Cold War Architecture · Part 4 of 11 · Patreon members only

The UKUSA Agreement: How Five Eyes Actually Works

Reading time: ~15 minutes

BLUF

The Five Eyes alliance is not a committee that meets when threats arise. It is a continuously operating, legally binding intelligence-sharing architecture that has been running without interruption since 1946 — through the Cold War, the collapse of the Soviet Union, 9/11, and the digital revolution. Its founding document, the UKUSA Agreement, was so secret that the Australian Prime Minister reportedly was not told it existed until 1973. No government officially acknowledged it by name until 1999. Its full text was not declassified until 2010. This article explains what the agreement actually says, how the alliance divides the world for collection purposes, what ECHELON was and is, how the Snowden revelations changed the public picture, and what the architecture means for anyone thinking seriously about global surveillance, information security, and strategic awareness.

From Wartime Alliance to Permanent Architecture

The story of the UKUSA Agreement begins, as the previous three articles in this series have established, in the wartime intelligence relationship between Britain and the United States. By 1943 that relationship had matured into something unprecedented: two sovereign nations sharing their most sensitive cryptologic secrets in real time, operating from a common set of classification standards, and assigning collection responsibilities by geographic region rather than duplicating effort.

The formal wartime agreement — the BRUSA Agreement, signed on May 17, 1943, between the US War Department and Britain’s Government Code and Cypher School — committed both parties to share signals intelligence, exchange personnel, and develop joint handling procedures for highly sensitive material. It followed Alan Turing’s visit to Washington to oversee codebreaking work on Enigma and several bilateral liaison visits between both countries.

As the war ended and the Soviet threat replaced the Nazi one, both governments faced a question: what to do with this extraordinary architecture they had built. On March 5, 1946, the United States and United Kingdom signed a new, postwar agreement — formally titled the “British-U.S. Communication Intelligence Agreement,” later known as the UKUSA Agreement — that placed this relationship on a permanent peacetime footing.

The Secrecy Problem

The founding postwar document has been described as “quite likely the most secret agreement ever entered into by the English-speaking world.” The agreement was so secret that Australian Prime Minister Gough Whitlam reportedly was not informed of its existence until 1973. No government formally acknowledged Five Eyes existed until 2010, when British intelligence officials declassified its founding documents.

What the Agreement Actually Says

The declassified 1946 text and its subsequent appendices establish several core principles that have governed the alliance for nearly eight decades.

Total sharing as the default. The agreement provides that all Five Eyes countries shall exchange by default all signals intelligence they gather, as well as methods and techniques related to signals intelligence operations. The default posture is full disclosure within the alliance. Restrictions on sharing require specific justification; openness does not.

Scope of collection. The Agreement specifically related to the sharing of intelligence gleaned from the interception of “foreign communications,” defined as “all communications of the government or of any military, air, or naval force, faction, party, department, agency, or bureau of a foreign country, or of any person or persons acting or purporting to act therefor.” The scope is deliberately broad.

Division of labor. Each partner was assigned geographic areas of primary responsibility, avoiding duplication and ensuring global coverage. The NSA focused on the Soviet Union, China, and Latin America; GCHQ covered Europe, Africa, and the Soviet Union west of the Urals; the others covered their respective regions. The specific allocation is governed by a classified protocol known as the SIGINT Combined Operating List (SCOL).

Standardization. Common procedures for classification, handling, and dissemination ensure interoperability across five separate national intelligence bureaucracies. The classification marking that gives the alliance its name — “AUS/CAN/NZ/UK/Eyes Only,” later shortened to “Five Eyes” — was the classification level that included the “eyes” that could have access to high-profile papers and information.

Expansion: Two Eyes to Five

The 1946 agreement was bilateral — US and UK only. Bringing in the remaining three partners took a decade and required separate negotiation with each.

Canada became part of the UKUSA community in 1948, and Australia and New Zealand joined in 1956, through a process entailing a “package of agreements, letters and memoranda of understanding” that would collectively become known as the UKUSA Agreement. This protracted process represented the alliance’s transition from “two eyes” to “five eyes.”

The criteria for membership were both technical and political. In addition to being able to provide valuable sites for signals intelligence collection, aspiring members had to be seen as staunchly anti-Communist and therefore politically trustworthy by the United States in order to become full members of this exclusive community. Geography mattered enormously. Canada’s Arctic position provided access to polar communications routes and the North Atlantic. Australia’s remoteness placed it in range of the Indian Ocean, Southeast Asia, and the southwestern Pacific. New Zealand extended coverage into the South Pacific. Each new member added collection capability that the original bilateral arrangement could not achieve.

It is worth noting that Canada, Australia, and New Zealand became part of the UKUSA community through direct SIGINT relationships with the United Kingdom and, later, the United States, rather than through membership in the actual UKUSA agreement itself. The architecture is not a single treaty with five signatories — it is a network of bilateral and multilateral agreements that together constitute what is known as the Five Eyes framework.

