As awareness of global surveillance grows, more people are looking for information about the Five Eyes, Nine Eyes, and 14 Eyes surveillance alliances. This guide is regularly updated with new information and gives you everything you need to know.
The terms “Five Eyes“, “Nine Eyes“, and “14 Eyes” often appear in the privacy community, especially when discussing VPNs and other privacy tools.
In short, these are just international surveillance alliances representing various countries around the world. These surveillance alliances work together to collect and share mass surveillance data. In other words, they are essentially acting as one global-surveillance entity to spy on you and record your activities.
Right now, data collection is being carried out from a wide variety of sources: your browsing activity, phone calls and text messages, electronic documents, location history, and more. Sound crazy? In many countries, recording and collecting your online activities (data retention) is perfectly legal – and in some cases it is mandatory (UK and Australia). It’s very easy for internet providers to collect your browsing history by simply logging all your DNS requests (unless you’re using a good VPN service).
In this guide we’ll explain all the different “X” eyes surveillance alliances and why this topic is important when choosing privacy tools. Here’s what we’ll cover:
- Five Eyes
- Nine Eyes
- 14 Eyes
- Additional surveillance partners
- NSA and GCHQ cooperation within 5 Eyes
- ECHELON surveillance system
- VPN services located in 14 Eyes
- How to protect yourself from global surveillance
- VPNs that are outside of 14 Eyes
- Trust and jurisdiction
So now, let’s get started.
The Five Eyes (FVEY) surveillance alliance includes the following countries:
- New Zealand
- United Kingdom
- United States
The history of this alliance goes all the way back to WWII and the UKUSA Agreement, which was officially enacted after the war in 1946. This agreement formalized a partnership between the United Kingdom and United States for gathering and sharing intelligence. The partnership continued throughout the Cold War and has only strengthened following the “War on Terror” and subsequent “terrorist” events.
Edward Snowden brought renewed focus to the Five Eyes surveillance alliance in 2013 when he exposed the surveillance activities of the US government and its allies.
Below are the different “5 Eyes” surveillance agencies working together to collect and record your activities:
It is no surprise that some of the Five Eyes countries listed above are also the worst abusers of online privacy:
- United Kingdom – Since the passage of the Investigatory Powers Act in 2016, internet service providers and telecoms have been recording browsing history, connection times, and text messages. The data is stored for two years and is available to UK government agencies and their partners without any warrant.
- United States – The US government has been implementing Orwellian mass surveillance collection methods with the help of large telecoms and internet service providers (see the PRISM program). In March 2017, internet service providers were given the legal authority to record user activity and sell this to third parties (and you can’t opt out). Of course, internet providers have been collecting data on their customers for many years, long before this law passed in 2017.
- Australia – Australia has also implemented sweeping data retention laws similar to the United Kingdom. (See the best VPN for Australia guide.)
Broad authority among 5 Eyes countries
Whether it is the NSA in the United States or the GCHQ in the United Kingdom, the “5 Eyes” is home to the most powerful surveillance agencies in the world.
The other drawback with these Five Eyes countries is that they have tremendous authority to force companies to record hand over data. In the United States, the Patriot Act ushered in a new level of power for federal data collection, especially through the use of National Security Letters. These laws basically give the government the authority to compel a legitimate privacy-focused company to become a data collection tool for state agencies. (See the Lavabit example.)
The Nine Eyes countries include:
- 5 Eyes countries +
The existence of the Nine Eyes alliance is referenced in various sources online and became well-known following the Snowden revelations in 2013. It is just an extension of the Five Eyes alliance with similar cooperation to collect and share mass surveillance data.
The 14 Eyes surveillance countries include:
- 9 Eyes countries +
As before, the original surveillance agreement was extended to these other countries. The official name of this group of countries is referred to as SIGINT Seniors Europe (SSEUR).
Additional surveillance partners
+ Israel – Israel must be included when discussing the Five Eyes surveillance partners. As many sources point out, it is one of the closest partners with the US government and the National Security Agency (NSA). Here are a few examples documenting this:
- Wikipedia claims Israel is an official “observer” to the Five Eyes alliance
- Source – NSA shares raw surveillance data directly with Israel; very close cooperation between US/Israeli surveillance agencies
- Source – “Shady Companies with Ties to Israel Wiretap the USA for the NSA”
- Source – Israeli authorities yield wider surveillance powers than US authorities
+ Singapore, South Korea, and Japan – Singapore and South Korea are also reported to be close partners in the Five Eyes alliance. Japan also appears to be a close surveillance partner with the United States (source; source; source).
NSA and GCHQ cooperation within 5 Eyes
Various government document releases, which have come out through official FOIA channels, reveal the close relationship between the NSA and GCHQ. Being the two most powerful surveillance entities in the world, with historical ties, it is no surprise that they work closely together.
