If you’re a VPN user, you’ve probably heard of the 5 Eyes, 9 Eyes, and 14 Eyes Alliances. These alliances may sound like something out of a spy movie, but they pose a very real threat to your privacy.
The Eyes Alliances are international intelligence-sharing agreements between governmental bodies. Participating countries are known to spy on their citizens through various means, acquiring sensitive and private information that may be shared with the other members of the alliance. But what exactly does that mean for you? And will a VPN really protect you from these threats to your privacy?
The answer is yes — but only if you choose a quality and trustworthy VPN. There are many critical features you have to consider in a VPN to ensure your privacy really will be protected. My top recommendation is ExpressVPN, which is based in the privacy-friendly British Virgin Islands, outside the reach of the Eyes Alliances. It’s also passed several independent security audits from top auditing firms, meaning that you can use it with confidence.
What Are the 5 Eyes, 9 Eyes, and 14 Eyes Alliances?
5 Eyes Alliance
The 5 Eyes Alliance arose out of a cold war era intelligence pact called the UKUSA Agreement. This was originally an intelligence-sharing agreement between the United States and the UK aimed at decrypting Soviet Russian intelligence.
By the late 1950s, Canada, Australia, and New Zealand had also joined the Alliance. These five English-speaking countries make up the Five Eyes Alliance as we know it today. The intelligence-sharing agreement between these five countries has only strengthened over time, extending to surveillance of online activity.
The scope of activity performed by the Five Eyes Alliance was made clear in 2013 after Edward Snowden leaked a number of documents that he obtained while working as an NSA contractor. Widespread government surveillance of citizens’ online activity was exposed to the public. The leak provided clear evidence that the international intelligence-sharing network was more extensive than previously thought.
Evidence was also revealed of member countries using the alliance to circumvent the privacy laws of their own citizens. For example, the UK was found to be working around surveillance laws protecting its populace by asking the USA’s NSA to spy on UK nationals instead. They would then simply request the NSA share the data they pulled. Very clever.
The UK and US in particular have been named as some of the worst violators of online privacy. Here’s a further example of how each country has and continues to monitor the personal information of its citizens:
•United Kingdom. In November 2016, the Royal Assent passed the Investigatory Powers Bill (aka Snoopers’ Charter) into law. The bill grants exclusive surveillance powers to the government. As per the act, internet service providers are required to retain user data such as browsing history, connection times, and text messages for two years, which can be accessed by government agencies and their partners without a warrant.
•United States. After the 9/11 incident, the NSA was authorized to monitor the phone calls and internet data of millions of Americans without a warrant. In 2017, the US Senate also approved a law that would give ISPs the authority to collect and sell user data without their consent.
Other member nations have also implemented similar data retention laws. For example, in 2015, the Australian government passed a law that mandates ISPs to retain customers’ metadata for 2 years.
Member countries of the 5 Eyes:
•United States
•United Kingdom
•Australia
•Canada
•New Zealand
9 Eyes Alliance
The 9 Eyes is an extension of the 5 Eyes Alliance. It includes all the 5 Eyes nations and 4 additional countries: Denmark, France, the Netherlands, and Norway. The alliance was established to enhance intelligence sharing between member nations, with the common goal of preventing threats to national security.
Member countries:
•5 Eyes countries +
•Denmark
•France
•The Netherlands
•Norway
14 Eyes Alliance
The 14 Eyes alliance is a further extension of the 5 Eyes. It consists of the 9 Eyes countries and 5 additional members: Germany, Belgium, Italy, Sweden, and Spain. This group of countries is officially called SIGINT Seniors Europe (SSEUR).
Member countries:
•9 Eyes countries +
•Germany
•Belgium
•Italy
•Sweden
•Spain
Third-Party Contributors
Aside from these confirmed alliances, it is also worth mentioning another handful of countries that have been caught or suspected of exchanging information with the Fourteen Eyes Alliance. These include Israel, Japan, Singapore, and South Korea.
Possible 6th Eye?
The 6th Eye is a term used to refer to Japan as a possible addition to the 5 Eyes Alliance. While Japan is not officially a member of the alliance, it has close intelligence-sharing relationships with the 5 Eyes countries.
