You’ll often hear references to “five eyes countries” (and “nine eyes” and “14 eyes” countries) in the context of VPNs and online privacy.
This guide lays out what these terms mean, which countries are involved, and what you need to know to help you choose the right VPN service.
So, let’s begin with the basics:
Who are the Five Eyes countries?
The Five Eyes countries are the United States, the United Kingdom, Australia, New Zealand and Canada. Five Eyes (sometimes referred to as FVEY) is an intelligence alliance that dates back to the early 1940s.
Who are the Nine Eyes countries?
The Nine Eyes countries are the United States, the United Kingdom, Australia, New Zealand, Canada, Denmark, France, the Netherlands, and Norway. Nine Eyes is an extension of the core Five Eyes alliance.
Who are the 14 Eyes countries?
The 14 Eyes countries are the United States, the United Kingdom, Australia, New Zealand, Canada, Denmark, France, the Netherlands, Norway, Germany, Italy, Belgium, Sweden and Spain. This alliance is also known as SIGINT Seniors Europe (SSEUR), and according to Wikipedia, it’s there to coordinate “the exchange of military signals intelligence among its members.”
What’s the history of the Five Eyes alliance (and the 9 / 14 Eyes alliances)?
Five Eyes originally came about as a way for the core countries to share intelligence. It’s also known as the UKUSA agreement, and began as an “informal agreement” in 1941. It was formalized between the UK and USA in 1946, in the wake of the second world war, and expanded to encompass the other core countries in the years that followed.
Beyond the core Five Eyes countries come the other nations that form the Nine and 14 Eyes groups. These nations joined the scheme as “3rd party countries.” It’s widely believed that there are other countries who participate in the schemes beyond the core countries listed, including “Pacific allies” such as South Korea and Singapore.
Five Eyes, and similar arrangements, have (by their nature) always been shrouded in secrecy. Wikipedia suggests that it was nearly 30 years after the original formation of the agreement before the Australian Prime Minister even became aware of it. Five Eyes was made public in 2005, and since 2010 it’s been possible to read some of the details of it online on the UK’s National Archives website.
Five Eyes: Recent Years Controversy
The Five Eyes agreement gained modern mainstream relevance when it was linked to the NSA revelations made public as part of the Edward Snowden revelations. His revelations showed and proved that agreements made during the Cold War are being extensively used in the pursuit of widespread digital surveillance.
It’s become clear that these intelligence sharing agreements are used for purposes that go beyond signals intelligence. They effectively allow the intelligence services in multiple countries to liaise with each other and share information relating to anything from human and defense intelligence to matters of national security.
An example of how this can work in practice came out with Snowden’s revelations in 2013, when it emerged that the American NSA effectively outsources work to the UK’s GCHQ.
Most controversially for advocates of privacy, the Snowden revelations showed that governments make use of the Five Eyes framework to get around laws about monitoring their own citizens. As an example, the UK’s MI5 can ask the US NSA to tap UK phones, thus “allegedly circumventing laws.”
Here’s how it was described by De Spiegel at the time:
“Britain’s GCHQ intelligence agency can spy on anyone but British nationals, the NSA can conduct surveillance on anyone but Americans, and Germany’s BND foreign intelligence agency can spy on anyone but Germans. That’s how a matrix is created of boundless surveillance.”
What do the 5 / 9 / 14 Eyes alliances actually do?
If you’re a privacy conscious individual, this is a very valid question, as it’s more than reasonable to argue that what the agencies within these alliances do goes far beyond what they need to do to ensure they keep the world “safe.”
One of Edward Snowden’s most headline-grabbing revelations related to the NSA’s PRISM program, a mass data collection initiative whose participants include all the big players in the Internet world, including Microsoft, Google and Facebook. PRISM has made it incredibly easy for the NSA (even its “low-level agents”) to access information on commonly-used platforms, and the alliances mean that other countries involved can essentially tap in to that ability. Even those who believe they have “nothing to hide and nothing to fear” would be spooked by the ease with which the NSA – and therefore their alliance partners – can tap into anything from Skype conversations to email messages.
Then we can add to that the fact that these security agencies have been shown to engage in practices that are at best – underhand. These include cracking encryption algorithms and bribing companies to weaken their own IT security systems
While we’re not suggesting that the 5 / 9 / 14 Eyes alliances’ sole purposes are to snoop on citizen’s day-to-day lives, the by-product of much of the related agencies’ work allows them to do just that.
Why does 5 / 9 / 14 Eyes matter to VPN users?
For many, the whole point of using a VPN (Virtual Private Network) service is to avoid government surveillance and browse the Internet with a reasonable level of privacy.
As you can see from the information above, you can easily defeat that object by choosing a VPN provider based in one of the countries – particularly the Five Eyes countries – or one that locates its servers in one of those countries. A provider could be compelled to hand over details of your online activity to the authorities, and there’s nothing to say you would be any the wiser. And thanks to the information sharing that goes on between these countries, it could be ANY of the countries on the list!
What about connecting to a VPN SERVER in a Five Eyes country?
A commonly asked question is what the position is if someone uses a VPN provider in a country outside the 5 / 9 / 14 Eyes jurisdiction, but uses it to connect to a server in a country that IS within that jurisdiction, such as in the US or UK.
Without going into too much technical detail, there is some risk here; The FVEY country could subpoena the server provider for connection logs (or even perform its own monitoring of connections into and out of the server). However, if the VPN provider is taking the right security precautions on their infrastructure, the risk should be relatively small.
That said, people keen to minimise their exposure to the wide jurisdiction of these intelligence alliances should take the lowest-risk approach. And that would be using a provider outside the 5 / 9 / 14 Eyes jurisdiction AND only connecting to servers outside of the jurisdiction.
So which VPN should I choose?
A good starting point is to look at our list of the Best “no logs” VPNs.
These VPN services don’t keep any record of your browsing activity, which means that if they were ever required to hand over details of usage, they wouldn’t actually have any of that information to share.
In addition, at the time of writing, the majority of the recommended providers on the list are based outside of the countries we’ve discussed here. The main exception is Windscribe, which is based in Canada, which is a Five Eyes country. (AirVPN is in Italy, which is a 14-Eyes country).
By choosing a VPN that’s outside the far-reaching jurisdiction of 5 / 9 / 14 eyes, AND one that doesn’t keep activity logs, you are doing all you can to minimise the chance of your online activity being subject to a level of surveillance that privacy advocates would agree is unnecessary and unfair.