14 eye

14 eye

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

What countries are in the 5 Eyes, 9 Eyes, and 14 Eyes agreements?

Posted on August 30th, 2018 by Richie Koch in Privacy deep dives.

The Snowden revelations revealed that the NSA is carrying out electronic surveillance on a global scale and unveiled the shadowy networks of intelligence agencies that act as accomplices.

When people think of mass surveillance, they rightly think of the NSA, but nearly every country in the world has its own signals intelligence (SIGINT) agency. From the UK’s GCHQ to Germany’s BND, these organizations focus on intelligence gathering, counterintelligence operations, and law enforcement by intercepting communications and other electronic signals. SIGINT covers a wide range of activities, from tapping phones to accessing a user’s email database with XKEYSCORE .

Typically, one of the few legal restrictions set upon these agencies is that they cannot spy on their own citizens . This creates a strong incentive for them to cooperate and trade information with each other. The Five Eyes, Nine Eyes, and Fourteen Eyes are the largest and most important agreements that create the legal framework for such coordinated intelligence gathering across borders.

In addition to the Five, Nine, and Fourteen Eyes agreements, there are also similar non-Western intelligence-sharing agreements. This means there are few places in the world where your personal data is safe from snooping, so you should use extra measures, such as strong encryption, to keep it from prying eyes.

The below table shows the countries that participate in the Five Eyes, Nine Eyes, and Fourteen Eyes intelligence-sharing agreements. For more information about each of these agreements, jump ahead to:

How do these governments get your private data?

All SIGINT agencies rely on telecommunication companies and internet service providers to gain access to individuals’ private data. By installing fiber-optic splitters at ISP junction points, the SIGINT agency can make an exact copy of the data being processed at that point. This data is then analyzed using deep packet inspection and stored at different data centers.

Five Eyes intelligence-sharing agreement

five eyes countries

Five Eyes (also 5 Eyes or FVEY) is the name of the multilateral intelligence-sharing alliance created by the UKUSA Agreement. The agreement was originally conceived as a post-WWII pact between the UK and the US in 1946 to spy on foreign governments, specifically the USSR. Over the years, the treaty grew in both members and scope. As the internet and the amount of data available to intercept grew exponentially, the agreement began to focus more on domestic surveillance.

The “five” in the Five Eyes refers to the five Anglophone countries that observe the treaty:

  • Australia
  • Canada
  • New Zealand
  • The UK
  • The US

The treaty has built upon its Cold War roots to become the basis for ECHELON, a series of electronic spy stations around the globe that can intercept data transmitted via telephones, faxes, and computers. Essentially, ECHELON stations can intercept data from transmissions to and from satellite relays.

How the Five Eyes agreement works

The Five Eyes alliance is the foundation of an extensive web of partnerships between SIGINT agencies in Western nations to share intelligence with each other. In nearly all respects, the NSA is the global leader in SIGINT, thus most SIGINT agreements, be they multilateral (like the Five Eyes) or bilateral, focus on who has access to NSA data and technology.

Signatories to the UKUSA Agreement are known as “second parties,” and they have the greatest amount of access to NSA data and the closest ties to the agency. Other Western nations, such as members of NATO or South Korea, are “third parties.” These third-party agreements are formal, bilateral arrangements between the NSA and the national SIGINT agency. Third parties can still trade raw data with the NSA, but they have less access to its database.

Technically, second parties’ citizens are generally exempt from being spied on without approval from the host country, but the Snowden revelations have shown that the NSA has created a framework that could bypass these blocks. There have been no official comments from any Five Eyes members, and it is unclear if these countries have carried out unapproved surveillance in the past. No such restriction exists for third parties.

It is important to note that the membership of these different groups is constantly changing in response to global and political developments. Furthermore, the knowledge we have of these groups has come primarily from leaks, leading to a fuzzy picture and pointing out how little oversight these intelligence agencies — who have access to near infinite amounts of personal data — are subject to.

