Global surveillance is real, and it affects all of us. When our governments keep tabs on us, none of our data is truly private. And these days, we’re putting out more information than ever.
Our online activities can tell practically everything about us – where we live, what we do for work, our daily status, health history, even our fears and doubts.
As technology advances, so do mass surveillance techniques. They’re getting more and more efficient in harvesting our data – and are on the rise, too.
At the forefront of this unfortunate trend are international surveillance alliances – the so-called “Eyes.” The Five Eyes, Nine Eyes, and 14 Eyes are always mentioned in conversations about privacy. But what are they, and how did they come to be?
And, most importantly, exactly who is looking at what you do online?
In this article, I’ll cover all the necessary details about these intelligence networks and how you can take steps to protect yourself.
Five Eyes
Let’s start at the beginning with what is the original surveillance alliance, Five Eyes (FVEY). The countries that make up this network are:
- United States
- United Kingdom
- Canada
- Australia
- New Zealand
Bound by a multilateral agreement, the five member countries share signals intelligence – everything from phone conversations to online activity.
If Australia captures information, the rest of the countries can access it as well. It’s one big (mostly) happy, data-sharing family!
History of the Five Eyes Alliance
The Five Eyes originated in the Atlantic Charter, which outlined the Allies’ post-war goals.
Throughout World War II, British and American intelligence worked together on tasks like breaking the Engima (the machine that Germans used for secret communications). While they never formalized the collaboration, it was there, and it became the basis of today’s “Eyes” alliance.
When the war ended, the two countries signed a secret pact for information-sharing known as the UKUSA agreement.
In the years that followed, new treaties included Canada, Australia, and New Zealand – and that’s how the Five Eyes came to be.
At its core, FVEY is about automatically sharing intercepted information. This became especially handy during the Cold War. Five eyes are better than one, right?
With the alliance, the US could get information gathered by Australian secret services or signals intercepted by New Zealanders.
Five Eyes was used to spy on the USSR and Soviet allies. But it also helped tip the favors for:
- The CIA-orchestrated 1953 coup on Iran’s Prime Minister
- The assassination of Congolese independence leader Patrice Lumumba
- Salvador Allende’s overthrow in Chile
And, of course, the US relied on it heavily during the Vietnam War.
But these are conflicts that likely all happened thousands of miles away from you. Why should you care? Because, as it turns out, the Five Eyes countries are also spying on their citizens.
ECHELON Surveillance Network
During the Second World War, important communications happened over radio frequencies. But, by the 1960s, we were using satellites.
The spying agencies had to catch up. So, they established a network of large antennas for intercepting satellite and phone transmissions. They called it ECHELON. Thanks to the Five Eyes agreement, this network covers the whole world.
A 2001 EU Parliament report states:
If UKUSA States operate listening stations in the relevant regions of the earth, in principle, they can intercept all telephone, fax, and data traffic transmitted via such satellites.
It was never small-scale spying on suspicious individuals, either. No, government agencies literally listened in on every conversation.
Mike Frost, a former Canadian spy, gave this example:
A lady had been to a school play the night before, and her son was in the school play, and she thought he did a lousy job. The next morning, she talked on the telephone to her friend, and she said to her friend something like this, ‘Oh, Danny really bombed last night,’ just like that. The computer spit that conversation out. The analyst (…) listed that lady and her phone number in the database as a possible terrorist.
Essentially, the government was eavesdropping on private conversations without any warrant. They were doing it for every single communication, using computers to filter through the babble.
After the September 11 terrorist attacks, the surveillance only grew.
Former NSA contractor Edward Snowden’s leaked documents reveal ECHELON was used for more than just anti-terrorism. Intelligence agencies would frequently abuse information for trade interests or even for spying on their spouses!
And, sure, there are laws against domestic espionage. But what if the US asks UK agencies to spy on Americans for them? They still get the information, thanks to the Five Eyes agreement.
It’s outsourcing surveillance. And, unfortunately, it happens on a vast scale.
Online Privacy Abuse Examples
Still unconvinced about the scope of privacy breaches that face us? The previously mentioned 2013 Edward Snowden leaks included thousands of classified documents that show a scary reality.