The Five Agencies

Each member nation contributes a primary SIGINT agency to the alliance. Understanding what each one does is essential context for understanding how the system works as a whole.

Country	Agency	Primary Geographic Focus	Key Facilities
United States	NSA	Russia, China, Middle East, Latin America	Fort Meade; Pine Gap (joint); Menwith Hill (joint)
United Kingdom	GCHQ	Europe, Africa, Russia west of the Urals	Cheltenham; Bude (Composite Signals Org.); Menwith Hill
Canada	CSE	Arctic, North Atlantic, parts of Europe	Ottawa HQ; various northern listening posts
Australia	ASD	Eastern Indian Ocean, Southeast Asia, SW Pacific	Pine Gap (joint); Shoal Bay; DSD Headquarters
New Zealand	GCSB	South Pacific, Southeast Asia	Waihopai Station; Tangimoana

The CSE, based in Ottawa, focuses on the Arctic, North Atlantic, and North America. Its geographic position provides access to communications crossing the polar regions and North Atlantic cables. Canada’s intelligence contribution to Five Eyes exceeds what its population and budget would suggest. The GCSB, the smallest Five Eyes member, covers the South Pacific and Southeast Asia.

The result of this division is that the five agencies together provide near-complete global coverage with minimal overlap. A signals analyst at NSA headquarters in Fort Meade has, in operational terms, access to collection from every inhabited region of the planet. The level of cooperation under the UKUSA agreement is so complete that former intelligence officials have explained that “SIGINT customers in both capitals seldom know which country generated either the access or the product itself.”

ECHELON: The Collection Network

The operational collection network that implements the UKUSA Agreement at scale is known as ECHELON. Its existence was one of the worst-kept secrets in the intelligence world for decades before any government acknowledged it.

ECHELON, originally a secret government code name, is a surveillance program — a signals intelligence collection and analysis network — operated by the five signatory states to the UKUSA Security Agreement. Its roots can be traced back to the middle of the 20th century, and it resulted in the establishment of a global surveillance network formally code-named ECHELON in 1971.

The system operates through a global network of ground stations, undersea cable tap points, and space-based collection platforms — the satellites described in Part 3 of this series. Ground stations intercept microwave relay traffic, satellite uplinks, and radio emissions. Cable tap points intercept fiber-optic traffic carrying internet and telephone communications. The satellite layer intercepts transmissions that never touch the ground at all.

ECHELON’s existence wasn’t officially acknowledged until 1999, when the European Parliament investigated. The report confirmed what researchers had alleged for decades: Five Eyes was conducting mass surveillance of civilian communications worldwide. The European Parliament’s finding triggered significant diplomatic friction but produced no structural change to the architecture. The collection continued.

The Snowden Revelations, 2013

On June 5, 2013, The Guardian published the first story based on documents provided by former NSA contractor Edward Snowden. What followed over the next eighteen months was the most comprehensive public disclosure of intelligence collection methods in the history of the Five Eyes alliance — and possibly in the history of any intelligence alliance.

The disclosures confirmed and extended the ECHELON picture in several critical ways.

PRISM and upstream collection

After the 2013 Snowden leaks, two types of surveillance became public knowledge as the main methods used by Five Eyes intelligence agencies. Upstream surveillance involves directly collecting communication data as it travels over the internet — the type of bulk operation carried out by programs like ECHELON. PRISM is the collection of communication data from technology companies. Five Eyes intelligence agencies can go directly to the major technology platforms and compel them to provide communication records involving people of interest, with the companies prohibited from telling their users that their data has been turned over.

Mutual surveillance of allied citizens

The Snowden leaks revealed that members of the Five Eyes intentionally spied on one another’s citizens and shared the collected information with one another to circumvent restrictive domestic surveillance laws. The mechanism is straightforward: if GCHQ collects data on US citizens and shares it with the NSA, the NSA has not technically conducted domestic surveillance — it received the product of a foreign collection operation. Each country’s domestic legal restrictions apply only to its own collection activities.

Global reach beyond the five nations

According to the Snowden leaks, US-operated stations also exist in countries outside the Five Eyes, including Brazil, Germany, India, Japan, and Thailand. Stations operated by GCHQ and Australian intelligence exist in Cyprus, Kenya, and Oman. The Five Eyes is the core of the architecture, but the architecture itself extends well beyond the five nations through a network of third-party relationships, liaison agreements, and forward-deployed collection facilities.

Snowden’s Summary

Edward Snowden’s own description of what the disclosures revealed remains the most precise summary available: Five Eyes is “a supra-national intelligence organization that does not answer to the known laws of its own countries.” Whether one regards that as a security necessity or a democratic problem, it is an accurate structural description of what the UKUSA Agreement created.

