(Updated: March 10, 2015)
For fulfilling its task of gathering foreign signals intelligence, the National Security Agency
(NSA) is cooperating with partner agencies from over 35 countries all over the world.
These relationships are based upon secret bilateral agreements, but there are also some select groups in which intelligence information is shared on a multilateral basis, like the SIGINT Seniors Europe (SSEUR), the SIGINT Seniors Pacific (SSPAC) and the Afghanistan SIGINT Coalition (AFSC).
Until recently, very little was known about these foreign relationships, but the Snowden-leaks have revealed the names of all the countries that are cooperating with NSA. This made it possible to create the following graphic, which also shows various multilateral intelligence exchange groups, which will be discussed here too.
Nations with 2nd and 3rd Party status and those who are 2nd Party Partners
members of the SIGINT Seniors Europe (SSEUR) and NATO
(click to enlarge)
The closest cooperation is between NSA and the signals intelligence agencies of the United Kingdom, Canada, Australia and New Zealand. Formally this is based upon bilateral agreements, the first being the UKUSA-Agreement
from 1946, but soon the group got a multilateral character, which means partners can exchange information among the other members too (as far as there's a "need to know")
The five partners under the UKUSA-agreement, commonly called the Five Eyes
, agreed that they would follow common procedures for operations and reporting, and also use the same target identification systems, equipment, methods and source designations
. They would not only share end reports and analyses, but also most of the raw data they collect.
As a kind of gentlemen's agreement it is supposed that the Five Eyes countries are not spying on each other, although some of the documents from the Snowden-leaks show that at least NSA secretly keeps that option open.
| || |
| || |
| || |
Despite the very close and longstanding relationship between the Five Eyes partners, two sub-groups have been formed for specific military operations in which not all five partners participate. These sub-groups are designated Four Eyes (abbreviation for classification purposes: ACGU) and Three Eyes (TEYE). Cable tapping
The 2nd Party countries are cooperating in many ways, one of which is in cable tapping operations. The NSA umbrella program for this is codenamed WINDSTOP
. According to NSA's Foreign Partner Access budget
for 2013 WINDSTOP involves primarily Britain, but also Canada, Australia and New Zealand and focusses on access to (mainly internet) "communications into and out of Europe and the Middle East" through an integrated and overarching collection system.Representatives
For maintaining these extensive relationships, NSA has representatives in each Second Party country. These are called Special US Liaison Officer (SUSLO), followed by the name of the nation's capital. So for example the NSA representative in Britain is the Special US Liaison Officer, London (SUSLOL) and the one in Canada the Special US Liaison Officer, Ottawa (SUSLOO).
Likewise, the other Five Eyes countries have a representative at the NSA headquarters. These are called Special UK Liaison Officer (SUKLO), Special Canada Liaison Officer
(SCALO), Special Australia Liaison Officer (SAUSLO), and Special New Zealand Liaison Officer (SNZLO).
Slide from an NSA presentation titled 'Foreign Partner Review' from 3rd Party Partners
fiscal year 2013, showing the 2nd and 3rd Party partners
and some coalition and multilateral exchange groups.
Published in No Place To Hide, May 13, 2014.
One step below the 2nd Party partnerships, there's cooperation between NSA and (signals) intelligence agencies from countries who are called 3rd Party partners. This is based upon formal agreements, but the actual scope of the relationship can vary from country to country and from time to time. Details about the cooperation between two countries are laid down in Memorandums of Understanding (MoU).
For the US, this kind of cooperation is useful
because foreign agencies can have better access to high-priority targets because of their geographic location, or they could have a specific expertise on certain areas, or just simply because they have a better knowledge of the local situation and language.
The foreign partner agencies are mostly interested in American technology, money and access to the worldwide interception capabilities of NSA and its Five Eyes partners. This makes these 3rd Party partnerships especially attractive for smaller countries, for whom it means a sometimes substantial increase of their otherwise limited capabilities.
One big difference with the countries from the 2nd Party category is that 3rd Party partners do spy upon each other, and many of the Snowden-documents have shown this. From these documents we also learned that in 2013, there were 33 countries with 3rd Party status:
| || |
| || |
| || |
| || |
The countries in the column under "CNO" are from a list which is in an undated NSA document about collaboration regarding Computer Network Operations
(CNO). The document was first published on October 30, 2013 by the Spanish paper El Mundo
and classifies cooperation on four different levels, which was also explained by The Guardian
The first level is called "Tier A - Comprehensive Cooperation", which comprises Britain, Australia, Canada and New Zealand. A second group, called "Tier B - Focused Cooperation" includes the 19 mostly European countries listed above. A third group of "Limited cooperation" consists of countries such as France, Israel, India and Pakistan, and finally a fourth group is about "Exceptional Cooperation" with countries that the US considers to be hostile to its interests.
