Eyes Wide Open v1 PDF

Eyes Wide Open
Special Report
!
Executive Summary
The recent revelations, made possible by NSA-whistleblower Edward Snowden, of the

reach and scope of global surveillance practices have prompted a fundamental re-
examination of the role of intelligence services in conducting coordinated cross-border
surveillance.
The Five Eyes alliance of States – comprised of the United States National Security
Agency (NSA), the United Kingdom’s Government Communications Headquarters
(GCHQ), Canada’s Communications Security Establishment Canada (CSEC), the
Australian Signals Directorate (ASD), and New Zealand’s Government Communications
Security Bureau (GCSB) – is the continuation of an intelligence partnership formed in the
aftermath of the Second World War. Today, the Five Eyes has infiltrated every aspect of
modern global communications systems.
The world has changed dramatically since the 1940s; then, private documents were
stored in filing cabinets under lock and key, and months could pass without one having
the need or luxury of making an international phone call. Now, private documents are
stored in unknown data centers around the world, international communications are
conducted daily, and our lives are lived – ideas exchanged, financial transactions
conducted, intimate moments shared – online.
The drastic changes to how we use technology to communicate have not gone
unnoticed by the Five Eyes alliance. A leaked NSA strategy document, shared amongst
Five Eyes partners, exposes the clear interest that intelligence agencies have in
collecting and analyzing signals intelligence (SIGINT) in the digital age:
“Digital information created since 2006 grew tenfold, reaching 1.8 exabytes in
2011, a trend projected to continue; ubiquitous computing is fundamentally
changing how people interact as individuals become untethered from information
sources and their communications tools; and the traces individuals leave when
they interact with the global network will define the capacity to locate,
characterize and understand entities.”1
Contrary to the complaints of the NSA and other Five Eyes agencies that they are ‘going
dark’ and losing the visibility they once had, the Five Eyes intelligence agencies are in
fact the most powerful they’ve ever been. Operating in the shadows and misleading the
public, the agencies boast in secret how they “have adapted in innovative and creative
ways that have led some to describe the current day as ‘the golden age of SIGINT’.”
The agencies are playing a dirty game; not content with following the already permissive
legal processes under which they operate, they’ve found ways to infiltrate all aspects of
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1
NSA SIGINT Strategy, 23 February 2012, available at:
http://www.nytimes.com/interactive/2013/11/23/us/politics/23nsa-sigint-strategy-
document.html?ref=politics&gwh=5E154810A5FB56B3E9AF98DF667AE3C8
! 1!
!
modern communications networks. Forcing companies to handover their customers’

data under secret orders, and secretly tapping fibre optic cables between the same
companies’ data centers anyway. Accessing sensitive financial data through SWIFT, the
world’s financial messaging system, spending years negotiating an international
agreement to regulate access to the data through a democratic and accountable
process, and then hacking the networks to get direct access. Threatening politicians
with trumped up threats of impending cyber-war while operating intrusion operations
that weaken the security of networks globally; sabotaging encryption standards and
standards bodies thereby undermining the ability of internet users to secure information.
Each of these actions have been justified in secret, on the basis of secret interpretations
of international law and classified agreements. By remaining in the shadows, our
intelligence agencies – and the governments who control them – have removed our
ability to challenge their actions and their impact upon our human rights. We cannot hold
our governments accountable when their actions are obfuscated through secret deals
and covert legal frameworks. Secret law has never been law, and we cannot allow our
intelligence agencies to justify their activities on the basis of it.
We must move towards an understanding of global surveillance practices as

fundamentally opposed to the rule of law and to the well-established international human
right to privacy. In doing so, we must break down legal frameworks that obscure the
activities of the intelligence agencies or that preference the citizens or residents of Five
Eyes countries over the global internet population. These governments have carefully
constructed legal frameworks that provide differing levels of protections for internal
versus external communications, or those relating to nationals versus non-nationals,
attempt to circumvent national constitutional or human rights protections governing
interferences with the right to privacy of communications.
This notion must be rejected. The Five Eyes agencies are seeking not only defeat the
spirit and purpose of international human rights instruments; they are in direct violation
of their obligations under such instruments. Human rights obligations apply to all
individuals subject to a State’s jurisdiction. The obligation to respect privacy extends to
the privacy of all communications, so that the physical location of the individual may be
in a different jurisdiction to that where the interference with the right occurs.
This paper calls for a renewed understanding of the obligations of Five Eyes States with
respect to the right to privacy, and demands that the laws and regulations that enable
intelligence gathering and sharing under the Five Eyes alliance be brought into the light.
It begins, in Chapter One, by shining a light on the history and structure of the alliance,
and draws on information disclosed by whistleblowers and investigative journalists to
paint a picture of the alliance as it operates today. In Chapter Two, we argue that the
laws and regulations around which Five Eyes are constructed are insufficiently clear and
accessible to ensure they are in compliance with the rule of law. In Chapter Three, we
turn to the obligations of Five Eyes States under international human rights law and
argue for an “interference-based jurisdiction” whereby Five Eyes States owe a general
duty not to interfere with communications that pass through their territorial borders.
Through such a conceptualization, we argue, mass surveillance is cognisable within a
! 2!
!
human rights framework in a way that provides rights and remedies to affected
individuals.
While the existence of the Five Eyes has been kept secret from the public and
parliaments, dogged investigative reporting from Duncan Campbell, Nicky Hager, and
James Bamford has gone some way to uncovering the extent of the arrangement. Now,
thanks to Edward Snowden, the public are able to understand more about the spying
that is being done in their name than ever before.
Trust must be restored, and our intelligence agencies must be brought under the rule of
law. Transparency around and accountability for these secret agreements is a crucial
first step.
Privacy International to grateful is Ben Jaffey, Caspar Bowden, Dan Squires, Duncan Campbell,
Eric Metcalfe, Ian Brown, James Bamford, Mark Scott, Marko Milanovic, Mathias Vermeulen,
Nicky Hager, Shamik Dutta, for their insight, feedback, discussions, investigation and support.
We are grateful to all of the whistleblowers whose responsible disclosures in the public interest
have brought transparency to the gross violations of human rights being conducted by the
intelligence agencies in our name.
Given the current rapid nature of information disclosures regarding the intelligence agencies, this
paper will be regularly updated to reflect the most accurate understanding we have of the nature
of the Five Eyes arrangement. Any errors or omission are solely attributable to the authors.
Version 1.0 – 26 November 2013
! 3!
!
Chapter 1 – Understanding the Five Eyes
The birth of the Five Eyes alliance
Beginning in 1946, an alliance of five countries (the US, the UK, Australia, Canada and
New Zealand) developed a series of bilateral agreements over more than a decade that
became known as the UKUSA (pronounced yew-kew-zah) agreement, establishing the
Five Eyes alliance for the purpose of sharing intelligence, but primarily signals
intelligence (hereafter “SIGINT”). While the existence of the agreement has been noted
in history books and references are often made to it as part of reporting on the
intelligence agencies, there is little knowledge or understanding outside the services
themselves of exactly what the arrangement comprises.
Even within the governments of the respective countries, which the intelligence agencies
are meant to serve, there has historically been little appreciation for the extent of the
arrangement. The arrangement is so secretive the Australian Prime Minister reportedly
wasn’t informed of its existence until 19732. Former Prime Minister of New Zealand,
David Lange, once remarked that “it was not until I read this book [Nicky Hager’s
“Secret Power”, which detailed GCSB’s history] that I had any idea that we had been
committed to an international integrated electronic network.” He continued: “it is an
outrage that I and other ministers were told so little, and this raises the question of to
whom those concerned saw themselves ultimately answerable.”3
There has been no debate around the legitimacy or purpose of the Five Eyes alliance in
part due to the lack of publicly available information about it. In 2010, the US and UK
declassified numerous documents, including memoranda and draft texts, relating to the
creation of the UKUSA agreement. However, generally the Five Eyes States and their
intelligence services have been far too slow in declassifying information that no longer
needs to be secret, resulting in no mention on any government website of the
arrangement until recently.
The intelligence agencies involved in the alliance are the United States National Security
Agency (NSA), the United Kingdom’s Government Communications Headquarters
(GCHQ), Canada’s Communications Security Establishment Canada (CSEC), the
Australian Signals Directorate (ASD), and New Zealand’s Government Communications
Security Bureau (GCSB).
The extent of the original arrangement is broad and includes the
(1) collection of traffic;

(2) acquisition of communications documents and equipment;
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2
Canada’s role in secret intelligence alliance Five Eyes, CTV News, 8 October 2013, available at:
http://knlive.ctvnews.ca/mobile/the-knlive-hub/canada-s-role-in-secret-intelligence-alliance-five-eyes-
1.1489170
3
Secret Power, Nicky Hager, 1996, page 8 available at: http://www.nickyhager.info/Secret_Power.pdf
! 4!
!
(3) traffic analysis;

(4) cryptanalysis;
(5) decryption and translation; and
(6) acquisition of information regarding communications organizations,
procedures, practices and equipment.
A draft of the original UKUSA agreement, declassified in 2010, explains that the
exchange of the above-listed information
“will be unrestricted on all work undertaken except when specifically excluded from
the agreement at the request of either party to limit such exceptions to the absolute
minimum and to exercise no restrictions other than those reported and mutually
agreed upon.”
Indeed, in addition to facilitating collaboration, the agreement suggests that all

intercepted material would be shared between Five Eyes States by default. The text
stipulates that “all raw traffic shall continue to be exchanged except in cases where one
or the other party agrees to forgo its copy.”
The working arrangement that was reached in 1953 by UKUSA parties explained that
“while Commonwealth countries other than the UK are not party to the UKUSA COMINT
agreement, they will not be regarded as Third Parties.”4 Instead “Canada, Australia and
New Zealand will be regarded as UKUSA-collaborating Commonwealth countries,” also
known as Second Parties. One retired senior NATO intelligence officer has suggested
“there is no formal over-arching international agreement that governs all Five Eyes
intelligence relationships.”5 It is not known how accurate that statement is, or how the
agreement has been modified in subsequent years as the text of the Five Eyes
agreement in its current form has never been made public.
Today, GCHQ simply states it has “partnerships with a range of allies […] [o]ur
collaboration with the USA, known as UKUSA, delivers enormous benefits to both
nations.”6 The NSA makes no direct reference to the UKUSA arrangement or the Five
Eyes States by name, except by way of historical references to partnerships with “the
British and the Dominions of Canada, Australia, and New Zealand” in the
declassification section of their website.7
The original agreement mandated secrecy, stating “it will be contrary to this agreement
to reveal its existence to any third party unless otherwise agreed” resulting in modern
day references to the existence of the agreement by the intelligence agencies remaining
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
4
Appendix J, Principles of UKUSA collaboration with commonwealth countries other than the UK. Page 39,
available at: http://www.nationalarchives.gov.uk/ukusa/
5
Canada and the Five Eyes Intelligence Community, James Cox, Strategic Studies Working Group Papers,
December 2012, page 4, accessible at:
http://www.cdfai.org/PDF/Canada%20and%20the%20Five%20Eyes%20Intelligence%20Community.pdf
6
International Partners, GCHQ website, available at:
http://www.gchq.gov.uk/how_we_work/partnerships/Pages/International-partners.aspx
7
UKUSA Agreement Release 1940-1956, NSA website, available at:
http://www.nsa.gov/public_info/declass/ukusa.shtml
! 5!
!
limited. The existence of the agreement was not acknowledged publicly until March
1999, when the Australian government confirmed that the Defence Signals Directorate
(now Australian Signals Directorate) "does co-operate with counterpart signals
intelligence organisations overseas under the UKUSA relationship."8
Canada’s CSEC9 states it maintains intelligence relationships with NSA, GCHQ, ASD
and GCSB, but only New Zealand’s GCSB10 and ASD11 mention the UKUSA agreement
by name.12
This obfuscation continues, with only cursory mentions made across a wide range of
public policy documents to the existence of an intelligence sharing partnership. For
example the UK Counter-Terrorist Strategy CONTEST, referred to the existence of the
Five Eyes agreement only in passing when stating the UK will “continue to develop our
most significant bilateral intelligence relationship with the US, and the ‘Five Eyes’
cooperation with the US, Australia, Canada and New Zealand.”13
We have been unable to locate any major public strategic policy document that
describes Australia’s, Canada’s, New Zealand’s or the United States’ involvement in the
Five Eyes in any detail.
The extent of Five Eyes collaboration
The close relationship between the five States is evidenced by documents recently
released by Edward Snowden. Almost all of the documents include the classification
“TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL” or “TOP
SECRET//COMINT//REL TO USA, FVEY.” These classification markings indicate the
material is top-secret communications intelligence (aka SIGINT) material that can be
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
8
The state of the art in communications Intelligence (COMINT) of automated processing for intelligence
purposes of intercepted broadband multi-language leased or common carrier systems, and its applicability
to COMINT targetting and selection, including speech recognition, October 1999, page 1, available at:
http://www.duncancampbell.org/menu/surveillance/echelon/IC2000_Report%20.pdf
9
CSEC's International Partnerships, CSEC website, available at: http://www.cse-cst.gc.ca/home-
accueil/about-apropos/peers-homologues-eng.html
10
UKUSA Allies, GCSB website, available at: http://www.gcsb.govt.nz/about-us/UKUSA.html
11
UKUSA Allies, ASD website, available at: http://www.asd.gov.au/partners/allies.htm
12
The New Zealand Prime Minister, John Key, has specifically referred to “Five Eyes” on several
occasions; at his 29 October 2013 press conference, for example, in answer to the question, ‘Do you think
the GCSB was aware of the extent of spying from the NSA on foreign leaders?” he replied: “Well I don’t
know all of the information they exchanged, the discussions they had with their counterparts. They are part
of Five Eyes so they had discussions which are at a much more granular level than I have….”, audio
available at: http://www.scoop.co.nz/stories/HL1310/S00224/pms-press-conference-audio-meridian-
spying-and-fonterra.htm. Similarly, at his 25 October, press conference, with reference to Edward
Snowden, he stated “He has a massive amount of data, we're part of Five Eyes, it's highly likely he's got
information related to New Zealand”, video available at http://www.3news.co.nz/Snowden-highly-likely-to-
have-spy-info/tabid/1607/articleID/322789/Default.aspx#ixzz2lgdCec1I.
13
Securing Britain in an Age of Uncertainty: The Strategic Defence and Security Review, HM Government,
2010, page 46, available at:
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/62482/strategic-defence-
security-review.pdf
! 6!
!
released to the US, Australia, Canada, United Kingdom and New Zealand. The purpose
of the REL TO is to identify classified information that a party has predetermined to be
releasable (or has already been released) through established foreign disclosure
procedures and channels, to a foreign country or international organisation.14 Notably
while other alliances and coalitions exist such as the North Atlantic Treaty Organisation
(e.g. TS//REL TO USA, NATO), European Counter-Terrorism Forces (e.g TS//REL TO
USA, ECTF) or Chemical Weapons Convention States (e.g. TS//REL TO USA, CWCS)
none of the documents that have thus far been made public refer to any of these
arrangements, suggesting the Five Eyes alliance is the preeminent SIGINT collection
alliance.
The arrangement in this way was not just to create a set of principles of collaboration, or
the facilitation of information sharing, but to enable the dividing of tasks between
SIGINT agencies. The agreement explains that
“[a]llocation of major tasks, conferring a one-sided responsibility, is undesirable

