What Is the 5 Eyes Alliance? Your Privacy at Risk in 2024

The Eyes Alliances collect data from your internet traffic, phone calls, emails, and other forms of communication and share the collected intelligence among member countries, collectively called the 5/9/14 Eyes. This may sound like something out of a spy movie, but it’s reality.

If you’re in one of these participating 14 countries, private conversations and images you share with friends or family are accessible to surveillance agencies. These agencies also monitor global tech companies like Google, Microsoft, Facebook, and Apple, so your data is being collected even if you’re outside the Eyes Alliances.

Military-Grade Security Features

DEAL: Save 48% + 30-day money-back guarantee

Editor's Choice for Security

Our Score: 10.0

High-level encryption keeps you safe online

Verified to not collect or share data

Visit ExpressVPN

Editor's Note: Transparency is one of our core values at vpnMentor, so you should know we are in the same ownership group as ExpressVPN. However, this does not affect our review process.

What Are the 5 Eyes, 9 Eyes, and 14 Eyes Alliances?

The 5 /9/14 Eyes Alliances are international surveillance networks in which various countries collaborate to share intelligence information collected on their citizens.

A quick-guide to which countries feature in the alliance

5 Eyes Alliance

The 5 Eyes Alliance, or FVEY, is an intelligence-sharing pact between 5 English-speaking countries: the US, the UK, Canada, Australia, and New Zealand. It started way back during World War II with the UKUSA Agreement on March 5, 1946. Originally, it was just a deal between the UK and the US to crack Soviet codes. Over time, the alliance expanded to include Canada, Australia, and New Zealand​.

The 5 Eyes Alliance is primarily focused on signals intelligence (SIGINT), involving the interception and analysis of electronic communications, such as emails, calls, and internet traffic. The member countries collaborate extensively to share intelligence data, conduct joint surveillance operations, and develop advanced surveillance technologies.

Each of these countries has passed serious laws that give their intelligence agencies a lot of power to monitor people. This was made clear after Edward Snowden leaked a number of documents that he obtained while working as an NSA contractor, proving the widespread government surveillance of citizens’ online activity.

Evidence was also revealed of member countries using the alliance to circumvent the privacy laws of their own citizens. For example, the UK was found to be working around surveillance laws protecting its populace by asking the USA’s NSA to spy on UK nationals instead. They would then simply request the NSA share the data they pulled.

Here’s a further example of how each country has and continues to monitor the personal information of its citizens:

• United States. Post-9/11 legislation such as the USA PATRIOT Act allows the NSA to monitor citizen communications without a warrant, including phone records, emails, and other forms of communication.
• United Kingdom. The Investigatory Powers Act 2016, also known as the "Snooper's Charter," mandates that internet service providers keep records of users' online activities, including phone calls, emails, and internet usage. The stored data can then be accessed and monitored by authorities.
• Australia. The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 requires ISPs to retain metadata for two years. This includes the time, duration, source, and destination of communications, as well as the type of service used and the location of the equipment. Although the content of communications is not stored, the metadata can still reveal significant insights into individuals' behaviors and activities.

9 Eyes Alliance

The 9 Eyes uses various programs and technologies to intercept and analyze communications. These activities are a key part of the alliance's operations. Individuals' communications in member countries and beyond can be monitored and shared without their knowledge or consent​, for example:

• Denmark. Danish ISPs are required by law to retain user data for a specified period, such as browsing history, connection times, and communication metadata. This data can be accessed by intelligence agencies like the Danish Defense Intelligence Service (Forsvarets Efterretningstjeneste, FE) and the Danish Security and Intelligence Service (Politiets Efterretningstjeneste, PET).
• France. Following the Charlie Hebdo and Paris attacks, surveillance laws in France allow for the monitoring of electronic communications, including the bulk collection of metadata, wiretapping, and the use of algorithms to detect potential threats. The primary agencies conducting this surveillance are the General Directorate for Internal Security (DGSI) and the National Commission for the Control of Intelligence Techniques (CNCTR).
• Netherlands. The Intelligence and Security Services Act 2017, also known as the "Sleepwet" or "Dragnet Act," allows for the interception, monitoring, and analysis of large-scale internet and telecommunications data. This is conducted by Dutch intelligence agencies such as the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD).
• Norway. Intelligence agencies like the Norwegian Intelligence Service (NIS) and the Norwegian Police Security Service (PST) are authorized to monitor emails and phone calls. They also monitor social media interactions and other forms of electronic communication.

