Return to protonvpn.com Facebook   Twitter   Reddit   ProtonMail

Understanding international surveillance agreements: 5 Eyes, 9 Eyes, and 14 Eyes

Posted on August 30th, 2018 by in Privacy & Security, Security.

 

The Snowden revelations revealed that the NSA is carrying out electronic surveillance on a global scale. But it also unveiled the shadowy networks of intelligence agencies that act as accomplices.

When people think of mass surveillance, they rightly think of the NSA, but nearly every country in the world has its own signals intelligence (SIGINT) agency. From the UK’s GCHQ to Germany’s BND, these organizations focus on intelligence gathering, counterintelligence operations, and law enforcement by intercepting communications and other electronic signals. SIGINT covers a wide range of activities, from tapping phones to accessing a user’s email database with XKEYSCORE. Typically, one of the few legal restrictions set upon these agencies is that they cannot spy on their own citizens. This creates a strong incentive for them to cooperate and trade information. The 5 Eyes, 9 Eyes, and 14 Eyes are the largest and most important agreements that create the legal framework for such coordinated activity.

All SIGINT agencies rely on the cooperation of telecommunication companies and internet service providers to gain access to individuals’ private data. By installing fiber-optic splitters at ISP junction points, the SIGINT agency is able to make an exact copy of the data being processed at that point. This data is then analyzed using deep packet inspection and stored at different data centers.

5 Eyes

5 Eyes is name of the multilateral intelligence-sharing alliance created by the UKUSA Agreement. The agreement was originally conceived of as a post-WWII pact between the UK and the US in 1946 as a way to spy on foreign governments, specifically the USSR. Over the years, the treaty grew in both members and scope. As the Internet and the amount of data available for intercept grew exponentially, the agreement began to focus more on domestic surveillance.

The “five” in the 5 Eyes refers to the five Anglophone countries that observe the treaty: Australia, Canada, New Zealand, the UK, and the US. The treaty has built upon its Cold War roots to become the basis for ECHELON, a series of electronic spy stations around the globe that can intercept data transmitted via telephones, faxes, and computers. Essentially, ECHELON stations can intercept data from transmissions to and from satellite relays.

The 5 Eyes alliance is the foundation of an extensive web of partnerships between SIGINT agencies in Western nations to share intelligence with each other. In nearly all respects, the NSA is the global leader in SIGINT, thus most SIGINT agreements, be they multilateral like 5 Eyes or bilateral, focus on who has access to NSA data and technology. Signatories to the UKUSA Agreement are known as “second parties,” and they have the greatest amount of access to NSA data and the closest ties to the agency. Other Western nations, such as members of NATO or South Korea, are “third parties.” These third party agreements are formal, bilateral arrangements between the NSA and the national SIGINT agency. Third parties can still trade raw data with the NSA, but they have less access to its database.

Technically, second parties’ citizens are generally exempt from being spied on without approval from the host country, but the Snowden revelations have shown that the NSA has created a framework that could bypass these blocks. There have been no official comments from any 5 Eyes members and it is unclear if unapproved surveillance has been carried out by 5 Eyes members in the past. And no such restriction exists for third parties.

It is important to note that the membership of these different groups is constantly changing in response to global and political developments. Furthermore, the knowledge we have of these groups has come primarily from leaks, leading to a fuzzy picture and pointing out how little oversight these intelligence agencies, who have access to near infinite amounts of personal data, are subject to.

14 Eyes

Fourteen Eyes refers to the intelligence group that consists of the 5 Eyes member countries plus Belgium, Denmark, France, Germany, Italy, the Netherlands, Norway, Spain, and Sweden participating in SIGINT sharing as third parties. The official name of 14 Eyes is the SIGINT Seniors of Europe (SSEUR), and it has existed, in one form or another, since 1982. Similar to the UKUSA Agreement, its original mission was to uncover information about the USSR. A SIGINT Seniors Meeting is attended by the heads of the SIGINT agencies, (NSA, GCHQ, BND, the French DGSE, etc) and is where they can share intelligence and discuss issues. While this group has many of the same members as “9 Eyes” it is a different group. Also, according to leaked documents, this is not a formal treaty but more an agreement made between SIGINT agencies.