A top secret NSA document from 1985, which was released in 2018 via a FOIA request, reveals the close cooperation continues today, based on the broadly-written UKUSA Agreement:
The UKUSA Agreement, dated 5 March 1946, has twelve short paragraphs and was so generally written that, with the exception of a few proper nouns, no changes to it have been made. It was signed by a UK representative of the London Signals Intelligence Board and the U.S. Senior Member of the State-Army-Navy Communications Intelligence Board (a predecessor organization which evolved to be the present National foreign Intelligence Board). The principles remain intact, allowing for a full and interdependent partnership. In effect, the basic agreement allows for the exchange of all COMINT results including end product and pertinent collateral data from each pattern for targets worldwide, unless specifically excluded from the agreement at the request of either party.
Another top secret NSA document from 1997 (officially released in 2018) further elaborates on the close cooperation between the NSA and GCHQ:
Some GCHQ [redacted] exist solely to satisfy NSA tasking. NSA and GCHQ jointly address collection plans to reduce duplication and maximize coverage through joint sites and cross-tasking, despite site closures.
With the reference to “joint sites” above, it’s important to discuss ECHELON.
ECHELON surveillance system
ECHELON is a network of spy stations utilized by Five Eyes countries for large-scale espionage and data collection. The Guardian described ECHELON as follows:
A global network of electronic spy stations that can eavesdrop on telephones, faxes and computers. It can even track bank accounts. This information is stored in Echelon computers, which can keep millions of records on individuals.
Officially, however, Echelon doesn’t exist. Although evidence of Echelon has been growing since the mid-1990s, America flatly denies that it exists, while the UK government’s responses to questions about the system are evasive.
Despite these denials, there have been various whistleblowers who have confirmed what’s going on behind the scenes. Both Perry Fellwock and Margaret Newsham came forward to document various aspects of ECHELON to the public.
VPN services located in 14 Eyes
Jurisdiction is a big consideration for most people when selecting a trustworthy VPN service and other privacy tools. Therefore we will briefly summarize the VPN services that are located in 14 Eyes countries below.
To recap, this list includes VPNs that are located in:
- Five Eyes (United States, United Kingdom, Australia, Canada, and New Zealand)
- Nine Eyes (Five Eyes + Denmark, France, Netherlands, and Norway)
- Fourteen Eyes (Nine Eyes + Germany, Belgium, Italy, Sweden, and Spain)
- Additional partners (Israel, Singapore, South Korea, and Japan)
Avira Phantom VPN (Germany)
Expat Surfer (UK)
Hide My IP (USA)
Hotspot Shield (USA)
My Expat Network (UK)
Norton WiFi Privacy (USA)
Opera Browser VPN* (Norway) [Note: “Opera VPN” is not actually a VPN, but instead a proxy, and it is now owned by a Chinese consortium.]
Private Internet Access (USA)
RA4W VPN (USA)
Unseen Online (USA)
Virtual Shield (USA)
VPN Gate (Japan)
VPN Land (Canada)
VPN Master (USA)
VPN Unlimited (USA)
WASEL Pro (Netherlands)
How to protect yourself from global surveillance
First, a disclaimer: If the NSA and GCHQ are personally targeting you for enhanced surveillance with their powerful resources, good luck. We have no way of knowing the full extent of their powers and capabilities. With that being said, we will cover some simple steps you can take to:
- Provide you with a much higher level of privacy and security than the average user;
- Make tracking and surveilling your activities much more difficult
So with that out of the way, let’s cover some quick basics.
1. Your electronic devices are potential surveillance tools, especially all “smart” devices
Whether it is your smartphone or the Amazon Alexa in your living room, all of these devices are tools to surveil your activities. It is an established fact that private companies are working to aid and abet the global surveillance state, as documented in the PRISM program. Therefore it would be wise to limit all “smart” devices in your daily life, or at the very least, start using privacy-friendly alternatives.
2. Use a VPN whenever you go online
A good VPN will safely and effectively encrypt and anonymize your internet traffic, without slowing your internet speed to a crawl. With internet providers in all Western countries snooping the activities of their customers, a VPN is now an essential tool for digital self-defense. Connect it and forget it. (The VPN for beginners guide covers the basics, and here you can find the best VPNs.)
3. Consider using other privacy tools
Your daily online activities can disclose mountains of personal information and private data to various third parties. Here are a few considerations:
- Use a private and secure email service
- Use a privacy-friendly search engine
- Use a private and secure browser
- Use a good ad blocker (most ads function as tracking and data collection tools)
These are just some basic, simple steps that anyone can implement in a matter of minutes. See the privacy tools guide for more information.
