Tuesday, October 20, 2020

Five Eyes Minus One: Thinking the Unthinkable

The following is a brief I wrote to accompany my presentation at the Understanding the Five Eyes twitter conference hosted by the University of Ottawa's Centre for International Policy Studies on September 30th. (Check the CIPS blog to see the very interesting briefs contributed by the other conference presenters.)

The US National Security Agency (NSA) is by far the largest and best-resourced of the Five Eyes SIGINT partners. The four other members of the partnership, the UK's Government Communications Headquarters (GCHQ), Canada's Communications Security Establishment (CSE), the Australian Signals Directorate (ASD), and New Zealand's Government Communications Security Bureau (GCSB), have always been fiercely protective of their unique relationship with NSA. But there's no guarantee that the Five Eyes relationship will always be there.

What would happen if the US were to withdraw significant SIGINT cooperation or otherwise become an untenable partner? If the other SIGINT partners were to continue working together — call it the Commonwealth SIGINT Organization (CSO) — what capabilities would they have?

Global reach for collection

The impact of such a break would certainly be very large, but the assets and resources available to the CSO agencies would remain substantial.
Such capabilities would include:
  • Radio monitoring sites that provide global intercept and direction-finding capabilities for traditional long-range HF targets.

  • Satellite monitoring sites that provide complete coverage of the geostationary satellite belt. (Only a limited number of satellites can be monitored at any time and not all spot beams can be covered, but this is also true of the Five Eyes as a whole.)

  • Fibre-optic cable access points in the U.K., Oman, and (reportedly) Singapore that provide significant access to global Internet traffic. Arrangements with specific telecommunications carriers almost certainly provide significant additional access.

  • Diplomatic facilities, providing potential locations for intercept operations, operated by one or more CSO members in almost all countries. Not all of these locations are suitable for such activities, and the proportion where they exist is probably quite small, but all four CSO members have active intercept programs from diplomatic facilities. They also monitor foreign diplomatic facilities on their soil.

  • Computer Network Exploitation (CNE) programs operated by all four agencies. Such activities are inherently global in reach. As the spread of encryption makes "data in transit" increasingly difficult to exploit, it is likely that acquisition of "data at rest" continues to grow in importance. At least three of the four agencies also operate offensive cyber operations programs.
Significant resources

Despite differing organizational structures and limited transparency, it is possible (with just a moderate amount of hand-waving) to get a rough sense of the size and budget of the CSO agencies relative to those of the NSA.
These numbers suggest that the CSO's resources might be as much as 1/4 the size of those of NSA. (Note, however, that significant US SIGINT capabilities provided by other agencies, most notably CIA SIGINT activities and NRO-funded SIGINT satellites, are not included here.)

Statistics on SIGINT report production by these agencies in 2011-12, while also incomplete, suggest a combined CSO output on the order of 1/5 of the US output (~30,000 from the CSO agencies vs ~150,000 by the US), which is broadly consistent with the resource picture above.

In combination, these CSO capabilities would exceed the national SIGINT efforts of all but the US, China and Russia, and would likely surpass China and Russia in at least some respects (e.g. geographical reach).

Post-break relationship with NSA

The effectiveness of the CSO would also depend on the nature of its post-break relationship with the NSA.
  • A complete cessation of cooperation would be challenging, as it would entail the loss of all access to US collection assets, acquired data, reporting, technology, and expertise.

  • Even more challenging would be a hostile break featuring not only a termination of cooperation but an actively adversarial relationship going forward. This is probably the least likely scenario, however, and would probably occur only in the context of a much more general break in relations with the US, with the resulting economic and security concerns dwarfing those related to intelligence cooperation.

  • More likely, perhaps, would be the replacement of the existing partnership by a more limited, transactional relationship similar to those between NSA and Third-Party countries. In this case, the CSO agencies would have much to offer—not only continued access to some or all CSO resources and output but also continued hosting of two of the three mission ground stations for US high-altitude SIGINT satellites—and the partnership might expect to retain access to NSA resources and outputs at levels comparable to those provided by the CSO.
CSO relationship with Third Parties

To bolster its reach and capabilities, the CSO would likely seek to maintain or extend its Third-Party relations with capable partners such as France, Germany, the Netherlands, other members of the Maximator Group, and/or other potential partners such as Japan and India.
However, few potential partners would be likely to risk their existing relationship with NSA, or their country's broader security relationship with the US, to work with the CSO if the US were opposed to that cooperation. The American position would thus be crucial. If the US were in the process of withdrawing cooperation with some or all of those countries as well, many might be keen to deepen ties with the most capable global intelligence partnership available to them.

Conclusion

With a substantial combined workforce with leading-edge skills and long experience in working together, an extensive installed intercept network with global reach and interoperability, sophisticated independent CNE capabilities, and, potentially, the option to expand existing cooperative arrangements with several significant Third-Party SIGINT agencies, the CSO members might be expected to retain a SIGINT capability surpassed only by those of the US and (in at least some measures) China and Russia. Their combined potential would be even more significant if, to continue benefitting from CSO capabilities, NSA retained some form of Third-Party relationship with its former partners following the break.