and impracticable as a main principle; however, in order that the widest possible
cover of foreign cypher communications be achieved the COMINT agencies of the
two parties shall exchange proposals for the elimination of duplication. In addition,
collaboration between those agencies will take the form of suggestion and mutual
arrangement as to the undertaking of new tasks and changes in status of old
tasks.”15
The continuation of this sharing of tasks between agencies has been acknowledged with
former Defense Secretary Caspar Weinberger observing that the "United States has
neither the opportunity nor the resources to unilaterally collect all the intelligence
information we require. We compensate with a variety of intelligence sharing
arrangements with other nations in the world."16 The Canadian SIGINT agency CSEC
explain how it “relies on its closest foreign intelligence allies, the US, UK, Australia and
New Zealand to share the collection burden and the resulting intelligence yield.”17 Other
former intelligence analysts have confirmed18 there is “task-sharing” between the Five
Eyes groups.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
14
Security Classification Markings—Authorization for ReleaseTo (RELTO)and Dissemination Control/
Declassification Markings, USTRANSCOM Foreign Disclosure Office, available at:
http://www.transcom.mil/publications/showPublication.cfm?docID=04A4D891-1EC9-F26D-
0715CB3E5AF1309B
15
Appendix E, Co-ordination of, and exchange of information on, cryptanalysis and associated
techniques. page 34, available at: http://www.nationalarchives.gov.uk/ukusa/PDF page 34
16
Declaration of the Secretary of Defence Caspar W Weinberger in USA v Jonathan Pollard, 1986.
Available at: http://www2.gwu.edu/~nsarchiv/NSAEBB/NSAEBB407/docs/EBB-PollardDoc6.pdf
17
Safeguarding Canada's security through information superiority, CSEC website, available at:
http://www.cse-cst.gc.ca/home-accueil/media/information-eng.html
18
Britain’s GCHQ ‘the brains,’ America’s NSA ‘the money’ behind spy alliance, Japan Times, 18th
November, 2013, accessible at: http://www.japantimes.co.jp/news/2013/11/18/world/britains-gchq-the-
brains-americas-nsa-the-money-behind-spy-alliance/#.UozmbMvTnqB
! 7!
!
The level of co-operation under the UKUSA agreement is so complete that "the national
product is often indistinguishable."19 This has resulted in former intelligence officials
explaining that the close-knit cooperation that exists under the UKUSA agreement
means “that SIGINT customers in both capitals seldom know which country generated
either the access or the product itself.”20 Another former British spy has said that
“[c]ooperation between the two countries, particularly, in SIGINT, is so close that it
becomes very difficult to know who is doing what [...] it’s just organizational mess.”21
The division of SIGINT collection responsibilities
Investigative journalist Duncan Campbell explains that historically
“[u]nder the UKUSA agreement, the five main English-speaking countries took
responsibility for overseeing surveillance in different parts of the globe. Britain's
zone included Africa and Europe, east to the Ural Mountains of the former USSR;
Canada covered northern latitudes and polar regions; Australia covered Oceania.
The agreement prescribed common procedures, targets, equipment and methods
that the SIGINT agencies would use.”22
More recently an ex-senior NATO intelligence officer elaborated on this point, saying
“[e]ach Five Eyes partner collects information over a specific area of the globe
[…] but their collection and analysis activities are orchestrated to the point that
they essentially act as one. Precise assignments are not publicly known, but
research indicates that Australia monitors South and East Asia emissions. New
Zealand covers the South Pacific and Southeast Asia. The UK devotes attention to
Europe and Western Russia, while the US monitors the Caribbean, China, Russia,
the Middle East and Africa.”23
Jointly run operations centres
In addition to fluidly sharing collected SIGINT, it is understood that many intelligence

facilities run by the respective Five Eyes countries are jointly operated, even jointly
staffed, by members of the intelligence agencies of Five Eyes countries. Each facility
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
19
Robert Aldrich (2006) paper 'Transatlantic Intelligence and security co-operation', available at:
http://www2.warwick.ac.uk/fac/soc/pais/people/aldrich/publications/inta80_4_08_aldrich.pdfIntelligence'
20
S. Lander, 'International intelligence cooperation: an inside perspective', in Cambridge Review of
International Affairs, 2007, vol. 17, n°3, p.487.
21
Britain’s GCHQ ‘the brains,’ America’s NSA ‘the money’ behind spy alliance, Japan Times, 18th
November, 2013, accessible at: http://www.japantimes.co.jp/news/2013/11/18/world/britains-gchq-the-
brains-americas-nsa-the-money-behind-spy-alliance/#.UozmbMvTnqB
22
Inside Echelon, Duncan Campbell, 2000, available at: http://www.heise.de/tp/artikel/6/6929/1.html
23
Canada and the Five Eyes Intelligence Community, James Cox, Strategic Studies Working Group
Papers, December 2012, accessible at:
page 6
! 8!
!
collects SIGINT, which can then be shared with the other Five Eyes States.
An earlier incarnation of ASD, the Defence Signals Branch in Melbourne,24 was

described in the original 1956 UKUSA agreement as
“not purely a national centre. It is and will continue to be a joint U.K – Australian –
New Zealand organization manned by and integrated staff. It is a civilian
organization under the Australian Department of Defence and undertakes COMINT
tasks as agreed between the COMINT governing authorities of Australia and New
Zealand on the one hand and the London Signal Intelligence Board on the other.
On technical matters control is exercised by GCHQ on behalf of the London Signal
Intelligence Board.”
This jointly run operation has continued, with the Australian Joint Defence Facility at Pine
Gap being staffed by both Australian and US intelligence officers. The facility collects
intelligence that is jointly used and analysed.25 In fact, only half of the staff are
Australian,26 with US intelligence operatives from NSA and other agencies likely
accounting for the rest. An American official runs the base itself, with the posting being
considered “a step towards promotion into the most senior ranks of the US intelligence
community” with an Australian acts as deputy.27 With such an overwhelming US
presence, it is likely that that majority of the cost of running is base is paid for by the US;
the Australian Defence Department says Australia’s contribution to Pine Gap’s in 2011-
12 was a mere AUS$14 million.28
The systems run at the base are tied into the largest Five Eyes intelligence structure with
“personnel sitting in airconditioned offices in central Australia [being] directly linked, on
a minute-by-minute basis, to US and allied military operations in Afghanistan and indeed
anywhere else across the eastern hemisphere.” 29 As a result it has been reported that
“[t]he practical reality is that Pine Gap's capabilities are now deeply and inextricably
entwined with US military operations, down to the tactical level, across half the world.”30
The New Zealand GCSB was similarly entwined with the NSA: the GCSB’s Director of
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
24
See: “The Defence Signals Bureau was established in 1947, as part of the Department of Defence, with
responsibility for maintaining a national sigint capability in peacetime. In 1977, DSD assumed its current
name” available at: http://www.dpmc.gov.au/publications/intelligence_inquiry/chapter7/4_dsd.htm
25
Pine Gap drives US drone kills, The Age, 21st July 2013, available at:
http://www.smh.com.au/national/pine-gap-drives-us-drone-kills-20130720-2qbsa.html
26
Australian outback station at forefront of US spying arsenal, The Sydney Morning Herald, 26th July 2013,
available at: http://www.smh.com.au/it-pro/security-it/australian-outback-station-at-forefront-of-us-spying-
arsenal-20130726-hv10h.html
27
28
29
30
! 9!
!
Policy and Plans from 1984-1987, for example, was an NSA employee.31
In addition to bases in Australia and New Zealand, Britain’s history of Empire left GCHQ
with a widespread network of SIGINT outposts. Intelligence stations in Bermuda,
Cyprus, Gibraltar, Singapore and Hong Kong have all played critical collection roles over
the past 60 years.
One of the largest listening posts outside the US is based in northern England, yet has
been under US ownership since the 1950s. In 1996 the base was renamed RAF Menwith
Hill and it was reported that for the first time the Union Jack was raised alongside the
Stars and Stripes. David Bowe, MEP for Cleveland and Richmond, said this was
“designed to mislead” and that "[m]y information is that the RAF representation on the
base amounts to one token squadron leader. The name change was presumably decided
to make the whole site look more benign and acceptable."32 The base was the subject of
a six billion pound investment over last 20 years, with the majority of that likely to be US
funds.33
Other bases, such as GCHQ’s operation in the South West of England at Bude, are also
jointly staffed. The Guardian reported34 that in addition to jointly developing the
TEMPORA program, 300 analysts from GCHQ and 250 from the NSA were located at
Bude and directly assigned to examine material collected under the programme.
In his seminal report Interception Capabilities 2000, Duncan Campbell named a number
of foreign or jointly run NSA bases. He wrote
“[t]he US Air Force installed 500 metre wide arrays known as FLR-9 at sites
including Chicksands, England, San Vito dei Normanni in Italy, Karamursel in
Turkey, the Philippines, and at Misawa, Japan. Codenamed "Iron Horse", the first
FLR-9 stations came into operation in 1964. The US Navy established similar bases
in the US and at Rota, Spain, Bremerhaven, Germany, Edzell, Scotland, Guam, and
later in Puerto Rico, targeted on Cuba.”35
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
31
A fact unknown to the Prime Minister at the time: Hager, Secret Power, p. 21.
32
US spy base `taps UK phones for MI5', The Independant, 22 September 1996, available at:
http://www.independent.co.uk/news/uk/home-news/us-spy-base-taps-uk-phones-for-mi5-1364399.html
33
US spy base `taps UK phones for MI5', The Independant, 22 September 1996, available at:
http://www.independent.co.uk/news/uk/home-news/us-spy-base-taps-uk-phones-for-mi5-1364399.html
34
An early version of TEMPORA is referred to as the Cheltenham Processing Centre, additionally
codenamed TINT, and is described as a "joint GCHQ/NSA research initiative". The Guardian quotes an
internal GCHQ report that claims "GCHQ and NSA avoid processing the same data twice and proactively
seek to converge technical solutions and processing architectures." It was additionally reported that NSA
provided GCHQ with the technology necessary to sift through the material collected. The Guardian
reported that 300 analysts from GCHQ and 250 from NSA were directly assigned to examine the collected
material, although the number is now no doubt much larger. GCHQ have had staff examining collected
material since the project’s incarnation in 2008, with NSA analysts brought to trials in Summer 2011. Full
access was provided to NSA by Autumn 2011. An additional 850,000 NSA employees and US private
contractors with top secret clearance reportedly also have access to GCHQ databases
35
! 10!
!
Many of these sites remain active, as an NSA presentation displaying the primary foreign
collection operations bases shows. The presentation36 details both the US sites
distributed around the world as well as the 2nd party bases as follows:
Type Location Country Codename

US site Yakima US JACKNIFE
US site Sugar Grove US TIMBERLINE
US site Sabana Seca Puerto Rico CORALINE
US site Brasillia Brasil SCS
US site Harrogate (aka Menwith UK MOONPENNY
Hill)
US site Bad Aibling37 Germany GARLICK
US site New Delhi India SCS
US site Thailand Thailand LEMONWOOD
US site Misawa38 Japan LADYLOVE
2nd Party Bude UK CARBOY
2nd Party Oman Oman SNICK
2nd Party Nairobi Kenya SCAPEL
2nd Party Geraldton Australia STELLAR
2nd Party Cyprus Cyprus SOUNDER
2nd Party New Zealand New Zealand IRONSAN
It is important to note that, just because a base is being operated from within a
particular country, this does not forestall Five Eyes parties from collecting intelligence
therein on the host country. Ex-NSA staff have confirmed that communications are
monitored from “almost every nation in the world, including the nations on whose soil
the intercept bases are located.”39
Intelligence collection, analysis and sharing activities
It is believed that much of the intelligence collected under the Five Eyes arrangement can
be accessed by any of the Five Eyes partners at any time. Some codenamed
programmes that have been revealed to the public over the last decade go some way to
illustrating how the Five Eyes alliance collaborates on specific programmes of activity
and how some of this information is shared. It should be noted that these are just a
selection of programmes that have been made public, and are likely to represent a tiny
fraction of the joint collection undertaken by Five Eyes partners. Nevertheless these
codenamed programmes reveal just how integrated the Five Eyes SIGINT collection and
analysis methods are, and the existence of shared SIGINT tools and technologies
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
36
New slides about NSA collection programs, Electrospaces blog, 16th July, 2013, available at:
http://electrospaces.blogspot.co.uk/2013/07/new-slides-about-nsa-collection-programs.html
37
Bad Aibling Station, Wikipedia, available at: http://en.wikipedia.org/wiki/Bad_Aibling_Station
38
http://www.misawa.af.mil/ and http://www2.gwu.edu/~nsarchiv/NSAEBB/NSAEBB23/docs/doc12.pdf
39
! 11!
!
themselves.
As early as the 1980s, Five Eyes countries used a “global Internet-like communication
network to enable remote intelligence customers to task computers at each collection
site, and receive the results automatically.”40 This network was known as ECHELON and
was revealed to the public in 1988 by Duncan Campbell.41 An often-misunderstood term,
ECHELON is in fact a
“code name given by the NSA (U.S. National Security Agency) to a system that
collects and processes information derived from intercepting civil satellite
communications. The information obtained at ECHELON stations is fed into the
global communications network operated jointly by the SIGINT organisations of
the United States, United Kingdom, Australia, Canada and New Zealand.
ECHELON stations operate automatically. Most of the information that is selected
is automatically fed into the world-wide network of SIGINT stations.”42
It is not known how long the ECHELON programme continued in that form, but the NSA
went on to develop programmes such as THINTHREAD, which emerged at the turn of
the millennium. THINTHREAD was a sophisticated SIGINT analysis tool used "to create
graphs showing relationships and patterns that could tell analysts which targets they
should look at and which calls should be listened to."43 One of the creators of
THINTHREAD, Bill Binney described the tool to the New Yorker:
“As Binney imagined it, ThinThread would correlate data from financial
transactions, travel records, Web searches, G.P.S. equipment, and any other
"attributes" that an analyst might find useful in pinpointing "the bad guys." By 2000,
Binney, using fibre optics, had set up a computer network that could chart
relationships among people in real time. It also turned the N.S.A.'s data-collection
paradigm upside down. Instead of vacuuming up information around the world
and then sending it all back to headquarters for analysis, ThinThread processed
information as it was collected – discarding useless information on the spot and
avoiding the overload problem that plagued centralized systems. Binney says,
"The beauty of it is that it was open-ended, so it could keep expanding." 44
This programme was distributed around the world and trialed in conjunction with the Five
Eyes partners. Tim Shorrock explains:
“The THINTHREAD prototype went live in the fall of 2000 and […] several allied
foreign intelligence agencies were given the programme to conduct lawful
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
40
41
Somebody's listening, New Statesmen, 12 August 1988, available at:
http://web.archive.org/web/20070103071501/http://duncan.gn.apc.org/echelon-dc.htm
42
http://www.duncancampbell.org/menu/surveillance/echelon/IC2001-Paper1.pdf, page 2.
43
US spy device 'tested on NZ public', The New Zealand Herald, 25th May 2013, available at:
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10886031
44
The Secret Sharer, The New Yorker, 23 May 2011, available at:
http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_mayer?currentPage=all
! 12!
!
surveillance in their own corners of the world. Those recipients included Canada,
[…] Britain, Australia and New Zealand.”45
Analysis tools such as these have been developed in secret over many years, often at
huge cost. That this tool was shared, even in trial version with Five Eyes partners, is an
important indicator of how tightly integrated the relationship is. Subsequent related
programmes codenamed TRAILBLAZER, TURBULENCE and TRAFFICTHIEF were later
adopted and used by Five Eyes partners.46
More recently, the Guardian reported47 that 300 analysts from GCHQ and 250 from the
NSA were directly assigned to examine material collected under the TEMPORA
programme. By placing taps at key undersea fibre optic cable landing stations, the
programme is able to intercept a significant portion of the communications that
traverses the UK. TEMPORA stores content for three days and metadata for 30 days.
Once content and data are collected, they can be filtered.
The precise nature of GCHQ’s filters remains secret. Filters could be applied based on
type of traffic (e.g. Skype, Facebook, Email), origin/destination of traffic, or to conduct
basic keyword searches, among many other purposes. Reportedly, approximately 40,000
search terms have been chosen and applied by GCHQ, and another 31,000 by the NSA
to information collected via TEMPORA.
GCHQ have had staff examining collected material since the project’s inception in 2008,
with NSA analysts brought to trial runs of the technology in summer 2011. Full access
was provided to NSA by autumn 2011. An additional 850,000 NSA employees and US
private contractors with top-secret clearance reportedly also have access to GCHQ
databases. GCHQ boasted that it had “given the NSA 36% of all the raw information
the British had intercepted from computers the agency was monitoring.”48 Additional
reporting from GCHQ internal documents explains how they "can now interchange
100% of GCHQ End Point Projects with NSA."49
GCHQ received £100 million ($160 million) in secret NSA funding over the last three
years to assist in the running of this project. This relationship was characterized by Sir
David Omand, former Director of GCHQ, as “a collaboration that’s worked very well
[…] [w]e have the brains; they have the money.”50
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
45
http://motherboard.vice.com/blog/the-nsa-reportedly-tested-its-top-spyware-on-new-zealand
46
http://www.smh.com.au/world/snowden-reveals-australias-links-to-us-spy-web-20130708-2plyg.html
47
An early version of TEMPORA is referred to as the Cheltenham Processing Centre, additionally
codenamed TINT, and is described as a "joint GCHQ/NSA research initiative". The Guardian quotes an
internal GCHQ report that claims "GCHQ and NSA avoid processing the same data twice and proactively
seek to converge technical solutions and processing architectures." It was additionally reported that NSA
provided GCHQ with the technology necessary to sift through the material collected.
48
http://www.theguardian.com/world/2013/nov/02/nsa-portrait-total-surveillance
49
GCHQ: Inside the top secret world of Britain’s biggest spy agency, The Guardian, 2 August 2013,
available at http://www.theguardian.com/world/2013/aug/02/gchq-spy-agency-nsa-snowden
50
http://www.japantimes.co.jp/news/2013/11/18/world/britains-gchq-the-brains-americas-nsa-the-money-
behind-spy-alliance/
! 13!
!
Liaison officers are charged with the ultimate responsibility of ensuring continued
harmony and cooperation between their agencies and as James Bamford, author or
multiple books on the NSA explains “it is the senior liaison officers, the SIGINT
community's version of ambassadors, who control the day-to-day relations between the
UKUSA partners. And it is for that reason that the post of SUSLO (Office of the Senior
United States Liaison Officer) at NSA is both highly prized and carefully considered.”51
These positions to facilitate co-operation continue to exist throughout the arrangement.
A recent diplomatic cable from the US Ambassador in Wellington, New Zealand,
released by WikiLeaks, noting that “[t]he National Security Agency (NSA) has requested
a new, permanent position in Wellington.”52 The cable went on to state:
“The new position will advance US interests in New Zealand by improving liaison
and cooperation on vital signals intelligence matters. This is an area where the US
and NZ already work together closely and profitably, and continuing to build and
expand that relationship clearly stands to benefit both countries. This is especially
true in the post-September 11 environment, where NZ SIGINT capabilities
significantly enhance our common efforts to combat terrorism in the region and the
world.”
It is believed that much of the intelligence collected under the Five Eyes arrangement can
be accessed by any of the Five Eyes partners at any time. Shared NSA-GCHQ wikis are
used by both parties to exchange surveillance tips53 and leaked NSA documents reveal
that different Five Eyes partners have created shared and integrated databases, as
revealed by one NSA document that references “GCHQ-accessible 5-eyes [redacted]
databases.”54 One Guardian article explained:
“Gaining access to the huge classified data banks appears to be relatively easy.
Legal training sessions – which may also be required for access to information from
Australian, Canadian, or New Zealand agencies – suggest that gaining credentials
for data is relatively easy. The sessions are often done as self-learning and self-
assessment, with "multiple choice, open-book" tests done at the agent's own desk
on its "iLearn" system. Agents then copy and paste their passing result in order to
gain access to the huge databases of communications.”55
A core programme that provides this capability is known as XKEYSCORE. That has been
described by internal NSA presentations as an “analytic framework” which enables a
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
51
The Puzzle Palace: A Report on America's Most Secret Agency, James Bamford, accessible at:
http://cryptome.org/jya/pp08.htm
52
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10695100
53
http://mobile.nytimes.com/2013/11/03/world/no-morsel-too-minuscule-for-all-consuming-
nsa.html?pagewanted=2,all&hp=&_r=0; the New Zealand GCSB’s 2001/2012 Annual Report refers the
GCSB being able “to leverage off the training programmes of its overseas partners to increase
opportunities for staff to develop their tradecraft skills. Available at:
http://www.gcsb.govt.nz/newsroom/annual-reports/Annual%20Report%202012.pdf, p. 11.
54
US and UK struck secret deal to allow NSA to 'unmask' Britons' personal data, 20 August 2013, available
at: http://www.theguardian.com/world/2013/nov/20/us-uk-secret-deal-surveillance-personal-data#
55
Portrait of the NSA: no detail too small in quest for total surveillance, 2 November 2013, accessible at:
! 14!
!
single search to query a “3-day rolling buffer” of “all unfiltered data” stored at 150
global sites on 700 database servers.56
The NSA XKEYSCORE system has sites that appear in Five Eyes countries,57 with the
New Zealand’s Waihopai Station, Australia’s Pine Gap, Shoal Bay, Riverina and
Geraldton Stations, and the UK’s Menwith Hill base all present. It has been confirmed
that all these bases use XKEYSCORE and “contribute to the program.”58 The system
indexes e-mail addresses, file names, IP addresses and port numbers, cookies, webmail
and chat usernames and buddylists, phone numbers, and metadata from web browsing
sessions including searches queried among many other types of data that flows through
their collection points. It has been reported that XKEYSCORE
“processes all signals before they are shunted off to various "production lines"
that deal with specific issues and the exploitation of different data types for
analysis - variously code-named NUCLEON (voice), PINWALE (video), MAINWAY
(call records) and MARINA (internet records)”59
One of these programmes, MARINA, “has the ability to look back on the last 365 days'
worth of DNI metadata seen by the SIGINT collection system, regardless whether or not
it was tasked for collection”60 giving Five Eyes partners the ability to look back on a full
year's history for any individual whose data was collected – either deliberately or
incidentally – by the system.
The no-spy deal myth
While UKUSA is often reported as having created a ‘no spy pact’ between Five Eyes
States, there is little in the original text to support such a notion. Crucially, first and
foremost no clause exists that attempts in any form to create such an obligation.
Instead, if anything the converse is true: the scope of the arrangement consciously
carves out space to permit State-on-State spying even by parties to UKUSA. It limits the
scope to governing the “relations of above-mentioned parties in communications
intelligence matters only” and more specifically that the “exchange of such … material
… is not prejudicial to national interests.”61
Additionally, while the text mandates that each party shall “maintain, in the country of
the other, a senior liaison officer accredited to the other,” once again the text is
caveated, stating that
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
56
http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-program-full-presentation
57
http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-program-full-presentation
page 5
58
59
60
http://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents
61
page 9
! 15!
!
“[l]iaison officers of one party shall normally have unrestricted access to those
parts of the other’s agencies which are engaged directly in the production of
COMINT, except such parts thereof which contain unexchangable information.”62
As best can be ascertained, therefore, it seems there is no prohibition on intelligence-

gathering by Five Eyes States with respect to the citizens or residents of other Five Eyes
States. There is instead, it seems, a general understanding that citizens will not be
directly targeted, and where communications are incidentally intercepted there will be an
effort to minimize the use and analysis thereof by the intercepting State. This analysis
has been confirmed by a leaked draft 2005 NSA directive entitled “Collection,
Processing and Dissemination of Allied Communications.”63 This directive carries the
classification marking “NF” meaning “No Foreign”, short for “NOFORN” or "Not
Releasable to Foreign Nationals." The directive states:
“Under the British-U.S. Communications Intelligence Agreement of 5 March 1946

