A Surveillance Primer: 5 Eyes, 9 Eyes, 14 Eyes

As consciousness of world surveillance grows, extra individuals are on the lookout for details about the 5 Eyes (FVEY), 9 Eyes, and 14 Eyes surveillance alliances. These phrases typically seem within the privateness group, particularly when discussing privateness instruments. So what are these organizations?

Editor’s Word:
Visitor writer Sven Taylor is the editor behind Restore Privateness, a weblog devoted to tell about finest on-line privateness practices, safe your digital units, unblock restricted content material and defeat censorship.

In brief, these are worldwide surveillance alliances representing numerous international locations all over the world. These alliances work collectively to gather and share mass surveillance information with one another. Starting with the UKUSA settlement and 5 Eyes intelligence sharing, these networks have been spying on individuals for many years, with established insurance policies going again to World Battle II.

The federal government businesses behind these efforts typically work with web service suppliers and different massive tech firms to faucet key infrastructure for the gathering of personal information (information surveillance). This turns your web service supplier, for instance, into a neighborhood adversary that’s spying on you for state businesses. And no, this isn’t a idea.

Your web service supplier is logging the whole lot!

In 2021, the US Federal Commerce Fee revealed a 74 web page report documenting how web service suppliers are accumulating huge quantities of personal information from their clients after which promoting the info to 3rd events. We examined this report, the implications, and a few options in our article on web service suppliers logging searching exercise.

These practices are well-documented within the PRISM surveillance paperwork and likewise the notorious Room 641a instance with AT&T and the NSA. Luckily, there are some easy options to maintain your information protected that we’ll cowl under. On this information, we’ll clarify all of the completely different “X” eyes surveillance alliances and why this subject is essential when selecting privateness instruments.

5 Eyes

The 5 Eyes (FVEY) surveillance alliance consists of the next international locations:

1. Australia
2. Canada
3. New Zealand
4. United Kingdom
5. United States

The historical past of this alliance goes again to WWII and the UKUSA Settlement, which was formally enacted after the struggle in 1946. This settlement formalized a partnership between the UK and the US for gathering and sharing intelligence information.

The partnership continued all through the Chilly Battle and has solely strengthened for the reason that “World Battle on Terror” kicked off within the early 2000s. Edward Snowden introduced renewed focus to the 5 Eyes surveillance alliance in 2013 when he uncovered the surveillance actions of the US authorities and its allies.

Under are the completely different “5 Eyes” surveillance businesses working collectively to gather and file your actions:

Desk of the 5 Eyes businesses working collectively to surveil enemies and their very own residents.

Along with these nationwide organizations, there exists the 5 Eyes Intelligence Oversight and Assessment Council (FIORC). In line with the FIORC internet web page on the US Director of Nationwide Intelligence web site:

FIORC was created within the spirit of the present 5 Eyes partnership, the intelligence alliance comprising Australia, Canada, New Zealand, the UK, and the US.

It additional states that…

The Council members trade views on topics of mutual curiosity and concern; examine finest practices in overview and oversight methodology; discover areas the place cooperation on critiques and the sharing of outcomes is permitted the place acceptable; encourage transparency to the biggest extent potential to reinforce public belief; and keep contact with political workplaces, oversight and overview committees, and non-5 Eyes international locations as acceptable.

The next non-political intelligence oversight, overview, and safety entities of the 5 Eyes international locations are a part of FIORC:

You will get extra details about FIORC, together with a duplicate of the group’s constitution right here.

It’s no shock that among the 5 Eyes international locations listed above are additionally the worst abusers of on-line privateness:

• United Kingdom – For the reason that passage of the Investigatory Powers Act in 2016, web service suppliers and telecoms have been recording searching historical past, connection instances, and textual content messages. The information is saved for 2 years and is out there to UK authorities businesses and their companions with none warrant.
• United States – The US authorities has been implementing Orwellian mass surveillance assortment strategies with the assistance of huge telecoms and web service suppliers (see the PRISM program). In March 2017, web service suppliers got the authorized authority to file consumer exercise and promote this to 3rd events. After all, web suppliers have been accumulating information on their clients for a few years, lengthy earlier than this regulation handed in 2017.

One of many PRISM slides, revealed by Washington Publish, June 6, 2013.

