May 18, 2021

What the NSA provides to its foreign partners, and vice versa

(Updated: November 3, 2021)

The cooperation between (signals) intelligence agencies of different countries is strictly quid pro quo, which means what you get is equivalent to what you give. This is perfectly illustrated by a small series of documents from the Snowden trove, which summarize what the NSA provides to its foreign partners, along what they provide to the NSA.

Three of these documents are about the NSA's Second Party partners (better known as the Five Eyes): Canada, Australia and New Zealand, and six about Third Party partners: Germany, Israel, Norway, Saudi Arabia, Sweden and Turkey. Another NSA document provides some characteristics of these relationships.





The documents about the various NSA partners are information papers prepared by the Country Desk Officer (CDO) for the particular country at the NSA's Foreign Affairs Directorate (FAD). All but one date from April 2013, which is just a month before Snowden left the agency. It's not known whether there are also papers about other NSA partners among the Snowden files.

The information papers describe the relationship between the NSA and the foreign partner in a standardized way: they all start with an introduction, mention some "Key Issues", followed by "What NSA Provides to Partner" and "What Partner Provides to NSA". The papers end with "Success Stories" and "Problems/Challenges with the Partner".

For readability, the portion markings with the classification level for each paragraph have been removed and some abbreviations are written in full.



Second Party partners

The Second Party partners of the NSA are the signals intelligence agencies of the United Kingdom, Canada, Australia and New Zealand. These five countries are also known as the Five Eyes. Their SIGINT systems are highly integrated and the partners are not supposed to spy on each other.


Canada

Information paper: NSA Intelligence Relationship with Canada's CSEC, April 3, 2013

(Published by CBC on December 9, 2013)


What NSA provides to the Partner:

SIGINT: NSA and CSEC cooperate in targeting approximately 20 high-priority countries [two lines redacted]. NSA shares technological developments, cryptologic capabilities, software and resources for state-of-the-art collection, processing and analytic effots, and IA capabilities. The intelligence exchange with CSEC covers worldwide national and transnational targets. No Consolidated Cryptologic Program (CCP) money is allocated to CSEC, but NSA at times pays R&D and technology costs on shared projects with CSEC.

[two paragraphs redacted]


What the Partner provides to NSA:

CSEC offers resources for advanced collection, processing and analyss, and has opened covert sites at the request of NSA. CSEC shares with NSA their unique geographic access to areas unavailable to the U.S. [redacted], and provides cryptologic products, cryptanalysis, technology, and software. CSEC has increased its investment in R&D projects of mutual interest. [several lines redacted].

[at least two paragraphs redacted]





Australia

Information paper: NSA Intelligence Relationship with Australia, April 2013

(Published by The Intercept and ABC on August 18, 2017)


What NSA provides to the Partner:

NSA provides cryptologic products/services to the Government of Australia through DSD, on virtually all subjects, particularly those related to the Pacific Rim. NSA shares technology, cryptanalytic capabilities, and resources for state-of-the-art collection, processing and analytic efforts. NSA will continue to work closely with Australia to meet its commitments as the U.S reallocates efforts toward Asia and the Pacific.


What the Partner provides to NSA:

NSA and DSD have agreed to specific divisions of effort, with the Australians solely responsible for reporting on multiple targets in the Pacific area, including Indonesia, Malaysia, and Singapore, based on their unique language capabilities and geographic accesses. In addition, DSD has primary reporting responsibility [redacted] regardless of geographic region. DSD provides access to commercial and foreign/domestic satellites from sites in Geraldton and Darwin, High Frequency (HF) collection and Direction Finding (DF) from three sites; and, manning of the operations floor at Joint Defense Facility at Pine Gap (RAINFALL), a site which plays a significant role in supporting both intelligence activities and military operations. In addition, DSD provides NSA with access to terrorism-related communications collected inside Australia.





New Zealand

Information paper: NSA Intelligence Relationship with New Zealand, April 2013

(Published by NZ Herald on March 11, 2015)


What NSA provides to the Partner:

NSA provides raw traffic, processing, and reporting on targets of mutual interest, in addition to technical advice and equipment loans.


What the Partner provides to NSA:

GCSB provides collection on China, Japanese/North Korean/Vietnamese/South American diplomatic communications, South Pacific Island nations, Pakistan, India, Iran, and Antarctica; as well as, French police and nuclear testing activities in New Caledonia [two lines redacted].




Third Party partners

The Third Party partners of the NSA are the signals intelligence agencies of some 33 countries. Cooperation is based on formal, bilateral agreements, but the actual scope of the relationship varies from country to country and from time to time. Unlike the Second Party partners, Third Party partners do spy on each other.