(commonly known as the United Kingdom/United States of American (UKUSA)
Agreement), both governments agreed to exchange communications intelligence
products, methods and techniques as applicable so long as it was not prejudicial
to national interests. This agreement has evolved to include a common
understanding that both governments will not target each other’s
citizens/persons. However when it is in the best interest of each nation, each
reserve the right to conduct unilateral COMINT against each other’s
citizens/persons. Therefore, under certain circumstances, it may be advisable and
allowable to target Second Party persons and second party communications
systems unilaterally when it in the best interests of the U.S and necessary for U.S
national security. Such targeting must be performed exclusively within the
direction, procedures and decision processes outlined in this directive.”64
The directive continues:
“When sharing the planned targeting information with a second party would be
contrary to US interests, or when the second party declines a collaboration
proposal, the proposed targeting must be presented to the signals intelligence
director for approval with justification for the criticality of the proposed collection.
If approved, any collection, processing and dissemination of the second party
information must be maintained in NoForn channels." 65
Significantly, the details of some NSA programmes, not intended to be shared with Five
Eyes countries, indicate that intelligence collection is taking place in Five Eyes partner
countries. NSA’s big data analysis and data visualization system BOUNDLESS
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
62
page 23
63
64
Draft 2005 directive, reprinted in “US and UK struck secret deal to allow NSA to 'unmask' Britons'
personal data,” The Guardian, 20 August 2013, available at:
http://www.theguardian.com/world/2013/nov/20/us-uk-secret-deal-surveillance-personal-data#
65
Ibid.
! 16!
!
INFORMANT66 are marked “TOP SECRET//SI//NOFORN”. These documents show that

in March 2013 the agency collected 97 billion pieces of intelligence from computer
networks worldwide. The document grades countries based on a color scheme of green
(least subjected to surveillance) through to yellow and orange and finally, red (most
surveillance). Five Eyes partners are not excluded from the map and instead are shaded
green, which is suggestive that some collection of these States’ citizens or
communications is occurring.
Changes to the original arrangement, however, suggest a convention is in place

between at least two of the Five Eyes partners – UK and US – that prevents deliberate
collection or targeting of each other’s citizens unless authorised by the other State. The
2005 draft directive states: “[t]his agreement [UKUSA] has evolved to include a common
understanding that both governments will not target each other’s citizens/persons.” This
of course has not prevented spying without consent, but it appears it is preferable that
when Five Eyes partners want to spy on another member of the agreement, they do so
with the other country’s consent. It is unclear on what basis consent may be given or
withheld, but the directive explains:
"There are circumstances when targeting of second party persons and

communications systems, with the full knowledge and co-operation of one or more
second parties, is allowed when it is in the best interests of both nations."67
The directive goes on to state that these circumstances might include "targeting a UK
citizen located in London using a British telephone system;" "targeting a UK person
located in London using an internet service provider (ISP) in France;” or "targeting a
Pakistani person located in the UK using a UK ISP."
Historically, the Five Eyes members expected each other to make attempts to minimise
the retention and dissemination of information about Five Eyes partners once
intercepted. Duncan Campbell explains:
“New Zealand officials were instructed to remove the names of identifiable UKUSA
citizens or companies from their reports, inserting instead words such as "a
Canadian citizen" or "a US company". British COMINT staff have described
following similar procedures in respect of US citizens following the introduction of
legislation to limit NSA's domestic intelligence activities in 1978. The Australian
government says that "DSD and its counterparts operate internal procedures to
satisfy themselves that their national interests and policies are respected by the
others … the Rules [on SIGINT and Australian persons] prohibit the dissemination
of information relating to Australian persons gained accidentally during the course
of routine collection of foreign communications; or the reporting or recording of the
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
66
David Cameron's phone 'not monitored' by US, BBC News, 26th October 2013, available at:
http://www.theguardian.com/world/interactive/2013/jun/08/nsa-boundless-informant-data-mining-slides
67
! 17!
!
names of Australian persons mentioned in foreign communications."68
A 2007 document explains that this is no longer an expectation, as the Five Eyes are
consenting to the broad trawling of data incidentally intercepted by other Five Eyes
partners. The document explains:
"Sigint [signals intelligence] policy … and the UK Liaison Office here at NSAW
[NSA Washington] worked together to come up with a new policy that expands the
use of incidentally collected unminimized UK data in SIGINT analysis[…] Now SID
analysts can unminimize all incidentally collected UK contact identifiers, including IP
and email addresses, fax and cell phone numbers, for use in analysis."69
Outside the Second Party partners that make up the Five Eyes, there is no ambiguity
about who else can be spied on, including third party partners. An internal NSA
presentation made clear “[w]e can, and often do, target the signals of most 3rd party
foreign partners.”70 In other words, the intelligence services of the Five Eyes agencies
may spy on each other, with some expectation that they will be consulted when this
occurs; everyone else is fair game, even if they have a separate intelligence-sharing
agreement with one or several Five Eyes members.
This understanding that allies may still be spied upon has been echoed in other public
statements made by the US, which in the wake of the Snowden revelations has
confirmed, through an unnamed senior official, that "we have not made across the
board changes in policy like, for example, terminating intelligence collection that might
be aimed at all allies."71
Spying on heads of State
Questions remain, however, as to whether arrangements within Five Eyes may prevent
the surveillance of the respective heads of States of Five Eyes partners. It has been
confirmed by the White House that UK Prime Minister David Cameron’s communications
“have not, are not and will not be monitored by the US.”72 However, while New Zealand
Prime Minister John Key has agreed that he is satisfied that the US has not spied on him
and that he is “confident of the position,” he will not confirm whether this is because the
Five Eyes members have agreed to this.73 Additionally after German Chancellor Angela
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
68
http://www.duncancampbell.org/menu/surveillance/echelon/IC2000_Report%20.pdf page 3
69
http://www.theguardian.com/world/2013/nov/20/us-uk-secret-deal-surveillance-personal-data#
70
http://www.spiegel.de/international/world/secret-documents-nsa-targeted-germany-and-eu-buildings-a-
908609.html
71
Feinstein: White House Will Stop Spying on Allies. White House: Not So Fast , The Atlantic Wire, 28th
October 2013, available at: http://www.thewire.com/politics/2013/10/sen-feinstein-white-house-will-stop-
spying-allies/71023/
72
http://www.bbc.co.uk/news/uk-politics-24668861
73
John Key, 29 October 2013, Post-Cabinet Press Conference, audio available at:
http://www.scoop.co.nz/stories/HL1310/S00224/pms-press-conference-audio-meridian-spying-and-
fonterra.htm
Key confident US didn't spy on him, Stuff.co.nz, 29th October 2013, available at:
http://www.stuff.co.nz/national/politics/9338530/Key-confident-US-didn-t-spy-on-him
! 18!
!
Merkel demanded74 that the United States sign a no-spy agreement to prohibit the
bilateral spying between nations, the US has indicated that while they would be willing to
engage in "a new form of collaboration” a no-spy pact is not on the table.75
Allied spying more broadly is a common activity. In 1960, when Bernon Mitchell and
William Martin infamously defected to the Soviet Union, they revealed the scope of
NSA’s activities, reporting that:
“We know from working at NSA [that] the United States reads the secret
communications of more than forty nations, including its own allies… NSA keeps
in operation more than 2000 manual intercept positions… Both enciphered and
plain text communications are monitored from almost every nation in the world,
including the nations on whose soil the intercept bases are located.”76
Other surveillance partnerships
Over almost seven decades, the Five Eyes alliance has splintered notably only once
when, in 1985, New Zealand’s new Labour Government refused to allow a US ship to
visit New Zealand, in accordance with the government’s anti-nuclear policy (not to allow
ships into its New Zealand waters without confirmation they were neither nuclear-
powered, nor carrying nuclear weapons). This policy was turned into law in 1987 with the
creation of the New Zealand Nuclear Free Zone.77 The political fallout from the
introduction of the policy included the splintering off of New Zealand, at least
temporarily, from the Five Eyes, and the creation of a Four Eyes alliance with the
acronym ACGU. This split has been confirmed in a number of military classification
marking documents.78 It is understood that there was some distancing of New Zealand
from the Five Eyes in the years immediately following the incident, but that the schism
was less significant than previously thought;79 by making reference to documents dated
in the past decade, released as part of the Snowden leaks, it is clear that New Zealand
remains an integral part of the Five Eyes alliance.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
74
Germany to seek ‘no spying’ deal with US, Financial Times, 12th August 2013, available at:
http://www.ft.com/cms/s/0/67eef7f4-0375-11e3-980a-00144feab7de.html
75
Germans Rejected: US Unlikely to Offer 'No-Spy' Agreement, Der Spiegel, 12th November 2013,
available at: http://www.spiegel.de/international/germany/us-declines-no-spy-pact-with-germany-but-
might-reveal-snowden-secrets-a-933006.html
76
77
New Zealand Nuclear Free Zone, Disarmament, and Arms Control Act 1987: s 9(2) states “The Prime
Minister may only grant approval for the entry into the internal waters of New Zealand by foreign warships
if the Prime Minister is satisfied that the warships will not be carrying any nuclear explosive device upon
their entry into the internal waters of New Zealand.” Section 11 states “Entry into the internal waters of
New Zealand by any ship whose propulsion is wholly or partly dependent on nuclear power is prohibited.”)
78
http://www.afcea.org/events/pastevents/documents/LWN11_Track_1_Session_5.pdf;
https://www2.centcom.mil/sites/foia/rr/CENTCOM%20Regulation%20CCR%2025210/Wardak%20CH-
47%20Investigation/r_EX%2060.pdf
79
See, Nicky Hager, Secret Power, 1996, pp. 23-24.
! 19!
!
Additionally, other ‘Eyes-like’ relationships exist, in various forms with membership

