50% OFF

Black Friday starts early this year!

Black Friday

View deals

What countries are in the 5 Eyes, 9 Eyes, and 14 Eyes agreements?

Posted on August 30th, 2018 by in Privacy & Security, Security.

 

The Snowden revelations revealed that the NSA is carrying out electronic surveillance on a global scale and unveiled the shadowy networks of intelligence agencies that act as accomplices.

When people think of mass surveillance, they rightly think of the NSA, but nearly every country in the world has its own signals intelligence (SIGINT) agency. From the UK’s GCHQ to Germany’s BND, these organizations focus on intelligence gathering, counterintelligence operations, and law enforcement by intercepting communications and other electronic signals. SIGINT covers a wide range of activities, from tapping phones to accessing a user’s email database with XKEYSCORE

Typically, one of the few legal restrictions set upon these agencies is that they cannot spy on their own citizens. This creates a strong incentive for them to cooperate and trade information with each other. The Five Eyes, Nine Eyes, and Fourteen Eyes are the largest and most important agreements that create the legal framework for such coordinated intelligence gathering across borders.

In addition to the Five, Nine, and Fourteen Eyes agreements, there are also similar non-Western intelligence-sharing agreements. This means there are few places in the world where your personal data is safe from snooping, so you should use extra measures, such as strong encryption, to keep it from prying eyes.

The below table shows the countries that participate in the Five Eyes, Nine Eyes, and Fourteen Eyes intelligence-sharing agreements. For more information about each of these agreements, jump ahead to:

CountryFive EyesNine EyesFourteen EyesOther
United Kingdom
United States
Australia
Canada
New Zealand
Denmark
Netherlands
France
Norway
Germany
Belgium
Spain
Sweden
Italy
Israel
Japan
Singapore
South Korea

How do these governments get your private data?

All SIGINT agencies rely on telecommunication companies and internet service providers to gain access to individuals’ private data. By installing fiber-optic splitters at ISP junction points, the SIGINT agency can make an exact copy of the data being processed at that point. This data is then analyzed using deep packet inspection and stored at different data centers.

Five Eyes intelligence-sharing agreement

five eyes countries

Five Eyes (also 5 Eyes or FVEY) is the name of the multilateral intelligence-sharing alliance created by the UKUSA Agreement. The agreement was originally conceived as a post-WWII pact between the UK and the US in 1946 to spy on foreign governments, specifically the USSR. Over the years, the treaty grew in both members and scope. As the internet and the amount of data available to intercept grew exponentially, the agreement began to focus more on domestic surveillance.

The “five” in the Five Eyes refers to the five Anglophone countries that observe the treaty: 

  • Australia
  • Canada
  • New Zealand
  • The UK
  • The US

The treaty has built upon its Cold War roots to become the basis for ECHELON, a series of electronic spy stations around the globe that can intercept data transmitted via telephones, faxes, and computers. Essentially, ECHELON stations can intercept data from transmissions to and from satellite relays.

How the Five Eyes agreement works

The Five Eyes alliance is the foundation of an extensive web of partnerships between SIGINT agencies in Western nations to share intelligence with each other. In nearly all respects, the NSA is the global leader in SIGINT, thus most SIGINT agreements, be they multilateral (like the Five Eyes) or bilateral, focus on who has access to NSA data and technology. 

Signatories to the UKUSA Agreement are known as “second parties,” and they have the greatest amount of access to NSA data and the closest ties to the agency. Other Western nations, such as members of NATO or South Korea, are “third parties.” These third-party agreements are formal, bilateral arrangements between the NSA and the national SIGINT agency. Third parties can still trade raw data with the NSA, but they have less access to its database.

Technically, second parties’ citizens are generally exempt from being spied on without approval from the host country, but the Snowden revelations have shown that the NSA has created a framework that could bypass these blocks. There have been no official comments from any Five Eyes members, and it is unclear if these countries have carried out unapproved surveillance in the past. No such restriction exists for third parties.

It is important to note that the membership of these different groups is constantly changing in response to global and political developments. Furthermore, the knowledge we have of these groups has come primarily from leaks, leading to a fuzzy picture and pointing out how little oversight these intelligence agencies — who have access to near infinite amounts of personal data — are subject to.

Fourteen Eyes agreement countries

fourteen eyes countries

Fourteen Eyes (or 14 Eyes) refers to the intelligence group that consists of the Five Eyes member countries plus:

  • Belgium
  • Denmark
  • France
  • Germany
  • Italy
  • The Netherlands
  • Norway
  • Spain
  • Sweden 

These countries participate in SIGINT sharing as third parties. The official name of the Fourteen Eyes is the SIGINT Seniors of Europe (SSEUR), which has existed in one form or another since 1982. Similar to the UKUSA Agreement, its original mission was to uncover information about the USSR. 