4. Advanced online privacy and security
Ok, so you want even more privacy and security than the average user. This is also achievable without too much effort. In addition to all of the above advice, you may also want to consider the following:
- Consider your operating system. Switching to a secure and privacy-friendly flavor of Linux is a good idea, although it may come with some hassle, depending on the distribution you choose.
- Use a privacy-focused VPN service. A good multi-hop VPN service, such as Perfect Privacy, will allow you to encrypt your traffic across multiple servers in different jurisdictions.
- Chain different VPN services. Another great way to compartmentalize your privacy is to chain more than one VPN service. For example, you could run VPN Provider #1 on your router, and then connect to that router through VPN Provider #2 on your computer. This not only distributes and compartmentalizes risk across different VPN providers, it also ensures that no single VPN service has both your originating IP address and your online activity (the sites you connect to). You can also cycle through different VPN providers at different times, thereby preventing any single VPN from having a full picture of your online activities (in the theoretical case that the VPN were to be compromised).
- Use virtual machines. Using virtual machines is a good idea for both privacy and security. You can install VirtualBox, which is free and open source, and then run different Linux VMs for different uses (also free). A virtual machine acts as a separate “virtual” computer on your host machine, which can help keep your host machine and data safe. Additionally, you can easily chain VPN services through the use of virtual machines with VPN #1 running on the host and VPN #2 on the VM.
Note: The Tor browser often comes up when discussing online anonymity. However, I’ve found numerous red flags in my research of Tor – but decide for yourself.
Some people argue against VPNs by saying “I have nothing to hide” or “I don’t trust VPNs”. These are very ill-informed arguments for a number of reasons:
- Your internet provider is likely recording everything you do (via DNS requests) and providing this data (or direct access) to surveillance agencies – see the Room 641a example. Your internet provider also knows everything about you (name, address, billing information, etc.). Why would you give this entity all of your private browsing activity as well, which could be used against you? This just doesn’t make sense.
- With a VPN, you are distributing trust from your internet provider to the VPN service. There are a handful of verified no logs VPN services, which have either been audited by third parties or passed real-life test cases. A VPN in a safe offshore jurisdiction adds additional protection, as it cannot be compelled to hand over data to your government.
- You can also cycle through different VPN services, or utilize two or more VPNs at the same time (chaining the VPNs). This provides an even higher level of privacy and security, especially if the VPNs and the VPN servers are distributed across different jurisdictions.
- If someone wanted to go after you for let’s say torrenting a movie (DMCA complaint), there would be three layers protecting you: 1) the VPN server you used in country A; 2) your VPN provider in country B; 3) your internet provider in Country C.
Since we’re on the topic of VPNs, let’s discuss some VPNs that are outside of the 14 Eyes countries and territories.
VPNs that are outside of 14 Eyes
Many Restore Privacy visitors are looking for a VPN that is based in a good privacy jurisdiction, outside of 14 Eyes countries and territories. This is a wise decision.
Based on personally using, researching, and testing numerous VPNs over the past five years, here are my current favorites from the best VPN service report:
- ExpressVPN (based in the British Virgin Islands, a politically and legally autonomous country that does not fall under UK jurisdiction) [ExpressVPN review] *currently offer a three months free coupon
- NordVPN (based in Panama) [NordVPN review] *currently offer a 75% discount here
- Perfect Privacy (based in Switzerland) [Perfect Privacy review]
- VPNArea (based in Bulgaria) [VPNArea review]
- VPN.ac (based in Romania) [VPN.ac review]
Trust and jurisdiction
In the end, jurisdiction is just one of many factors to consider when selecting the reliable privacy tools for your unique situation. How much it matters to you depends on many factors, particularly your threat model and the types of adversaries you are looking to protect yourself from.
For those seeking higher levels of privacy and security, jurisdiction is indeed an important consideration, especially when you consider the growing power of governments to force companies to hand over data and log users.
Trust is also a major factor you should consider. After all, a VPN can operate in a good “overseas” jurisdiction, yet still lie to customers and provide data to government agencies.
Take for example PureVPN, a provider based in Hong Kong that gave US authorities connection logs for a criminal case. But PureVPN has a poor record and has been involved in numerous scandals over the years, so this case is certainly not the norm.
There are also US-based VPNs that have provided data to authorities, even while promising to be “no logs” to their customers. One example of this is with IPVanish (see the IPVanish logging case), which logged user data and provided it to the FBI for criminal prosecution.
So to summarize what we’ve covered here, choosing the best privacy tools all comes down to trust and finding the best services that align with your unique needs.
Good luck and stay safe!
Fully revised and updated on May 21, 2019.