by Carly Nyst and Anna Crowe
from GISWatch Website
This report was originally published
as part of a larger
The Five Eyes alliance, comprised of,
...is the continuation of an intelligence partnership formed in the aftermath of the Second World War.
The patchwork of secret spying programs and intelligence-sharing agreements implemented by parties to the Five Eyes arrangement constitutes an integrated global surveillance arrangement that now covers the majority of the world's communications.
Operating in the shadows and misleading the public, the Five Eyes agencies boast in secret how they,
This report summarizes the state of understanding about the Five Eyes global domination of communications networks, and explains the most concerning surveillance capabilities developed by the intelligence agencies.
It also explores the implications of expanded surveillance powers for the rights to privacy and free expression, and the free flow of information and ideas throughout global communications networks.
Finally, it canvasses some of the ways that Privacy International is seeking to unpick the Five Eyes alliance and argues for the restoration of privacy and security in digital communications.
This established the "Five Eyes" alliance for the purpose of sharing intelligence, but primarily signals intelligence (hereafter "SIGINT").
The close relationship between the five states is evidenced by documents recently released by Snowden.
Almost all of the documents include the classification,
These classification markings indicate the material is top-secret communications intelligence (aka SIGINT) material that can be released to the US, Australia, Canada, UK and New Zealand.
Notably while other alliances and
coalitions exist, such as the North Atlantic Treaty Organization,
none of the documents that have thus far been made public refer to
any of these arrangements, suggesting the Five Eyes alliance is
the preeminent SIGINT collection alliance.
They have found ways to infiltrate all aspects of modern communications networks:
The Five Eyes is a close-knit group.
The level of cooperation under the UKUSA agreement is so complete that,
This has resulted in former intelligence officials explaining that the close-knit cooperation that exists under the UKUSA agreement means,
In addition to fluidly sharing collected SIGINT, it is understood that many intelligence facilities run by the respective Five Eyes countries are jointly operated, even jointly staffed, by members of the intelligence agencies of Five Eyes countries.
Each facility collects SIGINT, which can
then be shared with the other Five Eyes states.
By placing taps at key undersea fibre-optic cable landing stations, the program is able to intercept a significant portion of the communications that traverse the UK. The Guardian has reported that 300 analysts from GCHQ and 250 from the NSA were directly assigned to examine material collected.5
TEMPORA stores content for three days
and metadata for 30 days.
Reportedly, approximately 40,000 search terms have been chosen and applied by GCHQ, and another 31,000 by the NSA to information collected via TEMPORA.
GCHQ have had staff examining collected material since the project's inception in 2008, with NSA analysts brought to trial runs of the technology in summer 2011. Full access was provided to NSA by autumn 2011.
An additional 850,000 NSA employees and
US private contractors with top-secret clearance reportedly also
have access to GCHQ databases. GCHQ received £100 million (USD 160
million) in secret NSA funding over the last three years to assist
in the running of this project.6
The NSA XKEYSCORE system has sites that
appear in Five Eyes countries.8 The system indexes email addresses,
file names, IP addresses and port numbers, cookies, webmail and chat
usernames and buddylists, phone numbers, and metadata from web
browsing sessions including searches queried, among many other types
of data that flow through their collection points.
As best as can be ascertained, it seems there is no prohibition on intelligence gathering by Five Eyes states with respect to the citizens or residents of other Five Eyes states.
There is instead, it seems, a general understanding that citizens will not be directly targeted, and where communications are incidentally intercepted, there will be an effort to minimize the use and analysis thereof by the intercepting state.
Outside the Five Eyes, everyone else is fair game, even if they have a separate intelligence-sharing agreement with one or several Five Eyes members.9
With the advent of the internet and new digital forms of communication, now most digital communications take the fastest and cheapest route to their destination, rather than the most direct.
This infrastructure means that the sender has no ability to choose, nor immediate knowledge of, the route that their communication will take.
This shift in communications
infrastructure means that communications travel through many more
countries, are stored in a variety of countries (particularly
through the growing popularity of cloud computing) and are thus
vulnerable to interception by multiple intelligence agencies. From
their bases within the territory of each country, each Five Eyes
intelligence agency collects and analyses communications that
traverse their territory and beyond.
None of the domestic legal regimes set out the circumstances in which intelligence authorities can obtain, store and transfer nationals' or residents' private communication and other information that are intercepted by another Five Eyes agency, nor which will govern the circumstances in which any of the Five Eyes states can request the interception of communications by another party to the alliance.
The same applies to obtaining private information such as emails, web histories, etc., held by internet and other telecommunication companies.
Carefully constructed legal frameworks
provide differing levels of protections for internal versus external
communications, or those relating to nationals versus non-nationals.
The way the global communications infrastructure is built requires that the right to privacy of communications can be exercised globally, as communications can be monitored in a place far from the location of the individual to whom they belong. When an individual sends a letter, email or text message, or makes a phone call, that communication leaves their physical proximity, and travels to its destination.
In the course of its transmission the communication may pass through multiple other states and, therefore, multiple jurisdictions.
The right to privacy of the
communication remains intact, subject only to the permissible
limitations set out under human rights law. Accordingly, whenever
Five Eyes countries interfere with the communication of an
individual, thus infringing upon their privacy, they invoke
jurisdiction over that individual, and have to comply with human
rights obligations accordingly.
The Special Rapporteur on the promotion and protection of the right to freedom of expression and opinion, for example, has described the invasiveness of mass interception of fibre-optic cables:
The Special Rapporteur reasons that,
The laws and agreements that make up the Five Eyes arrangement and apply it to domestic contexts lack any semblance of the clarity or accessibility necessary to ensure that the individuals whose rights and interests are affected by them are able to understand their application.
Their actions have been justified in secret, on the basis of secret interpretations of international law and classified agreements.
By remaining in the shadows, our intelligence agencies - and the governments who control them - have removed our ability to challenge their actions and their impact upon our human rights. We cannot hold our governments accountable when their actions are obfuscated through secret deals and covert legal frameworks.
Secret, convoluted or obfuscated law can
never be considered law within a democratic society governed by the
rule of law.
Trust must be restored, and our
intelligence agencies must be brought under the rule of law.
Transparency around and accountability for secret agreements is a
crucial first step.
We have brought legal cases against Britain's GCHQ for mass surveillance and hacking activities, and have sought avenues to take similar complaints in other jurisdictions. We filed a complaint under the OECD Guidelines for Multinational Enterprises against the seven telecommunications companies facilitating UK interception of fibre-optic cables.
We have written to the Australian
Inspector-General of Intelligence and Security asking her to
commence an investigation into the ASD, and to the US Treasury
Department and to every data protection authority in Europe seeking
an investigation into the SWIFT hacking.