• Australia – Australia has additionally applied sweeping information retention legal guidelines much like the UK.

Broad authority amongst 5 Eyes international locations

Whether or not it’s the NSA in the US or the GCHQ in the UK, the “5 Eyes” is dwelling to probably the most highly effective surveillance businesses on the planet. A privateness firm sharing a jurisdiction with entities like these is simply asking for bother.

Particularly, the intelligence businesses within the 5 Eyes international locations have super authority to pressure firms to file and hand over information. In the US, the Patriot Act ushered in a brand new stage of energy for federal information assortment, particularly by way of using Nationwide Safety Letters. We see these identical traits unfolding within the UK, Australia, and different places as properly.

Six Eyes?

In an August 2020 Nikkei interview, Japanese Protection Minister Taro Kono mentioned tighter cooperation with 5 Eyes, telling an interviewer that “These international locations share the identical values. Japan can get nearer [to the alliance] even to the extent of it being referred to as the ‘Six Eyes’.”

Reportedly each the US and United Kingdom have proven some curiosity on this, maybe in response to the rising dangers of armed battle with China. Whereas this seems to be simply speak proper now, we’ll keep watch over the state of affairs and replace our articles as obligatory.

9 Eyes

The 9 Eyes international locations embrace:

• 5 Eyes international locations +
• Denmark
• France
• Netherlands
• Norway

The existence of the 9 Eyes alliance is referenced in numerous sources on-line and have become well-known following the Snowden revelations in 2013. It’s simply an extension of the 5 Eyes alliance with related cooperation to gather and share mass surveillance information.

14 Eyes

The 14 Eyes surveillance international locations embrace:

• 9 Eyes international locations +
• Germany
• Belgium
• Italy
• Sweden
• Spain

As earlier than, the unique surveillance settlement was prolonged to those different international locations. The official title of this group of nations is known as SIGINT Seniors Europe (SSEUR).

NSA and GCHQ cooperation inside 5 Eyes

Numerous authorities doc releases, which have come out by way of official FOIA channels, reveal the shut relationship between the NSA and GCHQ. Being the 2 strongest surveillance entities on the planet, with historic ties, it’s no shock that they work carefully collectively.

A top-secret NSA doc from 1985, which was launched in 2018 through a FOIA request, reveals that this shut cooperation continues right this moment, based mostly on the broadly-written UKUSA Settlement:

The UKUSA Settlement, dated 5 March 1946, has twelve brief paragraphs and was so typically written that, except for a couple of correct nouns, no adjustments to it have been made. It was signed by a UK consultant of the London Alerts Intelligence Board and the U.S. Senior Member of the State-Military-Navy Communications Intelligence Board (a predecessor group which advanced to be the current Nationwide overseas Intelligence Board). The rules stay intact, permitting for a full and interdependent partnership. In impact, the essential settlement permits for the trade of all COMINT outcomes together with finish product and pertinent collateral information from every sample for targets worldwide, until particularly excluded from the settlement on the request of both social gathering.

One other top-secret NSA doc from 1997 (formally launched in 2018) additional elaborates on the shut cooperation between the NSA and GCHQ:

Some GCHQ [redacted] exist solely to fulfill NSA tasking. NSA and GCHQ collectively tackle assortment plans to cut back duplication and maximize protection by way of joint websites and cross-tasking, regardless of website closures.

With the reference to “joint websites” above, it is essential to debate ECHELON.

ECHELON surveillance system

ECHELON Radomes at Menwith Hill, Yorkshire. Picture taken November 2005. Matt Crypto through Wikimedia Commons

ECHELON is a community of spy stations utilized by 5 Eyes international locations for large-scale espionage and information assortment.

The Guardian described ECHELON as a worldwide community of digital spy stations that may listen in on telephones, faxes and computer systems. It may well even observe financial institution accounts. This info is saved in Echelon computer systems, which may preserve tens of millions of information on people.

Formally, nevertheless, Echelon would not exist. Though proof of Echelon has been rising for the reason that mid-Nineteen Nineties, America flatly denies that it exists, whereas the UK authorities’s responses to questions concerning the system stay evasive.

Regardless of these denials, there have been whistleblowers who’ve confirmed what is going on on behind the scenes. Each Perry Fellwock and Margaret Newsham got here ahead to doc numerous points of ECHELON to the general public.

Keep away from the 5 Eyes

Whereas there are privateness considerations with the opposite international locations within the larger 14 Eyes alliances, the massive one to keep away from is the 5 Eyes. Subsequently, when information safety is vital, merely keep away from the 5 Eyes: US, UK, Canada, Australia, and New Zealand

Some individuals say considerations about these surveillance jurisdictions are overblown or misguided, and that it actually would not matter. You typically hear this argument from VPN firms (and their entrepreneurs) which are based mostly within the US or Canada, for instance. This line of pondering is misinformed and ignores actuality.

There are numerous examples that show the real-world dangers related to privacy-focused firms working in 5 Eyes jurisdictions. Listed here are only a few that we have mentioned earlier than on RestorePrivacy over time:

1. Riseup, a Seattle-based VPN and e-mail service, was pressured to gather consumer information for presidency brokers and was additionally hit with a “gag order” to forestall any disclosure to their customers. (Additionally they couldn’t replace their warrant canary.)
2. Lavabit, one other US-based e-mail service, was pressured to supply encryption keys and full entry to consumer emails. Slightly than comply, the proprietor determined to close down Lavabit e-mail.
3. IPVanish, a US-based VPN service, was pressured to gather consumer information for an FBI felony investigation. This all transpired whereas IPVanish was claiming to be a “no logs VPN” — they usually couldn’t alert their customers to what was taking place. (See the IPVanish logs case.)
4. HideMyAss, a UK VPN service was additionally ordered by a court docket to gather consumer information and hand this over to authorities for a felony investigation. Information about this got here out after-the-fact.

VPNs working within the US, and by extension all of their customers, may also be the targets of lawsuits involving copyright infringement. A latest court docket case concerned TorGuard VPN, which was pressured to dam torrenting on all US servers as a part of the settlement settlement. For this reason we advocate avoiding US-based VPNs when utilizing a VPN for torrenting.

These are only a few circumstances which have publicly come to gentle, however you will be positive there are different examples we do not know even about.

Secret calls for for consumer information + gag orders = privateness nightmare

As we are able to see from these examples, when authorities compel companies to gather and hand over information, they normally serve them with a gag order as properly. That is completed by way of Nationwide Safety Letters and it prevents the enterprise from disclosing any info to their clients.

These legal guidelines mainly give the federal government the authority to compel a professional privacy-focused firm to turn into a knowledge assortment software for state businesses, with none warning or notification. Even warrant canaries are ineffective in locations like the US.

Ignoring the jurisdiction of a privacy-focused enterprise is silly and ignores these well-documented dangers.

Advisable privateness providers (in good jurisdictions)

One of many foremost functions of RestorePrivacy is to check, analysis, and advocate privateness and safety instruments that meet particular standards. Given our emphasis on information safety and belief, jurisdiction is a key issue we contemplate.

By way of jurisdiction, our foremost concern is avoiding 5 Eyes international locations. In spite of everything, among the 9 and 14 Eyes international locations do certainly have robust privateness legal guidelines, particularly compared to the US and UK.

Safe e-mail exterior 5 Eyes

Utilizing a safe and personal e-mail service in a protected jurisdiction is a no brainer. Think about this:

Alternate options – Listed here are a few of our favourite safe e-mail providers that we examined:

1. Mailfence (Belgium)
2. Tutanota (Germany)
3. ProtonMail (Switzerland)
4. Mailbox.org (Germany)
5. Posteo (Germany)
6. Runbox (Norway)
7. Countermail (Sweden)
8. CTemplar (Iceland)
9. KolabNow (Switzerland)
10. Startmail (The Netherlands)

Finest VPNs exterior the 5 Eyes

Web service suppliers are actively accumulating information for presidency businesses all over the world. They do that by both actively snooping on connections or just recording all of your DNS requests. Moreover, advertisers and different third-parties will observe and file your on-line exercise that’s tied to your distinctive IP tackle.

VPN service is crucial for primary on-line privateness, particularly when ISPs are logging the whole lot. A VPN encrypts all of your visitors between your laptop/gadget and the VPN server you might be linked to. Not solely does this make your visitors and on-line actions unreadable to your ISP and different third events, it additionally hides your IP tackle and site.