A SIGINT Seniors Meeting is attended by the heads of the SIGINT agencies (NSA, GCHQ, BND, the French DGSE, etc.) and is where they can share intelligence and discuss related issues. While this group has many of the same members as the “Nine Eyes”, it is a different group. According to leaked documents, the Fourteen Eyes is not a formal treaty but rather an agreement made between SIGINT agencies.

Nine Eyes intelligence alliance

nine eyes countries

Nine Eyes (9 Eyes) refers to a group of nations that share intelligence, composed of the Five Eyes member countries plus:

  • Denmark
  • France
  • The Netherlands
  • Norway

These countries participate as third parties. This group seems to be a more exclusive club of SSEUR and is not backed by any known treaty. Like the Fourteen Eyes, it is simply an arrangement between SIGINT agencies.

Other partners

Israel, Japan, Singapore, and South Korea are all suspected to be third parties with the NSA as well. Just as there is a SIGINT Seniors of Europe, there is also a SIGINT Seniors of the Pacific, which was formed in 2005. Its members include the Five Eyes member countries as well as:

  • France
  • India
  • Singapore
  • South Korea
  • Thailand

There are also non-Western intelligence-sharing alliances, such as the Shanghai Cooperation Organization between:

  • China
  • India
  • Kazakhstan
  • Kyrgyzstan
  • Pakistan
  • Russia
  • Tajikistan
  • Uzbekistan

What this means for you

The existence of international surveillance agreements like Fourteen Eyes allows member countries to take advantage of, as the Electronic Frontier Foundation puts it, “the lowest common privacy denominator.” Other members of the Five Eyes get to benefit from the mass surveillance data the NSA’s XKEYSCORE project brings in. In time, the Five Eyes countries will also benefit from all the data that the UK’s Investigatory Powers Act collects. 

If a sweeping act that expands electronic surveillance passes in any one of these countries, it is as though the act has passed in every country. It also means that there is a good chance that your digital activity is being captured and shared with the NSA or other SIGINT agencies, no matter where in the world you are.

How to avoid surveillance

The best safeguard against this widespread surveillance is strong encryption. If you encrypt your data before it enters the network, it makes it much harder for you to be targeted by surveillance. 

Protecting your emails

When you use your Proton Mail account to email someone else with a Proton Mail account, your emails are protected with end-to-end encryption, meaning that no one can decrypt the contents of your message except for you and your recipient. You can also protect the messages you send to people who use different email providers with end-to-end encryption with our Encrypt for Outside feature. With end-to-end encryption and proper device security, it is more difficult for any SIGINT agencies to intercept, decrypt, and read the contents of your email.

Additionally, all messages on Proton Mail’s servers are stored with zero-access encryption, which means we cannot share the content of your messages with surveillance agencies. Zero-access encryption means we encrypt your messages in such a way that even though they are stored on our servers, we cannot access them. Other email providers can decrypt your messages without your permission or knowledge as they control the keys they use to encrypt your messages on their server. By using end-to-end and zero-access encryption, we are unable to provide the contents of our users’ emails to anyone, even governments or law enforcement bodies.

Find out more about end-to-end email encryption and why it matters.

Using a VPN

Using a VPN service like ProtonVPN also makes it much harder for surveillance agencies to record and track your internet activity. A VPN encrypts your internet traffic, which means your ISP is not able to record your online activity, which prevents SIGINT agencies from getting that data from the ISP junction points mentioned previously.

By using a VPN with Perfect Forward Secrecy (PFS), like Proton VPN, you also benefit from extra security. By using a different key for each session, PFS means that even if any of the keys used to encrypt one browsing session become compromised, all your other sessions remain secure. So even in the unlikely event that a SIGINT agency was able to decrypt the VPN data from one browsing session, they would not be able to decrypt all of them.

Other apps

Similar encrypted apps such as Wire or Signal also exist for chat communications, and there are some privacy-friendly web browsers, like Brave and Firefox, that go further in protecting your privacy online.

Why Proton is based in Switzerland

Proton Mail and Proton VPN are based in Switzerland, which has some of the world’s strongest privacy laws and is not a signatory to any of these surveillance agreements. This provides an additional layer of legal protection on top of the encryption we utilize.

Swiss companies, like Proton, cannot be compelled to cooperate with requests for user data from other governments. If the government of another country wanted the little data we hold on any of our users, they would have to make a request to the proper Swiss authorities, which have strict requirements and will typically not work with governments that have poor records on human rights. In the case we are presented with a legal request for user data that we must comply with, we cannot hand over the contents of emails as our zero-access encryption means we do not have access to them.The scale of mass surveillance operations is truly breathtaking and a major threat to democratic society. This is why, at Proton, we do not rely on any government to protect the privacy of those who use Proton Mail or Proton VPN. Instead, we rely on the mathematical strength of our open-source encryption methods. Fortunately, there are now tools for protecting your privacy and safeguarding your right to online freedom.

