most fundamental is whether you’re collecting information that is already publicly available or interacting with a person to obtain it. Reading public posts, reviewing public records, monitoring open forums, and accessing information that anyone could see without special access all sit on the OSINT side. Sending messages, making connection requests, asking questions in conversation, and engaging in any form of direct communication with a target or someone connected to a target pull you toward the HUMINT side. The dividing line isn’t complexity or sophistication; it’s whether another human being is involved as a source rather than just as the subject of publicly observable information.

Identity and purpose disclosure are the second and third questions, and they work together. Research conducted under your true identity, where subjects know they’re being observed or know who they’re talking to, operates under different rules than research conducted under a false identity where subjects don’t know who they’re actually communicating with. Multiple sectors treat identity disclosure as the functional boundary. And the JP 2-0 definition of elicitation hinges specifically on concealment of investigative intent during conversation (JP 2-0 2013). If you’re asking questions in a way that conceals why you want the answers, you’re eliciting, regardless of whether the conversation happens at a coffee shop or in a Discord server.

The fourth question is whether you would need a false identity to access the information at all. If the information is available to anyone who shows up, whether “showing up” means visiting a website, attending a conference, or walking into a public building, that’s a strong marker for OSINT. If accessing the information requires pretending to be someone you’re not, that’s a strong marker for HUMINT. And the fifth question tests the method itself: does your collection depend on the target’s trust or cooperation to work? OSINT collection works whether the target knows about it or not, because the information is already out there. If your method depends on the target believing you’re someone else and providing information they wouldn’t give to an identified investigator, you’re past the OSINT boundary.

None of these questions produce a perfect answer in every case, and the gray areas discussed above mean some situations won’t resolve cleanly. But asking them forces practitioners to think explicitly about what they’re doing rather than defaulting to the assumption that any research conducted on a computer is OSINT.

Arguments Against OSINT as a Discipline

A handful of scholars have argued that OSINT shouldn’t exist as a separate intelligence discipline. Joseph Hatfield’s 2023 paper calls it “a fundamentally incoherent concept that should be abandoned” and proposes redistributing openly derived sources back into the traditional disciplines based on collection method (Hatfield 2023). David Omand and colleagues proposed replacing parts of it with “SOCMINT,” a new discipline for social media collection (Omand, Bartlett, and Miller 2012). The RAND Corporation’s Williams and Blum observed that discipline boundaries often reflect agency authorities more than genuine differences in collection methods (Williams and Blum 2018).

These arguments tend to come from people whose primary concern is organizational turf rather than operational practice. OSINT has its own collection infrastructure, its own processing requirements, its own verification challenges, and its own legal and ethical frameworks that don’t map onto SIGINT, GEOINT, or HUMINT structures. The OSINT Foundation’s 2026 Policy Framework lays out what a mature OSINT discipline requires: dedicated career tracks, specialized training in collection planning and tradecraft and operational security, mental health support for practitioners exposed to disturbing content, audit and compliance structures for PAI retention, and oversight mechanisms tailored to the unique risks of open-source collection (OSINT Foundation 2026). The Foundation’s Collection Methodologies document defines six distinct collection methods for OSINT, from in-person collection to automated collection to purchase of commercially available information, each with its own tradecraft considerations (OSINT Foundation 2023). That’s a discipline with its own operational requirements that wouldn’t be served by absorption back into HUMINT or SIGINT. SOCMINT never gained traction in the United States because naming a discipline after a collection environment rather than a collection method doesn’t solve anything; social media observation is OSINT, and social media engagement under false pretenses is HUMINT, and a third label just adds confusion.

Hatfield does get one thing right: OSINT is the only major discipline defined by the accessibility of its information rather than by the method used to collect it. That definitional quirk is exactly what allowed “active OSINT” to take root as a concept, because practitioners could stretch the boundary of “accessible information” to include anything they could reach from a keyboard. Tightening the definition and enforcing the boundary between observation and engagement fixes the problem. Dissolving the discipline doesn’t.

Closing

Calling HUMINT tradecraft “active OSINT” doesn’t change the legal frameworks that apply, the ethical obligations that attach, or the authorization that should be required. What it does is make it easier for practitioners to skip the questions they should be asking about oversight, justification, and the rules that govern their specific sector and jurisdiction. An investigator who knows they’re crossing from OSINT into HUMINT territory can make a deliberate decision about whether the situation warrants it, seek appropriate authorization, and document the justification. An investigator who believes they’re still doing OSINT because they’re sitting at a computer has no reason to ask those questions at all.

How practitioners label their collection activities shapes how they think about oversight, disclosure, and risk. Every sector that has thought carefully about this boundary has arrived at the same conclusion: passive collection of public information and active engagement with people under false pretenses require different levels of authorization, different standards of justification, and different accountability structures. Getting the label right is the first step toward getting the oversight right.

A follow-up article will address the legal frameworks that govern intelligence collection activities across government and private-sector contexts, including how authorization requirements scale with the intrusiveness of the collection method.

References

  • Brennan Center for Justice. 2019. Principles for Social Media Use by Law Enforcement. New York: Brennan Center for Justice.

  • DC Bar. 2016. Ethics Opinion 371: Social Media II: Use of Social Media in Providing Legal Services. Washington, DC: DC Bar.

  • Department of Defense. 2019. DoD Directive 3115.18: DoD Access to and Use of Publicly Available Information (PAI). Washington, DC: Department of Defense.

  • Department of Justice. 1992. Attorney General’s Guidelines on FBI Undercover Operations. Washington, DC: Department of Justice.

  • Department of Justice. 2008. The Attorney General’s Guidelines for Domestic FBI Operations. Washington, DC: Department of Justice.

  • Department of the Army. 2006. FM 2-22.3: Human Intelligence Collector Operations. Washington, DC: Department of the Army.

  • Hatfield, Joseph M. 2023. “There Is No Such Thing as Open Source Intelligence.” International Journal of Intelligence and CounterIntelligence 37 (2): 397–418.

  • Joint Chiefs of Staff. 2013. JP 2-0: Joint Intelligence. Washington, DC: Joint Chiefs of Staff.

  • Omand, David, Jamie Bartlett, and Carl Miller. 2012. “Introducing Social Media Intelligence (SOCMINT).” Intelligence and National Security 27 (6): 801–823.

  • OSINT Foundation. 2022. OSINT Definitions. OSINT Foundation.

  • OSINT Foundation. 2023. OSINT Collection Methodologies. OSINT Foundation.

  • OSINT Foundation. 2026. OSINT Policy Framework. OSINT Foundation.

  • Society of Professional Journalists. n.d. SPJ Code of Ethics. Indianapolis, IN: Society of Professional Journalists.

  • Strategic and Competitive Intelligence Professionals. n.d. SCIP Code of Ethics. Strategic and Competitive Intelligence Professionals.

  • Williams, Heather J., and Ilana Blum. 2018. Defining Second Generation Open Source Intelligence (OSINT) for the Defense Enterprise. Santa Monica, CA: RAND Corporation.