In August 2020, the Japanese Defense Minister expressed the desire for even closer cooperation with the 5 Eyes and suggested that Japan could become known as the “6th Eye”. Both the US and UK have shown interest in Japan’s possible involvement. However, the concept of Japan being the 6th Eye is not an official designation and remains largely speculative.
Surveillance Systems Used By These Alliances and the Data They Collect
These alliances have a large number of mass surveillance systems in place, with some remaining unknown to the public. Some that have received significant media attention include:
ECHELON
ECHELON is a global surveillance program operated by the 5 Eyes countries. It was originally developed to intercept the military and diplomatic communications between the Soviet Union and its Eastern bloc allies during the Cold War.
By the end of the 20th century, the program had expanded beyond its original scope. Reportedly, it can now monitor telephone calls, faxes, e-mails, and other data streams. It can even trace bank account activity.
PRISM
PRISM is a US government-led initiative that allows the USA’s National Security Agency (NSA) to collect communications data from big corporations like Microsoft, Facebook, Google, Apple, Yahoo, and others. The program was revealed to the public by Edward Snowden in 2013.
XKeyscore
XKeyscore is yet another mass surveillance program operated by the NSA. This can collect and analyze internet data in real-time. According to Snowden, the system enables almost unlimited surveillance. NSA analysts can access your phone calls, emails, search history, and even Microsoft Word documents without a warrant.
How Can This Affect VPN Users?
While a VPN with military-grade encryption can protect you from these surveillance systems, the alliances are always devising more methods to get at your data. For example, in 2018, the 5 Eyes countries released a statement calling on tech companies (including VPN providers) to provide a means for law enforcement to access end-to-end encrypted communications.
Australia is an example of a country that has already passed a bill that permits government authorities to access user data, even if it’s encrypted.
There have also been several instances where VPN providers shared user data with authorities. Riseup, a US-based privacy-focused email/VPN provider, complied with two warrants to share user data. However, the company didn’t disclose this information to the public until much later because of a court-issued gag order.
As another example, UK-based HMA VPN handed over user data to the feds in response to a court order in 2011, which led to the arrest of a LulzSec hacker.
It is also safe to assume that if any of these 14 nations gain access to your data online, your data can then be shared with the other countries in the alliance.
What Can You Do?
So, how do you protect your online data? A VPN should still be your first line of defense against invasive surveillance and monitoring, but your choice of provider is highly important. Not all VPNs will keep you safe from the Eyes Alliances — as I’ve shown above, some do and will continue to cooperate with them.
Listed below are a few critical things to consider if you’re (rightfully) concerned about your online data while using a VPN.
Check the Location of Your VPN’s Headquarters
It’s important to consider where your VPN is headquartered as a business. It’s strongly recommended that you do not choose a VPN provider based in a country associated with the Fourteen Eyes Alliance if you are concerned about online privacy.
If it is, your VPN provider could be forced to hand over user information to the government. This data could then be shared with other countries in the alliance. You may not even know that your privacy has been breached.
Check Your VPN’s No-Logs Policy
The many ways that VPNs can fall under the jurisdiction of various governments (such as the location of the user, location of the server, etc) is why the best VPNs for privacy have strict no-logs policies. This means that they do not retain any kind of identifying information about their users or their online activity.
A great example of this policy in action comes from the well-known VPN provider ExpressVPN. During a Turkish investigation into an ExpressVPN user, law enforcement tried to compel this VPN to hand over identifying data. Despite their best attempts, authorities were unable to find any identifying information due to ExpressVPN’s commitment to protecting its users’ privacy.
Check VPN Legality in Your Country
You need to be aware of the online laws and regulations regarding VPNs of the country you live in. For example, is VPN use even legal in your country? In most cases, the answer is yes, but not always.
Some countries (like China and Iran) have heavily regulated VPN use to a short list of “government approved” VPNs — which you can safely assume are sharing data with the authorities. Others have outright banned VPNs altogether. We always recommend you check your local laws regarding VPNs, as we do not condone breaking the law.