14 Eyes Alliance

The 14 Eyes Alliance is an extension of the 5 Eyes and 9 Eyes alliances, forming one of the most comprehensive international surveillance networks, officially known as SIGINT Seniors Europe (SSEUR). The alliance includes the original five members of the 5 Eyes (United States, United Kingdom, Canada, Australia, New Zealand), the additional four members of the 9 Eyes (Denmark, France, the Netherlands, Norway), and five more countries: Germany, Belgium, Italy, Sweden, and Spain.

Each member country of the 14 Eyes Alliance has its own surveillance programs and technologies to intercept and analyze internet traffic, emails, phone calls, and other communications. The 14 Eyes countries then share this data among themselves, including signals intelligence (SIGINT), human intelligence (HUMINT), and other forms of data, for example:

• Germany. The Federal Intelligence Service (Bundesnachrichtendienst, BND) is the country's primary foreign intelligence agency. The BND has broad authority to monitor satellite communications, internet traffic, and other forms of communication data.
• Belgium. Belgian intelligence agencies like the VSSE and SGRS are permitted to use a variety of surveillance techniques to gather information. This includes real-time monitoring and recording of conversations and data exchanges, as well as monitoring internet activities and conducting physical surveillance.
• Italy. The Pisanu Law grants broad surveillance powers to Italian authorities, allowing for extensive monitoring of communications and internet activities. The law mandates data retention by ISPs and telecommunications companies for up to 24 months
• Sweden. The Swedish National Defence Radio Establishment (FRA) and the Swedish Security Service (Säpo) are authorized to monitor electronic communications under specific legal conditions. While its surveillance activities are not as widespread, Sweden can still benefit from intelligence gathered by other member countries.
• Spain. Spanish laws, like the "Gag Law,” allow the National Intelligence Centre (CNI) to monitor and intervene in communications. Additionally, Spanish telecommunications providers are required to retain metadata and other communication data for a specified period.

Third-Party Contributors

Several countries contribute to the 5, 9, and 14 Eyes Alliances without being formal members. They aren’t typically subject to the same oversight and accountability mechanisms that apply to formal members of the Eyes Alliances. However, it's advisable to hide your IP address to stay safe online in these countries.

• Japan has close intelligence-sharing relationships with the 5 Eyes countries, particularly the United States. Japan has expressed interest in becoming more formally integrated into the alliance, with discussions about potentially becoming the "6th Eye." However, this is not an official designation.
• Germany, in addition to being a 14 Eyes member, has separate bilateral intelligence-sharing agreements with the United States and other 5 Eyes countries.
• Israel's intelligence agencies, such as Mossad, share information with the 5 Eyes countries, particularly the United States. This collaboration focuses on threats in the Middle East and global terrorism​​.
• South Korea collaborates closely with the United States and other 5 Eyes members, focusing on intelligence related to North Korea and regional security issues.
• Singapore often hosts and participates in high-level security dialogues involving the 5 Eyes countries, contributing valuable insights from its strategic position in the Indo-Pacific​.
• India has bilateral and multilateral intelligence-sharing agreements and collaborations with several of the Five Eyes Alliance. Additionally, there have been discussions and moves towards enhancing intelligence sharing between India and the 5 Eyes in recent years.

What Impact Does the 5/9/14 Eyes Alliances Have on Citizens?

Widespread surveillance can lead to a significant invasion of citizens' privacy. Vast amounts of personal data, including emails, calls, social media interactions, and internet browsing activities, are collected and shared.

