Risky Bulletin Summary: "Srsly Risky Biz: Canada's expulsion from Five Eyes would be a disaster"

Hosted by Risky.biz, the "Risky Bulletin" podcast delivers in-depth cybersecurity news and analysis. In the February 27, 2025 episode titled "Srsly Risky Biz: Canada's expulsion from Five Eyes would be a disaster," hosts Patrick and Tom Uren delve into critical issues affecting global cybersecurity alliances, encryption debates, and the persistent challenges in the cryptocurrency ecosystem.

1. Canada’s Potential Expulsion from the Five Eyes Alliance

Key Discussion: The episode opens with a significant revelation: reports suggesting that the U.S. government is contemplating the removal of Canada from the Five Eyes intelligence alliance. This consideration has stirred considerable debate, given the profound implications for international intelligence collaboration.

Notable Quotes:

• Patrick [02:02]: "There was this whole burp in the news cycle in the United States about the U.S. government considering removing Canada from the Five Eyes alliance, which is probably bigger news than the average would realize."

• Tom Uren [02:16]: "I think what is interesting here is that it's even considered. So it's probably fair to say that the Trump administration is not afraid of killing sacred cows."

Insights: Tom emphasizes the gravity of such a move, highlighting the Five Eyes as "the crown jewels" of intelligence partnerships. The discussion underscores that the alliance's strength lies in mutual trust and the unique contributions each member brings, such as Canada's strategic Arctic territories essential for early warning systems against nuclear ballistic missiles.

Implications: Patrick raises concerns about the broader fallout if Canada were expelled, suggesting it could undermine the alliance's cohesion and prompt other members to reassess their international partnerships. Tom concurs, viewing the consideration as a "warning shot" that signals the need for all Five Eyes members to contemplate contingency plans.

2. The Vital Importance of the Five Eyes Partnership

Key Discussion: The hosts explore the indispensable role that the Five Eyes alliance plays in global intelligence sharing, especially in regions critical to national security, such as Southeast Asia for Australia.

Notable Quotes:

• Tom Uren [04:40]: "It's an ongoing relationship where everyone benefits more than you would being on your own."

• Patrick [07:39]: "Five Eyes has been around 50 odd years... it's the best time to plant a tree is today."

Insights: Tom reflects on his experience with ASD (Australian Signals Directorate), illustrating the seamless collaboration with the NSA, which exceeded the efficiency of working with separate government departments. Patrick adds that replacing such a well-established alliance is unfeasible in the short term, emphasizing the necessity of nurturing regional cooperation and enhancing intelligence capabilities independently.

Strategic Considerations: The conversation highlights the challenges in replicating Five Eyes' effectiveness, given the U.S.'s pivotal role and resources. Both hosts agree on the importance of investing in regional intelligence partnerships to ensure resilience against potential disruptions in traditional alliances.

3. Sweden’s Demand on Signal and the Encryption Paradox

Key Discussion: Shifting focus, the episode examines Sweden's government's attempt to compel Signal, a popular encrypted messaging app, to incorporate surveillance capabilities. Signal’s steadfast refusal underscores the ongoing global debate over encryption and privacy.

Notable Quotes:

• Tom Uren [14:45]: "It's a perfect encapsulation of the paradox around end-to-end encryption."

• Patrick [19:28]: "This is the first time where we've seen a major change in a popular technology service being offered to a population of an entire country resulting from the issuance of a technical capability notice."

Insights: Tom points out that Sweden's approach is an anomaly, as most countries lack the geopolitical leverage to enforce such demands on tech companies. He contrasts this with the U.S., where political infighting stalls decisive action on encryption policy. Patrick further discusses the broader implications, noting that while the UK achieved partial success by compelling Apple to disable a specific data protection feature, the long-term effectiveness remains uncertain.

Encryption Debate: The hosts delve into the nuanced balance between national security and individual privacy, illustrating the complexities faced by governments worldwide. They acknowledge China's model, where state security clearly overrides personal privacy, leaving little room for debate—a stark contrast to the fragmented global stance on encryption.

4. The UK’s Encryption Battle with Apple

Key Discussion: The conversation extends to the UK's recent legal maneuvers against Apple, seeking access to encrypted iCloud content. Apple's resistance led to the withdrawal of advanced data protection features in the UK, sparking debate over the true victory for law enforcement.

Notable Quotes:

• Patrick [16:19]: "From the British perspective, that's still a win because they're still able to get a warrant for iCloud data."

• Tom Uren [17:29]: "From the broader government perspective, it's not a win; it's not totally a cyber."

Insights: Patrick argues that while Apple’s withdrawal might appear as a tactical loss, it actually represents a strategic win for the UK by maintaining the ability to secure warrants. Tom, however, contends that the broader objectives of seamless enforcement were not fully achieved, rendering the outcome only partially successful.

Political Ramifications: The episode highlights the delicate interplay between technology companies and government regulations, suggesting that public indifference to Apple's concession may influence future negotiations. The hosts speculate on whether this incident signals a temporary shift or a lasting change in how governments and tech firms interact over encryption issues.

5. Cryptocurrency’s Ongoing Struggles with Security and Sanctions

Key Discussion: Addressing the Chainalysis report, Patrick and Tom analyze the persistent vulnerabilities in the cryptocurrency ecosystem, especially concerning North Korean cyber thefts. Despite numerous sanctions and disruption efforts, North Korean hackers continue to operate with increasing efficiency.

Notable Quotes:

• Tom Uren [20:47]: "The amount of value stolen just keeps on going up... they've got their laundering down to a pretty fine art."

• Patrick [22:52]: "Chainalysis says that it's collaborated across the industry and has helped to freeze more than $40 million stolen in the Bybit hack. For those keeping count, that's only 1.46 billion to go."

Insights: The discussion reveals that North Korean cybercriminals are adept at evading sanctions, swiftly reconstituting operations under new aliases and utilizing sophisticated laundering techniques. Despite government efforts to clamp down, the decentralized and resilient nature of cryptocurrency enables continuous exploitation.

Chainalysis Report Highlights:

• Increased Theft: The report indicates a doubling of stolen values from 2023 to 2024, with a single incident in the current year surpassing all previous thefts.
• Sanctions Evasion: A significant number of KYC-free exchanges facilitate the rapid re-establishment of illicit activities, undermining regulatory efforts.
• Laundering Efficiency: The ability to freeze only a fraction of stolen funds highlights the challenges in tracing and reclaiming cryptocurrency assets.

Future Outlook: Tom emphasizes the need for enhanced visibility and comprehensive tracking within the cryptocurrency supply chain to mitigate such sophisticated thefts. Patrick underscores the irreversible nature of cryptocurrency transactions once funds are stolen, contrasting it with traditional banking systems where funds can often be retrieved.

Conclusion

In this episode, Patrick and Tom Uren provide a thorough examination of critical cybersecurity issues, from the potential disintegration of the Five Eyes alliance to the intricate battles over encryption and the relentless challenges posed by cybercriminals in the cryptocurrency domain. Their insightful analysis underscores the evolving landscape of global cybersecurity and the imperative for robust, adaptable strategies to safeguard national and international security interests.

Listeners can find more detailed analyses and subscribe to the Risky Biz newsletter for ongoing updates on these and other pressing cybersecurity topics.

End of Summary