Germany

Information paper: NSA Intelligence Relationship with Germany, January 17, 2013

(Published by Der Spiegel on June 18, 2014)


What NSA provides to the Partner:

NSA has provided a significant amount of hardware and software at BND expense, as well as associated analytic expertise to help the BND independently maintain its FORNSAT [Foreign Satellite collection] capability. NSA also exchanges intelligence reporting on both military and non-military targets.


What the Partner provides to NSA:

NSA is provided access to FORNSAT communications supporting counter-narcotics (CN), counter-terrorism (CT), [redacted], and Weapons of Mass Destruction (WMD) missions and is an important source of information on drug trafficking and force protection in Afghanistan. The BND provides Igbo language support by translating NSA collection of a high-value, time-sensitive [redacted] target. NSA is seeking the proper approvals to accept BND language support in [one line redacted]. In addition to the day-to-day collection, the Germans have offered NSA unique accesses in high interest target areas.





Israel

Information paper: NSA Intelligence Relationship with Israel, April 19, 2013

(Published by The Intercept on August 4, 2014)


What NSA provides to the Partner:

The Israeli side enjoys the benefits of expanded geographic access to world-class NSA cryptanalytic and SIGINT engineering expertise, and also gains controlled access to advanced U.S. technology and equipment via accomodation buys and foreign military sales.


What the Partner provides to NSA:

Benefits to the U.S. include expanded geographic access to high priority SIGINT targets, access to world-class Israeli cryptanalytic and SIGINT engineering expertise, and access to a large pool of highly qualified analysts.





Norway

Information paper: NSA Intelligence Relationship with Norway, April 17, 2013

(Published by Dagbladet on December 17, 2013)


What NSA provides to the Partner:

- Daily TS//SI-level counter-terrorism (CT) reports shared multilaterally;
- Frequent exchanges of technical data and analytic expertise on CT targets, [one line redacted] and other threats to Norway's national security;
- Daily force protection support in Afghanistan and technical expertise to support target development of Afghan insurgent targets;
- Regular reporting on counter-proliferation (CP) topics [redacted]
- Ad-hoc reporting and analytic expertise on [redacted]
- Exchanges of reporting, tech data and analytic expertise on [redacted]
- Tech data and expertise on cryptanalytic topics of mutual interest; and
- FORNSAT communications metadata


What the Partner provides to NSA:

- SIGINT analysis as well as geolocational and communications metadata specific to Afghan targets of mutual interest (this analysis also supports Norwegian Special Operations Forces (when deployed);
- All-source analysis specific to Afghan targets of mutual interest. The analysis is based on operations conducted jointly between Norway and local and/or coalition authorities;
- Potential to leverage NIS [Norwegian Intelligence Service] FORNSAT capabilities to augment NSA collection against high priority CP SIGINT targets;
- Potential to leverage NIS unique access to SIGINT on high priority CT targets; [redacted]
- SIGINT reports on Russian civil targets of mutual targets, particularly Russian energy policy;
- FORNSAT communications metadata; and
- [one line redacted]





Saudi Arabia

Information paper: NSA Intelligence Relationship with Saudi Arabia, April 8, 2013

(Published by The Intercept on July 25, 2014)


What NSA provides to the Partner:

NSA/CSS provides technical advice on SIGINT topics such as data exploitation and target development to TAD [Technical Affairs Directorate of the Ministry of Interior] as well as a sensitive source collection capability.

NSA/CSS provides a sensitive decryption service to the Ministry of Interior against terrorist targets of mutual interest.


What the Partner provides to NSA:

NSA leverages MOD RRD [Ministry of Defense Radio Reconnaissance Department] access to remote geography in the Arabian Gulf but provides no finished SIGINT reporting to NSA/CSS, however; they have provided unencrypted collection against the IRGC QODS Maritime Force targets of mutual interest from their collection system [redacted].

TAD provides sensitive access to unique collection containing AQAP terrorist targets of mutual interest.





Sweden

Information paper: NSA Intelligence Relationship with Sweden, April 18, 2013

(Published by SVT Nyheter on December 5, 2013)


What NSA provides to the Partner:

- Technical support, collection, processing equipment and training
- NSA accepts selectors from FRA and tasks them to approved NSA collection sites
- [one line redacted]
- [one line redacted]
- Accomodation purchases of equipment
- Membership in multinational forums


What the Partner provides to NSA:

- Unique intelligence on Russia, the Baltic, Middle East, and counter-terrorism (CT)
- Outstanding and unique input of ELINT signals
- Access for special collection initiatives
- Collaboration on cryptanalytic issues





Turkey

Information paper: NSA Intelligence Relationship with Turkey, April 15, 2013

(Published by Der Spiegel on August 31, 2014)


What NSA provides to the Partner:

- NSA provides equipment, technology, training, and U.S. SIGINT requirements and reporting to the Turkish partner to better assist NSA in fulfilling U.S. intelligence requirements.