Listed here are one of the best VPN providers which are positioned exterior of the 5 Eyes international locations:

1. NordVPN (Panama)
2. Surfshark (The Netherlands)
3. ExpressVPN (British Virgin Islands)
4. VPN.ac (Romania)
5. VyprVPN (Switzerland)
6. Excellent Privateness (Switzerland)
7. OVPN (Sweden)
8. TrustZone VPN (Seychelles)
9. ProtonVPN (Switzerland)

Some individuals are frightened about logs and information assortment with VPNs. Luckily, there are a couple of verified no logs VPNs which have undergone impartial audits to verify their no-logs insurance policies:

1. NordVPN was audited to PwC AG in Zurich, Switzerland to verify important privacy-protection measures and the no-logs coverage. NordVPN has dedicated to annual third-party audits, whereas additionally present process impartial safety audits and penetration testing carried out by Versprite.
2. ExpressVPN has been audited twice by PwC to confirm its no-logs coverage. Moreover, ExpressVPN has handed safety audits carried out by Cure53.
3. VyprVPN underwent a no-logs audit carried out by Leviathan Safety a couple of years in the past.

Non-public search engines like google and yahoo exterior 5 Eyes

Many of the large search engines like google and yahoo, comparable to Google, file all of your search queries after which hyperlink this to your identification and information profile, so that you will be hit with focused adverts. Except you wish to give Google and its companions all of your search actions, think about using alternate options.

Listed here are some personal search engines like google and yahoo you could wish to contemplate:

1. Searx (open supply, no jurisdiction)
2. MetaGer (Germany)
3. Swisscows (Switzerland)
4. Qwant (France)

There are a couple of search engines like google and yahoo based mostly in 5 Eyes international locations that we nonetheless advocate. These embrace:

• DuckDuckGo (United States)
• Mojeek (United Kingdom)
• Courageous Search (United States)

Belief and jurisdiction

Ultimately, jurisdiction is only one of many components to contemplate when deciding on dependable privateness instruments on your distinctive wants. How a lot it issues relies upon by yourself circumstances, significantly your menace mannequin and the kinds of adversaries you want to shield your self towards.

For these in search of increased ranges of privateness and safety, jurisdiction is certainly essential, particularly when you think about the rising energy of governments to pressure firms handy over information and log customers. Belief can also be a significant component it’s best to contemplate. In spite of everything, a VPN can function in a “good” abroad jurisdiction, but nonetheless misinform clients and supply information to authorities businesses. Take for instance PureVPN, a “no logs” service based mostly in Hong Kong that gave US authorities connection logs for a felony case.

That is the place belief is vital. Luckily, to strengthen belief, extra privacy-focused companies are present process impartial audits and third-party verifications. Along with the audits, we additionally see this development with password managers and sometimes with safe e-mail providers.

Are these the one worldwide intelligence alliances?

Most undoubtedly not. Along with the 5 Eyes (FVEY), 9 Eyes, and 14 Eyes (SIGINT Seniors Europe), there are different organizations we all know of. Examples embrace the SIGINT Seniors Pacific, the Quadrilateral Safety Dialog (the Quad), and the Membership de Berne. There can also be different such organizations that we nonetheless do not learn about.

Will Japan turn into a “Sixth Eye”?

Japan has publicly urged that they want to work extra carefully with the 5 Eyes, and maybe some day turn into a Sixth Eye. As of now it seems to be solely speak, however rising stress between Japan and China appears to be shifting Japan towards ever stronger connections with the 5 Eyes international locations. Solely time will inform if we’ll be speaking about Six Eyes as an alternative of 5 Eyes quickly.

Conclusion: Use providers working in protected jurisdictions

The 5 Eyes is probably the most highly effective surveillance alliance on the planet. Whereas it arguably works properly to guard its member international locations (USA, UK, Canada, Australia, and New Zealand), it makes these international locations lower than ideally suited jurisdictions for pro-privacy firms and merchandise.

Finally, we additionally have to acknowledge that everybody has completely different wants, use circumstances, and menace fashions. Which means deciding on services and products is a really subjective matter, and solely yow will discover one of the best match on your wants. Good luck and keep protected!