Espionage has been a topic of intrigue for as long as it’s existed, the subject of countless films and books, both fictional and nonfictional. In the modern age, the world’s intelligence agencies have shifted their focus from undercover operatives and secret codes to digital surveillance and data collection, fueled by history’s most comprehensive communications network: the internet.
If you’re interested in online privacy and information security, you’ve probably heard of Five Eyes (often abbreviated as FVEY), Nine Eyes and Fourteen Eyes – global intelligence coalitions that utilize mass surveillance tactics to monitor internet traffic, intercept data and spy on citizens.
Australia, Canada, New Zealand, the United Kingdom, and the United States comprise the Five Eyes group; they’re joined by Denmark, France, the Netherlands, and Norway in Nine Eyes. Fourteen Eyes adds five new members to the aforementioned nine: Germany, Belgium, Italy, Sweden and Spain.
Through international cooperation, these nations are able to circumvent their own laws and engage in surveillance on an unprecedented scale, with potentially terrifying consequences for anyone caught in their gaze.
To understand Five Eyes, Nine Eyes, and Fourteen Eyes, we’ll need to explore their origins and examine the complex relationships their member countries maintain with one another. We’ll also look at some real-life examples of Eyes-related surveillance and provide some tips on how to keep your data out of sight of these digital spies.
A History of Five Eyes, Nine Eyes and Fourteen Eyes
1940s and ‘50s: The Birth of Five Eyes
As the first sparks of the Cold War began to ignite in 1946, the United States and the United Kingdom decided to join forces in an attempt to covertly gain the upper hand over the Soviet Union. The so-called UKUSA agreement authorized the USA’s National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ) to share each other’s signals intelligence (SIGINT) networks.
Essentially, this move combined both countries’ signal intercepting and analyzing technologies, allowing them to cooperate on codebreaking, translation and data acquisition.
Canada joined the alliance in 1948; Australia and New Zealand signed on in 1956. Together, these member nations became known as Five Eyes – as in, any intelligence gathered was for these five countries’ eyes only.
1960s and ‘70s: The ECHELON Program
By the late 1960s, the efforts of the Five Eyes nations had coalesced into a plan to construct an expansive surveillance network capable of intercepting satellite transmissions from the Soviet Union and its allies. In 1971, construction began on the first of many secret stations that, when completed, would enable Five Eyes to collect and analyze Soviet phone and fax communications under a program with the codename ECHELON.
1980s and ‘90s: The Public Learns of Five Eyes
ECHELON continued to grow and compile data throughout the 1980s, but its streak of secrecy was about to be broken. In 1988, the New Statesman published an article exposing the ECHELON network to the public, cataloging not just its purported national security activities but also its involvement in corporate espionage – spying carried out for private business purposes rather than diplomatic or defensive ones.
The reveal continued in 1996, when Nicky Hager, a journalist from New Zealand, published a book titled “Secret Power” which chronicled his country’s role in the ECHELON program and in the Five Eyes alliance as a whole.
These two publications brought Five Eyes into the public consciousness, spearheading a cascade of hearings and outcries that would continue into the next millennium and become increasingly focused on what was, at the time, still a novelty for most of the world: internet communications.
2000s to Present: The Five Eyes Widen Their Gaze
Despite the release of evidence to the contrary, the Five Eyes nations, particularly the USA, continued to deny the existence of the ECHELON program.
These efforts were enough to stymie both a US congressional committee and the European Parliament when attempts were made to investigate the alliance. Before its dissolution in 2001, the former group warned that ECHELON could be used to spy on US citizens, circumventing the law prohibiting the NSA from doing so by having another Five Eyes nation carry out the task on the USA’s behalf.
In the wake of 9/11, Five Eyes strengthened its surveillance immensely, switching its focus from the increasingly-obsolete satellite networks to the undersea fiber-optic lines that had begun to transmit more and more of the world’s telecommunications, including internet data.