ranging through 3-, 4-, 6-, 7-, 8-, 9- and 10- and 14-Eyes communities. These ‘Eyes’
reference different communities with varying focuses dealing with military coalitions,
intelligence partnerships with many having established dedicated communication
networks.80 The Guardian describes two such arrangements:
“the NSA has other coalitions, although intelligence-sharing is more restricted for
the additional partners: the 9-Eyes, which adds Denmark, France, the Netherlands
and Norway; the 14-Eyes, including Germany, Belgium, Italy, Spain and Sweden;
and 41-Eyes, adding in others in the allied coalition in Afghanistan.”81
This is supported by statements made by an ex-senior NATO intelligence officer:
"The Five Eyes SIGINT community also plays a ‘core’ role in a larger galaxy of
SIGINT organizations found in established democratic states, both west and east.
Five Eyes ‘plus’ gatherings in the west include Canada’s NATO allies and
important non-NATO partners such as Sweden. To the east, a Pacific version of
the Five Eyes ‘plus’ grouping includes, among others, Singapore and South Korea.
Such extensions add ‘reach’ and ‘layering’ to Five Eyes SIGINT capabilities."82
A New York Times article83 again confirms such groups exist by acknowledging "[m]ore
limited cooperation occurs with many more countries, including formal arrangements
called Nine Eyes and 14 Eyes and Nacsi, an alliance of the agencies of 26 NATO
countries." Different intelligence co-operation groups also exist outside the broader
abovementioned structures dealing with narrower areas of collaboration.84 Within these
groups, no attempt to create a no-spy deal has been made; these countries "can gather
intelligence against the United States through CNE (computer network exploitation) and
therefore share CNE and CND (Computer Network Defense) can sometimes pose clear
risks."85
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
80
http://electrospaces.blogspot.co.uk/2013/11/five-eyes-9-eyes-and-many-more.html
81
82
page 7
83
No Morsel Too Minuscule for All-Consuming N.S.A. , New York Times, 2nd November, 2013
http://mobile.nytimes.com/2013/11/03/world/no-morsel-too-minuscule-for-all-consuming-
nsa.html?pagewanted=2,all&hp=&_r=0
84
One co-operation group is mentioned in an NSA document entitled “sharing computer networking
operations cryptologic information with foreign partners”. This document names the Five Eyes partnership
a “Tier A” group that has ‘comprehensive cooperation.’ The much larger “Tier B” of 19 countries has
‘focused co-operation’ and is mostly made up of European States, except Japan, Turkey and South Korea.
The full list includes Austria, Belgium, Czech Republic, Denmark, Germany, Greece, Hungry, Iceland, Italy,
Japan, Luxembourg, Netherlands, Norway, Poland, Portugal, South Korea, Spain, Sweden, Switzerland
and Turkey.
El CNI facilitó el espionaje masivo de EEUU a España , El Mundo, 10th October, 2013, accessible at:
http://www.elmundo.es/espana/2013/10/30/5270985d63fd3d7d778b4576.html
85
El CNI facilitó el espionaje masivo de EEUU a España , El Mundo, 10th October, 2013, accessible at:
http://www.elmundo.es/espana/2013/10/30/5270985d63fd3d7d778b4576.html
! 20!
!
It was reported86 in 2010 when the UKUSA documents were first released, that “Norway
joined [the eavesdropping network] in 1952, Denmark in 1954, and Germany in 1955”
and that “Italy, Turkey, the Philippines and Ireland are also members.” This however has
been contested with a journalist working on the current Snowden documents staying
they were “confused by that reference.”87
The NATO Special Committee, made up of the heads of the security services of NATO
member countries, also provides a platform for intelligence sharing, although due to the
alliances diverse and growing membership it is thought there are concerns about sharing
sensitive military and SIGINT documents on a systematic basis.88 As explained by
Scheinen and Vermeulen,89 however:
“The Agreement between the parties to the North Atlantic Treaty for the security of
information of 1949 is quite short, but article 5 for instance gives states carte
blanche ‘to make any other agreement relating to the exchange of classified
information originated by them,’ leaving room for many technically detailed
arrangements in which the actual cooperation is being regulated.”
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
86
http://www.theguardian.com/world/2010/jun/25/intelligence-deal-uk-us-released
87
https://twitter.com/jamesrbuk/status/403643887685611520
88
The 28 NATO countries are Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark,
Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Lithuania, Luxembourg, Netherlands,
Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Turkey, United Kingdom, United States,
89
Scheinin, M and Vermeulen, M, “Intelligence cooperation in the fight against terrorism through the lens
of human rights law and the law of state responsibility,” in Born, Leigh and Wills (eds), International
Intelligence Cooperation and Accountability (Oxon: Routledge, 2011), 256.
! 21!
!
Chapter Two – Secret law is not law
The intelligence agencies of the Five Eyes countries conduct some of the most
important, complex and far-reaching activities of any State agency, and they do so
under behind the justification of a thicket of convoluted and obfuscated legal and
regulatory frameworks. The laws and agreements that make up the Five Eyes
arrangement and apply it to domestic contexts lack any semblance of clarity or
accessibility necessary to ensure that the individuals whose rights and interests are
affected by them are able to understand their application. As such, they run contrary to
the fundamental building blocks of the rule of law.
The rule of law and accessibility
The accessibility of law is a foundational element the rule of law. Many have different
views of what exactly constitutes the rule of law, but it is widely understood to play a
critical role in checking excessive or arbitrary power. Core to the rule of law is the idea
that all individuals are able to know what law is exercised over them by those in power,
and how conduct must be accordingly regulated to ensure it is in compliance with such
laws. Lord Neuberger’s first principle of the rule of law explains just how critical the
accessibility of law is to the rule of law:
“At its most basic, the expression connotes a system under which the relationship
between the government and citizens, and between citizen and citizen, is
governed by laws which are followed and applied. That is rule by law, but the rule
of law requires more than that. First, the laws must be freely accessible: that
means as available and as understandable as possible.”90
If law itself isn’t published in a clear and understandable way then citizens cannot
evaluate when an action by another person, or by their government, is unlawful. As Tom
Bingham explains, “if the law is not sufficiently clear, then it becomes inaccessible; if
people cannot properly access (i.e. understand) the law that they are governed by, then
so far as they are concerned, they are being governed by arbitrary power.” For all
actions by the State there must be a legal justification. Simply because there is law on
the statute books does not necessarily mean that it isn’t arbitrary.
Accessing the laws regulating the actions of the Five Eyes
It has been alleged that “there is no formal over-arching international agreement that
governs all Five Eyes intelligence relationships,”91 but rather a myriad of memoranda,
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
90
http://www.supremecourt.gov.uk/docs/speech-131015.pdf
91
!
! 22!
!
agreements, and conventions that must be considered in tandem with complex national
legislation.
Scheinin and Vermeulen argue that
“The overwhelming majority of these intelligence cooperation arrangements are

secret – or at least they are never published nor registered at the UN Secretariat
pursuant to Article 102 of the UN Charter.92 From the perspective of international
law they are likely to fall within a murky area of ‘non-treaty arrangements’, which
can include arrangements such as ‘memoranda of understanding’, ‘political
agreements’ ‘provisional understanding’, ‘exchanges of notes’, ‘administrative
agreements’, ‘terms of reference’, ‘declarations’ and virtually every other name
one can think of.”93
However, taken together, the Five Eyes agreements arguably rise to the level of an
enforceable treaty under international law. It is clear from their scope and wide-reaching
ramifications that the Five Eyes agreements implicate the rights and interests of
individuals sufficiently to raise the agreements to the level of legally-binding treaty.
In any event, it is impossible to know whether the initial intentions of the drafters or the
scope of the legal obligations created under the agreements elevate them to the status
of legally-binding treaty because the agreements are completely hidden from public
view. Indeed, not only are the public unable to access and scrutinise the agreements
that regulate the actions of the Five Eyes, but even the intelligence services themselves
do not have a complete picture of the extent of intelligence sharing activities. The NSA
admitted during legal proceedings in 2011 that the information-gathering infrastructure
was so complex that "there was no single person with a complete understanding.” 94
The domestic legal frameworks implementing the obligations created by the Five Eyes
obligations are equally obfuscated. With respect to the US, for example, the NSA
acknowledged in a recently-released strategy document that
“[t]he interpretation and guidelines for applying [American] authorities, and in

some cases the authorities themselves, have not kept pace with the complexity of
the technology and target environments, or the operational expectations levied on
NSA’s mission.”95
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
page 4
92
Article 102 of the UN Charter states that: 1. Every treaty and every international agreement entered into
by any Member of the United Nations after the present Charter comes into force shall as soon as possible
be registered with the Secretariat and published by it. 2. No party to any such treaty or international
agreement which has not been registered in accordance with the provisions of paragraph 1 of this Article
may invoke that treaty or agreement before any organ of the United Nations.
93
Scheinin, M and Vermuelen, M, “Intelligence cooperation in the fight against terrorism through the lens
of human rights law and the law of state responsibility,” in Born, Leigh and Wills (eds), International
Intelligence Cooperation and Accountability (Oxon: Routledge, 2011), 256.
94
http://www.theregister.co.uk/Print/2013/09/11/declassified_documents_show_nsa_staff_abused_tappin
g_misled_courts/
95
(U) SIGINT Strategy, 2012-2016, 23 February 2012
! 23!
!
The chair of the Senate intelligence committee, Diane Feinstein, has strongly criticised
the actions taken by the NSA under the purported ambit of the relevant legislation,
noting that “[…] it is clear to me that certain surveillance activities have been in effect
for more than a decade and that the Senate Intelligence Committee was not
satisfactorily informed.”96
In the UK, the Intelligence and Security Committee – in charge of overseeing the actions
of the UK intelligence agencies, including GCHQ – have responded to the Snowden
leaks by remarking:
“It has been alleged that GCHQ circumvented UK law by using the NSA’s PRISM
programme to access the content of private communications […] and we are
satisfied that they conformed with GCHQ’s statutory duties. The legal authority
for this is contained in the Intelligence Services Act 1994.”97
Yet the chair of the ISC has in fact admitted to confusion about whether “if British
intelligence agencies want to seek to know the content of emails can they get round the
normal law in the UK by simply asking an American agencies to provide that
information?”98
When the head of the committee charged with overseeing the lawfulness of the actions
of intelligence services is unsure as to whether such agencies have acted lawfully, there
is plainly a serious dearth in the accessibility of law, calling into question the rule of law.
Without law that is accessible, citizens are unable to regulate their conduct or scrutinise
that of their governments. In such circumstances, it is impossible to verify whether
governments are acting in accordance with the law as required of them under human
rights law.
Ensuring the Five Eyes act ‘in accordance with the law’
There is a significant body of European Court of Human Rights jurisprudence on what

constitutes interference “in accordance with the law” in the context of secret
surveillance and information gathering, such as that undertaken by the Five Eyes.
The Court begins from the perspective that surveillance, particularly secret surveillance,
is a significant infringement on human rights, and in order to be justified under the
European Convention on Human Rights must be sufficiently clear and precise ”to give
citizens an adequate indication as to the circumstances in which and the conditions on
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
96
Paul Lewis and Spencer Ackerman, “NSA: Dianne Feinstein breaks ranks to oppose US spying on
allies,” The Guardian, 29 October 2013, available at http://www.theguardian.com/world/2013/oct/28/nsa-
surveillance-dianne-feinstein-opposed-allies.
97
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/225459/ISC-Statement-
on-GCHQ.pdf
98
Nicholas Watts, “GCHQ ‘broke law if it asked for NSA intelligence on UK citizens’, The Guardian, 10
June 2013, available at http://www.theguardian.com/world/2013/jun/10/gchq-broke-law-nsa-intelliegence
! 24!
!
which public authorities are empowered to resort to this secret and potentially
dangerous interference.”99
It must be clear “what elements of the powers to intercept are incorporated in legal rules
and what elements remain within the discretion of the executive” and the law must
indicate “with reasonable clarity the scope and manner of exercise of the relevant
discretion conferred on the public authorities”100 in order that individuals may have some
certainty about the laws to which they are subject and regulate their conduct
accordingly.
Yet “the degree of certainty will depend on the circumstances.”101 As the Court has
noted, “foreseeability in the special context of secret measures of surveillance, such as
the interception of communications, cannot mean that an individual should be able to
foresee when the authorities are likely to intercept his communications so that he can
adapt his conduct accordingly...”102
Where a power vested in the executive is exercised in secret, however, the risks of
arbitrariness are evident: in the words of the Court in Weber v Germany, “a system of
secret surveillance for the protection of national security may undermine or even destroy
democracy under the cloak of defending it.”103 In such circumstances, “is essential to
have clear, detailed rules on the subject, especially as the technology available for use is
continually becoming more sophisticated…”104
What, then, does human rights law require of a law in order to ensure secret surveillance
does not infringe the principles of accessibility and foreseeability? The Court’s decision
in Weber is authoritative on this point:
“In its case law on secret measures of surveillance, the Court has developed the
following minimum safeguards that should be set out in statute law in order to
avoid abuses of power: the nature of the offences which may give rise to an
interception order; a definition of the categories of people liable to have their
telephones tapped; a limit on the duration of telephone tapping; the procedure to
be followed for examining, using and storing the data obtained; the precautions to
be taken when communicating the data to other parties; and the circumstances in
which recordings may or must be erased or the tapes destroyed.”105
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
99
Malone v United Kingdom (1985) 7 EHRR 14 [67]
100
Ibid, at [79].
101
Ormerod., R. and Hooper, Blackstone’s Criminal Practice 2012, London 2012.
102
Weber v Germany, Application 54934/00, (2008) 46 EHRR SE5 at [77.]
103
Ibid, at [106].
104
Kruslin v France (1990) 12 EHHR 547, at [33].
105
Ibid, at [95]
! 25!
!
Applying human rights requirements to the laws of the Five Eyes
There is no clear and accessible legal regime that indicates the circumstances in which,
and the conditions on which, Five Eyes authorities can request access to signals
intelligence from, or provide such intelligence, to another Five Eyes authority. Each of the
Five Eyes states have broad, vague domestic laws that purport to warrant the sharing of
and access to shared signal intelligence with the authorities of other States, but fail to
set out minimum safeguards or provide details of or restrictions upon the nature of
intelligence sharing.
In the United Kingdom, the ISC has indicated that the authority to share and receive
intelligence is granted by the Intelligence Services Act 1994. Section 3(1) of the 1994 Act
specifies the functions of GCHQ in these terms:
(1) There shall continue to be a Government Communications Headquarters under

the authority of the Secretary of State; and, subject to subsection (2) below, its
functions shall be –
(a) to monitor or interfere with electromagnetic, acoustic and other
emissions and any equipment producing such emissions and to obtain and
provide information derived from or related to such emissions or equipment
and from encrypted material; and
(b) to provide advice and assistance [...]”
Section 3(2) of the 1994 Act specifies the purposes for which the functions referred to in
s3(1)(a) shall be exercisable, and makes clear that they shall be exercisable only -
(a) in the interests of national security, with particular reference to the defence
and foreign policies of Her Majesty’s Government in the United Kingdom; or
(b) in the interests of the economic well-being of the United Kingdom in relation to
the actions or intentions of persons outside the British Islands; or
(c) in support of the prevention or detection of serious crime.
Section 4(2)(a) of the 1994 Act imposes on the Director of GCHQ a duty to ensure –
(a) that there are arrangements for securing that no information is obtained by
GCHQ except so far as necessary for the proper discharge of its functions
and that no information is disclosed by it except so far as necessary for that
purpose or for the purpose of any criminal proceedings.
In the United States, the scope of intelligence activities was initially set down in
Executive Order 12333 – United States intelligence activities, of December 4, 1981.106
Even though the structure of the United States intelligence community changed
considerably after 9/11, the powers granted in the Executive Order nevertheless
continue to be invoked.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
106
http://www.archives.gov/federal-register/codification/executive-order/12333.html#1.9
! 26!
!
Section 1.12 (b) provides that the responsibilities of the National Security Agency shall
include, inter alia:
(5) Dissemination of signals intelligence information for national foreign intelligence

purposes to authorized elements of the Government, including the military services,
in accordance with guidance from the Director of Central Intelligence;
(6) Collection, processing and dissemination of signals intelligence information for
counterintelligence purposes;
(7) Provision of signals intelligence support for the conduct of military operations in
accordance with tasking, priorities, and standards of timeliness assigned by the
Secretary of Defense. If provision of such support requires use of national collection
systems, these systems will be tasked within existing guidance from the Director of
Central Intelligence;
[…]
(12) Conduct of foreign cryptologic liaison relationships, with liaison for intelligence
purposes conducted in accordance with policies formulated by the Director of Central
Intelligence […]
Section 1.7 deals with the responsibilities of Senior Officials of the Intelligence Community,
and designates the following responsibility to the Director of Central Intelligence:
(f) Disseminate intelligence to cooperating foreign governments under arrangements

established or agreed to by the Director of Central Intelligence […]
Section 1.8 relates to the Central Intelligence Agency, and includes among that body’s
functions to
(a) Collect, produce and disseminate foreign intelligence and counterintelligence,

including information not otherwise obtainable […]
The legislation in Australia is slightly more detailed with regards to the circumstances in
which intelligence can be shared with and received from foreign intelligence agencies.
The actions of the Australian intelligence agencies are governed by the Intelligence
Services Act 2001, section 7 of which articulates the functions of the Australian Signals
Directorate, which include
(1) to obtain intelligence about the capabilities, intentions or activities of people or

organisations outside Australia in the form of electromagnetic energy, whether
guided or unguided or both, or in the form of electrical, magnetic or acoustic
energy, for the purposes of meeting the requirements of the Government, and
in particular the requirements of the Defence Force, for such intelligence; and
(2) to communicate, in accordance with the Government’s requirements, such
intelligence; and
(3) to provide material, advice and other assistance to Commonwealth and State
authorities on matters relating to the security and integrity of information that
is processed, stored or communicated by electronic or similar means; […]
! 27!
!
Pursuant to s11(2AA) of the Act, intelligence agencies may communicate incidentally

obtained intelligence to appropriate Commonwealth or State authorities or to authorities
of other countries approved under paragraph 13(1)(c) if the intelligence relates to the
involvement, or likely involvement, by a person in one or more of the following activities:
(a) activities that present a significant risk to a person’s safety;

(b) acting for, or on behalf of, a foreign power;
(c) activities that are a threat to security;
(d) activities related to the proliferation of weapons of mass destruction or the
movement of goods listed from time to time in the Defence and Strategic
Goods List (within the meaning of regulation 13E of the Customs (Prohibited
Exports) Regulations 1958);
(e) committing a serious crime.
Section 13(1)(c) permits the agency to cooperate with “authorities of other countries
approved by the Minister as being capable of assisting the agency in the performance of
its functions.”
The New Zealand similarly provides the Government Communications Security Bureau
with broad powers and functions, including under section 8A
(a) to co-operate with, and provide advice and assistance to, any public authority
whether in New Zealand or overseas, or to any other entity authorised by the
Minister, on any matters relating to the protection, security, and integrity of—
(i) communications, including those that are processed, stored, or
communicated in or through information infrastructures; and
(ii)information infrastructures of importance to the Government of New
Zealand; […]
and under section 8B
(a) to gather and analyse intelligence (including from information infrastructures) in

accordance with the Government's requirements about the capabilities,
intentions, and activities of foreign persons and foreign organisations; and
(b) to gather and analyse intelligence about information infrastructures; and
(c) to provide any intelligence gathered and any analysis of the intelligence to—
(i) the Minister; and
(ii) any person or office holder (whether in New Zealand or overseas)
authorised by the Minister to receive the intelligence.
Section 8B(2) also sanctions the sharing of information with foreign intelligence
authorities, stipulating “[f]or the purpose of performing its function under subsection
(1)(a) and (b), the Bureau may co-operate with, and provide advice and assistance to,
any public authority (whether in New Zealand or overseas) and any other entity
authorised by the Minister for the purposes of this subsection.”
! 28!
!
In Canada, the functions of the Communications Security Establishment Canada

(CSEC) are articulated in Part V.1 to the National Defence Act. Section 273.64(1) sets
out CSEC’s three-part mandate, namely
(a) to acquire and use information from the global information infrastructure for the
purpose of providing foreign intelligence, in accordance with Government of
Canada intelligence priorities;
(b) to provide advice, guidance and services to help ensure the protection of
electronic information and of information infrastructures of importance to the
Government of Canada; and
(c) to provide technical and operational assistance to federal law enforcement and
security agencies in the performance of their lawful duties.
Part V.1 of the National Defence Act in relation to CSEC does not contain any
provisions on cooperation with other agencies, including foreign agencies.
An analysis of these cursory legal provisions reveals that they fall far short of describing
the fluid and integrated intelligence sharing activities that take place under the ambit of
the Five Eyes arrangement with sufficient clarity and detail to ensure that individuals can
forsee their application. None of the domestic legal regimes set out the circumstances in
which intelligence authorities can obtain, store and transfer nationals’ or residents’
private communication and other information that are intercepted by another Five Eyes
agency, nor which will govern the circumstances in which any of the Five Eyes States
can request the interception of communications by another party to the alliance. The
same applies to obtaining private information such as emails, web-histories etc. held by
internet and other telecommunication companies. There is there a legal regime that
indicates, once such communications are provided to the authorities of one State, the
procedure for examining, using or storing the communication, the conditions for
transferring it to third parties and the circumstances in which it will be destroyed.
The legal and regulatory frameworks that govern and give effect to Five Eyes cannot be
said to be sufficiently clear and detailed to meet the requirement of being “in
accordance with the law,” nor they are they sufficiently accessible to ensure that they
comply with the rule of law. Secret, convoluted or obfuscated law can never be
considered law within a democratic society governed by the rule of law. The actions of
the Five Eyes run completely contrary to the fundamental building blocks of such a
society.
! 29!
!
Chapter Three – Holding the Five Eyes to account
The recent revelations of global surveillance practices have prompted a fundamental re-
examination of the responsibility of States under international law with respect to cross-
border surveillance. The patchwork of secret spying programmes and intelligence-
sharing agreements implemented by parties to the Five Eyes arrangement constitutes an
integrated global surveillance arrangement that now covers the majority of the world’s
communications.
At the heart of this arrangement are carefully constructed legal frameworks that provide
differing levels of protections for internal versus external communications, or those
relating to nationals versus non-nationals. These frameworks attempt to circumvent
national constitutional or human rights protections governing interferences with the right
to privacy of communications that, States contend, apply only to nationals or those
within their territorial jurisdiction.
In doing so, the Five Eyes states not only defeat the spirit and purpose of international
human rights instruments; they are in direct violation of their obligations under such
instruments. Human rights obligations apply to all individuals subject to a State’s
jurisdiction.107 Jurisdiction extends not only to the territory of the State, but to anyone
within the power and effective control of the State, even if they are outside the
territory.108 It is argued here that jurisdiction extends to situations where a State
interferes with the right to privacy of an individual whose communications are
intercepted, stored or processed within that State’s territory. In such circumstances, the
State owes obligations to that individual regardless of their location.
By understanding State jurisdiction over human rights violations in this way we can give
effect to international human rights obligations in the digital age. Through the concept of
“interference-based jurisdiction”, whereby, subject to permissible limitations, States owe
a general duty not to interfere with communications that pass through their territorial
borders, mass surveillance is cognisable within a human rights framework in a way that
provides rights and remedies to affected individuals. Without such a perspective on
responsibility for violations that properly reflects the nature and scope of Five Eyes
surveillance, and the way in which privacy violations occur, States will continue to
conduct surveillance in a way that renders human rights obligations meaningless.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
107
ICCPR, Article 2: “Each State Party to the present Covenant undertakes to respect and to ensure to all
individuals within its territory and subject to its jurisdiction…”; ECHR, Article 1: “The High Contracting
Parties shall secure to everyone within their jurisdiction the rights and freedoms defined in Section I of this
Convention;” American Convention on Human Rights, Article 1: “The States Parties to this Convention
undertake to respect the rights and freedoms recognized herein and to ensure to all persons subject to
their jurisdiction the free and full exercise of those rights and freedoms, without any discrimination for
reasons of race, color, sex, language, religion, political or other opinion, national or social origin,
economic status, birth, or any other social condition.”
108
Human Rights Committee General Comment 31, para 10.
! 30!
!
We seek to introduce an alternative perspective on jurisdiction and to further

understandings of how human rights law can be understood in the digital age. Our
intention is to supplement - not to detract from – other arguments around how
jurisdiction in international human rights law functions in relation to mass surveillance.
For example, interferences occurring outside the territory of the state may be
attributable to that state under the ordinary principles of state responsibility. However,
we are concerned exclusively with a State’s obligations in relation to interferences with
the right to privacy (when communications are collected, stored or processed) occurring
within the physical territory of that State.
The right to privacy of communications
The right to privacy is an internationally recognized right. Article 17 (1) of the

International Covenant on Civil and Political Rights provides
“No one shall be subjected to arbitrary or unlawful interference with his privacy,
family, home or correspondence, nor to unlawful attacks on his honour and
reputation.”
According to the United Nations Human Rights Committee, in its General Comment No.
16:
“Compliance with article 17 requires that the integrity and confidentiality of

correspondence should be guaranteed de jure and de facto. Correspondence
should be delivered to the addressee without interception and without being
opened or otherwise read. Surveillance, whether electronic or otherwise,
interceptions of telephonic, telegraphic and other forms of communication, wire-
tapping and recording of conversations should be prohibited.”109
Article 8 of the European Convention on Human Rights provides a right to respect for
one’s “private and family life, his home and his correspondence”, subject to certain
restrictions that are "in accordance with law" and "necessary in a democratic society".
The European Court of Human Rights has consistently held that the interception of
telephone communications, as well as facsimile and e-mail communications content,110
are covered by notions of “private life” and “correspondence” and thus constitute an
interference with Article 8.111
Importantly the European Court has found112 the interception and/or storage of a
communication constitutes the violation, and that the “subsequent use of the stored
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
109
CCPR General Comment No. 16: Article 17 (Right to Privacy), para. 8.
110
Liberty & Ors v United Kingdom (2008) Application 58243/00
111
See Malone v United Kingdom (1985) 7 EHRR 14 [64]; Weber v Germany (2008) 46 EHRR SE5 at [77];
and Kennedy v United Kingdom (2011) 52 EHRR 4 at [118]).
112
Amann v Switzerland (2000) application 27798/95; Leander v. Sweden judgment of 26 March 1987,
Series A no. 116, p. 22, § 48
! 31!
!
information has no bearing on that finding“113 nor does it matter “whether the
information gathered on the applicant was sensitive or not or as to whether the applicant
had been inconvenienced in any way.“114 It is argued that the same reasoning applies to
the processing of communications.
Therefore, the right to privacy, extending as it does to the privacy of communications, is

a relatively unusual right in the sense that its realization can occur remotely from the
physical location of the individual.
When an individual sends a letter, email or a text-message, or makes a phone call, that
communication leaves their physical proximity and travels to its destination. In the course
of its transmission the communication may pass through multiple other States and,
therefore, multiple jurisdictions. The right to privacy of the communication remains intact,
subject only to the permissible limitations set out under human rights law.115
Mass surveillance as a breach of the right to privacy of

communications
The Special Rapporteur on the promotion and protection of the right to freedom of
expression and opinion has described the invasiveness of mass interception of fibre
optic cables:116
“By placing taps on the fibre optic cables, through which the majority of digital
communication information flows, and applying word, voice and speech
recognition, States can achieve almost complete control of tele- and online
communications.”
The Special Rapporteur reasons that “[m]ass interception technology eradicates any
considerations of proportionality, enabling indiscriminate surveillance. It enables the
State to copy and monitor every single act of communication in a particular country or
area, without gaining authorization for each individual case of interception.”117
Mass surveillance has also been found to be an interference with the right to privacy
under European human rights law. In Weber and Saravia v Germany (2006) Application
54934/00, the Court reiterated that
“the mere existence of legislation which allows a system for the