From the PRISM program, which unlocked private Google and Yahoo accounts, to Verizon handing over millions of phone records daily, one thing became clear:
Government surveillance goes far beyond what anyone was expecting.
Unfortunately, those revelations didn’t do much to stop governments from prying. In fact, Five Eyes countries are now collecting and sorting through more mass surveillance data than ever.
Here are but a few examples of privacy-breaching legislation in action:
- UK’s 2016 Investigatory Powers Act requires ISPs to collect user information, browsing history, and even text messages. They have to share it with UK agencies (and their partners) warrant-free.
- Australia has strict data collection laws requiring telecoms to store data for two years and to share it with law enforcement.
- New Zealand has intercepted thousands of communications from the Pacific, sweeping in their own citizen’s online activity in the process. While proven, this spying was deemed perfectly legal.
- Canadian federal agencies have been shown to outsource domestic espionage while keeping courts in the dark.
Mass surveillance didn’t end with the Cold War or the removal of terrorist leaders. It continues to exist and evolve.
We have hundreds of thousands of documents, witnesses, and whistleblowers who all say the same thing – whatever you do, the Five Eyes are watching.
Nine Eyes Alliance
The original Five Eyes have a long history of working with agencies of several other countries. Together, these surveillance partners form the Nine Eyes.
The Nine Eyes countries include the FVEY members, plus:
- Denmark
- France
- The Netherlands
- Norway
While Nine Eyes countries don’t have the same status as the core members, they still share significant intelligence and resources.
Fourteen Eyes Alliance
As if nine wasn’t enough, the Fourteen Eyes expands the allegiance further.
It includes the Nine Eyes countries, plus:
- Germany
- Belgium
- Italy
- Sweden
- Spain
Once again, they don’t enjoy the same privileges as the five original members.
For example, there is a “no-spying” agreement between the Five Eyes states. Fourteen Eyes countries, however, can still get spied on.
Although, as far as us regular internet users are concerned, any information the Fourteen Eyes gather can be shared among all the member countries.
Other Partners
The “Eyes” countries also collaborate with multiple other surveillance agencies to access specific data.
Most notably, Israel, Japan, Singapore, and South Korea were proven to work with the “Eyes.” Other “like-minded partners” have joined in to spy on China and Russia.
These agreements aren’t as strict as the original Five Eyes, but they are still based on mutual information-sharing.
According to Edward Snowden, the NSA is “in bed together with the Germans the same as with most other Western countries.”
But even despite his large-scale leaks, we still can’t be sure just how vast the spying network is. All we know is espionage is prevalent – and it affects virtually all netizens.
Five Eyes, Nine Eyes, 14 Eyes and VPNs
If the largest Western democracies are spying on us, not to mention more authoritarian regimes, can we do anything about it? In short, yes.
Short of staying off the internet altogether, virtual private networks (VPNs) are one of the best tools we have to protect ourselves online.
How VPNs Protect You
VPNs are small, secured, private networks of servers you can use to access the internet.
Typically, your device sends (and receives) traffic through your internet service provider (ISP) or another similar access point – a Wi-Fi hotspot at an airport or coffee shop, for example. The providers then forward that information to websites and online services you’re trying to access.
The entire time, your traffic can be intercepted and analyzed, and it’s as clear as day who sent it and where it’s going.
A VPN creates an encrypted tunnel and routes your traffic through one of their servers before it reaches the internet. The data is encrypted on your device and only decrypted as it’s coming out the other end of the tunnel.
So, if anyone is listening along the way, they won’t be able to make heads or tails of anything you send or receive.
Also, when your data leaves the VPN server, your IP address and any other information that can identify you is stripped off. So, no one truly knows where the data came from, other than from a VPN server.
So what happens if a government agency goes directly to a VPN provider (instead of your ISP) and asks them about your browsing history? This is where VPN jurisdiction comes into play.
VPN Jurisdiction
A VPN service has to follow local laws in whichever country they’re registered in.
Many Western countries require VPNs (and ISPs, telecoms, and other companies) to store records and release them when prompted by a spying agency. If a VPN calls one of the Five, Nine, or 14 Eyes countries home, this also means any released information can reach all other members.