9 Eyes

Nine Eyes refers to a group of nations that share intelligence, comprised of the 5 Eyes member countries plus Denmark, France, the Netherlands, and Norway participating as third parties. This group seems to be a more exclusive club of SSEUR and is also not backed by any known treaty, it is simply an arrangement between SIGINT agencies.

Other partners

Israel, Japan, Singapore, and South Korea are all suspected to be third parties with the NSA as well. And just as there is a SIGINT Seniors of Europe, there is a SIGINT Seniors of the Pacific, which was formed in 2005. Its members include the 5 Eyes member countries as well as France, India, Singapore, South Korea, and Thailand. There are also non-Western intelligence-sharing alliances, such as the Shanghai Cooperation Organization between China, India, Kazakhstan, Kyrgyzstan, Pakistan, Russia, Tajikistan, and Uzbekistan.

What this means for you

The existence of international surveillance agreements like 14 Eyes allows member countries to take advantage of, as the Electronic Frontier Foundation puts it, “the lowest common privacy denominator.” Other members of the 5 Eyes get to benefit from the mass surveillance data the NSA’s XKEYSCORE project brings in. In time, they will also benefit from all the data that the UK’s Investigatory Powers Act collects as well. If a sweeping act that expands electronic surveillance passes in any one of these countries, it is as though the act has passed in every country. It also means that there is a good chance that your digital activity is being captured and shared with the NSA or other SIGINT agencies, no matter where in the world you are.

The best safeguard against this is using strong encryption. If you encrypt your data before it hits the network, it makes it much harder for you to be targeted by surveillance. For instance, if you use ProtonMail all your messages are stored with zero access encryption, making it very difficult for surveillance agencies to violate your privacy and read your messages. Using a VPN service like ProtonVPN also makes it much harder for surveillance agencies to record and track your internet activity. Similar encrypted apps such as Wire or Signal also exist for chat communications.

ProtonMail and ProtonVPN are based in Switzerland, which has some of the world’s strongest privacy laws and is not a signatory to any of these surveillance agreements. This provides an additional layer of legal protection on top of the encryption we utilize.

The scale of mass surveillance operations is truly breathtaking and a major threat to democratic society. Fortunately there are now tools for protecting your privacy and safeguarding your right to online freedom.

Best Regards,
The ProtonVPN Team

You can follow us on social media to stay up to date on the latest ProtonVPN releases:

Twitter Facebook | Reddit

To get a free ProtonMail encrypted email account, visit: protonmail.com

Prior to joining ProtonVPN, Richie spent several years working on tech solutions in the developing world. As a senior editor and writer at Latterly, he covered and commented on international human rights stories. He joined ProtonVPN to advance the rights of online privacy and freedom.

Post Comment

5 comments

  1. Undisclosed

    Some of your Secure Core servers are located in Sweden which is a “14 eyes” country. The primary reason for using Secure Core is to avoid the risks related to connecting to a server in a surveillance state. What additional protections are in-place to protect the Secure Core servers in Sweden to mitigate the additional risks in that jurisdiction versus the Secure Core servers in the lower risk jurisdictions (Switzerland and Iceland)?

  2. Augustinas

    All servers are configured the way that they do not log any data at any time and the server itself is under our control at all times – all of our servers are configured the same way regardless of jurisdiction. While it is possible that some servers can be tapped in certain countries, but we are confident in our setup for all of our servers, especially Secure Core ones.

  3. Dre

    Please develop a ProtonChat messenger app focussed on security and privacy. (Based on Signal open source protocol?).

  4. Monica

    Hello! We will consider your suggestion, thank you!

  5. Emmanuel

    +1 for the messenger app

Leave a Reply

Your email address will not be published. Required fields are marked *

Knowledge base

 

Secure Your Internet Today

Get ProtonVPN