FAQ

How can I protect myself against mass surveillance?

Encrypting your data is the best way to protect yourself against mass surveillance. By using a VPN, you prevent your ISP from collecting data about your online activity (and any government agencies that are copying that data). If your ISP does not have information about what you do online, they cannot share it with SIGINT agencies in Five Eyes countries.

However, if you use a VPN that is based in a Five Eyes country, any logs they keep on your online activity can be shared with all the SIGINT agencies in the UKUSA agreement. Proton VPN is based in Switzerland, which is not part of the Five, Nine, or Fourteen Eyes agreements.

The same can be said of encrypting your emails. By encrypting your emails, you ensure that no one else can access the contents of your messages. (Note: If you email someone who is not using an encrypted email service, the contents of your emails will not be protected by zero-access encryption on their side.)
You can also use privacy-focused browsers and encrypted messengers to further protect yourself from mass surveillance.

Why is it called the Five Eyes?

The Five Eyes (sometimes written as 5 Eyes or FVEY) is a reference to the five anglophone countries that are members of the UKUSA agreement: Australia, Canada, New Zealand, the United Kingdom, and the United States. Although you would be forgiven for thinking “Eyes” refers to snooping, the term “Five Eyes” was actually originally used as shorthand for “AUS/CAN/NZ/UK/US EYES ONLY” on secret documents. As more intelligence alliances — the Nine Eyes and Fourteen Eyes — were formed, they adopted the same naming convention, although there is no evidence that they were used as shorthand in the same way.

What is SIGINT?

SIGINT is short form for signals intelligence, and refers to the interception of transmission signals. This usually takes the form of gathering communications intelligence between people (sometimes called COMINT), though can also include electronic intelligence (ELINT), which uses electronic sensors (such as radar) to gather information.

How is SIGINT used?

SIGINT was originally used in warfare and did not affect everyday citizens. However, since the Cold War, SIGINT agencies have started collecting more and more intelligence from everyday people’s communications. This increased dramatically after the invention of the World Wide Web, as governments were able to get more data than ever on people from around the world, as the Snowden revelations showed.

When was UKUSA formed?

The UKUSA agreement (then called BRUSA) was signed by the UK and the US in 1946. In the following decade, the “second parties” — Australia, Canada, and New Zealand — also became signatories of the Agreement.

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

16 comments

  1. Martin Papworth

    Interestingly I have been contacted by a civil servant of some sort in the UK can’t remember who or what about exactly saying they are unable to use my partners’ Protonmail email for correspondence because if was running on a server in Switzerland. It seemed very strange at the time and even stranger after reading this.

  2. dont waste you thyme

    If people wanted privacy love and truth they should never have come to this planet.

  3. Angelo

    GO PROTON!!!

  4. Richie Koch

    We plan on eventually having servers in every country. This is part of our drive to make privacy accessible to everyone. However, you are correct; the fact that Sweden’s government is a member of the 14 Eyes intelligence-sharing agreement is a concern. We have implemented hard-disk encryption on all our servers to mitigate this type of threat. Still, all users should consider their threat model before they connect to any VPN server that is hosted in a 14 Eyes country.

  5. James Horton

    yeah, protonchat!!!!

  6. ChrisG

    I’d use a chat app as well, pls publish if you can do it as well as the VPN and mail app.

  7. Richie Koch

    Hi Chris,

    You’re not the first to suggest a “ProtonChat” product. We’ll take it into consideration. Thanks for your support!

  8. Paul

    Given that you are relying on both physical and digital security of your Secure Core servers, and apparently not that those servers are in neutral countries, does it then matter whether or not you deploy to other 14 Eyes countries? What criteria apply to Sweden that do not apply to other 14 Eyes countries?
    Thanks.

  9. ale

    + 1 again for the messenger app!!
    lemme know if you have updates about it!
    I will then share your app WITH PLEASURE!

  10. Satfox

    What does Protonmail do in the case of Australia, where the government has now made it mandatory for telco’s to retain the content of all electronic communications for 2 years? How does running a secure server in that country work?

  11. Steven

    I agree with the protonchat app!

  12. Undisclosed

    Some of your Secure Core servers are located in Sweden which is a “14 eyes” country. The primary reason for using Secure Core is to avoid the risks related to connecting to a server in a surveillance state. What additional protections are in-place to protect the Secure Core servers in Sweden to mitigate the additional risks in that jurisdiction versus the Secure Core servers in the lower risk jurisdictions (Switzerland and Iceland)?