Without strict oversight, intelligence agencies can misuse surveillance powers, potentially violating civil liberties by monitoring individuals for non-security reasons like political dissent or activism. Member countries may also bypass legal restrictions by requesting surveillance from other alliance members.

Laws in member countries often require ISPs to store user data, making it accessible to intelligence agencies and vulnerable to unauthorized access. This can deter individuals from discussing certain topics or activities, out of fear that might attract surveillance, impacting basic human rights like freedom of expression.

Military-Grade Security Features

DEAL: Save 48% + 30-day money-back guarantee

Editor's Choice for Security

Our Score: 10.0

High-level encryption keeps you safe online

Verified to not collect or share data

Visit ExpressVPN

Surveillance Systems Used By These Alliances and the Data They Collect

These alliances have many mass surveillance systems in place, with some remaining unknown to the public. Some that have received significant media attention include:

ECHELON

ECHELON intercepts communications using a network of ground-based radio antennas and satellites. It was originally developed to monitor Soviet communications during the Cold War but has since expanded to cover a wide range of communications worldwide. This data is processed and stored in facilities operated by member countries. Surveillance agencies can then search specific keywords to filter relevant information from vast amounts of data​​.

Data Collected:

• Telephone calls
• Faxes
• Emails
• Internet traffic

PRISM

PRISM is a surveillance program operated by the NSA that collects internet communications from major tech companies. Tech companies like Google, Apple, Facebook, and Microsoft are compelled to share data under legal orders. This program focuses on non-US persons but can incidentally collect data on US citizens.

Data Collected:

• Emails
• Chat messages (including video and voice)
• Photos and video
• Stored data
• VoIP calls
• Social networking details
• Login information and metadata

XKeyscore

XKeyscore is a highly classified program of the United States National Security Agency (NSA) that was exposed by Edward Snowden in 2013. It is a powerful tool used for the collection and analysis of global internet data. It’s designed to collect and analyze nearly everything you do on the internet.

Data Collected:

• Emails
• Online chats
• Social media
• Browsing history
• File transfers
• Internet-based voice calls
• Geolocation data
• Search queries
• Login events
• Network traffic
• Cookies and tracking
• Browser fingerprints

Tempora

Tempora is operated by the UK's GCHQ and involves tapping into undersea fiber-optic cables to intercept internet traffic. Large amounts of data are stored for up to 30 days for analysis and shared with other 5 Eyes members.

Data Collected:

• Internet communications (emails, social media interactions, browsing histories)
• Telephone calls
• Content and metadata of online activities

MUSCULAR

The program, run by the NSA and GCHQ, captures a vast amount of user data without the knowledge or consent of the companies or users involved. The primary targets are the internal data flows of major internet companies like Google and Yahoo. MUSCULAR intercepts data traveling between the data centers of these companies, which are often unencrypted in transit. The program captures millions of records each day, including personal communications.

Data Collected:

• Emails
• Search queries
• Cloud-stored files
• User activities and interactions

Stone Ghost

Stone Ghost, also known as the Defense Network Intelligence Exchange (DNIE), involves NATO members and is used for sharing intelligence primarily related to defense and security. The network allows for the seamless sharing of a wide range of intelligence data, including intercepted communications, satellite imagery, and reports from field agents.

Data Collected:

• Defense intelligence
• Operational information
• Strategic analyses

How To Avoid Surveillance from 5/9/14 Eyes Countries

Hiding your IP address and using end-to-end encrypted communication apps can help protect against surveillance. Plus, being mindful of the information you share online and adjusting privacy settings on social media platforms can reduce exposure to surveillance. Here are the best tools to protect your online identity and activity from prying eyes:

1. Use a VPN

One of the most effective ways to protect your privacy online is to use a Virtual Private Network (VPN). ISPs often log user activities and share this data with government agencies. A VPN encrypts your traffic and routes it through a secure server so your ISP can only see that you are connected to a VPN, not the websites you visit or the data you transmit, effectively blocking a key source of surveillance data.

