Online Privacy

How Five-Eyes and other Alliances Affect Your VPN’s Privacy and Security

Story Highlights

  • Five, Nine, and 14-Eyes Explanation
  • Intelligence agencies affecting your VPN
  • Avoid agencies from monitoring your VPN traffic
  • Data-sharing cases

The first and second world wars sparked global alliances between several nations. In both wars, American and British troops fought side by side and won. Once the fighting was over and the dust settled, A new type of alliance came to life; one that surpassed politics and economy. The US and the UK consolidated their relationship with security and surveillance treaties that still stand firm to this day.

Fast forward a few decades and you’ll find that this alliance has welcomed new members, 12 countries to be exact. Canada, Australia, France, Germany, and a host of other countries also joined the intelligence cause, forming what you know now as the Five, Nine, and 14-Eyes alliances.

And these countries monitor the thing we use daily and constantly: The Internet. That is why a cybersecurity tool called the VPN rose to prominence. This program allowed you to reroute your traffic through private servers, change your IP address, and encrypt your traffic.

But unfortunately, the invasions of privacy didn’t stop there as these alliances ordered companies that operate within their jurisdictions to submit user data upon request. That includes VPN services, which is why so many of them are based in countries outside the Five, Nine, and 14-Eyes.

So let’s take a look at these alliances of, hmm, professional spies.


What Is Five-Eyes Alliance?

It all started in the 1950s when the United Kingdom and the United States signed an intelligence agreement. Their alliance aimed to decipher the secret communications of the Soviet Union during the Cold War. By 1960, another three countries joined the pact – Australia, Canada, and New Zealand. Hence the name Five-Eyes or FVEY.

This secret collaboration became public half a century later, in 2003. But the general public had to wait until 2013 to get more details about FVEY when whistleblower Edward Snowden leaked secret documents he obtained while working as a contractor for the NSA.

These documents revealed that American, British, Canadian, Australian, and Kiwi governments are monitoring their citizens’ online activities. Furthermore, the leaked files showed that intelligence agencies are sharing this data with one another.

But the story does not end here.


Nine and 14-Eyes Alliances – What Are They?

The Five-Eyes alliance was the first intelligence data-sharing agreement that spread across several countries. However, there are wider alliances of nations exchanging citizens’ and residents’ online information.

As of now, we know of at least two other cooperations that spy on people’s online activities and communications. They are called the Nine-Eyes and the 14-Eyes alliances and their members are as follows:

  • Five-Eyes: US, UK, Australia, Canada, and New Zealand
  • Nine-Eyes: Five Eyes countries plus Denmark, France, Netherlands, and Norway
  • 14-Eyes: Nine Eyes members plus Belgium, Germany, Italy, Spain, and Sweden

Some reports suggest that Israel, Japan, Singapore, and South Korea are also part of the global surveillance system.

Members of the Five-Eyes alliance collect and share more data between them than the countries of the Nine or 14-Eyes agreements. Nonetheless, nobody outside the intelligence community knows for sure what information these governments share, namely because these alliances are between intelligence agencies.


How These Intelligence Treaties Affect Your VPN

Evidently, the ultimate goal of the cooperation between these multi-national intelligence services is to monitor and collect sensitive data. They focus on the Internet communications of both individuals and organizations all over the world. Google released a transparency report revealing all the requests it received from the authorities to submit user information.

Requests for User Information That Google Received

Spying Data
Source: Google Transparency Report

Members of these alliances don’t just keep an eye on their residents’ information, but also anyone who communicates with them. That means even if you live outside Five, Nine, and 14-Eyes jurisdiction, any data you communicate with individuals or services inside those countries could end up being monitored. Furthermore, the laws of the countries that form these alliances force VPN service providers to collect particular user information and share it with government agencies upon request.

What it effectively means for VPN users is that they get neither the privacy nor the security they look for when using a VPN. Government agencies can ask for their browsing history and online communication records at any time.


Stop Agencies from Spying on Your VPN

Frankly speaking, you cannot do much if someone resourceful enough is targeting your VPN connection intentionally. Provided that you are not a spy or hiding criminal yourself, you can do at least the following.

Check what your country laws say about the use of VPN services. In most cases, national laws in Europe and North America do not ban the use of VPNs. But in some countries, using a VPN is illegal or at least frowned upon. This is not the main problem, though.

What you should be more concerned with is where your VPN provider is headquartered and which jurisdiction governs its activities. If your VPN iś registered in Australia, for example, then it must hand over information about you when investigators request it. Moreover, this data could be shared with intelligence agencies of other Five, Nine, and 14-Eyes member states.

Therefore, avoid using VPN services based in countries participating in any intelligence-gathering alliance. A good number of VPN providers have established themselves in nations with favorable data laws, meaning they don’t have to submit any data collection. These places include Panama, Costa Rica, Estonia, Switzerland, and the British Virgin Islands.


Cases when Agencies Shared Data

Details of the Five, Nine and 14-Eyes alliances emerged in 2013 after Edward Snowden leaked secret documents about the matter. Still, we don’t know much about what these intelligence agencies collect or share with each other. There are, however, a few confirmed cases.

The Case of Maher Arar

In 2002, Canadian citizen Maher Arar was detained in New York City’s JFK airport after returning from Tunisia while visiting his wife’s family. The reason behind his arrest was the Canadian government’s inaccurate data gathering, which was shared with US authorities. Arar was secretly transferred to Syria after 12 days where he suffered imprisonment and torture. He was released without charge a year later and returned home.

Spying on EU Citizens

In 2014, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs confirmed that Canadian and New Zealand intelligence agencies cooperated with the NSA and shared the personal data of EU Citizens.

War on Terror

After the September 11 attacks, surveillance between Five-Eyes members significantly increased as part of the war on terror. This led to the monitoring and sharing of UN officials and delegations, including weapons inspector Hans Blix.

Jointly-operated Surveillance Programs

The documents that Edward Snowden released showed there are several surveillance systems that are jointly-operated by several agencies of the Five-Eyes. They include:

  • PRISM: Operated by the NSA together with GCHQ and the ASD
  • XKeyscore: Operated by the NSA with contributions from the ASD and the GCSB
  • Tempora: Operated by GCHQ with contributions from the NSA
  • MUSCULAR: Operated by GCHQ and the NSA
  • STATEROOM: Operated by the ASD, CIA, CSE, GCHQ, and NSA

Concluding Words

You should always expect that the authorities want to gather as much information as possible about users and their online activities. Whether you’re using a VPN or not, your data will always be a target for intelligence-gathering agencies. The shift to digital communications and data-sharing may have made things faster and easier, but it also made us trackable preys.

Therefore, using a VPN is a must from a cybersecurity point of view, although your data might still be compromised. Therefore, make sure you check your VPN’s headquarters before you subscribe to it. If it’s located inside Five, Nine, or 14-Eyes jurisdiction, then switch to a different service.

Do you find the existence of intelligence-gathering agencies alarming or necessary for national security? Share your thoughts in the comment box below.

Show More

Ralph Peterson

Ralph was bitten by the tech bug from an early age. Today, he is a cybersecurity geek who is obsessed with online privacy. Peterson is also a hardcore streamer of the latest TV shows and sports tournaments. We constantly hear him shouting at his screen whenever there's a live Premier League match (or a bad ending to a TV series like GoT).

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button