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
113
Amann v Switzerland (2000) application 27798/95 para 69
114
Amann v Switzerland (2000) application 27798/95 para 70
115
A comprehensive account of the permissible limitations on the right to privacy is presented in the report
of the UN Special Rapporteur on the freedom of expression and opinion of 17 April 2013 (A/HRC/23/40).
116
Report of the Special Rapporteur on promotion and protection of the right to freedom of expression
and opinion, Frank La Rue, 17 April 2013, A/HRC/23/40, available at
http://www.ohchr.org/Documents/HRBodies/HRCouncil/RegularSession/Session23/A.HRC.23.40_EN.pdf,
at para. 38.
117
Ibid, para. 62.
! 32!
!
secret monitoring of communications entails a threat of surveillance for all those

to whom the legislation may be applied. This threat necessarily strikes at freedom
of communication between users of the telecommunications services and thereby
amounts in itself to an interference with the exercise of the applicants’ rights
under Article 8, irrespective of any measures actually taken against them.”
The collection and storage of data that relates to an individual’s private life is so
invasive, and brings with it such risk of abuse, that it alone amounts to an interference
with the right to privacy, according to European Court of Human Rights jurisprudence.118
Accordingly, mass surveillance programmes must violate international law.
Jurisdiction and human rights obligations
Traditional conceptions of State human rights obligations focus on a nexus between the
territory where the obligation is owed and an individual’s connection with that territory
(by virtue of nationality, residence or physical location within it). In the context of
obligations under international human rights treaties, jurisdiction has traditionally served
as a doctrinal bar to the recognition and realization of human rights obligations extra-
territorially. Although, as noted by Milanovic:
“[q]uestions as to when a state owes obligations under a human rights treaty

towards an individual located outside its territory are being brought more and
more frequently, before courts both international and domestic. Victims of aerial
bombardment119, inhabitants of territories under military occupation120 – including
deposed dictators121, suspected terrorists detained in Guantanamo by the United
States122, and the family of a former KGB spy who was assassinated in London
through the use of a radioactive toxin, allegedly at the orders or with the collusion
of the Russian government123 – all of these people have claimed protection from
human rights law against a state affecting their lives while acting outside its
territory.”
The jurisdiction clauses in two of the most relevant human rights instruments – the
European Convention on Human Rights (ECHR) and the International Covenant on Civil
and Political Rights (ICCPR) – are notably different in their construction and numerous
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
118
S and Marper v United Kingdom (2009) 48 EHRR 50 at [67].
119
Bankovic and Others v Belgium and Others, App. No. 52207/99, (dec.) [GC], 12 December 2001,
hereinafter Bankovic.
120
R (Al-Skeini and others) v Secretary of State for Defence, [2007] UKHL 26, [2007] 3 WLR 33, [2007] 3 All
ER 685, on appeal from [2005] EWCA Civ 1609, [2007] QB 140, hereinafter Al-Skeini.
121
Saddam Hussein v 21 Countries, App. No. 23276/04, (dec.), March 2006.
122
See the Conclusions and Recommendations of the Committee against Torture: United States of
America, CAT/C/USA/CO/2, 25 July 2006, paras. 14 & 15 and the Concluding Observations of the Human
Rights Committee : United States of America, CCPR/C/USA/CO/3, 15 September 2006, para. 10,
available at http://www.unhchr.ch/tbs/doc.nsf
123
See ‘Lawyers for slain Russian agent Litvinenko take case to European court’, International Herald
Tribune, 22 November 2007, available at http://www.iht.com/articles/ap/2007/11/23/europe/EU-GEN-
Britain-Litvinenko.php?WT.mc_id=rsseurope.
! 33!
!
arguments have been mounted to support an understanding of the obligations arising

under such treaties as being applicable outside the strict territorial boundaries of the
State.
Article 1 of the ECHR holds:
“The High Contracting Parties shall secure to everyone within their jurisdiction the
rights and freedoms defined in Section I of this Convention.”
In Al-Skeini v United Kingdom,124 the European Court of Human Rights moulded – if not
departed from – its earlier jurisprudence in Banković 125 to issue a decision that affirms
extra-territorial jurisdiction, stating:
“whenever the State through its agents exercises control and authority over an
individual, and thus jurisdiction, the State is under an obligation under Article 1 to
secure to that individual the rights and freedoms under Section 1 of the
Convention that are relevant to the situation of that individual. In this sense,
therefore, the Convention rights can be “divided and tailored” (compare
Banković, cited above, § 75).”126
While Milanovic (2011) notes127 some inconsistencies in the Court’s reasoning,

particularly vis a vis Banković, crucially the case stands as authority that, although the
jurisdictional competence of a State is primarily territorial, it is not limited by territory. It
can also extend to those over whom the State exercises authority or control.
In contrast, Article 2(1) of the ICCPR holds:
“Each State Party to the present Covenant undertakes to respect and to ensure
to all individuals within its territory and subject to its jurisdiction the rights
recognized in the present Covenant…”
In 1966, the International Law Commission, in its Draft Articles on the Law of Treaties
(subsequently the Vienna Convention on the Law of Treaties) noted that “[c]ertain types
of treaty, by reason of their subject matter, are hardly susceptible of territorial
application in the ordinary sense. Most treaties, however, have application to territory
and a question may arise as to what is their precise scope territorially.”128
For the purpose of defining the conditions of applicability of the Covenant, the notion of
jurisdiction refers to the relationship between the individual and the state in connection
with a violation of human rights, wherever it occurred, so that acts of States that take
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
124
Application 55721/07, 7 July 2011
125
Application 52207/99, 12 December 2001
126
Bankovic, at para [73].
127
http://www.ejiltalk.org/european-court-decides-al-skeini-and-al-jedda/
128
ILC, ‘Draft Articles on the law of Treaties with Commentaries,’ (1966) 2 Yearbook of the International
Law Commission 187 at 213.
! 34!
!
place or produce effects outside the national territory may be deemed to fall under the
jurisdiction of the state concerned.129
As noted above, the right to privacy extends to the privacy of cross-border

communications, so that the physical location of the individual may be in a different
jurisdiction to that where the interference with the right occurs.
This distinction is examined by Milanovic (2011) who asserts that extraterritorial

application can take one of two forms:
“it will most frequently arise from an extraterritorial state act, i.e. conduct
attributable to the state, either of commission or of omission, performed outside
its sovereign borders… However – and this is a crucial point – extraterritorial
application does not require an extraterritorial state act, but solely that the
individual concerned is located outside the state’s territory, while the injury to his
rights may as well take place inside it.”130
With regard to the right to privacy, many violations are not due to extra-territorial acts,
but jurisdictional acts with extra-territorial effects. The instances in which jurisdictional
acts have extra-territorial effects are infrequent but not without precedent.
One example provided by Milanovic is the question of property rights of foreigners or

those absent from the territory. A person may have property rights in the UK by virtue of
owning a property in the territory, but may be temporarily or permanently located outside
the UK. If the property were to be searched or seized without adherence to legal
standards there would be a violation of the individual’s right to privacy, regardless of
their location at the time of the interference. This is an example of “interference-based”
jurisdiction.
A second example is that of enjoyment of Article 6 ECHR fair trial rights during trials in
absentia where the individual in question has absconded outside the State’s territory.
The European Court of Human Rights has repeatedly upheld the right of defendants to
enjoy the protections of Article 6 even when they are absent from their trial and outside
the territory of the State. In Sejdovic v Italy,131 for example, the Court held, at [91]:
“Although not absolute, the right of everyone charged with a criminal offence to
be effectively defended by a lawyer, assigned officially if need be, is one of the
fundamental features of a fair trial (see Poitrimol, cited above, § 34). A person
charged with a criminal offence does not lose the benefit of this right merely on
account of not being present at the trial (see Mariani v. France, no. 43640/98, §
40, 31 March 2005).”
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
129
Delia Salides de Lopez v. Uruguay, Communication No. 52/1979, 13th Sess., at 88, 91
¶ 12.2, U.N. Doc. CCPR/C/OP/1 (29 July 1981).
130
Marko Milanovic, Extraterritorial Application of Human Rights Treaties: Law, Principles, and Policy
(Oxford: Oxford University Press, 2011).
131
Application 56581/00, 1 March 2006
! 35!
!
A further example is the situation in the European Court of Human Rights’ case
Bosphorus Hava Yollari Turizm ve Ticaret Anonim Sirketi v Ireland (2005) 42 EHRR 1,
where Irish authorities at Dublin Airport impounded an aircraft that had been leased by a
Turkish company from the national airline of the former Yugoslavia. The company argued
that the Irish authorities had acted in a way that was incompatible with the European
Convention on Human Rights. In considering the issue of jurisdiction, the Court noted
the territorial basis of jurisdiction in international law and observed:132
“In the present case it is not disputed that the act about which the applicant
company complained, the detention of the aircraft leased by it for a period of
time, was implemented by the authorities of the respondent State on its territory
following a decision made by the Irish Minister for Transport. In such
circumstances the applicant company, as the addressee of the impugned act, fell
within the “jurisdiction” of the Irish State, with the consequence that its complaint
about that act is compatible ratione loci, personae and materiae with the
provisions of the Convention.”
With respect to the right to privacy, the European Court has considered at least two
cases133 in which surveillance has involved the interference with the right to privacy of
those outside of the respective State’s territory. In neither has the Court directly
considered the issue of whether obligations owed are extended to individuals outside
the territory.
Application to interferences with the right to privacy in the digital age
With the advent of the internet and new digital forms of communication, now most
digital communications take the fastest and cheapest route to their destination, rather
than the most direct. This infrastructure means that the sender has no ability to choose,
nor immediate knowledge of, the route that their communication will take. Even when a
digital communication is being sent to a recipient within the same country as the sender,
it may travel around the world to reach its destination.
This shift in communications infrastructure means that communications travel through

many more countries, are stored in a variety of countries (particularly through the
growing popularity of cloud computing) and are thus vulnerable to inception by multiple
intelligence agencies. From their bases within the territory of each country, each
respective intelligence agency collects and analyses communications that traverse their
territory and beyond. While there are many methods used by intelligence agencies to
intercept communications, one of the consistent techniques is to exploit the
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
132
Para 137.
133
In Weber and Saravia v. Germany, Application 54934/00, 29 June 2006, the Court found that the
application was inadmissible by other means; in Liberty and Ors v United Kingdom, Application 58243/00,
1 July 2008, the Government proceeded on the basis that the applicants could claim to be victims of an
interference with their communications sent to or from their offices in the UK and Ireland.
! 36!
!
communications infrastructure itself, often in the form of the transnational cables that
carry the world’s communications.
For more than 50 years the security agencies have intercepted these transnational links.
From 1945 onwards the US intelligence agencies systematically intercepted telegraphic
data entering or exiting the United States under the codename Project SHAMROCK. As
technology developed, newer fibre optic cables were laid that could carry many more
communications. These links were also intercepted by intelligence agencies within their
territory. Investigative journalist Duncan Campbell explained in 2000 how the NSA was
intercepting the foreign communications within US territory:
“Internet traffic can be accessed either from international communications links

entering the United States, or when it reaches major Internet exchanges. Both
methods have advantages. Access to communications systems is likely to be
remain clandestine - whereas access to Internet exchanges might be more
detectable. […] According to a former employee, NSA had by 1995 installed
“sniffer” software to collect such traffic at nine major Internet exchange points
(IXPs).”134
The UK is using more modern versions of this technique to intercept, store and process
communications that enter and exit the country in the form of their mass surveillance
program TEMPORA. While these undersea fibre-optic cables will land in multiple different
countries, due to the UK's geographical position, a disproportionate number of undersea
cables land in the UK before they cross the Atlantic Ocean. The Guardian135 reported
that by the summer of 2011, GCHQ had attached probes to more than 200 links within
their territory, including at main network switches and undersea cable landing stations.
Similar capabilities exist allowing intelligence agencies to intercept satellite
communications.136137
Crucially, by intercepting communications in this way, the communication is being

