Who’s watching you? A guide to the 5, 9, and 14 Eyes Alliances

If you’re located in a country that forms part of the 5, 9, or 14 Eyes alliance, you risk your online activities being monitored, logged, and shared with other member countries. The intelligence-sharing alliances collect data from various sources, including browsing activity, emails, or telephone calls. Collecting and then sharing this intelligence with other members allows governments to bypass their national privacy laws.

Needless to say, this is all more than a little concerning if you value your privacy. For this reason, we’ll look closer at the countries involved, the data they collect, the risks posed, and how to protect yourself from government surveillance. That way, you can make an informed decision on whether you need to protect your privacy, such as using a Virtual Private Network (VPN) to encrypt your internet traffic, hiding it from prying eyes.

What are the 5, 9, and 14 Eyes alliances?

The Five Eyes (FVEY), 9 Eyes, and 14 Eyes are intelligence-sharing alliances. These alliances consist of countries that have agreed to collect and share surveillance data. The alliances allow governments to monitor online activity and communications, including emails and phone calls, often bypassing their own national privacy laws in the process.

The Five Eyes came first during World War II with the UKUSA Agreement. Signed in 1946, this intelligence-sharing pact between the UK and the US later expanded to include Canada, Australia, and New Zealand, forming what we now know as the Five Eyes alliance. It was created for signals intelligence (SIGINT) and saw the UK’s Government Communications Headquarters (GCHQ) and the US’s National Security Agency (NSA) sharing intelligence on the Soviet Union and the People’s Republic of China during the Cold War.

Over time, Five Eyes has evolved into a mass surveillance network and enabled surveillance programs, including ECHELON, PRISM, and XKeyscore. It’s also seen the birth of the 9 Eyes and 14 Eyes alliances, both expanding the intelligence-sharing partnerships even further.

Which countries form the 5, 9, and 14 Eyes alliances?

The 5, 9, and 14 Eyes alliances consist of different groups of countries that cooperate in intelligence-sharing and surveillance. 5 Eyes consists of the core member countries that have full intelligence-sharing and joint surveillance programs. 9 Eyes sees some intelligence sharing but less access to classified data. 14 Eyes sees looser cooperation and more limited intelligence access.

5 Eyes (FVEY)

The Five Eyes intelligence-sharing alliance shares the most classified intelligence. Unrestricted access to global surveillance networks makes this the most powerful surveillance network. It consists of the following countries:

9 Eyes

9 Eyes adds four more countries that work closely with 5 Eyes by contributing and receiving intelligence. However, these countries don’t have the same level of access to the surveillance networks of the core 5 Eyes members:

14 Eyes

14 Eyes sees five more countries cooperating on intelligence-sharing, but their access is even more limited than 9 Eyes nations. They exchange intelligence only when necessary, such as for counterterrorism or cybersecurity.

What data does the 5 Eyes Alliance collect?

The Five Eyes countries, particularly the US and UK, run mass surveillance programs such as ECHELON, PRISM, and XKeyscore that collect a vast amount of data, much of which is sensitive. This includes:

Internet activity

• Websites visited
• Search history
• Downloads
• Emails
• Social media activity
• Online purchases and transactions

Phone communications

The following can be monitored through the collection of metadata and wiretaps:

• Phone numbers dialed and received
• Call duration, timestamps, and locations
• SMS/MMS message metadata

Location and travel data

5 Eyes collects location and travel data through GPS tracking and phone towers:

• Real-time and historical location tracking
• Airline bookings
• Visa records
• Surveillance camera footage

Financial transactions

Financial transactions are monitored through banks, payment processors, and SWIFT:

• Credit card transactions
• International money transfers
• Cryptocurrency activity

Private and encrypted messages

Whether intercepted through backdoors, exploits, or subpoenas, Five Eyes can obtain the following:

• WhatsApp, Signal, and Telegram messages
• iMessage and encrypted email communications
• Cloud-stored files and backups

How the 5, 9, and 14 Eyes alliances impact your privacy

Five Eyes countries have privacy laws that protect citizens from their governments’ efforts to spy on them. However, 5 Eyes members can spy on each other’s citizens and share the data, bypassing the legal restrictions. For example, the NSA (US) can’t legally spy on Americans without a warrant, but GCHQ (UK) can, and it can then share the data back with the US.

The loophole allows mass surveillance without legal consequences. What’s more, surveillance doesn’t stop at 14 Eyes. Data can be sold or shared with other nations. 5 Eyes is known to partner with Israel, Japan, Singapore, South Korea, and other allies to extend surveillance reach.

The 5, 9, and 14 Eyes intelligence alliances pose numerous privacy risks. The mass collection of data is without the consent of users and, in most cases, without their knowledge. Your data will likely be collected even if you don’t live in a Five Eyes country. Simply sending an email routed through UK servers before reaching its destination could see the email intercepted by GCHQ’s Tempora program.

The data collected via the Five Eyes’ intelligence programs can be shared with law enforcement, bypassing legal protections afforded to you, such as the need for a warrant. Decryption programs such as Bullrun (US) and Edgehill (UK) weaken encryption standards by planting backdoors, making everyone’s data more vulnerable as a result.

How to protect your data from government surveillance

The fact that the Five Eyes operate above national privacy laws means it’s very difficult – if not impossible – to avoid their surveillance entirely. The good news is that there are some things you can do to protect your data and online privacy:

Use a no-logs VPN

You can use a VPN to encrypt your connection and make it that much more difficult for snoopers such as Five Eyes member countries to read your data. With this encryption, your real IP address is hidden so you can browse anonymously. Of course, you’ll want to choose one of the best VPNs that operates a no-logs policy. This means that the VPN doesn’t track or store any of your online activities or, indeed, any data that can identify you as a user.

Encrypt your communications

The emails and messages you send would be much safer if they could only be read by you and the intended recipient. Using specific apps such as Signal and WhatsApp for messaging and ProtonMail and Tutanota for emails ensures your communications benefit from end-to-end encryption (E2EE). With end-to-end encryption, only the recipient has the decryption key to unscramble the message, preventing anyone else from reading the message.

Avoid services from 5 Eyes countries

If you’re particularly concerned about Five Eyes, you may want to avoid services based in 5 Eyes countries. That’s because your data is likely to be vulnerable to greater surveillance. Instead, it’s worth exploring more privacy-focused alternatives in jurisdictions with stronger privacy laws. For example, Tresorit is a cloud storage platform headquartered in Switzerland. NordVPN operates out of Panama without mandatory data retention laws.

Use a secure browser and search engine

It should come as no surprise that some browsers, most notably Google Chrome, collect significant amounts of data, including browsing history and search queries. Cookies track your activities across the web. Fortunately, there are privacy-oriented browsers like Brave, which block ads and trackers by default. Brave Browser’s default search engine is Brave Search, which is considered privacy-friendly, although DuckDuckGo is a viable alternative.

Browse anonymously with Tor

Aside from using a VPN, the Tor network is a way in which you can anonymize your internet traffic. It does this by routing the data through multiple servers, which makes it much harder for anyone to trace your online activities. Keep in mind that although Tor is great for privacy and anonymity, it does have the downside of slower speeds. This is due to the layers of encryption as traffic runs through multiple nodes.

Limit your use of smart devices

Just one of many sources at Five Eyes’ disposal are smart devices such as home assistants, Smart TVs, and wearables, all of which can be exploited and used as surveillance tools. These can provide Five Eyes with anything from voice recordings and smartwatch health data to smart home security camera footage. Limiting such devices and disabling microphones and cameras when not in use can make a big difference.

Keep software and devices updated

Keeping your operating systems, devices, and applications updated is essential to protect against security vulnerabilities. Failure to do so could result in vulnerabilities being exploited for surveillance purposes. You could also enable two-factor authentication (2FA) on your accounts to provide an extra layer of security.

Use strong passwords

Many people use overly simplistic passwords such as their pet’s name or date of birth. Worse still, some are guilty of using the same password across dozens of online accounts. One reason for this is that memorizing potentially dozens of complex and unique passwords is just not practical. This is where a password manager comes in useful. Not only can a password manager help store complex passwords securely, but it can also help you generate them.

VPN jurisdiction

We’ve touched on how VPNs can help protect you from Five Eyes surveillance, at least to a degree. One crucial consideration is VPN jurisdiction. That is the country where the VPN company is legally registered. The location plays an important role in how your data is handled. After all, government laws may force a VPN to log user data, which may be shared internationally as part of an intelligence agreement.

Theoretically, the countries with the highest level of risk due to having the most aggressive surveillance laws are those that comprise Five Eyes: the US, UK, Canada, Australia, and New Zealand. Having said that, a VPN being headquartered in one of these countries doesn’t automatically make it a bad choice. Some trusted no-logs providers such as IPVanish and Private Internet Access operate out of the US.

When choosing a VPN, look for the following:

• Independently audited no-logs policy
• RAM-only servers (which wipe all data on reboot)
• Transparency reports detailing data requests from authorities

If you’d rather not take the risk, plenty of VPNs operate beyond the scope of the 5, 9, and even the 14 Eyes alliances. Some of these countries offer stronger privacy laws and don’t have mandatory data retention laws either. For example, NordVPN is headquartered in Panama, ExpressVPN in the British Virgin Islands, and Proton VPN in Switzerland.

Five Eyes FAQ