- In terms of equipment and technology NSA provides both collection and cryptographic equipment. A Cryptographic Modernization program is under way with both partners [MIT and SIB] to upgrade encryption on all shared and some non-shared communications links. A High Frequency Direction Finding (HFDF) collection site is [two line redacted] NSA also provides decryption of DHKP/C internet traffic the Turks collect.

- U.S. SIGINT requirements and reporting cover military and paramilitary targets in [redacted] and the KGK [Kurdistan Workers' Party]. This reporting is a mixture of near-real time and product "Tear Line" reports and analysis.

- NSA provides daily interaction and actionable intelligence on foreign fighter Sunni extremists, against both Turkish and non-Turkish individuals. NSA provides regional Tactical [redacted] reporting in two hour increments.


What the Partner provides to NSA:

- The partner provides near real time reporting on military air, naval, ground, and paramilitary targets in Russia, [redacted] Georgia, Ukraine, and on KGK targets, as well as daily summary reporting of Black Sea and CIS Naval and Air activity and [redacted]

[one paragraph redacted]

- NSA enjoys joint operational access to the HFDF site in [redacted] which, in turn, functions as a node on NSA's world-wide CROSSHAIR HFDF geolocation service. The U.S. and 2nd Parties receive approximately 400,000 fixes yearly utilizing Lines-of-Bearing from the [redacted] site while the Turks receive approximately 5000 fixes yearly from its regional usage of CROSSHAIR, an 80 to 1 ratio in FVEY's favor.

- NSA receives Turkish transcripts of KGK voice collection. Cooperation on the KGK target by the U.S. Intelligence Community in Ankara has increased across the board since the May 2007 DNI Memorandum encouraged all to do so.


Section from the information paper about the NSA's relationship with Turkey




Some characteristics

According to the quid pro quo-principle, we see that for each of these foreign partners, the things that NSA provides to the partner roughly equal what the partner provides to the NSA - at least according to the length of the sections in the information papers. The actual content of what each party provides is often very different, as was described in an internal interview from 2009 about the nature of the NSA's Third Party relationships:

"Generally speaking, our Third Party partners want access to our technology, as well as our regional/global reach. In exchange for providing unique accesses, regional analytical expertise, foreign language capabilities and/or I&W [Indications & Warning] support, we provide them with technical solutions (e.g., hardware, software) and/or access to related technology." The partners usually "know their regional hoods better than we do and they exponentially add to our foreign language capability."

When the information papers speak about providing data about "targets of mutual interest", the interview explains: "We must keep in mind that our partners are attempting to satisfy their own national intelligence requirements; with the exception of the assistance we provide during crises, we can only move our SIGINT relationships forward, when U.S. requirements intersect with theirs." This also depends on how long and deep such a relationship is:

"Many of our relationships have, indeed, spanned several decades, allowing us to establish higher degrees of trust with and reliance on one another. This, in turn, has led to greater levels of cooperation, where, for instance, NSA might be willing to share advanced techniques with a proven and reliable partner, in return for that partner's willingness to do something politically risky. Trust requires years to build up but can be lost in a very short period of time."

And finally, the interview also explains: "For a variety of reasons, our intelligence relationships are rarely disrupted by foreign political pertubations, international or domestic. First, we are helping our partner address critical intelligence shortfalls, just as they are assisting us. Second, in many of our foreign partners' capitals, few senior officials outside of their defense-intelligence apparatuses are witting to an SIGINT connection to the U.S./NSA."




2 comments:

Unknown said...

Hi, thank you very much for your great content and analysis. Can you explain why there are multiple, conflicting, classifications on the April 2013 NSA Information Paper on its relationship with CSEC? On the top of the first page the classification is TOP SECRET//SI//REL USA, FVEY but on the bottom of the same page is TOP SECRET//SI//NOFORN. That second marking might be an error, as there is no visible TS//SI//NF material (it could be contained in the redacted sections), but there are also portions marked S/REL TO USA, CAN and TS//SI//REL TO USA, CAN, which would rule out an overall classification of TOP SECRET//SI//REL USA, FVEY. At a minimum it should be TOP SECRET//SI//REL USA, CAN. Can we trust the providence of a document with so many basic errors?

P/K said...

Well spotted! I guess these conflicting classification markings are due to human errors, as the system is quite complex. I have seen other documents with small classification errors, sometimes those documents were drafts, and the errors were resolved in the final version. In other cases, documents appeared to be originally classified as NOFORN and later downgraded to REL [...], apparently to share (parts of) them with foreign partners. Note that most of the information papers about the Third Party partners are NOFORN.

In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties