Return to Facebook   Twitter   Reddit   Instagram   Mastodon   ProtonMail

What countries are in the 5 Eyes, 9 Eyes, and 14 Eyes agreements?

Posted on August 30th, 2018 by in Privacy & Security, Security.


The Snowden revelations revealed that the NSA is carrying out electronic surveillance on a global scale. But it also unveiled the shadowy networks of intelligence agencies that act as accomplices.

When people think of mass surveillance, they rightly think of the NSA, but nearly every country in the world has its own signals intelligence (SIGINT) agency. From the UK’s GCHQ to Germany’s BND, these organizations focus on intelligence gathering, counterintelligence operations, and law enforcement by intercepting communications and other electronic signals. SIGINT covers a wide range of activities, from tapping phones to accessing a user’s email database with XKEYSCORE. Typically, one of the few legal restrictions set upon these agencies is that they cannot spy on their own citizens. This creates a strong incentive for them to cooperate and trade information. The 5 Eyes, 9 Eyes, and 14 Eyes are the largest and most important agreements that create the legal framework for such coordinated activity.

All SIGINT agencies rely on the cooperation of telecommunication companies and internet service providers to gain access to individuals’ private data. By installing fiber-optic splitters at ISP junction points, the SIGINT agency is able to make an exact copy of the data being processed at that point. This data is then analyzed using deep packet inspection and stored at different data centers.

5 Eyes

5 Eyes is name of the multilateral intelligence-sharing alliance created by the UKUSA Agreement. The agreement was originally conceived of as a post-WWII pact between the UK and the US in 1946 as a way to spy on foreign governments, specifically the USSR. Over the years, the treaty grew in both members and scope. As the Internet and the amount of data available for intercept grew exponentially, the agreement began to focus more on domestic surveillance.

The “five” in the 5 Eyes refers to the five Anglophone countries that observe the treaty: Australia, Canada, New Zealand, the UK, and the US. The treaty has built upon its Cold War roots to become the basis for ECHELON, a series of electronic spy stations around the globe that can intercept data transmitted via telephones, faxes, and computers. Essentially, ECHELON stations can intercept data from transmissions to and from satellite relays.

The 5 Eyes alliance is the foundation of an extensive web of partnerships between SIGINT agencies in Western nations to share intelligence with each other. In nearly all respects, the NSA is the global leader in SIGINT, thus most SIGINT agreements, be they multilateral like 5 Eyes or bilateral, focus on who has access to NSA data and technology. Signatories to the UKUSA Agreement are known as “second parties,” and they have the greatest amount of access to NSA data and the closest ties to the agency. Other Western nations, such as members of NATO or South Korea, are “third parties.” These third party agreements are formal, bilateral arrangements between the NSA and the national SIGINT agency. Third parties can still trade raw data with the NSA, but they have less access to its database.

Technically, second parties’ citizens are generally exempt from being spied on without approval from the host country, but the Snowden revelations have shown that the NSA has created a framework that could bypass these blocks. There have been no official comments from any 5 Eyes members and it is unclear if unapproved surveillance has been carried out by 5 Eyes members in the past. And no such restriction exists for third parties.

It is important to note that the membership of these different groups is constantly changing in response to global and political developments. Furthermore, the knowledge we have of these groups has come primarily from leaks, leading to a fuzzy picture and pointing out how little oversight these intelligence agencies, who have access to near infinite amounts of personal data, are subject to.

14 Eyes

Fourteen Eyes refers to the intelligence group that consists of the 5 Eyes member countries plus Belgium, Denmark, France, Germany, Italy, the Netherlands, Norway, Spain, and Sweden participating in SIGINT sharing as third parties. The official name of 14 Eyes is the SIGINT Seniors of Europe (SSEUR), and it has existed, in one form or another, since 1982. Similar to the UKUSA Agreement, its original mission was to uncover information about the USSR. A SIGINT Seniors Meeting is attended by the heads of the SIGINT agencies, (NSA, GCHQ, BND, the French DGSE, etc) and is where they can share intelligence and discuss issues. While this group has many of the same members as “9 Eyes” it is a different group. Also, according to leaked documents, this is not a formal treaty but more an agreement made between SIGINT agencies.

9 Eyes

Nine Eyes refers to a group of nations that share intelligence, comprised of the 5 Eyes member countries plus Denmark, France, the Netherlands, and Norway participating as third parties. This group seems to be a more exclusive club of SSEUR and is also not backed by any known treaty, it is simply an arrangement between SIGINT agencies.

Other partners

Israel, Japan, Singapore, and South Korea are all suspected to be third parties with the NSA as well. And just as there is a SIGINT Seniors of Europe, there is a SIGINT Seniors of the Pacific, which was formed in 2005. Its members include the 5 Eyes member countries as well as France, India, Singapore, South Korea, and Thailand. There are also non-Western intelligence-sharing alliances, such as the Shanghai Cooperation Organization between China, India, Kazakhstan, Kyrgyzstan, Pakistan, Russia, Tajikistan, and Uzbekistan.

