A Surveillance Primer: 5 Eyes, 9 Eyes, 14 Eyes

As consciousness of worldwide surveillance grows, extra individuals are on the lookout for details about the Five Eyes (FVEY), Nine Eyes, and 14 Eyes surveillance alliances. These phrases usually seem within the privateness neighborhood, particularly when discussing privateness instruments. So what are these organizations?

Editor’s Note:
Guest creator Sven Taylor is the editor behind Restore Privacy, a weblog devoted to tell about finest on-line privateness practices, safe your digital gadgets, unblock restricted content material and defeat censorship.

In quick, these are worldwide surveillance alliances representing varied nations world wide. These alliances work collectively to gather and share mass surveillance information with one another. Beginning with the UKUSA settlement and Five Eyes intelligence sharing, these networks have been spying on individuals for many years, with established insurance policies going again to World War II.

The authorities companies behind these efforts usually work with web service suppliers and different giant tech corporations to faucet key infrastructure for the gathering of personal information (information surveillance). This turns your web service supplier, for instance, into a neighborhood adversary that’s spying on you for state companies. And no, this isn’t a concept.

Your web service supplier is logging all the pieces!

In 2021, the US Federal Trade Commission revealed a 74 web page report documenting how web service suppliers are gathering huge quantities of personal information from their prospects after which promoting the info to 3rd events. We examined this report, the implications, and a few options in our article on web service suppliers logging looking exercise.

These practices are well-documented within the PRISM surveillance paperwork and in addition the notorious Room 641a instance with AT&T and the NSA. Fortunately, there are some easy options to maintain your information secure that we’ll cowl under. In this information, we’ll clarify all of the completely different “X” eyes surveillance alliances and why this subject is essential when selecting privateness instruments.

Five Eyes

The Five Eyes (FVEY) surveillance alliance contains the next nations:

1. Australia
2. Canada
3. New Zealand
4. United Kingdom
5. United States

The historical past of this alliance goes again to WWII and the UKUSA Agreement, which was formally enacted after the warfare in 1946. This settlement formalized a partnership between the United Kingdom and the United States for gathering and sharing intelligence information.

The partnership continued all through the Cold War and has solely strengthened for the reason that “Global War on Terror” kicked off within the early 2000s. Edward Snowden introduced renewed focus to the Five Eyes surveillance alliance in 2013 when he uncovered the surveillance actions of the US authorities and its allies.

Below are the completely different “5 Eyes” surveillance companies working collectively to gather and file your actions:

Table of the Five Eyes companies working collectively to surveil enemies and their very own residents.

In addition to those nationwide organizations, there exists the Five Eyes Intelligence Oversight and Review Council (FIORC). According to the FIORC net web page on the US Director of National Intelligence web site:

FIORC was created within the spirit of the prevailing Five Eyes partnership, the intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States.

It additional states that…

The Council members change views on topics of mutual curiosity and concern; evaluate finest practices in overview and oversight methodology; discover areas the place cooperation on opinions and the sharing of outcomes is permitted the place acceptable; encourage transparency to the most important extent potential to boost public belief; and keep contact with political workplaces, oversight and overview committees, and non-Five Eyes nations as acceptable.

The following non-political intelligence oversight, overview, and safety entities of the Five Eyes nations are a part of FIORC:

You can get extra details about FIORC, together with a duplicate of the group’s constitution right here.

It is not any shock that among the Five Eyes nations listed above are additionally the worst abusers of on-line privateness:

• United Kingdom – Since the passage of the Investigatory Powers Act in 2016, web service suppliers and telecoms have been recording looking historical past, connection instances, and textual content messages. The information is saved for 2 years and is on the market to UK authorities companies and their companions with none warrant.
• United States – The US authorities has been implementing Orwellian mass surveillance assortment strategies with the assistance of enormous telecoms and web service suppliers (see the PRISM program). In March 2017, web service suppliers got the authorized authority to file consumer exercise and promote this to 3rd events. Of course, web suppliers have been gathering information on their prospects for a few years, lengthy earlier than this regulation handed in 2017.

One of the PRISM slides, revealed by Washington Post, June 6, 2013.