This is why it’s critical you use a VPN based in a jurisdiction that isn’t part of any “Eyes” alliances. It lets them (and you) escape surveillance.
For example, NordVPN is registered in Panama – which has no data retention laws and is not affiliated with the “Eyes.” If the US government asks them for user records, Nord can (and will) simply say, “Sorry, no can do.” Similarly, British Virgin Islands are another jurisdiction outside of reach of the intelligence sharing agreements.
Top VPNs will always choose a business location that does not belong to Five Eyes, Nine Eyes, or 14 Eyes territories.
Surveillance and VPN Servers
So, what about VPN servers? If a provider runs any in, say, America (as just about every VPN does) and we connect to one of them, can’t our information be retrieved there?
Technically, yes. Data passing through the US (or UK, Australia, Canada, etc.) can be requested by government agencies. The VPN might not be under Five Eyes legislation, but they have equipment in countries that are.
That’s where “no-logs” policies save the day. In a nutshell, zero-log VPN providers don’t track or store any information about your (or anyone else’s) online activities.
Say a court order comes in and says, “Give us this person’s browsing history.” If the VPN’s servers don’t keep logs, the company has nothing to give – plain and simple.
A recent incident involving Turkey and ExpressVPN is an excellent example of this. Turkish authorities asked ExpressVPN for information on one of their users.
Despite the government’s best efforts, they didn’t get anything. Why? Because the VPN server never stored any user-identifying data.
What Makes a Safe VPN
In theory, every VPN should be able to conceal your online identity and protect your information from the prying “Eyes.” In practice, however, not all VPNs are created equal.
When anonymity on the internet is at stake, we should only use a VPN that:
- Is not based in a Five, Nine, or Fourteen Eyes country – this is a must for obvious reasons. The provider’s location should be clearly stated in the footer of their website or on their “About Us” page. If you can’t find it, move on (there are better options out there). Avoid “Eyes” collaborator jurisdictions like Israel, Japan, and South Korea, too.
- Has a strict (and verified) “no-logs” policy. Always read the VPN’s privacy policy and terms of service – both are legally binding documents. Also, don’t just take the provider’s word that they don’t keep logs – look for independent third-party audits that confirm those claims.
As far as third-party-confirmed no-logging goes, NordVPN, once again, leads the pack.
They were the first major provider to hire an external company to review its operation. PwC auditors received full access to installations, procedures, and employees. The report confirmed Nord’s promises – there was no trace of traffic logging or privacy breaches.
Many other providers have since followed suit. CyberGhost, ExpressVPN, ProtonVPN, PureVPN, and VyprVPN are just some of the top reviewed VPNs that are now independently verified as not keeping logs.
If you use one of the above providers, it’s still not a bad idea to avoid servers in “Eyes” countries when you can. Connect through the nearest location in a privacy-friendly country instead.
Even with top-notch encryption and no-logging protecting you, it’s best to steer clear from all spying alliance jurisdictions – based on pure principle, if nothing else.
Final Thoughts
The Five, Nine, and 14 Eyes alliances are international spying agreements. They empower members to eavesdrop on citizens and share the information.
With their origins in the 1940s, the alliances are still alive and stronger than ever – the Snowden leaks, among thousands of other documents, provide plenty of proof.
Surveillance data-sharing helps the world’s biggest powers keep track of our every move and could even let our governments subcontract domestic spying to their international friends. They’ve been shown to abuse these methods, either for business interests or private purposes.
VPNs are a user-friendly solution to protect your privacy. They encrypt your data – making it impossible to read – and anonymize your internet traffic. This combination is an effective way to keep your online activities from both the government and anyone else that may be listening.
When choosing a provider:
- Avoid “Eyes” jurisdictions, picking a company not registered in an alliance country.
- Double-check the “no-logs” policy, read the terms of service and choose providers with a third-party audit.
- Stay away from “Eyes”-based servers as much as you can.
Arming yourself with the right VPN is a big step towards keeping the governments of the Five Eyes, Nine Eyes, and 14 Eyes countries in the dark and your online activities anonymous.