How the Alliance Actually Functions Day to Day

The UKUSA Agreement is not a headquarters. There is no Five Eyes building, no joint director, no combined budget line. The alliance operates through the bilateral and multilateral relationships between the five agencies — relationships that are institutionalized through liaison officers, shared technical standards, joint facilities, and a common classification system.

Liaison officers

Each agency maintains permanent liaison personnel at its partner agencies. NSA officers work inside GCHQ. GCHQ officers work inside NSA. The same pattern holds across all five relationships. These officers are not guests — they have access to collection systems, analytical tools, and finished intelligence products. The liaison relationship is operational, not ceremonial.

Joint facilities

Several major collection facilities are jointly staffed and operated by two or more Five Eyes partners. Pine Gap in Australia is jointly operated by the US and Australia. RAF Menwith Hill in the UK is jointly operated by the NSA and GCHQ. Joint operation means joint access to collection — neither partner has unilateral control over what the facility collects or how that collection is disseminated.

Common technical standards

The alliance has developed and maintained common technical standards for signal intercept formats, encryption of shared material, database structures, and analytical software. The practical effect is that a GCSB analyst in Wellington and an NSA analyst in Fort Meade can work on the same dataset with the same tools. The interoperability is not accidental — it has been engineered and maintained for nearly eight decades.

The “need to know” boundary

Not everything is shared equally. Each agency maintains national-only compartments that are not accessible to partners. Particularly sensitive sources, methods that could compromise ongoing operations, and intelligence that touches on the domestic politics of a partner nation are routinely withheld. The default is sharing; the exception is compartmentation. Both exist simultaneously within the same architecture.

Third Parties: Beyond the Five

The Five Eyes is the innermost tier of a larger alliance structure. The United States and the United Kingdom together with the later three members of UKUSA are called the Tier A countries of the Five Eyes Alliance, which have established additional partnerships among themselves and also with their allies, called Tier B countries.

A number of other countries’ SIGINT agencies also participate in the UKUSA community, including those of Germany, Japan, Norway, South Korea, and Turkey. These third-party relationships are not equivalent to Five Eyes membership — third parties do not receive the same breadth of shared intelligence, do not have liaison officers inside the core agencies in the same way, and are subject to more selective sharing. But they provide collection access in regions or against targets where the five core agencies have gaps.

The practical result is a collection architecture that, at its outer edges, spans most of the strategically significant nations on Earth. The Five Eyes is the command-and-control center of a much larger network.

The Huawei Question and Alliance Tensions

The Five Eyes alliance has not been without internal friction. The most significant recent stress test was the question of whether member nations should permit Huawei — the Chinese telecommunications giant — to build their 5G cellular networks.

The US position was unambiguous: Huawei’s presence in 5G infrastructure would give Chinese intelligence access to the communications backbone of allied nations, compromising the collection architecture the alliance depends on. The UK initially resisted US pressure before ultimately banning Huawei from its 5G core network in 2020. Australia banned Huawei from its 5G network in 2018. Canada and New Zealand followed. The episode demonstrated that the alliance’s value — and its vulnerability — lies in the shared infrastructure through which it operates. A compromised network in any one partner nation potentially compromises collection for all.

Why This Matters for the Prepared

The overhead collection architecture matters to the preparedness practitioner for reasons that extend well beyond its intelligence applications.

Satellite imagery is now the primary tool for disaster damage assessment in the immediate aftermath of major events. When ground access is impossible and aircraft cannot operate safely, satellites continue collecting. FEMA, state emergency management agencies, and international disaster response organizations use commercial and government imagery as a standard operational tool for flood mapping, wildfire boundary determination, infrastructure damage assessment, and search and rescue support.

This capability does not stop working when the local infrastructure fails. It does not require local conditions to be favorable. It provides a view of the situation from outside the affected area, which is precisely the perspective that ground-based emergency response most critically lacks in the initial hours of a major incident.

Operational Implication

If you are involved in emergency management, infrastructure resilience, or strategic planning at any level, satellite intelligence is already shaping your operating environment. The question is not whether the overhead architecture is relevant to your work. The question is whether you understand its capabilities, its limitations, and how to access the commercial layer of this system that is now available to practitioners outside the cleared intelligence community.

Continue the Series

Part 3: The Five Eyes Satellite Intelligence Network — how the U.S., UK, Canada, Australia, and New Zealand coordinate the overhead architecture described in this article, the SIGINT collection layer, and the ground station infrastructure that holds the system together.

Part 4: The UKUSA Agreement: How Five Eyes Actually Works — the 1946 BRUSA/UKUSA Agreement, how the alliance works operationally, ECHELON, and the Snowden revelations.

Part 1: MI5, MI6, Bletchley Park & Camp X — the British wartime intelligence nexus that seeded the American intelligence community this system was built by.