Elicitation

Elicitation is the practice of extracting information from someone without them realising they’re being asked for it. It is distinct from interrogation, which involves explicit questions and tends to make people careful. Elicitation works through conversation, and specifically through the human tendency to respond to social cues rather than analyse them.

Most people, when they hear something that is slightly incorrect about a subject they know well, will correct it. When they receive a compliment about their expertise, they will demonstrate it. When they encounter someone who seems genuinely curious about their work, they will explain it. These are not weaknesses. They are the normal behaviours of people who have not been given a reason to be suspicious.

Rapport

The first task in elicitation is establishing that the conversation is a comfortable one. This usually means finding common ground quickly, which is easier if you have done your reconnaissance. Knowing that a target organisation recently migrated to a new system, or that the team you’re speaking with has had a difficult few months with their infrastructure, gives you something to commiserate about before you start asking anything.

Matching the other person’s pace, vocabulary, and level of formality removes friction. People are more forthcoming with someone who sounds like them than with someone who sounds like they are filling in a form. The goal is to be perceived as a colleague or peer rather than an external party with an agenda.

Flattery and deference

A targeted compliment is one of the more reliable tools in elicitation. Telling someone that their team has a reputation for handling a particular problem well almost invariably produces a detailed explanation of exactly how they handle it. The compliment creates a mild obligation to live up to the description.

Framing yourself as less knowledgeable than you are achieves something similar. Someone who appears to need guidance will receive it. An IT contractor who says “I’m not sure how your team normally handles this, I don’t want to step on anyone’s toes” will often get a complete walkthrough of the relevant process, because helping someone who is trying to do the right thing costs nothing and feels virtuous.

The deliberate error

Stating something slightly incorrect about the organisation or its systems is one of the more elegant techniques in the elicitation toolkit. The person who knows better will almost always say so. “I was told your backup systems run on Veeam” directed at an administrator who actually runs something else produces an unprompted correction, along with whatever additional detail the administrator feels proves the point.

The trick is calibrating the error. Too obvious and it reads as a test. Too obscure and they may not bother correcting it. Something that sounds like it came from slightly outdated information tends to work well, because it implies you have legitimate background knowledge that simply needs updating.

Mirroring and silence

Repeating the last two or three words someone has said, as a question or with a slightly rising intonation, causes most people to continue and expand. It signals that you are listening and interested without directing the conversation anywhere in particular. The other person fills the silence, usually by elaborating on whatever they just said.

Silence itself is underused. When someone finishes a sentence, the instinct on both sides of a conversation is to fill the gap. Resisting that instinct and waiting a few seconds often produces more information than asking a follow-up question would, because the other person interprets the silence as expectation and continues talking to satisfy it.

Knowing when to stop

The most common mistake in elicitation is asking for too much. Each question that feels slightly unusual increases the probability that the person reflects on the conversation afterwards and notices the pattern. Getting three or four pieces of useful information in a natural-seeming exchange is more valuable than pushing for a complete picture and triggering retrospective suspicion.

An elicitation conversation should feel, to the person on the other end of it, like a pleasant and slightly forgettable interaction with a competent colleague. If they remember it at all, they should remember that you seemed to know what you were doing.

Runbooks