In May 2014, the list with the "Tier A" and "Tier B" countries was also published in Greenwald's book No Place To Hide
, where he ignores the fact that the document was about CNO cooperation and simply assumes that the "Tier B" countries are the same as those with 3rd Party status.*
Map showing the 2nd Party and 3rd Party partners of NSACable tapping
(click to enlarge)
NSA cooperates with the 3rd Party countries in many ways, one of which is in cable tapping operations. The NSA umbrella program for this is codenamed RAMPART-A
. According to NSA's Foreign Partner Access budget
for 2013, RAMPART-A provides access to long-haul international leased communications, with TURMOIL capabilities, and over 3 terabit/second of data from all "communication technologies such as voice, fax, telex, modem, e-mail internet chat, Virtual Private Network (VPN), Voice over IP (VoIP), and voice call records".Representatives
The representatives of NSA in major Third Party countries are called Special US Liaison Advisor (SUSLA), followed by the name of the country. So for example the NSA representative in Germany is the Special US Liaison Advisor, Germany (SUSLAG).
The office staff of such an advisor is called the Special US Liaison Activity (also abbreviated as SUSLA), and for example the SUSLA Germany had 18 personnel (12 civilians and 6 contractors) in 2012, a number which was to be reduced to 6 in 2013.*
It is not clear whether the various Third Party agencies also have a representative at NSA headquarters and if so, what their title is. At NSA these relationships are managed by the Foreign Affairs Directorate (FAD), which has a Country Desk Officer (CDO) for every country or region that matters. Multilateral groups
Although the Third Party relationships are strictly bilateral, some of these countries have also worked very close with each other for a long time. This has been formalized into a few multilateral groups in which intelligence is exchanged not only between one particular country and the US, but also among all other participants. Besides NATO, the following three SIGINT sharing groups are known: - SIGINT Seniors Europe (SSEUR)
This group consists of the Five Eyes and nine European countries: France, Germany, Spain, Italy, Belgium, the Netherlands, Denmark, Norway and Sweden. Except for Sweden, all are NATO members. After the number of countries, the SSEUR are also called 14-Eyes.
The "Seniors" refers to the heads of the participating military or signals intelligence agencies, who in this group coordinate the exchange of military intelligence according to the needs of each member.
There's also a SIGINT Seniors Europe Counter Terrorism (SISECT) coalition*
and in 2013, NSA encouraged GCHQ to host the permanent facility for the joint SSEUR collaboration center.*- SIGINT Seniors Pacific (SSPAC)
There's a similar group for multilateral exchange of military intelligence among some 3rd party nations from the East Asia/Pacific Rim region. Besides the members of the Five Eyes, the SIGINT Seniors Pacific include Singapore, South Korea and most likely Japan and Thailand. Probably one other country is participating too, making this group also being identified as the 10-Eyes.
Update:- Afghanistan SIGINT Coalition (AFSC)
An NSA document disclosed by The New Zealand Herald on March 11, 2015 says that the SSPAC consists of the Five Eyes plus France, India, (South) Korea, Singapore and Thailand.
According to an NSA paper
from 2013, this group consists of the same 14 countries as the SSEUR and is aimed at sharing Afghanistan-related intelligence reports and metadata among its participants. At the time of the paper, each AFSC-member was responsible for covering a specific area of interest, maybe corresponding to the region in Afghanistan where they had troops deployed.
Snowden and Greenwald agreed
not to publish about NSA's involvement in Afghanistan, but the German book about the Snowden-leaks, Der NSA Komplex
, reveals that the 14 AFSC-members cooperated closely in decrypting and analysing mobile communications and have a dedicated data center codenamed CENTER ICE for exchanging this kind of intelligence.*
This makes it likely that much of the metadata that various European countries shared with the US, mistakenly presented by Glenn Greenwald as NSA spying on European citizens, was collected as part of this Afghanistan SIGINT Coalition.
Update:Links and Sources- NSA document about Foreign Relations Mission Titles
A new multilateral intelligence sharing group seems to be the SIGINT Support to Cyber Defense (SSCD) initiative, which consists of a number of countries that together establish an early-warning system to defend themselves against cyber attacks. Its existance was first mentioned on May 8, 2014 in a speech by the president of the German intelligence service BND, which is also cooperating in this SSCD framework.
SSCD will use traditional SIGINT methods to inspect data packets for things like malicious code so these can be eliminated pro-actively. It's not known which countries are participating, except for Germany and, most likely, the Five Eyes.
- About Canada and the Five Eyes Intelligence Community (pdf)
- Duncan Campbell, Echelon and its role in COMINT
- Declassified NSA paper about Third Party Nations: Partners and Targets