With much of the world concentrating on the visible effects of the Iraq War, the intelligence agencies of Five Eyes worked behind the scenes to form numerous offshoots of ECHELON. These included PRISM, a collaborative effort between the NSA, the GCHQ and the Australian Signals Directorate (ASD) to monitor and collect data from American internet companies in the name of national security.
PRISM, like ECHELON, remained a secret at first, but in 2013, NSA contractor Edward Snowden leaked thousands of documents that showed the public the true extent of the surveillance. The NSA, and by extension Five Eyes, was collecting immense amounts of data from both US and international citizens, including emails, text messages, browsing history, IP addresses and various metadata such as locations and timestamps.
Since Snowden’s reveal, privacy has become a hot topic for all manner of internet users. Previously, it was thought that hackers posed the biggest threat online; now, with Five Eyes monitoring the web with PRISM and other programs, it’s apparent that the government’s mass surveillance is the real omnipresent danger.
What About Nine Eyes and Fourteen Eyes?
Unlike Five Eyes, the existence of Nine Eyes and Fourteen Eyes wasn’t even publicly known until the Snowden leaks occurred. These names refer to the informal intelligence arrangements between the original Five Eyes countries and various other countries, which are known as “third parties” and have not signed the UKUSA agreement.
The four additional nations in Nine Eyes – Denmark, France, the Netherlands, and Norway – don’t necessarily have the same comprehensive intelligence-sharing policies as the Five Eyes nations, but their intelligence agencies still cooperate on surveillance, particularly with the USA. Denmark, for instance, allowed the NSA to modify Danish fiber optic cables with surveillance devices in exchange for access to other advanced NSA technology.
The Fourteen Eyes alliance, though not bound by a treaty, has its own official name: SIGINT Seniors of Europe, or SSEUR. Belgium, Germany, Italy, Spain, and Sweden join the Nine Eyes countries in international surveillance, intelligence sharing, and communications analysis, though they’re not necessarily privy to all the activities conducted by Five Eyes.
It’s not known exactly when each of these nations agreed to work with Five Eyes, nor what the full extents of their agreements are. Overall, though, it seems that Nine Eyes countries contribute data to Five Eyes databases but don’t have as much access to those databases as the official signatories; Fourteen Eyes countries have even less access but still participate in data collection and exchange.
Other Countries and Five/Nine/Fourteen Eyes
Snowden’s leaks revealed four other countries that, despite not being members of any of the Eyes consortiums, still contribute data to and cooperate with their SIGINT agencies, especially the NSA. These countries are Israel, Japan, Singapore, and South Korea; it’s possible, if not likely, that they provide the NSA with data from their ISPs and mobile broadband operators.
In addition to SSEUR, the Five Eyes nations are members of another intelligence-sharing alliance: SIGINT Seniors of the Pacific, which also includes France, India, Singapore, South Korea, and Thailand. Less is known about this group, which claims to conduct surveillance to mitigate terrorism in Asia and Oceania, but a leaked document claims that, as of 2013, the NSA was seeking to expand the alliance and increase data collection within the group.
The Impact of Five Eyes, Nine Eyes and Fourteen Eyes
The world is a very different place than it was when Five Eyes was first formed, and the alliance’s goals appear to have changed as well. What started as a means to conduct wartime intelligence gathering for defense purposes has become a way to track internet and phone communications made by ordinary citizens of the very countries conducting the spying.
Of course, many of the technical intricacies of these practices are still unknown to the public, kept under wraps in the name of national security. But the Snowden leaks and other investigations have taught us a fair amount about how the Eyes groups gather and trade intelligence – and what this means for citizens of their member nations.
Five Eyes Surveillance Programs
The Five Eyes nations jointly operate a number of highly advanced surveillance programs that were brought to light by the Snowden leaks.
Perhaps the most widely-known of the Five Eyes surveillance programs, PRISM is run primarily by the NSA; the GCHQ and the ASD are also involved, though it’s not known to what extent.
Officially, PRISM allows the NSA to collect data from internet companies based on search phrases and keywords related to national security; in practice, these keywords span a broad range of topics, including politics, drugs, energy, and oil. An individual using these keywords can be identified by email address, IP address or other means and subsequently monitored by the NSA or other allied intelligence agencies.
Once a target is selected, the NSA acquires information about their web activity either by demanding it from companies like Google and Twitter or by using a backdoor provided voluntarily by companies like Microsoft and Facebook. While the NSA maintains that no data is collected without a warrant (thus making the collection legal), analysis of the leaked Snowden documents shows that this isn’t the case, as many companies provide their data without receiving a warrant.
The type and extent of the acquired data depends on the website it’s gathered from but can include activity and login details and timestamps, email content and attachments, transferred files, search history, and even video chats. In the latter’s case, Microsoft was able to provide the NSA with data from supposedly encrypted video chats by capturing it before encryption occurred, subverting users’ expectations of security.
Since PRISM was exposed, numerous internet companies have reported that the NSA has demanded customer data from them for program purposes; in 2014, Yahoo reported that it was threatened with a $250,000 per day fine if it didn’t participate in PRISM. Google stated that it was not allowed to disclose the number of PRISM-related data requests it had received, causing some legal experts to theorize that a gag order had been placed on the company by the NSA.
Officially, the NSA is forbidden from spying on US citizens unless either the target or someone the target is communicating with is outside the country. Despite this law, and although its stated intent is to capture information from non-US citizens, PRISM routinely collects information from Americans.
When this occurs, data deletion is not required. It’s marked as belonging to a US citizen and left to continue accumulating in the database. What’s more, other government agencies, such as the FBI and the intelligence agencies of the other Five Eyes nations, can then browse it freely, even searching specifically for data on US citizens.
Even untargeted individuals get swept up in PRISM’s data collection wave simply by having friends of friends associated with targets. One analysis performed by the Guardian, the original publisher of the Snowden leaks, suggests that any given Facebook user is within three degrees of separation from over five million people, any or all of whom could be incidentally monitored under PRISM.
MUSCULAR and TURMOIL
Administered mainly by the GCHQ with assistance from the NSA, MUSCULAR is less widely known than PRISM, though it may be responsible for the collection of twice as much data as its American cousin.
Available information on MUSCULAR is scant, but what has been revealed is staggering: the two intelligence agencies secretly gained access to Google’s and Yahoo’s internal data networks via an access point on a fiber optic cable in the UK. Data, including emails, photos, documents, search queries, and file uploads, is then transmitted to the NSA, where it’s analyzed using a program called TURMOIL and stored if it contains anything of interest.
The program relies on two main factors: the cooperation of Level 3, the telecommunications company that owns the tapped fiber optic line, and the unencrypted data that Google and Yahoo transmit internally. Though data is encrypted between the user and company servers, it isn’t encrypted during internal transfers, allowing the GCHQ and the NSA to intercept it in ready-to-read formats.
Unlike PRISM, MUSCULAR collects data indiscriminately, simply harvesting everything it can without regard for who the data belongs to or what it contains. It’s not known how TURMOIL processes the data or what criteria it uses when selecting which information to preserve.
Though the NSA runs XKeyscore, another internet data program, it shares the program with the other Five Eyes nations as well as Germany, Sweden, and Japan. The Snowden documents confirmed this. Other countries may also have access to the XKeyscore databases.
XKeyscore is a complex program that acts as a tool for analysts to examine the internet activity of various individuals and determine if they should be targeted for further surveillance. It uses data from ECHELON, PRISM, MUSCULAR, and many other data collection programs.
In addition to searching for specific individuals based on an email address, phone number or name, analysts can use XKeyscore to search for a target’s “anonymous” activity as well, using pattern-based criteria such as an uncommon word the target uses often or a language the target speaks that doesn’t align with their country.
Analysts can even view navigation data from Google Maps involving a location the target has visited, then use that data to further track the individual.
Even broader searches can be conducted to pinpoint VPN users and others who transmit encrypted data often. Tor use has been singled out, as have searches for internet privacy tools and even visits to the open-source OS magazine Linux Journal; analysts are trained to view this type of traffic as a cause for suspicion, perpetuating the myth that only those with something to hide are concerned about online privacy.
The NSA claims that XKeyscore has helped to stop over 300 terrorists since its inception; however, this claim was not substantiated by the Snowden documents, which did not mention any specific instances of averted terrorism. It also claims that the program is only used to “defend the nation” and “protect US and allied troops” – statements that are demonstrably false according to the leaked documents.
What is certain is that XKeyscore has been used by Germany to track members of the hacker group Anonymous and by New Zealand to track Benjamin Afuga, an anti-corruption activist from the Solomon Islands. These examples, in addition to the aforementioned VPN users and Linux Journal readers, demonstrate the actual implementation of XKeyscore by Five Eyes and its allies: surveillance of anyone who threatens the status quo or asserts their right to privacy.
Intelligence Sharing Within the Eyes Alliances
We may never know the exact protocols by which the nations of Five Eyes share intelligence with each other and with the third-party nations from Nine Eyes and Fourteen Eyes. Such information has not yet left the highly secretive Five Eyes meetings that are held periodically around the world.
However, we do have a few examples of such intelligence sharing – and a basic concept of what happens to your data when it’s shared within Five Eyes.
Generally, it’s illegal for a country to spy on its own citizens; the law grants citizens that basic right of privacy from their government. Spying on another country’s citizens, however, is a different story, which is where Five Eyes and other alliances gain so much of their power.
Beginning in 2009 and continuing until at least 2013, Canada routinely requested that its fellow Five Eyes members assist it by spying on Canadian citizens abroad. Canadian law prohibits the monitoring of Canadian citizens abroad; the Canadian Security Intelligence Service (CSIS) circumvented this by having other countries perform the task on its behalf.
A similar exploitation of legal loopholes occurred between the USA and the UK on several occasions that we know of. In one case, the NSA sent the GCHQ intelligence without being asked for it, circumventing the British law that required intelligence agents to receive judicial approval before requesting information from foreign countries.
In a Snowden document from 2008, the ASD informed the other Five Eyes nations that it was willing to share bulk unredacted metadata from its surveillance programs without regard for whom the metadata pertained to. Acknowledging that it could be running afoul of Australian law because of this, the ASD then stated that the metadata would encompass law-abiding Australian citizens whose incidental inclusion was “not viewed as a significant issue.”
From these examples, we can glean that the SIGINT agencies of the Five Eyes nations are more than willing to exploit loopholes – or, in Australia’s case, simply disregard the law entirely – to share information on ordinary citizens, sometimes without any provocation.
The Lowest Common Privacy Denominator
Because the Five Eyes nations (and, to a lesser extent, the Nine Eyes, and Fourteen Eyes nations) share their intelligence with each other so freely, they benefit not just from their own laws but from the laws of the other countries as well. The greatest benefits are reaped from the lowest common privacy denominator – the country with the harshest data collection and retention laws.
In the case of Five Eyes, the lowest common privacy denominator is the UK, thanks to the Investigatory Powers Act of 2016. The act gives British authorities the power to compel tech companies to secretly provide the government with full backdoor access to all user data, even if doing so means violating other laws; the act requires this data to be in “intelligible form” when requested, meaning that encryption could be on the chopping block in the UK.
The amount of data that could potentially be collected under this act is absolutely massive, and it won’t just be available to the UK. Given Five Eyes’ past activities, it’s likely that this new data from the UK will find its way into the hands of the other nations, either via a program like PRISM or by simply being put up for grabs, as Australia did with its intelligence in 2008.
Targets of Five Eyes, Nine Eyes and Fourteen Eyes
Even before the internet, Five Eyes and its allied third parties engaged in extensive surveillance of many individuals through wiretaps, in-person monitoring, and other tactics. These targets were generally involved in peacekeeping and anti-war activism; they ranged from ordinary citizens to global celebrities and prominent politicians.
Surveillance continues today with the help of the internet; however, most modern Five Eyes targets remain unknown to the public due to the confidential nature of the intelligence agencies involved. Generally, Five Eyes targets aren’t identified until they are arrested or deceased, at which point documents may be declassified or used for court purposes.
Musician John Lennon was best known for his role in the Beatles, but after the band broke up, he became one of the most visible Vietnam War dissenters, recording several anti-war songs and relocating to New York City from the UK to organize protests. The FBI and MI5 spent a year monitoring his activities in an attempt to have him deported back to the UK, amassing over 200 pages of files including reports from undercover informants and details of a plan to frame Lennon with drug charges.
Diana, Princess of Wales
Princess Diana was targeted by Five Eyes as well due to her anti-landmine activism. The NSA and the GCHQ collaborated on this top-secret task, amassing over 1,000 pages of surveillance documentation that has never been released due to “national security” – an excuse that has caused some to theorize that the intelligence agencies played a role in her death.
Jane Fonda and Tom Hayden
The GCHQ and the NSA began monitoring Academy Award-winning actress Jane Fonda and her husband, Tom Hayden, in the 1970s due to their Vietnam War activism. Her US citizenship prevented the NSA from monitoring her, so the GCHQ was enlisted to do so on the NSA’s behalf, intercepting her communications for several years and forwarding them to the NSA via Five Eyes protocols.
An internet entrepreneur best known for the creation of the now-defunct filesharing site Megaupload, New Zealand resident Kim Dotcom became a headline name in 2012 when he was arrested for, among other things, conspiring to commit copyright infringement – a charge that arose due to the use of Megaupload by pirates to store and share copyrighted material.
Copyright infringement is not a crime in New Zealand; the arrest was made on behalf of the USA, which is notoriously unfriendly towards digital piracy due to the influence of copyright enforcement groups like the MPAA and the RIAA.
After the arrest, it was revealed that New Zealand’s SIGINT agency, the Government Communications Security Bureau (GCSB), had been illegally conducting surveillance on Dotcom on behalf of the FBI. New Zealand law officially barred the GCSB from monitoring New Zealand citizens and residents, but the agency did so anyway, continuing the Five Eyes tradition of ignoring the law to collect intelligence.
Dotcom’s legal battles are ongoing; he is still fighting to avoid being extradited to the USA and is also suing the GCSB for both the illegal surveillance and the agency’s continued withholding of that surveillance from him. Although New Zealand Prime Minister John Key publicly apologized to Dotcom for the surveillance, no legal charges were brought against the agency, which continues to participate in the Five Eyes intelligence-sharing alliance.
How to Protect Yourself Against Five Eyes, Nine Eyes and Fourteen Eyes
Whether you live in one of the Eyes nations, communicate with their citizens, or merely use websites based within their borders, your data can be collected and shared within the alliance. Regardless of the nature of your internet activity, this mass surveillance is invasive and threatens the very concepts of internet freedom and personal privacy.
Thankfully, there are ways to protect yourself against this surveillance. You may not be able to stop it altogether, but by utilizing privacy-enhancing tools and safe browsing habits, you can prevent Five Eyes and its allies from gathering your personal information and other usable data.
By following these tips, you protect not just yourself but those you communicate with as well. It doesn’t matter if you and your contacts have nothing to hide – just because your activities aren’t top secret doesn’t mean they should be monitored and recorded by the world’s most powerful governments.
Use a Reputable VPN
A VPN is an essential tool for maintaining your privacy online. By anonymizing your identity, altering your IP address and encrypting your data, a VPN shields you from hackers’ eyes and government Eyes alike.
But not all VPNs are created equal – providers that are based in any of the Fourteen Eyes nations are subject to the laws of the lowest common privacy denominator. When it comes to VPNs, this title goes to the USA, primary administrator of the PRISM program that can secretly obtain user data from internet companies.
What this means is that thanks to the Eyes agreements, a VPN provider in any of the fourteen-member nations can be compelled to hand over its data to the NSA, who can then share it with the other members.
This isn’t to say that a VPN provider in an Eyes nation will give the government your complete browsing history – just because they’re required to hand over your data doesn’t mean there’s any usable data, to begin with. The extent of the divulged data depends on the provider’s logging policies, which brings us to our next point: when choosing a VPN, always check the privacy policies.
Some VPN providers don’t maintain any usage logs whatsoever – no IP addresses, no timestamps, no URLs, no personal information – but others keep records of some or all user data, either for internal purposes or because the law requires them to do so. These logs, if they exist, could potentially contain revealing information about VPN users; when plugged into a program like XKeyscore, this data can be analyzed for patterns and used for tracking purposes.
These three criteria – jurisdiction, logging policy and encryption strength – are crucial to consider when choosing a VPN. If they’re met, the VPN will protect you from Five Eyes’ omnipresent gaze.
Popular VPN providers that take surveillance prevention seriously include Switzerland-based ProtonVPN and VyprVPN, Panama-based NordVPN and British Virgin Islands-based ExpressVPN (the British Virgin Islands, despite the name, do not fall under UK jurisdiction and are not part of any Eyes alliances).
Avoid Surveillance-Compliant Tech Companies
It’s tough to avoid Google, Facebook, Twitter, Yahoo, and Microsoft these days. Even if you’re not directly using these sites, they’re responsible for much of the web’s backend and are present across the internet in the form of plugins, sharing modules and ad platforms.
But as we’ve seen, these companies are among those that have cooperated with the NSA and other agencies when it comes to sharing user data and providing backdoors for active monitoring. Whether they’ve done so voluntarily or by legal force, they’re demonstrably susceptible to data demands.
Even if you use a VPN, your data is only protected until it reaches these companies’ servers; what they store and how they store it is a different story altogether. Your emails, photos, and documents may be encrypted during transmission, but if they’re stored on company servers without encryption, they could end up in a government database anyway, ready to be read and analyzed at will.
Thankfully, there are secure alternatives to most, if not all, of the services these companies provide, from email to cloud storage to video chatting to instant messaging to web searching.
Secure email services like ProtonMail and CounterMail provide users with anonymous encrypted email accounts; some also offer cloud storage, filesharing, and web hosting services as well. Apps like Signal, Telegram, and Wire secure instant messages, virtual calls and video chats with end-to-end encryption, while privacy-oriented search engines like DuckDuckGo let you surf the web outside the reach of trackers and spies.
Remember: even if Five Eyes can access your data, there’s nothing that can be done with it if it’s encrypted. Sites with strong encryption policies ensure that your information is for your eyes only, not Five, Nine or Fourteen Eyes.
Choose a Secure Browser
Your web browser could be an unexpected weak link in your internet privacy suite; many people don’t think twice about the programs they use to access the internet. But many of the most popular web browsers do a lot more with your data than simply transmit it – they collect and store it as well.
Google Chrome is one of the most notorious privacy-invading browsers. Browsing data, search history and various forms of metadata are all collected by Chrome and sent to Google’s servers for trend analysis, ad personalization and – should the government come knocking – inclusion in surveillance databases.
Opera, Internet Explorer and Microsoft Edge are also distrusted by privacy advocates for similar reasons. However, alternatives exist: Firefox, Tor and Brave are three examples of browsers that don’t track user activity and contain many built-in privacy tools.
With a secure web browser, you’ll have a much better chance at flying under the radar of Five Eyes and its allies.
There’s much more to learn about internet privacy – take a look at these topics to continue expanding your knowledge.
What are Secure Search Engines?
Search histories have been used to build legal cases against people around the world, and even if you’re not breaking the law, there’s still no reason for anyone but you to know about your search queries. DuckDuckGo, Startpage, Qwant and other privacy-focused search engines ditch the trackers and let you surf the web securely.
Which VPNs Don’t Keep Logs?
VPNs are supposed to protect your privacy, but just because they claim to do so doesn’t mean they don’t log your information. Providers like NordVPN, Private Internet Access, and CyberGhost demonstrate their commitment to security through their no-logs policies.