There are lots of myths around Five Eyes. In the last few years, the countries involved have officially acknowledged the existence of the Five Eyes agreement in public forums. In this article, we will look at the facts and explain what it actually means. It all revolves around collaborative intelligence gathering and sharing.
Contents
Officially known as the UKUSA Agreement, this is a multilateral agreement for signals intelligence (SIGINT) cooperation between the English-speaking countries of the US, UK, Australia, New Zealand, and Canada. The actual sharing of intelligence can extend beyond the five nations on an as-required basis, with automatic sharing of intelligence being limited to this core group. Its origins stem from collaborative intelligence sharing during the second world war that was strengthened by the subsequent Cold War's challenges. Now the main focus revolves around the global fight against terrorism and countering the actions of rogue states.
The principle behind the Five Eyes partnership is that no single country has the resources and capabilities to collect intelligence on all the threats to that country. By combining resources, the intelligence agencies of these countries increase their capabilities and produce more effective results.
While it is often implied that this arrangement is secret and covert, the reality is that this has been a longstanding partnership. Still, for obvious reasons, the details and operational arrangements are secret. The actual UKUSA Agreement is publicly available from the UK's national archives. This agreement between the US and UK intelligence agencies was officially signed in 1946. However, its origins can be traced back to early 1941, a time before the US had ended its position of neutrality during the second world war. The agreement was borne from the desire to share the results of each country's code-breaking activities. The US had broken Japanese codes, and the UK had broken German codes. It made sense to share intelligence, especially once the US joined the hostilities. The agreement was expanded to include Australia, Canada, and New Zealand over the following ten years as the cold war developed. These countries are distinguished by their shared common principles as liberal democracies with broadly common cultural values and national interests.
The UKUSA Agreement evolved into accords and provisions for generating and sharing intelligence, dividing, and allocating resources to reduce duplication and maximize effectiveness from its beginning as a mechanism for sharing intelligence. Responsibilities for intelligence gathering broadly followed geographic locations except for the more prominent adversary states. This reflected intelligence gathering based on interception and monitoring of radio and telephony signals where a physical presence within the communications range was essential. The US collected intelligence from Russia, China, Africa, the Middle East, and the Caribbean region. Canada is understood to have collected intelligence from the Russian interior, China, and, surprisingly, Latin America. The UK was responsible for gathering intelligence from Europe, Western Russia, the Middle East, and Hong Kong. Australia collected intelligence from South and East Asia. New Zealand collected intelligence from the South Pacific and Southeast Asia. With the rise of internet communications and message routing globally, intelligence gathering no longer needs to follow rigid geographic partitions.
The core principle underpinning the Five Eyes agreement is that the nations can extend their intelligence-gathering capabilities to span the globe by working together. A look at the five-member country's territories' geographic locations shows their monitoring facilities' potential reach. As Ciaran Martin, the CEO of the UK's NCSC is reported as saying,
"Cyber-attacks do not respect international boundaries, and many of the threats and vulnerabilities we face are shared around the globe. Each nation has sovereignty to defend itself as it sees best, but it's vital that we work closely with our allies to make the world as safe as possible."
Source: Global intelligence agencies to share UK stage for first... - NCSC.GOV.UK
Once shrouded in secrecy, the agencies that formed the Five Eyes membership now have a public-facing presence on the internet. They give an overview of their purpose, accountability and provide valuable resources for anyone looking for cybersecurity guidance.
Not all the Five Eyes activities are cloaked in secrecy. In 2019 representatives from each of the Five Eyes intelligence agencies took to the stage at the UK's National Cyber Security Centre (NCSC) annual conference CYBERUK 2019, held in Glasgow.
In 2020 the intelligence agencies were public in their efforts to address state-sponsored cyberattacks against researchers developing Covid-19 vaccines. They issued guidance to address disinformation spread by state-backed actors seeking to destabilize efforts to contain the virus's spread.
The Five Eyes nations also undertake collaborative research and issue guidance through their cybersecurity agencies:
For example, the following guidance on the Technical Approaches to Uncovering and Remediating Malicious Activity is available from the CISA website.
Each member country of the Five Eyes arrangement has its own accountability and governance arrangements for their intelligence agencies. For further details of each countries oversight arrangements, a parliamentary briefing paper has been produced as a collaborative effort between researchers in Australia, Canada, New Zealand, and the United Kingdom. A copy can be viewed here.
There is also a Five Eyes Intelligence Oversight and Review Council (FIORC) that provides non-political intelligence oversight. Representatives from oversight agencies of each country form the membership of the oversight and review council:
One remit of the council is to enhance public trust by encouraging transparency where possible.
One area where there is concern over the Five Eyes group's aims is balancing the personal right to privacy with the state's need to collect intelligence on threats. This requires information gathering both within and outside the country's borders. This is seen most keenly in applications that employ end-to-end encryption to provide robust privacy for users. Intelligence communities' concern is such technologies can be used to hide communications between malicious actors. This could be rogue individuals looking to commit a criminal act or hostile nation-states looking to interfere or subvert the country's democratic processes. There are many recent examples where rogue states have sought to undermine confidence in the Covid-19 vaccination programs or even disrupt Covid-19 vaccine production.
The Five Eyes group advocate that where service providers offer end-to-end encryption, law enforcement, and intelligence agencies should have the capability to monitor communications in the state's interests. This position is also echoed by child protection advocates seeking to unmask individuals involved in the trafficking and exploitation of children and the sharing of illegal content. However, there is strong public resistance to allowing the state to wholesale monitor all communications. This is borne from the distrust that the state agencies will confine their activities purely for serious crime detection and prevention measures.
There are many other intelligence-sharing arrangements in place beyond the Five Eyes agreement. These may be related to a specific multinational coalition of countries undertaking UN-sanctioned actions such as the liberation of Kuwait in 1991, where intelligence specific to operations was shared between coalition partners. These may be related to member countries of a particular military alliance, such as the North Atlantic Treaty Organization (NATO). The Joint Intelligence and Security Division (JISD), based at NATO Headquarters, provides strategic leadership for intelligence sharing. Then there are the other longstanding arrangements for specific groups of countries. One example is the Nine Eyes group, comprising the Five Eyes countries plus Denmark, France, the Netherlands, and Norway. Another example is the Fourteen Eyes group, officially known as SIGINT Seniors Europe (SSEUR) and comprising the Nine Eyes countries plus Belgium, Germany, Italy, Spain, and Sweden. This has an equivalent group known as the SIGINT Seniors of the Pacific (SSPAC), comprising the Five Eyes countries plus France, India, Singapore, South Korea, and Thailand.
The critical difference between Five Eyes and these other arrangements is that the Five Eyes agreement sets out roles and responsibilities for intelligence gathering and sharing. In contrast, the other arrangements are focused on intelligence sharing.
All countries undertake intelligence gathering and analysis to a greater or lesser extent. How they do this and how transparent they are about this varies greatly. The Five Eyes countries represent some of the most liberal and democratic nations. The difference is that they have a longstanding collaborative agreement for intelligence gathering and sharing that makes them significantly more effective and opens them up to more criticism when it comes to protecting personal privacy.
For anyone concerned with personal privacy, techniques such as end-to-end encryption provide mechanisms to hide information from the most determined eavesdroppers.