What this means for you

The existence of international surveillance agreements like 14 Eyes allows member countries to take advantage of, as the Electronic Frontier Foundation puts it, “the lowest common privacy denominator.” Other members of the 5 Eyes get to benefit from the mass surveillance data the NSA’s XKEYSCORE project brings in. In time, they will also benefit from all the data that the UK’s Investigatory Powers Act collects as well. If a sweeping act that expands electronic surveillance passes in any one of these countries, it is as though the act has passed in every country. It also means that there is a good chance that your digital activity is being captured and shared with the NSA or other SIGINT agencies, no matter where in the world you are.

The best safeguard against this is using strong encryption. If you encrypt your data before it hits the network, it makes it much harder for you to be targeted by surveillance. For instance, if you use ProtonMail all your messages are stored with zero access encryption, making it very difficult for surveillance agencies to violate your privacy and read your messages. Using a VPN service like ProtonVPN also makes it much harder for surveillance agencies to record and track your internet activity. Similar encrypted apps such as Wire or Signal also exist for chat communications.

ProtonMail and ProtonVPN are based in Switzerland, which has some of the world’s strongest privacy laws and is not a signatory to any of these surveillance agreements. This provides an additional layer of legal protection on top of the encryption we utilize.

The scale of mass surveillance operations is truly breathtaking and a major threat to democratic society. Fortunately there are now tools for protecting your privacy and safeguarding your right to online freedom.

Best Regards,
The ProtonVPN Team

You can follow us on social media to stay up to date on the latest ProtonVPN releases:

Twitter Facebook | Reddit

To get a free ProtonMail encrypted email account, visit:

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.


  1. Martin Papworth

    Interestingly I have been contacted by a civil servant of some sort in the UK can’t remember who or what about exactly saying they are unable to use my partners’ Protonmail email for correspondence because if was running on a server in Switzerland. It seemed very strange at the time and even stranger after reading this.

  2. dont waste you thyme

    If people wanted privacy love and truth they should never have come to this planet.

  3. Angelo

    GO PROTON!!!

  4. Oski

    Sweden is part of 14 eyes.
    Then why does Proton have a server there?

  5. Richie Koch

    We plan on eventually having servers in every country. This is part of our drive to make privacy accessible to everyone. However, you are correct; the fact that Sweden’s government is a member of the 14 Eyes intelligence-sharing agreement is a concern. We have implemented hard-disk encryption on all our servers to mitigate this type of threat. Still, all users should consider their threat model before they connect to any VPN server that is hosted in a 14 Eyes country.

  6. James Horton

    yeah, protonchat!!!!

  7. Undisclosed too

    I’ve got some trust issues concerning your secure core server cause 1) some are in Sweden which is a 14 eyes country and 2) they do not run on RAM yet as ExpressVPN ones do, I will consider buying a paid plan because I never had issues on the 4G network than I have on ExpressVPN, but please, considered moving on RAN servers and if not, why, add the possibility to subscribe 1 month on the iOS app even if it’s more expensive for us, and considered as well making a messaging app that could complete the perfect privacy pack by having calendar, mail box, messaging (or/and calling), and VPN all encrypted :D

  8. ChrisG

    I’d use a chat app as well, pls publish if you can do it as well as the VPN and mail app.

  9. Richie Koch

    Hi Chris,

    You’re not the first to suggest a “ProtonChat” product. We’ll take it into consideration. Thanks for your support!

  10. Paul

    Given that you are relying on both physical and digital security of your Secure Core servers, and apparently not that those servers are in neutral countries, does it then matter whether or not you deploy to other 14 Eyes countries? What criteria apply to Sweden that do not apply to other 14 Eyes countries?

  11. ale

    + 1 again for the messenger app!!
    lemme know if you have updates about it!
    I will then share your app WITH PLEASURE!

  12. Satfox

    What does Protonmail do in the case of Australia, where the government has now made it mandatory for telco’s to retain the content of all electronic communications for 2 years? How does running a secure server in that country work?

  13. Steven

    I agree with the protonchat app!

  14. Undisclosed

    Some of your Secure Core servers are located in Sweden which is a “14 eyes” country. The primary reason for using Secure Core is to avoid the risks related to connecting to a server in a surveillance state. What additional protections are in-place to protect the Secure Core servers in Sweden to mitigate the additional risks in that jurisdiction versus the Secure Core servers in the lower risk jurisdictions (Switzerland and Iceland)?

  15. Augustinas

    All servers are configured the way that they do not log any data at any time and the server itself is under our control at all times – all of our servers are configured the same way regardless of jurisdiction. While it is possible that some servers can be tapped in certain countries, but we are confident in our setup for all of our servers, especially Secure Core ones.

  16. Dre

    Please develop a ProtonChat messenger app focussed on security and privacy. (Based on Signal open source protocol?).

  17. Monica

    Hello! We will consider your suggestion, thank you!

  18. Emmanuel

    +1 for the messenger app

Comments are closed.

Secure your internet

Get ProtonVPN

For customer support inquiries, please submit the following form for the fastest response:
Support Form

For all other inquiries:

Version: OpenPGP.js v4.10.10


You can also Tweet to us: