Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

thecipherbrief.com

Five Eyes Intel Sharing Unhindered

By Trump Tweets
17-22 minutes

Bottom Line: While President Donald Trump’s tweets at

times unnerve America’s closest allies, especially those
that attack U.S. intelligence and law enforcement, the
“Five Eyes” network of the U.S., Britain, Canada, Australia
and New Zealand continues to share intelligence almost
as one nation. The intelligence relationship arguably provides
stability and reassurance that Washington’s national security
apparatus remains on watch against transnational threats such
as cyber insecurity and a resurgent Russia, despite U.S.
turmoil with investigations over alleged connections between
the Kremlin and the Trump campaign. The recent coordinated
attribution of the disruptive NotPetya campaign to Russia by all
Five Eyes partners suggests such sharing is still going strong.

Background: In many respects, the Five Eye’s intelligence

sharing network, sometimes written as FVEY, is the most
enduring and robust alliance, eclipsing even NATO in
terms of information exchange among members. The
origins of the network can be found in the wake of World
War II, when the U.S. and UK formalized their signals
intelligence (SIGINT) partnership in the UKUSA
Agreement, signed in March 1946. The agreement
expanded to include “Second Party” members, with Canada

1 of 15 05/03/2018, 11:32
Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

joining in 1948 and Australia and New Zealand joining in 1956.

Robert Hannigan, former Director of GCHQ

“The Five Eyes was a SIGINT creation dating from World War
II, when Roosevelt and Churchill took a political decision to
share their most sensitive cryptological secrets. It is based on
trust and aligned values. It is still at its deepest in SIGINT and
Cyber, where the default is to share data and technology and
work together unless there are reasons not to. SIGINT staff
are routinely posted in each others’ facilities and spend whole
careers working with each other. That is not quite true of the
HUMINT agencies, although they have grown closer,
especially on terrorism.”

The initial UKUSA Agreement, declassified in June 2010, lays

out the extent of SIGINT collaboration, including the
acquisition of equipment, collection of communications traffic,
traffic analysis, cryptanalysis, decryption and translation. The
primary bodies of the intelligence partnership are the U.S.
National Security Agency (NSA), the UK’s Government
Communications Headquarters (GCHQ), Australia’s Defence
Signals Directorate (DSD), Canada’s Communications
Security Establishment (CSE) and New Zealand’s Government
Communications Security Bureau (GCSB).

While the agreement initially began with SIGINT cooperation, it

2 of 15 05/03/2018, 11:32
Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

has since expanded to include sharing and cooperation in

fields such as human intelligence, covert action,
counterintelligence, geospatial intelligence, law enforcement,
and finance and transportation security.

A prominent example of the Five Eye’s joint SIGINT collection

comes from the so-called Echelon program, which reportedly
began in the 1960s and involved the interception of civilian
satellite communications based on keywords submitted by
each alliance member.

A more recent example of how Five Eyes might collect SIGINT

with geographic implications would be through downstream
collection of communications data at rest from domestic
internet companies and upstream collection of
communications travelling through domestic internet service
providers. This collected data can then be reportedly mined
directly by all Five Eyes partners through programs such as
XKeyscore, no matter which party actually collected the data.

According to the initial agreement – which is reported to have

evolved with the times with the current document remaining
classified – all raw SIGINT traffic and intelligence products are
shared relatively freely unless a party chooses to forgo sharing
or receiving specific intelligence. There is a mutual
understanding that the citizens of Five Eyes countries will not
be targeted for collection by another member agency, and if
such communications are incidentally intercepted, there will be
an effort to minimize the use and analysis by the intercepting
state – such as by labeling it with “UK Citizen” or “Canadian
Company.”

However, according to a leaked 2005 NSA document, under

certain circumstances, Five Eyes members may conduct

3 of 15 05/03/2018, 11:32
Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

unilateral collection against the citizens of other members

should collaboration with that member be declined. But any
collection, processing and dissemination of that information
must be maintained in NOFORN (“No Foreigners”) channels.
This means that Five Eyes partners cannot, as both a matter
of policy and legality, help each other bypass the privacy
protections of their home countries.

Lt. Gen. (ret.) James Clapper, former Director of National

Intelligence

“We don’t ‘monitor’ each other, if you mean do we spy on the

UK, Australia, Canada and New Zealand, but that’s not to say
we don’t try to understand what’s going on in each
country. The difference with the Five Eyes is we can just ask
each other.”

Robert Hannigan, former Director of GCHQ

4 of 15 05/03/2018, 11:32
Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

“As for monitoring each others’ areas, this is an accusation

which Snowden tried unsuccessfully to pin on the SIGINT
community. It is nonsense and explicitly forbidden as part of
the Five Eyes agreement. Both in law and policy, SIGINT
agencies must respect their own legal framework and those of
their partners. They cannot be used to get around others’ legal
constraints or do what would be unlawful for a partner agency.
A number of parliamentary and oversight inquiries in the UK
have confirmed that this has not happened.”

Chris Inglis, former Deputy Director of the NSA

“It’s a highest-common-denominator approach. So the Brits

could never ask the United States to spy on a Brit, and then
benefit from those proceeds, and vice versa. But, turns out that
American intelligence services could, at their discretion, spy on
the Brits if they chose to do so. There’s nothing about our laws
that would say ‘can’t be a Brit,’ but by policy, we don’t. Not only
do we not do that for our British counterparts – helping them
find a way around their law – and they don’t do that for us, but
we don’t spy on each other. That’s essentially what makes it a
‘second party relationship,’ as opposed to a classic ‘third party

5 of 15 05/03/2018, 11:32
Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

relationship,’ which is everybody else.”

Issue: Heightened tensions between the Trump

administration and Five Eyes partners, such as the UK,
over conclusions of Russia’s interference in the 2016
elections, as well as a seemingly steady stream of leaks
from U.S. intelligence in the past years could be causing
strain among the Five Eyes alliance. Some have suggested
that these political and counterintelligence afflictions, as well
as ongoing privacy concerns, could hinder the close Five Eyes
sharing in the future.

In March, GCHQ issued a strong denial of Trump

administration’s allegation that it targeted collection on Trump
during the election campaign and passed the information onto
the Obama administration, saying that such assertions were
“utterly ridiculous and should be ignored.” A month later,
GCHQ – along with fellow Five Eyes member Australia – was
reported to have provided SIGINT to the U.S. as early as 2015
on members of Trump’s campaign team being in contact with
known or suspected Russian agents, though this was again
not likely through the direct targeting of Trump associates.

In another instance, UK Prime Minister Theresa May briefly

halted the sharing of information to U.S. counterparts following
U.S. officials leaking operational details of the investigation
into the May 2017 attacks on an Ariana Grande concert in
Manchester.

The instances are not without precedent. New Zealand was

temporarily excluded from Five Eyes for a few years after
1985, when the government refused at the time to allow U.S.
and UK warships to access to the country’s ports without their
confirming that there were no nuclear weapons onboard.

6 of 15 05/03/2018, 11:32
Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

However, while the alliance may be met with tension, it is

unlikely to falter in the face of political fallout. Interacting
through common language, democratic values, and
complementary national interests, there is a strong degree of
professional trust that pervades the alliance. This has allowed
the intelligence network to weather political storms as well as
security breaches such as leaks and adversarial penetration in
the past.

Robert Hannigan, former Director of GCHQ

“I think the idea of tension is overplayed. Of course, sharing

sensitive intelligence involves some risk and the originating
agency will always worry that the receiver doesn’t appreciate
the sensitivity, but the instances of damaging leaks are rare,
whether between the Five Eyes or other partners. There are
very well-established processes and protocols to protect
information. Often the differences are practical and cultural:
the U.S. has a much larger intelligence community and the
instinct to share information publicly is much stronger. The
deeper the bonds and history and
personal relationships between agencies, the easier it is to
manage any tensions in a sensible and collaborative way.”