Fourteen Eyes agreement countries

fourteen eyes countries

Fourteen Eyes (or 14 Eyes) refers to the intelligence group that consists of the Five Eyes member countries plus:

  • Belgium
  • Denmark
  • France
  • Germany
  • Italy
  • The Netherlands
  • Norway
  • Spain
  • Sweden

These countries participate in SIGINT sharing as third parties. The official name of the Fourteen Eyes is the SIGINT Seniors of Europe (SSEUR), which has existed in one form or another since 1982. Similar to the UKUSA Agreement, its original mission was to uncover information about the USSR.

A SIGINT Seniors Meeting is attended by the heads of the SIGINT agencies (NSA, GCHQ, BND, the French DGSE, etc.) and is where they can share intelligence and discuss related issues. While this group has many of the same members as the “Nine Eyes”, it is a different group. According to leaked documents, the Fourteen Eyes is not a formal treaty but rather an agreement made between SIGINT agencies.

Nine Eyes intelligence alliance

nine eyes countries

Nine Eyes (9 Eyes) refers to a group of nations that share intelligence, composed of the Five Eyes member countries plus:

  • Denmark
  • France
  • The Netherlands
  • Norway

These countries participate as third parties. This group seems to be a more exclusive club of SSEUR and is not backed by any known treaty. Like the Fourteen Eyes, it is simply an arrangement between SIGINT agencies.

Other partners

Israel, Japan, Singapore, and South Korea are all suspected to be third parties with the NSA as well. Just as there is a SIGINT Seniors of Europe, there is also a SIGINT Seniors of the Pacific, which was formed in 2005. Its members include the Five Eyes member countries as well as:

  • France
  • India
  • Singapore
  • South Korea
  • Thailand

There are also non-Western intelligence-sharing alliances, such as the Shanghai Cooperation Organization between:

  • China
  • India
  • Kazakhstan
  • Kyrgyzstan
  • Pakistan
  • Russia
  • Tajikistan
  • Uzbekistan

What this means for you

The existence of international surveillance agreements like Fourteen Eyes allows member countries to take advantage of, as the Electronic Frontier Foundation puts it, “the lowest common privacy denominator.” Other members of the Five Eyes get to benefit from the mass surveillance data the NSA’s XKEYSCORE project brings in. In time, the Five Eyes countries will also benefit from all the data that the UK’s Investigatory Powers Act collects.

If a sweeping act that expands electronic surveillance passes in any one of these countries, it is as though the act has passed in every country. It also means that there is a good chance that your digital activity is being captured and shared with the NSA or other SIGINT agencies, no matter where in the world you are.

How to avoid surveillance

The best safeguard against this widespread surveillance is strong encryption. If you encrypt your data before it enters the network, it makes it much harder for you to be targeted by surveillance.

Protecting your emails

When you use your Proton Mail account to email someone else with a Proton Mail account, your emails are protected with end-to-end encryption, meaning that no one can decrypt the contents of your message except for you and your recipient. You can also protect the messages you send to people who use different email providers with end-to-end encryption with our Encrypt for Outside feature. With end-to-end encryption and proper device security, it is more difficult for any SIGINT agencies to intercept, decrypt, and read the contents of your email.

Additionally, all messages on Proton Mail’s servers are stored with zero-access encryption, which means we cannot share the content of your messages with surveillance agencies. Zero-access encryption means we encrypt your messages in such a way that even though they are stored on our servers, we cannot access them. Other email providers can decrypt your messages without your permission or knowledge as they control the keys they use to encrypt your messages on their server. By using end-to-end and zero-access encryption, we are unable to provide the contents of our users’ emails to anyone, even governments or law enforcement bodies.

Using a VPN

Using a VPN service like ProtonVPN also makes it much harder for surveillance agencies to record and track your internet activity. A VPN encrypts your internet traffic, which means your ISP is not able to record your online activity, which prevents SIGINT agencies from getting that data from the ISP junction points mentioned previously.