• Australia – Australia has additionally carried out sweeping information retention legal guidelines just like the United Kingdom.

Broad authority amongst 5 Eyes nations

Whether it’s the NSA within the United States or the GCHQ within the United Kingdom, the “5 Eyes” is residence to probably the most highly effective surveillance companies on this planet. A privateness firm sharing a jurisdiction with entities like these is simply asking for hassle.

In specific, the intelligence companies within the Five Eyes nations have great authority to power corporations to file and hand over information. In the United States, the Patriot Act ushered in a brand new stage of energy for federal information assortment, particularly by using National Security Letters. We see these identical traits unfolding within the UK, Australia, and different areas as effectively.

Six Eyes?

In an August 2020 Nikkei interview, Japanese Defense Minister Taro Kono mentioned tighter cooperation with Five Eyes, telling an interviewer that “These nations share the identical values. Japan can get nearer [to the alliance] even to the extent of it being known as the ‘Six Eyes’.”

Reportedly each the United States and United Kingdom have proven some curiosity on this, maybe in response to the rising dangers of armed battle with China. While this seems to be simply discuss proper now, we’ll regulate the scenario and replace our articles as obligatory.

Nine Eyes

The Nine Eyes nations embody:

• 5 Eyes nations +
• Denmark
• France
• Netherlands
• Norway

The existence of the Nine Eyes alliance is referenced in varied sources on-line and have become well-known following the Snowden revelations in 2013. It is simply an extension of the Five Eyes alliance with related cooperation to gather and share mass surveillance information.

14 Eyes

The 14 Eyes surveillance nations embody:

• 9 Eyes nations +
• Germany
• Belgium
• Italy
• Sweden
• Spain

As earlier than, the unique surveillance settlement was prolonged to those different nations. The official identify of this group of nations is known as SIGINT Seniors Europe (SSEUR).

NSA and GCHQ cooperation inside 5 Eyes

Various authorities doc releases, which have come out by official FOIA channels, reveal the shut relationship between the NSA and GCHQ. Being the 2 strongest surveillance entities on this planet, with historic ties, it’s no shock that they work intently collectively.

A top-secret NSA doc from 1985, which was launched in 2018 through a FOIA request, reveals that this shut cooperation continues right now, primarily based on the broadly-written UKUSA Agreement:

The UKUSA Agreement, dated 5 March 1946, has twelve quick paragraphs and was so usually written that, except a couple of correct nouns, no modifications to it have been made. It was signed by a UK consultant of the London Signals Intelligence Board and the U.S. Senior Member of the State-Army-Navy Communications Intelligence Board (a predecessor group which advanced to be the current National international Intelligence Board). The rules stay intact, permitting for a full and interdependent partnership. In impact, the essential settlement permits for the change of all COMINT outcomes together with finish product and pertinent collateral information from every sample for targets worldwide, except particularly excluded from the settlement on the request of both get together.

Another top-secret NSA doc from 1997 (formally launched in 2018) additional elaborates on the shut cooperation between the NSA and GCHQ:

Some GCHQ [redacted] exist solely to fulfill NSA tasking. NSA and GCHQ collectively handle assortment plans to cut back duplication and maximize protection by joint websites and cross-tasking, regardless of website closures.

With the reference to “joint websites” above, it is essential to debate ECHELON.

ECHELON surveillance system

ECHELON Radomes at Menwith Hill, Yorkshire. Photo taken November 2005. Matt Crypto through Wikimedia Commons

ECHELON is a community of spy stations utilized by Five Eyes nations for large-scale espionage and information assortment.

The Guardian described ECHELON as a world community of digital spy stations that may snoop on telephones, faxes and computer systems. It may even observe financial institution accounts. This data is saved in Echelon computer systems, which may hold tens of millions of information on people.

Officially, nevertheless, Echelon does not exist. Although proof of Echelon has been rising for the reason that mid-Nineties, America flatly denies that it exists, whereas the UK authorities’s responses to questions concerning the system stay evasive.

Despite these denials, there have been whistleblowers who’ve confirmed what is going on on behind the scenes. Both Perry Fellwock and Margaret Newsham got here ahead to doc varied features of ECHELON to the general public.

Avoid the 5 Eyes

While there are privateness issues with the opposite nations within the higher 14 Eyes alliances, the massive one to keep away from is the Five Eyes. Therefore, when information safety is vital, merely keep away from the Five Eyes: US, UK, Canada, Australia, and New Zealand

Some individuals say issues about these surveillance jurisdictions are overblown or misguided, and that it actually does not matter. You usually hear this argument from VPN corporations (and their entrepreneurs) which can be primarily based within the US or Canada, for instance. This line of pondering is misinformed and ignores actuality.

There are many examples that show the real-world dangers related to privacy-focused corporations working in Five Eyes jurisdictions. Here are only a few that we have mentioned earlier than on RestorePrivacy through the years:

1. Riseup, a Seattle-based VPN and electronic mail service, was compelled to gather consumer information for presidency brokers and was additionally hit with a “gag order” to stop any disclosure to their customers. (They additionally couldn’t replace their warrant canary.)
2. Lavabit, one other US-based electronic mail service, was compelled to offer encryption keys and full entry to consumer emails. Rather than comply, the proprietor determined to close down Lavabit electronic mail.
3. IPVanish, a US-based VPN service, was compelled to gather consumer information for an FBI felony investigation. This all transpired whereas IPVanish was claiming to be a “no logs VPN” — they usually couldn’t alert their customers to what was occurring. (See the IPVanish logs case.)
4. HideMyAss, a UK VPN service was additionally ordered by a court docket to gather consumer information and hand this over to authorities for a felony investigation. News about this got here out after-the-fact.

VPNs working within the US, and by extension all of their customers, will also be the targets of lawsuits involving copyright infringement. A latest court docket case concerned TorGuard VPN, which was compelled to dam torrenting on all US servers as a part of the settlement settlement. This is why we suggest avoiding US-based VPNs when utilizing a VPN for torrenting.

These are only a few circumstances which have publicly come to gentle, however you may be positive there are different examples we do not know even about.

Secret calls for for consumer information + gag orders = privateness nightmare

As we will see from these examples, when authorities compel companies to gather and hand over information, they often serve them with a gag order as effectively. This is finished by National Security Letters and it prevents the enterprise from disclosing any data to their prospects.

These legal guidelines principally give the federal government the authority to compel a legit privacy-focused firm to turn out to be a knowledge assortment device for state companies, with none warning or notification. Even warrant canaries are ineffective in locations just like the United States.

Ignoring the jurisdiction of a privacy-focused enterprise is silly and ignores these well-documented dangers.

Recommended privateness providers (in good jurisdictions)

One of the principle functions of RestorePrivacy is to check, analysis, and suggest privateness and safety instruments that meet particular standards. Given our emphasis on information safety and belief, jurisdiction is a key issue we contemplate.

In phrases of jurisdiction, our principal concern is avoiding Five Eyes nations. After all, among the 9 and 14 Eyes nations do certainly have robust privateness legal guidelines, particularly compared to the US and UK.

Secure electronic mail exterior Five Eyes

Using a safe and personal electronic mail service in a secure jurisdiction is a no brainer. Consider this:

Alternatives – Here are a few of our favourite safe electronic mail providers that we examined:

1. Mailfence (Belgium)
2. Tutanota (Germany)
3. ProtonMail (Switzerland)
4. Mailbox.org (Germany)
5. Posteo (Germany)
6. Runbox (Norway)
7. Countermail (Sweden)
8. CTemplar (Iceland)
9. KolabNow (Switzerland)
10. Startmail (The Netherlands)

Best VPNs exterior the Five Eyes

Internet service suppliers are actively gathering information for presidency companies world wide. They do that by both actively snooping on connections or just recording all of your DNS requests. Additionally, advertisers and different third-parties will observe and file your on-line exercise that’s tied to your distinctive IP handle.

A great VPN service is important for fundamental on-line privateness, particularly when ISPs are logging all the pieces. A VPN encrypts all of your visitors between your pc/system and the VPN server you’re linked to. Not solely does this make your visitors and on-line actions unreadable to your ISP and different third events, it additionally hides your IP handle and placement.

Here are the perfect VPN providers which can be positioned exterior of the Five Eyes nations:

1. NordVPN (Panama)
2. Surfshark (The Netherlands)
3. ExpressVPN (British Virgin Islands)
4. VPN.ac (Romania)
5. VyprVPN (Switzerland)
6. Perfect Privacy (Switzerland)
7. OVPN (Sweden)
8. TrustZone VPN (Seychelles)
9. ProtonVPN (Switzerland)

Some individuals are apprehensive about logs and information assortment with VPNs. Fortunately, there are a couple of verified no logs VPNs which have undergone impartial audits to verify their no-logs insurance policies:

1. NordVPN was audited to PwC AG in Zurich, Switzerland to verify important privacy-protection measures and the no-logs coverage. NordVPN has dedicated to annual third-party audits, whereas additionally present process impartial safety audits and penetration testing carried out by Versprite.
2. ExpressVPN has been audited twice by PwC to confirm its no-logs coverage. Additionally, ExpressVPN has handed safety audits performed by Cure53.
3. VyprVPN underwent a no-logs audit carried out by Leviathan Security a couple of years in the past.

Private serps exterior Five Eyes

Most of the massive serps, corresponding to Google, file all of your search queries after which hyperlink this to your identification and information profile, so that you may be hit with focused adverts. Unless you need to give Google and its companions all of your search actions, think about using options.

Here are some non-public serps you could need to contemplate:

1. Searx (open supply, no jurisdiction)
2. MetaGer (Germany)
3. Swisscows (Switzerland)
4. Qwant (France)

There are a couple of serps primarily based in Five Eyes nations that we nonetheless suggest. These embody:

• DuckDuckGo (United States)
• Mojeek (United Kingdom)
• Brave Search (United States)

Trust and jurisdiction

In the top, jurisdiction is only one of many components to think about when choosing dependable privateness instruments in your distinctive wants. How a lot it issues relies upon by yourself circumstances, significantly your risk mannequin and the forms of adversaries you need to shield your self in opposition to.

For these in search of increased ranges of privateness and safety, jurisdiction is certainly essential, particularly when you think about the rising energy of governments to power corporations at hand over information and log customers. Trust can be a significant factor you must contemplate. After all, a VPN can function in a “good” abroad jurisdiction, but nonetheless misinform prospects and supply information to authorities companies. Take for instance PureVPN, a “no logs” service primarily based in Hong Kong that gave US authorities connection logs for a felony case.

This is the place belief is essential. Fortunately, to strengthen belief, extra privacy-focused companies are present process impartial audits and third-party verifications. In addition to the audits, we additionally see this pattern with password managers and infrequently with safe electronic mail providers.

Are these the one worldwide intelligence alliances?

Most undoubtedly not. In addition to the Five Eyes (FVEY), Nine Eyes, and 14 Eyes (SIGINT Seniors Europe), there are different organizations we all know of. Examples embody the SIGINT Seniors Pacific, the Quadrilateral Security Dialog (the Quad), and the Club de Berne. There can also be different such organizations that we nonetheless do not find out about.

Will Japan turn out to be a “Sixth Eye”?

Japan has publicly prompt that they wish to work extra intently with the Five Eyes, and maybe some day turn out to be a Sixth Eye. As of now it seems to be solely discuss, however rising stress between Japan and China appears to be transferring Japan towards ever stronger connections with the Five Eyes nations. Only time will inform if we’ll be speaking about Six Eyes as a substitute of Five Eyes quickly.

Conclusion: Use providers working in secure jurisdictions

The Five Eyes is probably the most highly effective surveillance alliance on this planet. While it arguably works effectively to guard its member nations (USA, UK, Canada, Australia, and New Zealand), it makes these nations lower than ultimate jurisdictions for pro-privacy corporations and merchandise.

Ultimately, we additionally must acknowledge that everybody has completely different wants, use circumstances, and risk fashions. This signifies that choosing services is a really subjective matter, and solely you will discover the perfect match in your wants. Good luck and keep secure!