Chris Inglis, former Deputy Director of the NSA

7 of 15 05/03/2018, 11:32
Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

“Of course that creates some amount of tension and angst, but
the relationships are much longer, much deeper, and the
benefits are much more highly leveraged. The benefits are
geometrics, the risks that we occasionally suffer are linear –
not to be trivialized, certainly to be addressed, but by and large
these relationships have hung in there through thick and thin.
Increasingly in the world we live in, where these threats are not
unique to one nation – terrorism is a case in point –
intelligence becomes an instrument of international power as
much as an instrument of sovereign national power. Therefore,
this might just be the model for other partnerships and
coalitions.”

Alastair Gordon, former senior national security officer for the

Australian Government

8 of 15 05/03/2018, 11:32
Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

“The Five Eyes is unique because of the shared history and

values amongst the five nations. This provides levels of mutual
trust and confidence difficult to replicate elsewhere. There are
tensions from time to time, but the Five Eyes relationships are
such that candid discussions can take place without long term
damage to those relationships.”

Response: The alliance goes far beyond the principal of

collaboration or facilitation of information sharing, but
also to enable the dividing of tasks to avoid duplication
and leverage each other’s strengths. Each member does
not have the ability or resources to unilaterally collect all the
intelligence needed. As communications went global – first
with satellite communications and then with packet switched
networks transiting fiber optic cables – such close partnership
makes the intelligence whole greater than the sum of its parts.

Rick Ledgett, former Deputy Director of the NSA

“The principle through which the Five Eyes operates on is that

everybody pursues their national interest, and that national
interest is to cooperate with likeminded nations who have
useful capabilities in this space. The efforts are divided
according to those national interests and those capabilities.
Where one nation might be stronger, they will go ahead and

9 of 15 05/03/2018, 11:32
Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

shoulder the burden for the rest of the Five Eyes. What that
cooperation does is that it allows us to extend our reach in
terms of collection, in terms of linguistic and analytic capability,
and it allows us to do things like divisions of effort so that the
U.S. doesn’t have to do everything all the time. We can have
partners who will do some of that for us, and vice versa. All of
our relationships are asymmetrical – we tend to give more than
we get – but you can’t look at this as a transactional thing. It is
more of a relationship you are going to get into because long-
term, there is value to the nation.”

Expertise and geography play a crucial part of the alliance’s

burden sharing. Each Five Eyes partner collects information
over a specific area of the globe in accordance with their
national priorities, but their collection and analysis are
orchestrated to act as one. Australian analysts, for instance,
may have better cultural and linguistic insight into
communications collected from Asia, and therefore be better
positioned to analyze that information, even if the U.S. is better
positioned to collect it.

While precise geographical focuses are not publically

available, it has been reported that: Australia monitors South
and East Asia communications; New Zealand covers the
South Pacific and Southeast Asia; the UK monitors traffic over
Europe, Western Russia and the Middle East and North Africa;
Canada focuses on inner Russia and some of Latin America;
and the U.S. intercepts communications from the Caribbean,
China, Russia, the Middle East and Africa.

While intelligence sharing was the initial purpose of the

alliance, it has grown to include joint operations, capabilities
development, training, and even jointly staffed bases. One

10 of 15 05/03/2018, 11:32
Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

example of this is the joint NSA-GCHQ upstream collection

operation known as Tempora, which included some 300
analysts from GCHQ and 250 from the NSA co-located at
Bude, along the southwest coast of the UK. Another example
is the Australian Joint Defense Facility at Pine Gap, where
U.S. and Australian intelligence analysts are working side by
side to support – down to the tactical level – military operations
in Afghanistan. This level of collaboration is not easily swept
away by far off political winds.

Rick Ledgett, former Deputy Director of the NSA

“Our Five Eyes partners are part of our tactical support to

military forces. In those cases where a Five Eyes partner has
the responsibility for a particular area that the U.S. military
cares a lot about, then they have signed up to provide a
requisite level of support. And historically, they have provided
outstanding support. The U.S. also provides support back to
their forces. For example, when the Australians were in
Afghanistan with the U.S., we provided exactly the same
support that they provided to U.S. forces.”

Chris Inglis, former Deputy Director of the NSA

11 of 15 05/03/2018, 11:32
Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

“The expectation is that each partner will find ways to make

contributions, unique contributions, from their own
circumstances. What I can talk about is that each of them has
an intellectual base that is slightly different. You give some
evidence, some facts to a New Zealander and say, ‘What does
this mean?’ They’re likely to give you a slightly different
answer given that they understand the world through a
different lens than you might from an American perspective.
And if this is something that’s happening in that neck of the
woods, you probably want to take their account into
consideration.”

Robert Hannigan, former Director of GCHQ

“It’s hard to think of any major disruption of a terrorist attack

plan in recent years that hasn’t involved Five Eyes sharing on
the SIGINT side. Counterintelligence is also an important part
of the Five Eyes, but heavily compartmented, as the assets,

12 of 15 05/03/2018, 11:32
Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

technical and HUMINT, are particularly sensitive and

vulnerable.”

Alastair Gordon, former senior national security officer for the

Australian Government

“Prior to any passage of intelligence to a third country, prior

approval needs to be sought from the agency which sourced
the intelligence. I should also mention that when it comes to
threat warning intelligence, that is, the possibility of a terrorist
attack, it is a general principle that intelligence is shared with
the country which is the target of that threat, regardless of the
state of the intelligence relationship between the country which
collected the intelligence and the target country.”

Looking Ahead: Despite the clear strategic advantage of

such a cohesive intelligence sharing apparatus based on
mutual trust, such benefits can taper with the more
partners included. For this reason, it is unlikely that the Five
Eyes alliance – with the level of cooperation that it currently
operates – will expand to include more members.

Robert Hannigan, former Director of GCHQ

13 of 15 05/03/2018, 11:32
Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

“I’m not sure it is worth the effort to extend the formal Five
Eyes legal agreement – that feels like a distraction. What
matters is that deep operational sharing
is increasingly happening with other partners and that is very
welcome. I doubt whether some partners would want to join
the Five Eyes formally – they probably prefer bilateral
agreements. In the UK, relationships with European countries,
for example on terrorism and cyber, are incredibly important
and have become deeply productive over the years. Beyond
Europe, there are some extremely capable allies, not least
Israel.”

Instead of expanding Five Eyes to include other allies, it’s

more likely that individual Five Eyes members will forge
separate partnerships with other countries on a bilateral basis.
The Five Eye’s partnership allows for working with “Third
Party” countries, where a Five Eyes member establishes a
bilateral relationship with a friendly government, including but
not limited to fellow NATO members, where both provide
technical support to allow them to better collect and share
SIGINT as well as the end-product intelligence reporting.
Known Third Party arrangements include Nine Eyes, an
intelligence sharing network including Denmark, France,
Norway and the Netherlands. There’s also Fourteen Eyes,
a.k.a. SIGINT Seniors Europe (SSEUR), which includes the
exchange of military signals with Nine Eyes plus Belgium,
Germany, Italy, Spain and Sweden.

14 of 15 05/03/2018, 11:32
Five Eyes Intel Sharing Unhindered By Trump Tweets about:reader?url=https://www.thecipherbrief.com/article/tech/five-...

Lt. Gen. (ret.) James Clapper, former Director of National

Intelligence

“Five Eyes countries are different because of the long history

of the English-speaking countries’ intelligence relationships,
which goes back to World War II, if not before—particularly in
SIGINT. So, our intelligence partnership with them is closer
and more fulsome. That’s not to say we don’t have very close
relations with the other countries…I believe that at some point
in the future, we will eliminate NOFORN restrictions with
respect to the Five Eyes intelligence alliance, and extend dual-
citizenship when and where we’re in each other’s intelligence
footprint. There are all kinds of legal complexities here, but
over time, we operate in a way that is moving in that direction.
I must emphasize this is a personal opinion, not ‘company
policy.’”

Levi Maxey is an analyst at The Cipher Brief. Follow him on

Twitter @lemax13.

15 of 15 05/03/2018, 11:32