By using a VPN with Perfect Forward Secrecy (PFS), like Proton VPN, you also benefit from extra security. By using a different key for each session, PFS means that even if any of the keys used to encrypt one browsing session become compromised, all your other sessions remain secure. So even in the unlikely event that a SIGINT agency was able to decrypt the VPN data from one browsing session, they would not be able to decrypt all of them.

Other apps

Similar encrypted apps such as Wire or Signal also exist for chat communications, and there are some privacy-friendly web browsers, like Brave and Firefox, that go further in protecting your privacy online.

Why Proton is based in Switzerland

Proton Mail and Proton VPN are based in Switzerland, which has some of the world’s strongest privacy laws and is not a signatory to any of these surveillance agreements. This provides an additional layer of legal protection on top of the encryption we utilize.

Swiss companies, like Proton, cannot be compelled to cooperate with requests for user data from other governments. If the government of another country wanted the little data we hold on any of our users, they would have to make a request to the proper Swiss authorities, which have strict requirements and will typically not work with governments that have poor records on human rights. In the case we are presented with a legal request for user data that we must comply with, we cannot hand over the contents of emails as our zero-access encryption means we do not have access to them.The scale of mass surveillance operations is truly breathtaking and a major threat to democratic society. This is why, at Proton, we do not rely on any government to protect the privacy of those who use Proton Mail or Proton VPN. Instead, we rely on the mathematical strength of our open-source encryption methods. Fortunately, there are now tools for protecting your privacy and safeguarding your right to online freedom.

FAQ

How can I protect myself against mass surveillance?

Encrypting your data is the best way to protect yourself against mass surveillance. By using a VPN, you prevent your ISP from collecting data about your online activity (and any government agencies that are copying that data). If your ISP does not have information about what you do online, they cannot share it with SIGINT agencies in Five Eyes countries.

However, if you use a VPN that is based in a Five Eyes country, any logs they keep on your online activity can be shared with all the SIGINT agencies in the UKUSA agreement. Proton VPN is based in Switzerland, which is not part of the Five, Nine, or Fourteen Eyes agreements.

The same can be said of encrypting your emails. By encrypting your emails, you ensure that no one else can access the contents of your messages. (Note: If you email someone who is not using an encrypted email service, the contents of your emails will not be protected by zero-access encryption on their side.)
You can also use privacy-focused browsers and encrypted messengers to further protect yourself from mass surveillance.

Why is it called the Five Eyes?

The Five Eyes (sometimes written as 5 Eyes or FVEY) is a reference to the five anglophone countries that are members of the UKUSA agreement: Australia, Canada, New Zealand, the United Kingdom, and the United States. Although you would be forgiven for thinking “Eyes” refers to snooping, the term “Five Eyes” was actually originally used as shorthand for “AUS/CAN/NZ/UK/US EYES ONLY” on secret documents. As more intelligence alliances — the Nine Eyes and Fourteen Eyes — were formed, they adopted the same naming convention, although there is no evidence that they were used as shorthand in the same way.

What is SIGINT?

SIGINT is short form for signals intelligence, and refers to the interception of transmission signals. This usually takes the form of gathering communications intelligence between people (sometimes called COMINT), though can also include electronic intelligence (ELINT), which uses electronic sensors (such as radar) to gather information.

How is SIGINT used?

SIGINT was originally used in warfare and did not affect everyday citizens. However, since the Cold War, SIGINT agencies have started collecting more and more intelligence from everyday people’s communications. This increased dramatically after the invention of the World Wide Web, as governments were able to get more data than ever on people from around the world, as the Snowden revelations showed.

When was UKUSA formed?

The UKUSA agreement (then called BRUSA) was signed by the UK and the US in 1946. In the following decade, the “second parties” — Australia, Canada, and New Zealand — also became signatories of the Agreement.