There have also been several instances where VPN providers shared user data with authorities. So, your choice of provider is critical against invasive surveillance and monitoring. To prevent your data from being shared, choose a VPN that:

• Is based outside 5/9/14 Eyes jurisdictions.
• Follows a verified no-logs policy.
• Uses strong AES 256-bit encryption.
• Has a kill switch and IP/DNS leak protection to protect against accidental data exposure.
• Obfuscation prevents your VPN from getting blocked on restricted networks, like work.

For example, despite the legal pressure, ExpressVPN stood firm on its privacy policy even when pressured by the Turkish government. During a Turkish investigation into an ExpressVPN user, law enforcement tried to compel this VPN to hand over identifying data. Despite their best attempts, authorities were unable to find any identifying info due to ExpressVPN’s commitment to protecting users’ privacy. Since no logs existed, there was nothing to hand over to the authorities.

2. Opt for Secure Browsers and Search Engines

To stay anonymous online and prevent tracking, look for a secure browser that can protect you against hackers and online vulnerabilities. Our top picks include Brave, Tor Browser, and Mozilla Firefox with privacy extensions (uBlock Origin, HTTPS Everywhere).

Combine a secure browser with a reputable private search engine, such as DuckDuckGo, and Startpage. They won’t collect any personal data that can be used to identify you, like your IP address.

3. Avoid Cloud Services from 5/9/14 Eyes Countries

Using secure cloud storage with strong encryption protects your data from unauthorized access, even by government agencies within the 5/9/14 Eyes Alliance, as the data remains encrypted and inaccessible without your private keys. This significantly reduces the risk of your information being intercepted or shared, even if a cloud provider is compelled to cooperate with government surveillance requests.

Use services like Tresorit (Switzerland-based) or pCloud (Switzerland-based). Avoid mainstream services like Google Drive, OneDrive, and Dropbox, which are subject to US jurisdiction.

4. Use Secure and Encrypted Communication Tools

End-to-end encryption tools endeavor that only the sender and recipient can access the content of communications, preventing interception by third parties, including government agencies within the 5/9/14 Eyes Alliance. This encryption protects your data by making it unreadable to anyone without the specific decryption keys.

• Email. ProtonMail (Switzerland-based), Tutanota (Germany-based but with strong privacy laws).
• Messaging. Signal (end-to-end encryption), Wire (Switzerland-based).
• Voice and video calls. Jitsi (open-source and encrypted).

5. Practice Good OpSec (Operational Security)

Implementing specific personal security measures helps protect your accounts from unauthorized access. These measures add an extra layer of security by making it much harder for government agencies within the 5/9/14 Eyes Alliance to access your personal information even if they obtain your login credentials.

• Use strong, unique passwords. Use a password manager like Bitwarden or LastPass.
• Enable Two-Factor Authentication (2FA). Prefer hardware tokens like YubiKey over SMS-based 2FA.
• Regular software updates. Keep your operating system and apps up-to-date to protect against vulnerabilities.

6. Encrypt Your Data

Encrypting your data "at rest" (when stored) and "in transit" (when being transmitted) helps keep your information inaccessible to unauthorized entities even if they intercept it. This dual-layer encryption protects your data from being easily decrypted or shared without your consent, as it remains secure throughout its entire lifecycle.

• Encrypting data at rest. Use full-disk encryption tools like VeraCrypt.
• Encrypting data in transit. Always use HTTPS websites. Tools like HTTPS Everywhere can enforce this.

7. Use Privacy-Focused Operating Systems

Using privacy-focused operating systems like Tails and GrapheneOS helps minimize data exposure by reducing tracking, avoiding default data collection, and employing strong encryption. These systems are designed to prioritize user privacy and security.

• Desktop. Tails, Qubes OS, or Linux distributions with strong privacy features.
• Mobile. GrapheneOS (Android), or iOS with careful configuration.

