Blog/Infosec 101/

5 eyes, 9 eyes, and 14 eyes countries and the ways they affect your privacy

Dec 30, 2020

While George Orwell's and Philip K. Dick's surveillance dystopias sound like nightmares we wouldn't want to experience, some of their elements are close to present-world realities, and we may not even notice them.

Ordinary citizens are less likely to experience classic Bondian surveillance methods such as wiretapping or hidden cameras, but the internet gave rise to even more sophisticated measures to track our everyday online activities. This is happening on a global level, and the tools are the services and even privacy protection software we use daily.

This modern-day big brother has more than two eyes — it can have five, nine, or even fourteen of them. Let's see what they stand for and how the Five Eyes agreement came into being.

What are the Five Eyes, Nine Eyes, and Fourteen Eyes countries?

The Five, Nine, and Fourteen Eyes countries are state-level intelligent alliances cooperating by sharing secret data obtained through wiretapping as well as monitoring online documents and activities. They can also use online services and ISPs for data gathering.

5 Eyes

The Five Eyes member states are the US, the UK, Canada, New Zealand, and Australia.

Five Eyes countries (or FVEY) are the oldest intelligence alliance among the three. Its beginnings stretch back to the times after the end of World War II. The UK and the US signed the UKUSA agreement to collaborate on intercepting the Soviet Union’s secret activities and sharing mass surveillance data. This agreement cemented the countries' partnership in espionage actions.

In the 1950s, Canada, New Zealand, and Australia joined the Five Eyes alliance. It didn't cease to exist after the Cold War and continues operating until today. Its operations intensified after 9/11. Five Eyes conduct surveillance of our online activities to protect us from terrorists and other national security threats. Its power and capabilities have increased over these years, and now it is known as one of the most comprehensive espionage alliances.

The problem is that the alliance abuses its powers and extends its surveillance to citizens of the member countries and beyond. The governments can require internet service providers or other data-controlling organizations to share the data they have about their users.

The Five Eyes alliance was a secret until 2013, when Edward Snowden exposed the surveillance the alliance is conducting.

9 Eyes

The Nine Eyes member states include the Five Eyes countries plus Denmark, France, Holland, and Norway.

The additional four countries are partners with the Five Eyes states, yet the agreement does not bond them so closely. Basically, it is an extension of the initial alliance, and they share similar data. Nine Eyes countries can use the same resources, but may not receive all the data from the Five Eyes countries. They can also share data with the NSA or GCHQ secret agencies.

14 Eyes

The Fourteen Eyes member states comprise the Nine Eyes countries plus Germany, Belgium, Italy, Sweden, and Spain.

It is an additional extension of the initial surveillance treaty. They share an even less intimate relation with the Five Eyes but can still use and access the same resources.

Possible partners

The possibly collaborating countries include Israel, Japan, Singapore, and South Korea.

These countries are suspected of sharing data with the eyes-countries. Israel and Japan have long been close US allies in exchanging surveillance data, so it is no wonder to see them here.

How does it affect you?

While some might think these agencies deal only with high-profile figures, renowned criminals, or state-level secret agents, their operation affects most residents of the member states, at least those who have an internet presence.

There have been many cases when governments of the above-mentioned countries forced businesses to collect user data or disclose their customers' info. Surveilling institutions can also make developers inject an encryption backdoor into the services. These backdoors are built-in features for circumventing encryption. The governments can also serve businesses with a gag order that forbids them from disclosing any info on data collection to their customers.

So, the services you use can collect data, pass it to third parties, and you may not even find out about it. And not only your country's government can see it, but their spying partners too.

This issue is especially relevant for VPN users. As VPNs encrypt user data and provide privacy protection, they can be a potential exploitation target for surveilling governments. So, you should always check to which jurisdiction your VPN provider belongs. If it belongs to one of the Fourteen Eyes countries or their partner states, there is an additional threat to privacy.

However, we cannot state that belonging to these 14 jurisdictions automatically makes a VPN service unsafe. A lot depends on its internal policies and values. Most premium VPN services maintain strict no-log policies. This means they don't collect any user data, so even if a third party approaches them for any data, they have nothing to give. There are cases when 14-Eyes-country providers managed to convince institutions they don't store any data and thus protected their users' privacy.

There were some cases, when VPN providers collected more data than officially stated and were forced to give it away by legal request breaching their users’ privacy. This proves the fact that an independently audited no-logs policy is an essential feature for a VPN provider.

What you can do

Here are a few pieces of advice on how you can safeguard your privacy from the Eyes:

  • Always check the jurisdiction of the online services you are using. If they are based in any of the 14-Eyes countries or their partner states, have in mind that there is a higher chance of privacy violations, as the government might approach them for your data. If possible, choose services based in non-member states. Otherwise, always look at their terms and conditions, whether there are any changes regarding data-collection practices, and be aware of recent news about online privacy. But better choose a different service;
  • Use a VPN service. It encrypts your traffic, hides your IP, and protects you from spying eyes. Just make sure it isn't based in a 14-Eyes jurisdiction and maintains a strict no-logs policy proved by independent auditors. NordVPN is your friend here. It operates under the jurisdiction of Panama, which doesn’t have mandatory data retention laws, and it doesn’t need to store any logs;
  • Encrypt your files so that nobody can access them in case they get into the wrong hands. Check our NordLocker tool to keep your files safe. Only you and the people you choose will be able to access your precious data;
  • Use software with end-to-end encryption. It secures the message between two endpoints so no outside party can decipher its contents;
  • Always do some research on the services you use to ensure they haven’t committed any privacy violations.
John Sears

John Sears

Verified author

John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.