  13. Augustinas

    All servers are configured the way that they do not log any data at any time and the server itself is under our control at all times – all of our servers are configured the same way regardless of jurisdiction. While it is possible that some servers can be tapped in certain countries, but we are confident in our setup for all of our servers, especially Secure Core ones.

  14. Dre

    Please develop a ProtonChat messenger app focussed on security and privacy. (Based on Signal open source protocol?).

  15. Monica

    Hello! We will consider your suggestion, thank you!

  16. Emmanuel

    +1 for the messenger app

Comments are closed.

Secure
your internet

Get Proton VPN
Get Proton VPN

For customer support inquiries, please submit the following form for the fastest response:
Support Form

For all other inquiries:
contact@protonvpn.com


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.10.10
Comment: https://openpgpjs.org

xsBNBFiYeeIBCACpwuYcTsACyjQaqY3tOUonokamGZf3VDuLvcA9nQnu4vlB
n1RFFUJa5Pmf2yZ9EjJFSldTl5lreE3tFf53CcZ9wKa1R6aMnN/0VqURJho0
ZTqevQlCvuJ9kKHkDck3Em0/1WWnhDJgabp+fOa5HAHoAvcNy5gVPuexTT/N
wp6QcfB7w+qFhf73s0bcSn5RC+FAYlQxZVFhFtA7/7LthBVatDJrYLYP9XJd
zOZqz9AX0XZwKal25RcVeGHkNKgloo0bTgro4D88MR7saqXFHTRhy3+Wss7c
uqrh0uIkVmqtadoK/rAbqOyFXQ2DlvSMVrEMLUvwlZbC0taqcKDfNA+FABEB
AAHNLWNvbnRhY3RAcHJvdG9udnBuLmNvbSA8Y29udGFjdEBwcm90b252cG4u
Y29tPsLAfwQQAQgAKQUCWJh54wYLCQcIAwIJEN4dfnhhw11TBBUIAgoDFgIB
AhkBAhsDAh4BAAoJEN4dfnhhw11T6PwIAKgIHTUaEcCFQ5WfmwGpdhRgFe7H
gnHR8UOFPrRKnbCOQgTVPGwCFt8UVFhEgbmtroThU89DpxFSYUOD6nZ2k1X3
X4Q9OsItFUUuhPtLJrkz5ghtZLmsAH/edTRbVU1Ew1E8KbylLFI1J5yId7zR
GdnaTXv/E7P3po5X/b08TFAhXSyYYUbMeQuthbJajtpFygr53lm47cOWa4N8
udqLhmpheaQj04DuqYXOGC08JQn+XbHzhFl5Yvlt9Idk8+7c2UJ0qgWKQ5ZV
mquRAw5HDCQM5OqF1MoImDxOH+tK3PUlvFDsLZ1WPEOHK/EN12sPBx0x1R04
fcPTPdbMwgISGM3OwE0EWJh54gEIALqhrLUpvarPc0nkuHpyJC/MsrIDPLuV
qMc49tgjgDBsyIKJFEP9qCnkSOEixaFi+nTljUSpkHGR+PvEGecmcOdW6djN
QGxon/nwBT9d8HbtxJesaEIzwRAxmqQW9MqNq4UsfNQ0VvUYqV9wEbYfdDT/
jZfz9N0hjFELF1sg3UPcCRijhf162bp+rLQdO9vWVUbOdMQvsM/kyUJ6JMXR
xUtyKC05ddxii2SMr4XUW45ostPbxJybOF5oSZpEb1EIlrTLLPAe/498XlBW
hpRAPe+9ZfNs7drMvUEFnnOXahrXAuaaZpyaS/XBaloqSb1+v2AkUep3dbSF
PaRtbXRMS+kAEQEAAcLAaAQYAQgAEwUCWJh54wkQ3h1+eGHDXVMCGwwACgkQ
3h1+eGHDXVMZ4Qf4hu5N8/uYNDqJMFRIWSCpPGxmyIVXGARG4hgR8gwPZY9K
fReAUndX3uODBNIgZU7I3YntawU1DlP6GpP6yyR/8lfUMNCAXPDmd+zTFYIJ
UDHD8sw2GRrFVzFOKUpAapWFOI4XjSMP2UiK4HgrpUjAhe1wSaa7nEjtAuYT
zFx1QSuQD1iYcOF/FAm7EuhBIfWITjYAobGM6gonPbp3IPHM52rUbulllcdV
vCLs+blcyiVCGZlNcmlg3eibAJJL19TQLqT2DbQvQ/SyVBJGjoT+y4TTRtmZ
cebEjt2KJcc4x2lzPq3z2KJNyJTOTMB+aYD9Ma9IObDds+M/+5XDWi7f
=ueTT
-----END PGP PUBLIC KEY BLOCK-----

You can also Tweet to us:
@ProtonVPN