8. Be Wary of Metadata

Even encrypted communications can reveal metadata (who you communicate with, when, and how often). Minimize the amount of metadata generated by:

• Use burner devices and accounts.
• Avoiding linking accounts together.
• Use anonymous payment methods like cryptocurrency.

Metadata can also reveal you’re using a VPN, which could alert firewalls and content filters. Mask your VPN traffic by using obfuscation and secure protocols.

9. Regular Privacy Audits

Checking for IP leaks and reviewing app permissions help identify and close potential vulnerabilities that could expose your data to surveillance by the 5/9/14 Eyes Alliance. By proactively managing these risks, you help secure your digital footprint.

• Check for leaks. Regularly check if your VPN or other services are leaking your IP or DNS.
• Review permissions. Regularly review app permissions on your devices and revoke unnecessary ones.

Additional Privacy Measures

• Don’t overshare. Do not share personal or identifiable information on public apps. Many online services also allow you to disable browsing activity and location data logging. I recommend you disable these tracking services if possible and avoid apps that don’t allow you to prevent your data from being shared.
• Continual education. Privacy and security are moving targets. Stay updated on the latest practices and threats.

Military-Grade Security Features

DEAL: Save 48% + 30-day money-back guarantee

Editor's Choice for Security

Our Score: 10.0

High-level encryption keeps you safe online

Verified to not collect or share data

Visit ExpressVPN

Editor's Note: Transparency is one of our core values at vpnMentor, so you should know we are in the same ownership group as ExpressVPN. However, this does not affect our review process.

Editor's Note: We value our relationship with our readers, and we strive to earn your trust through transparency and integrity. We are in the same ownership group as some of the industry-leading products reviewed on this site: Intego, Cyberghost, ExpressVPN, and Private Internet Access. However, this does not affect our review process, as we adhere to a strict testing methodology.

FAQs on the 5/9/14 Eyes Alliance

Are the 5/9/14 Eyes Alliances the only international surveillance networks?

No, they're not the only ones, just the most well-known international surveillance networks. Several other intelligence-sharing agreements between nations may affect you to varying degrees. For example, other lesser-known surveillance networks and bilateral agreements between countries facilitate international data sharing for security and intelligence purposes.​

Can the government tell that you're using a VPN?

Yes, the government can recognize VPN traffic, but can’t decrypt it. Most premium VPNs use AES 256-bit encryption, which is virtually impossible to crack. Additionally, VPNs, like ExpressVPN, use obfuscation techniques to make VPN traffic appear as a regular internet connection to prevent it getting detected. However, if the VPN provider is based in a 5/9/14 Eyes country, it may be compelled to share user data with government agencies.

Is Stone Ghost related to the Five Eyes Alliance?

Stone Ghost is not directly related to the 5 Eyes Alliance. Stone Ghost is a separate intelligence network used primarily by NATO and partner nations to share sensitive information. While it involves countries that are also part of the Five Eyes, such as the United States, its scope and operations are distinct from those of the 5 Eyes.

Can you completely avoid the 5/9/14 Eyes surveillance?

You can’t avoid 5/9/14 Eyes surveillance if you live in or communicate with individuals in these countries. However, you can mitigate exposure by using privacy-focused services and tools, such as VPNs based outside of 5/9/14 Eyes jurisdictions, encrypted communication apps, and privacy-focused browsers. While these measures enhance privacy, they do not provide absolute protection against sophisticated surveillance efforts.

Conclusion

The 5/9/14 Eyes Alliances are international surveillance networks that collect and share personal data, such as traffic, calls, and emails, among member countries. These alliances, which include the original 5 Eyes (US, UK, Canada, Australia, New Zealand) and expand to 9 Eyes and 14 Eyes, pose significant privacy concerns.

To avoid monitoring by these alliances, adopt privacy-focused tools and practices, such as using a VPN, disabling location tracking, and carefully managing app permissions. These steps are crucial in an environment where surveillance programs like PRISM and ECHELON collect vast amounts of personal data accessible to intelligence agencies.