Bo is young and full of enthusiasm,” Boris Hagelin chuckled. The Swedish engineer’s firm, Crypto AG, had just concluded sales of its C52 cryptographic machines to Egypt, Iraq, Iran, Jordan, and Saudi Arabia. Islamabad had just ordered a version with what the engineers called “Hindustani characters.” “The Indian Army is interested in these machines, too,” Hagelin noted at a 1955 meeting with an official from the United States National Security Agency, in the picturesque Swiss resort-town of Zug.
The engineer’s son, also named Boris Hagelin, was now proposing shutting down the old production line and switching to making the more secure C52Y series, which incorporated a new slide bar and lug arrangement to strengthen encryption.
For the NSA, which secretly controlled Crypto AG, this was an appalling prospect. The C52 was meant to keep its customers’ secrets secure from each other, not from the United States and its intelligence allies. “Foreign governments were paying good money to the U.S. and West Germany,” an internal CIA history recorded, “for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”
Earlier this week, the US confirmed that intelligence shared among the Five Eyes Alliance helped Canada confirm suspicions that India was responsible for the killing of Khalistani activist Hardeep Singh Nijjar. The precise nature of that intelligence remains unknown, but it points to a deep problem faced by intelligence agencies worldwide.
What the Five Eyes found tying the Research and Analysis Wing to the killing isn’t before us. It isn’t impossible to speculate on the possibilities, though: Loose words on a not-so-secure platform, or secret transactions on dark-web site that wasn’t so secret, or travel patterns that were electronically tracked. Five Eyes, when it sets its mind to it, sees pretty much everything. Short of the thoughts in your mind, whispered into a trusted friend’s ear, everything is vulnerable—and in the world of espionage, there’s no such thing as a trusted friend.
For all the talk of cyber-espionage by China or Russia, the Five Eyes are the largest intelligence-gathering organisation in the world, with the capabilities needed to harvest and decrypt virtually all global communications, from satellite signals to submarine cables. They’re also the principal source of the technologies that countries across the world use to keep their own secrets. The Five Eyes have the best safe-cracking tools, simply put, because they also make the safes.
Five Eyes and its fallout
The Five Eyes had its genesis in intelligence-sharing that took place between the United States and United Kingdom during the Second World War. Early in 1941, American cryptanalysts visited the super-secret United Kingdom cryptanalysis station at Bletchley Park and shared a copy of the Imperial Japanese Kyūnana-shiki ōbun injiki naval cypher machine, and the knowledge to crack the so-called Purple code it used. The UK reciprocated with a Bombe, the machine designed by mathematician Alan Turing to crack the Nazi Enigma cypher.
Even though we now know the story of how mathematicians like Turing, the Polish Marian Rejewski, American Elizabeth Friedling and the Swedish Arne Beurling helped win the Second World War—and how their German counterparts fought back—the story after that hasn’t engaged the public quite so much.
From 1955, the five English-speaking democracies—together with Israel as a kind of de-facto partner—signed a formal pact to set up listening stations around the world. The volumes of traffic grew significantly: for example, Five Eyes intercepted microwave signals through its satellites, while its ground stations were able to pick up Soviet communications. Large parts of the NSA’s official history detailing the Cold War-era operations of Five Eyes remain classified. It is clear that automation and computer technology transformed intelligence.
The Five Eyes system was aided by the fact that newly-independent countries had to turn to the West to secure their communications. The UK liberally distributed its Typex cryptographic machines, designed in 1934, to post-colonial states, and often maintained deep liaison relationships with the intelligence services it had trained. For its part, the US turned to Crypto AG.
Even though customers could turn to the Soviet bloc for technology, that meant an identical vulnerability—just from a different set of patrons.
Five Eyes, however, provided the technological foundation for the aggressive campaigns of assassination and state-sponsored terrorism that the US and the UK practiced throughout the Cold War. Historian Walton Calders has shown that even after the collapse of the British Empire, MI5 and MI6 neither lost their lethality nor gained scruples. Similarly, the US used its C52 sales to eavesdrop on coup-plotters in Chile and death-squad operators in Argentina—operations all approved by the CIA.
There were, of course, limits to what technology could achieve: the ability of Five Eyes to crack KGB codes like VENONA didn’t prevent skilled and ideologically-committed Soviet agents like Kim Philby from infiltrating the highest levels of Western intelligence services. From insurgents in Africa to terrorist groups like al-Qaeda, many adversaries evaded the NSA’s all-seeing eyes simply because of their primitive technology.
Also read: Trudeau’s allegation on Nijjar killing based on Five Eyes input, says US envoy on India-Canada row
The danger of the panopticon
Five Eyes’ operations began to become public from the 1990s, based on disclosures made by New Zealand’s Nicky Hager, American James Bamford, and British journalist Duncan Campbell. Fears grew in European countries that Five Eyes might use the alliance to conduct espionage against their own citizens, as well as to further their commercial interests. In 2000 and 2001, the European Parliament issued reports that made it clear these fears were well-founded.
The ensuing controversy forced former CIA director James Woolsey to admit that the US did conduct espionage in Europe—but only because European companies gained unfair competitive advantages through bribery. He claimed that commercial and economic intelligence of this kind was not shared with companies in the US.
Fred Stock, a former Canadian intelligence officer, testified that Five Eyes also gathered information on a range of economic issues, including French weapons sales and Chinese grain purchases, as well as political dissidents such as the environmental organisation Greenpeace.
Even more disturbing for the public, evidence began to emerge that the NSA used Face Eyes on American citizens—though not on its own soil, thus bypassing national legislation. Margaret Newsham, who worked at Five Eyes’ Menwith Hill facility in the United Kingdom from 1977 to 1981, testified that conversations involving the late Senator Strom Thurmond had been intercepted. She said that the technology to target conversations involving specific individuals using keywords and voice patterns had existed since 1978.
The revelations made by former NSA contractor Edward Snowden established that Five Eyes had the ability to penetrate even highly-defended computer networks, spying on citizens beyond the reach of national laws and democratic institutions.
Also read: Punjab’s Sikhs have 99 problems but Khalistan ain’t one. They’re very proud Indians, but angry
The dilemma of knowledge
Like all other countries in the world, India has sought to expand its ability to monitor distant national security threats, infamously employing tools like Pegasus. Even when setting aside the potential abuse of interception technologies, there is a bigger problem. The same countries that sell interception technologies can, after all, leave backdoors that allow them—and their allies—to harvest a client’s secrets. These concerns have led many countries to impose bans on China-made critical infrastructure in 5G internet networks.
From cellphones to seemingly innocuous wireless devices like online surveillance cameras, even fridges, almost anything can be an espionage tool.
To make things worse, there’s no telling which vendor might sell technologies to whom. Earlier this year, Israeli media revealed that the technology firm Cellebrite, which partners with Indian law-enforcement, was also selling equipment to Pakistan.
Few would be surprised, of course, if India had tried to put its own expanding intelligence capabilities to the kinds of uses the West did. The country’s intelligence services, intelligence sources say, significantly expanded covert operations under the watch of Research and Analysis Wing chief Samant Goel, who retired just after the Nijjar killing.
The results haven’t always been perfect, though. A string of exposed covert operations—one of which led to the tragic kidnapping of Kulbhushan Yadav from Iran by the ISI, the tragic-comic attempt to snatch economic fugitive Mehul Choksi, and a failed attempt to assassinate Lashkar-e-Taiba chief Hafiz Muhammad Saeed, which led to a retaliatory drone strike—show India’s ambitions aren’t aways supported by the highest level of human resources.
For countries like India, the challenges are enormous. For one, developing indigenous technological resources requires massive investments in education and research. The NSA alone is reputed to employ more pure-mathematics doctorates each year than graduate from all of India’s universities. Even in national security-linked sectors in India, there are often no alternatives other than importing critical components.
Last year, Senator Ruben Gallego, chairman of the United States’ Armed Services subcommittee on special operations and intelligence, called on the director of National Intelligence to report on the benefits and risks of expanding “the circle of trust to other like-minded democracies.” The language seemed to suggest an openness to expanding Five Eyes to countries like South Korea, Japan, and India.
The allegations of rogue behaviour by Indian intelligence likely mean the proposal is off the table—at least for now. For India, though, they should also serve as an occasion to consider its deeper technological vulnerabilities.
The author is National Security Editor, ThePrint. He tweets @praveenswami. Views are personal.
(Edited by Prashant)