What is Five-Eyes Surveillance and Why You Should Be Worried?
If you’ve ever used a VPN, or are concerned about online privacy, you’ve probably heard about "Five Eyes," "Nine Eyes," and "14 Eyes" surveillance. Just what are these eyes and why should they be important to you.
Five Eyes Surveillance is a nickname for the United Kingdom–United States of America Agreement (UKUSA), the top-secret, post-war arrangement for sharing intelligence between the United States and the UK. It was signed by representatives of the London Signals Intelligence Board and its American counterpart in March 1946, the UKUSA Agreement is without parallel in the Western intelligence world and formed the basis for co-operation between the two countries throughout the Cold War.
Despite the official name, UKUSA agreement consists of five countries. The United States National Security Agency (NSA), Canada’s Communications Security Establishment Canada (CSEC), the United Kingdom’s Government Communications Headquarters (GCHQ), New Zealand’s Government Communications Security Bureau (GCSB) and the Australian Signals Directorate (ASD). There are five countries intelligence services, hence the term Five Eyes.
Fighting against terrorism in the ongoing war on terror since 2001 has led the Five Eyes to expand their surveillance activities with a greater focus on monitoring the World Wide Web. As such, Five Eyes has given birth to many of the most notable privacy scandals in recent years, including PRISM, XKeyscore, and Tempora.
The documents that were revealed by Edward Snowden in 2013 showed that these Five Eyes have been involved in spying the one another’s citizens and share the gathered details with each other in order to evade restrictive domestic regulations on the citizen’s surveillance.
Five Eyes under the UKUSA agreement now has a range of scary powers. The agreement states that interception, collection, analysis, acquisition, and decryption practised by the individual country within their territory and all intelligence information are shared by default.
The scope of the agreement means that they can force any communications service provider, including ISPs, social media platforms, email providers, phone networks and more, to:
- Insert malware on its users' devices.
- Ignore existing laws in pursuit of Five Eyes directives.
- Interfere with people’s user experience.
- Provide governments with new product designs in advance.
- Provide user information as requested in secret warrants.
What Is Nine Eyes Surveillance ?
Nine Eyes is another intelligence sharing agreement. It’s grown out of the original Five Eyes alliance. It includes all the Five Eyes members, plus Denmark, France, the Netherlands, and Norway.
What Is 14 Eyes Surveillance ?
The 14 Eyes agreement adds a further five countries to the list: Germany, Belgium, Italy, Spain, and Sweden.
Interestingly, both France and Germany have been close to becoming full Five Eyes members in 2009 and 2013 respectively. The two agreements both fell through for various reasons.
It’s important to mention Israel and Singapore. Israel reportedly enjoys observer status with the main Five Eyes group, while Singapore has partnered with the group but is not an official member.
Why Does Five Eyes Surveillance Matter?
Given the sweeping powers granted by these agreements, what impact does it have on you?
It’s all a question of jurisdiction. When talking about a VPN provider’s jurisdiction, there are three things to consider:
- Local laws: Some countries outright ban VPN usage.
- Company location: The state in which the VPN provider is registered and has its physical offices.
- Server location: VPN providers typically offer servers in many different countries.
From a surveillance perspective, the two things you need to worry about are the company location and the company servers.
A VPN provider with either a physical address or servers in the countries listed could be compelled to hand over any information it has, including connection logs and browser traffic. The country might even monitor a VPN server’s inbound and outbound traffic. Worse still, the governments can forbid the provider from even notifying the affected customers; you lose the chance to respond to the invasion of privacy.
Due to the very nature of the agreements, once your information has been acquired by one country, it’s in the system and will be shared with the other countries.
If security is your main priority, you shouldn’t use a VPN that’s domiciled in one of the Five, Nine, or 14 Eyes countries. Nor should you connect to servers in one of those countries using a VPN provider from a non-14 Eyes member.
If you really need to use a VPN provider from one of the Five, Nine, or 14 Eyes member countries (for example, due to a unique feature), make sure you select one that explicitly does not keep logs. However, not even that can adequately protect you.
Last updated on: Tuesday 30th October 2018