Richie Koch

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

14 eye

loader

Fourteen eyes surveillance alliance explained

Home / Security Introduction / Fourteen eyes surveillance alliance explained

securitymadesimple Security Introduction Comment : 0

A surveillance alliance is an agreement between multiple countries to share their intelligence with one another. This includes things like the browsing history of any user that is of interest to one of the member countries. Five eyes and Fourteen eyes are two alliances of 5 and 14 countries respectively that agree to share information with one another wherever it is mutually beneficial. They were originally made during the cold war as a means of working together to overcome a common enemy (the soviet union) but still exist today. These terms are commonly associated with internet privacy debates and they are two of the largest and most well known surveillance alliances in existence.

What is the fourteen eyes alliance?

Fourteen eyes is an alliance of 14 different countries that have agreed to share their intelligence with one another. It’s origin goes back to 1943 when an agreement was reached between the British and US on a ten page Communication Intelligence agreement. It originally started with only 5 countries and was known as the BRUSA agreement. After that the program grew to 9 countries and now includes 14 total countries. In addition to these 14 countries, there are other supporting countries that are not official members but regularly contribute to its network. The 14 eyes alliance includes:

  • Australia
  • Canada
  • New Zealand
  • United Kingdom
  • United States
  • Denmark
  • Netherlands
  • France
  • Norway
  • Germany
  • Belgium
  • Spain
  • Sweden
  • Italy

In addition to these members there are other countries that are considered partners or affiliates of the fourteen eyes alliance. These additional countries include:

  • Israel
  • Japan
  • South Korea
  • Singapore
  • British Overseas territories (e.g. British virgin islands)

Why Fourteen Eyes is a potential concern

The reason the fourteen eyes alliance is such a problem is that it allows governments to spy on their own citizens by using other countries as a proxy. For example the US intelligence agencies may not be able to legally spy on their own citizens but they may ask another member’s intelligence service to spy on US citizens for them and feed them the information. In return the US government would do the same for that member country and there’s not a whole lot that can be done because it’s a completely different country and doesn’t fall under US jurisdiction. After the Edward Snowden incident, I don’t think anyone can deny the fact that countries spy on their citizens and alliances like this make it even harder to prevent.

Why Fourteen Eyes is necessary

This may be an overused phrase but having a good intelligence program is literally a matter of national security. It was originally created as an intelligence-sharing agreement during the cold war to decrypt soviet intelligence. Since then agreements like fourteen eyes continues to provide member nations with important information that can be used for many different goals. Many people are against the idea of government’s spying on their citizens and it is a concern. However, I don’t think any intelligence agency would be doing their job well if they didn’t create alliances like this, it makes perfect sense to pool the resources of your allies so you can get information on potential threats to your country. Whether alliances like fourteen eyes are good or bad really depends on how the information is being used behind the scenes. But it’s important that countries work together and share information when it’s mutually beneficial.

How to avoid fourteen eyes surveillance

Now if you want to avoid being spied on you can use VPN service providers to help protect your communications while your online. However, if your VPN service provider is in one of the countries that is associated with the fourteen eyes alliance then you would still be at risk of having your information shared with your local government. So it’s important to choose a service provider who’s headquarters are not located in any of the aforementioned countries so that they are less likely to leak the information. Secondly, you also want to find a VPN provider that doesn’t log your online traffic. Assuming they are telling the truth, there won’t be any records of your internet activity for someone to get access to. However, it’s important to note that other superpowers such as Russia and China have their own intelligence programs so just because it’s not on this list doesn’t mean it’s not being looked at. But depending on your situation, you can use your own discretion.

Conclusion

Fourteen eyes is a surveillance agreement where the member countries agree to share intelligence with one another. It has an impact on global communications because of how easy it is for governments to spy on people over the internet. It also allows member nations to circumvent local laws and spy on their citizens by using other member nations as a proxy. Many people worry that this will allow them to spy on millions of people and infringe on their privacy rights, especially following the Edward Snowden situation that highlighted government surveillance. However, programs like this have legitimate value and will continue to be used to serve the best interest of member nations. For people that are concerned about having their information watched by their government, the best counter move is to find a good VPN service provider that is not hosted in any of the countries associated with fourteen eyes.