If you’ve been reading reviews of the best VPN services, you may well have come across the terms Five Eyes, Nine Eyes, and 14 Eyes. However, while infosec journalists might understand what that means, the rest of us could end up asking: what is Five Eyes, and why is it so important?
Here, we’ll be running down all the basics of Five Eyes, what it really is, how it could impact you as a general internet user, and why VPN providers make such a fuss about being based outside of the Five Eyes.
What is Five Eyes?
In short, the Five Eyes alliance is a group of five English-speaking countries that have agreed to share enemy signals intelligence with each other – signals intelligence being information learned from intercepting digital or otherwise electronic communications.
The countries that make up the Five Eyes are the UK, USA, Canada, Australia, and New Zealand, and the information gathered by any one is shared with the other members.
Beyond this, it has been claimed that each country also gathers intelligence on other members of the Five Eyes alliance, and this information is then shared back to the country that has been spied on. This is done to evade laws regarding a country spying on its own citizens, while also maintaining a surveillance profile on those at home.
A brief history of Five Eyes
The well-known UKUSA treaty between the UK’s GCHQ and the US’s NSA was signed in the aftermath of WWII in 1946, and is the basis of the Five Eyes intelligence-sharing pact. Over the following decade, they were joined by Canada, Denmark, Norway, West Germany, Australia and New Zealand – although only Canada, Australia and New Zealand are included in the precise Five Eyes definition.
The Five Eyes countries worked together throughout the Cold War to share intelligence on the Soviet Union, in the process developing the ECHELON surveillance system which monitors telephone and fax signals, emails, and other data transmissions. 2001 saw focus shift to the Middle East and the War on Terror, and in recent years the Five Eyes have also turned towards China.
However, intelligence-gathering operations from all members are global affairs, not solely focusing on the main locations of interest. On many occasions there have been accusations of ‘industrial espionage’, and citizens and politicians alike became uneasy that surveillance programs were becoming less focused on primary targets, and more focused on those back home. (See 1.2.2 in this document.)
Wider intelligence alliances include the Nine Eyes and 14 Eyes, which function similarly and include countries like France, Italy, Sweden and Spain. Countries outside of the foundational Five Eyes may not share every piece of information with every other member-state in practice, but they certainly have the capacity to, and should be treated with the same caution from a privacy point of view.
What does the Five Eyes alliance do today?
Since electronic communications have become the norm, there are more opportunities than ever for intelligence to be collected on just about everyone. Large companies with privileged positions such as Internet Service Providers can be made to collect and share any and all information they can on customers in the name of public safety. If that takes place in a Five Eyes member state, that information can then become common knowledge for any other member.
When it comes down to it, for most that won't sound especially appealing, and it’s understandable that people the world over want to regain and retain their privacy
So, using privacy software to anonymize online activity has become more and more popular, and while using VPNs may be only one step in the chain, they are a simple and effective first defence against ISPs’ and governments’ snooping.
However, not all VPNs are created equal.
What does Five Eyes mean for VPN providers?
Being outside of the Five, Nine and 14 Eyes alliances means that a country is not obliged to disclose any information it has collected to the other members of the group.
Combined with favorable local laws on the collection of data as a whole means that VPN providers based in such countries aren’t subject to the same governmental pressure to disclose data, and may be able to deliver a truly zero-logging service.
It’s worth noting that being truly zero-logging isn't just down to a VPN’s location. While a VPN based in the US may have a harder time getting around mandated data collection of its users, one based in a more privacy-friendly location may still log some user information.
The only way to truly be sure your data is left uncollected (and therefore unavailable to hand over should any government demand it from your VPN provider) is for the VPN to undergo an independent audit of its logging practices. Thankfully, a number of providers do boast audited zero-logging policies alongside favorable bases of operations – including our top-rated VPN overall.
Which VPN do we recommend?