interfered with within the territory of the intercepting state. This amounts to an
interference with the right to privacy and must be justified according to the restrictions
of human rights law. Such an interference invokes the negative obligation and
responsibility of the interfering State not to violate fundamental rights.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
134
NSA slides explain the PRISM data-collection program, The Washington Post, June 6, 2013, Updated
July 10, 2013, available at: http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-
documents/; see also, Temporary Committee of the European Parliament on the ECHELON Interception
System, Report on the existence of a global system for the interception of private and commercial
communications (ECHELON interception system) (2001/2098(INI)), tabled in the European Parliament on
11 July 2001.
135
GCHQ taps fibre-optic cables for secret access to world's communications, The Guardian, 21 June
2013, available at: http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-
nsa
136
The state of the art in communications Intelligence (COMINT) of automated processing for intelligence
purposes of intercepted broadband multi-language leased or common carrier systems, and its applicability
to COMINT targetting and selection, including speech recognition, Duncan Campbell, Oct 1999
http://www.duncancampbell.org/menu/surveillance/echelon/IC2000_Report%20.pdf
137
Secret Power, Nicky Hager, 1996, http://www.nickyhager.info/ebook-of-secret-power/
! 37!
!
Regardless of their location or nationality, all individuals are entitled to have their right to
privacy respected not only by the State upon whose territory they stand, but by the
State within whose territory their rights are exercised. If their communications pass
through the territory of another State, and that State interferes with the communications,
it will activate that State’s jurisdiction under international human rights law. Accordingly,
the US and UK owe the same obligation to each individual whose communications pass
through their territory: not to interfere with those communications, subject to permissible
limitations established under international law. Such “interference-based jurisdiction”
obligations extend globally, regardless of boundaries.
Five Eyes legal frameworks that circumvent human rights obligations
Each of the Five Eyes members have complex legal frameworks governing the
interception, monitoring and retention of communications content and data. This paper
does not attempt to comprehensively outline such frameworks, and only excerpts some
relevant provisions to illustrate the obfuscatory nature of legal frameworks that enable
the rights of non-nationals or those outside the territory to be diminished.
United States
FISA section 1881a is entitled “Procedures for targeting certain persons outside the
United States other than United States persons”.
Section 1881(a) ss (a) provides:

(a) the Attorney General and the Director of National Intelligence may authorize
jointly, for a period of up to 1 year from the effective date of the authorization,
the targeting of persons reasonably believed to be located outside the United
States to acquire foreign intelligence information.
An authorisation pursuant to FISA section 1881(a) permits “foreign intelligence

information” to be obtained both by directly intercepting communications during
transmission and by making a request to an electronic service provider that stores the
information to make it available to the authorities.
United Kingdom
The Regulation of Investigatory Powers Act 2000 distinguishes between “internal” and
“external” surveillance. Where the communication is internal (i.e. neither sent nor
received outside the British Islands, see RIPA s 20), a warrant to permit lawful
interception must describe one person as the “interception subject” (s 8(1)(a)) or
identify a “single set of premises” for which the interception is to take place (s 8(1)(b)).
The warrant must set out “the addresses, numbers, apparatus or other factors, or
combination of factors, that are to be used for identifying the communications that may
be or are to be intercepted” (s 8(2)).
Where the communication is “external”, that is either sent or received outside the British
Islands, RIPA s 8(1) and 8(2) do not apply. There is no need to identify any particular
person who is to be subject of the interception or a particular address that will be
! 38!
!
targeted.
New Zealand
The Government Security Communications Bureau (GCSB) is permitted to conduct
interception by applying for an interception warrant under s15A of the Government
Communications Security Bureau Act 2003 (amended 2013). However, s14 of the Act (as
amended) states that in performing the function of intelligence gathering and analysis,
the GSCB cannot “authorise or do anything for the purpose of intercepting the private
communications of a person who is a New Zealand citizen or a permanent resident of
New Zealand, unless (and to the extent that) the person comes within the definition of
foreign person or foreign organisation....”.
However, this limitation does not apply to the GCSB’s two other functions – surveillance
of New Zealanders related to cyber-security and assisting other agencies (such as the
Police) – and the definition of “private communications” could be interpret to exclude
meta-data.
Australia
Under the Intelligence Services Act 2001, the Australian intelligence agencies can
conduct any activity connected with their functions138 provided they have the
authorisation of the relevant Minister (s8).
However, where there is an Australian person involved the Minister must be satisfied of
the following before making an authorisation (s9):
(a) any activities which may be done in reliance on the authorisation will be
necessary for the proper performance of a function of the agency concerned;
and
(b) there are satisfactory arrangements in place to ensure that nothing will be
done in reliance on the authorisation beyond what is necessary for the proper
performance of a function of the agency; and
(c) there are satisfactory arrangements in place to ensure that the nature and
consequences of acts done in reliance on the authorisation will be reasonable,
having regard to the purposes for which they are carried out.
In addition, the Minister must (s9(1A))
(a) be satisfied that the Australian person mentioned in that subparagraph is, or is
likely to be, involved in one or more of the following activities:
(i) activities that present a significant risk to a person’s safety;
(ii) acting for, or on behalf of, a foreign power;
(iii) activities that are, or are likely to be, a threat to security;
(iv) activities related to the proliferation of weapons of mass destruction or
the movement of goods listed from time to time in the Defence and
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Which include to obtain foreign intelligence (ASIS), to obtain intelligence relevant to security (ASIO), to
138
obtain foreign intelligence using the electrical, magnetic or acoustic energy (ASD), or to obtain geospatial
and imagery intelligence via electromagnetic spectrum (DIGO)
! 39!
!
Strategic Goods List (within the meaning of regulation 13E of the Customs
(Prohibited Exports) Regulations 1958);
(v) committing a serious crime by moving money, goods or people;
(vi) committing a serious crime by using or transferring intellectual property;
(vii) committing a serious crime by transmitting data or signals by means of
guided and/or unguided electromagnetic energy; and
(b) if the Australian person is, or is likely to be, involved in an activity or activities
that are, or are likely to be, a threat to security (whether or not covered by
another subparagraph of paragraph (a) in addition to subparagraph (a)(iii))—
obtain the agreement of the Minister responsible for administering
the Australian Security Intelligence Organisation Act 1979.
There are separate Rules to Protect the Privacy of Australians for each of the intelligence
agencies, stating that where it is not clear whether a person is an Australian, it is
presumed that a person within Australia is Australian and outside of Australia is not
Australian (Rule 1.1). Where an intelligence agency does retain intelligence information
concerning an Australian person, the agency must ensure the information is protected by
security safeguards, and access to the information is only to be provided to persons
who require it (Rule 2.2).
Canada
The National Defence Act pertains to the Communications Security Establishment
Canada (CSEC) and establishes that the mandate of CSEC is (s273.64 (1))
(a) to acquire and use information from the global information infrastructure for the
purpose of providing foreign intelligence, in accordance with Government of
Canada intelligence priorities;
(b) to provide advice, guidance and services to help ensure the protection of
electronic information and of information infrastructures of importance to the
Government of Canada; […]
Para (2) of the section provides that activities
(a) shall not be directed at Canadians or any person in Canada; and

(b) shall be subject to measures to protect the privacy of Canadians in the use and
retention of intercepted information.
It is evident that the legal frameworks of the Five Eyes States currently distinguish
between the obligations owed to nationals or those within the States’ territories, and
non-nationals and those outside. In doing so, these legal frameworks infringe upon the
rights of all individuals within the respective States’ jurisdiction (i.e. anyone whose
communications pass through and are interfered with within the territory of that State) to
enjoy human rights protections equally and without discrimination.
In human rights law, discrimination constitutes any distinction, exclusion, restriction or

preference, or other differential treatment based on any ground, including national or
social origin, or other status, and which has the purpose or effect of nullifying or
impairing the recognition, enjoyment, or exercise by all persons, on an equal footing, of
! 40!
!
all rights and freedoms. The Human Rights Committee has deemed nationality a ground
of “other status” with respect of article 2(1) of the ICCPR in Gueye and ors v France.139
It is both irrational and contrary to the spirit and purpose of international human rights
norms to suppose that the privacy of a person’s communications could be accorded
different legal weight according to their nationality or residence. An equivalent
distinction on the basis of ethnicity or gender would be deemed to be manifestly
incompatible with human rights law; why then should States be able to purport to offer
varying protections based on an individual’s nationality or location? If an individual within
a State’s jurisdiction is granted lower or diminished human rights protections – or indeed
is deprived of such protections – solely on the basis of their nationality or location, this
will not only lead to a violation of the right they seek to enjoy, but will amounts to an
interference with their right to be free from discrimination.
Towards an understanding of interference-based jurisdiction

Individuals have a legitimate expectation that their human rights will be respected not
only by the State upon whose territory they stand, but by the State within whose territory
their rights are exercised. The current legal frameworks of the Five Eyes States purport
to discriminate between the rights and obligations owed to nationals or those physically
within their territory, and those outside of it, or non-nationals. Yet the concept of
jurisdiction, under human rights law, is not a rigid one. States have interference-based
jurisdiction for particular negative human rights obligations when the interference with
the right occurs within their territory. The way the global communications infrastructure is
built requires that the right to privacy of communications can be exercised globally, and
communications can be monitored in a place far from the location of the individual to
whom they belong. Accordingly, the States Parties to the Five Eyes arrangement have
jurisdiction over – and thus owe obligations to – individuals whose communications they
monitor, which jurisdiction is invoked when the State interferes with the communication
of an individual, thus infringing upon their right to privacy.
This understanding of jurisdiction and human rights obligations pertaining to the right to
privacy is key to ensuring that individuals can seek redress against global surveillance
arrangements that are threatening their rights to privacy and free expression.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
139
Gueye and Others v. France (Comm. No. 196/1985)
! 41!

Eyes Wide Open v1 PDF

Uploaded by

Copyright:

Available Formats

You might also like

Eyes Wide Open v1 PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Eyes Wide Open v1 PDF

Uploaded by

Copyright:

Available Formats

Eyes Wide Open

The recent revelations, made possible by NSA-whistleblower Edward Snowden, of the

modern communications networks. Forcing companies to handover their customers’

We must move towards an understanding of global surveillance practices as

Version 1.0 – 26 November 2013

Chapter 1 – Understanding the Five Eyes

The birth of the Five Eyes alliance

The extent of the original arrangement is broad and includes the

(1) collection of traffic;

(3) traffic analysis;

Indeed, in addition to facilitating collaboration, the agreement suggests that all

The extent of Five Eyes collaboration

“[a]llocation of major tasks, conferring a one-sided responsibility, is undesirable

The division of SIGINT collection responsibilities

Investigative journalist Duncan Campbell explains that historically

Jointly run operations centres

In addition to fluidly sharing collected SIGINT, it is understood that many intelligence

An earlier incarnation of ASD, the Defence Signals Branch in Melbourne,24 was

Type Location Country Codename

Intelligence collection, analysis and sharing activities

The no-spy deal myth

As best can be ascertained, therefore, it seems there is no prohibition on intelligence-

“Under the British-U.S. Communications Intelligence Agreement of 5 March 1946

The directive continues:

INFORMANT66 are marked “TOP SECRET//SI//NOFORN”. These documents show that

Changes to the original arrangement, however, suggest a convention is in place

"There are circumstances when targeting of second party persons and

names of Australian persons mentioned in foreign communications."68

Spying on heads of State

Other surveillance partnerships

Additionally, other ‘Eyes-like’ relationships exist, in various forms with membership

This is supported by statements made by an ex-senior NATO intelligence officer:

Chapter Two – Secret law is not law

The rule of law and accessibility

Accessing the laws regulating the actions of the Five Eyes

Scheinin and Vermeulen argue that

“The overwhelming majority of these intelligence cooperation arrangements are

“[t]he interpretation and guidelines for applying [American] authorities, and in

There is a significant body of European Court of Human Rights jurisprudence on what

Applying human rights requirements to the laws of the Five Eyes

(1) There shall continue to be a Government Communications Headquarters under

(5) Dissemination of signals intelligence information for national foreign intelligence

(f) Disseminate intelligence to cooperating foreign governments under arrangements

(a) Collect, produce and disseminate foreign intelligence and counterintelligence,

(1) to obtain intelligence about the capabilities, intentions or activities of people or

Pursuant to s11(2AA) of the Act, intelligence agencies may communicate incidentally

(a) activities that present a significant risk to a person’s safety;

and under section 8B

(a) to gather and analyse intelligence (including from information infrastructures) in

In Canada, the functions of the Communications Security Establishment Canada

Chapter Three – Holding the Five Eyes to account

We seek to introduce an alternative perspective on jurisdiction and to further

The right to privacy of communications

The right to privacy is an internationally recognized right. Article 17 (1) of the

“Compliance with article 17 requires that the integrity and confidentiality of

Therefore, the right to privacy, extending as it does to the privacy of communications, is

Mass surveillance as a breach of the right to privacy of