Five Eyes countries.

If you’re shopping for a VPN, you will have noticed VPN providers’ frequent mention of the Five, Nine, and Fourteen Eyes agreements in their marketing materials. What “eyes” are these, though, and how do they impact your privacy? Let’s take a look into a world filled with spooks, shady deals, and acronyms written in ALL CAPS.

The Five, Nine, and Fourteen Eyes

The Five, Nine, and Fourteen Eyes are agreements between the surveillance agencies (the “eyes”) of several countries. The original group is the Five Eyes (abbreviated as FVEY)—consisting of the U.S., the UK, Canada, Australia, and New Zealand—which shortly after the second world war signed a deal (the UKUSA pact) to share intelligence among each other.

Over the years, four other countries informally joined the original five (the Netherlands, France, Denmark, and Norway), making nine.

A few years after, five more joined (Belgium, Italy, Germany, Spain, and Sweden) to come to the grand total of 14.

However, these three groups are different from each other in what they share with each other.

Differences Between the Five, Nine, and Fourteen Eyes

Naturally, deals struck between spies aren’t accessible to regular people, but we do know a fair bit about these three groups, especially the original five. This is because their founding document, the UKUSA agreement, was made public in 2010. The British National Archives has the full text.

Probably the most important thing to highlight is that this deal isn’t explicitly between the governments of any of the countries involved, but between their spy agencies, particularly those tasked with what’s called signals intelligence or SIGINT in spy-speak, which boils down to communications surveillance like wire-tapping. In the case of the U.S., it’s the agency now called the NSA, while in Britain, this role is filled by GCHQ.

Of course, most of the governments involved were aware of the deal, though not all. The Australian government was kept in the dark until 1973, for example, which gives you an idea of the impunity with which these surveillance agencies were operating.

The purpose of the Five eyes was and is to automatically share information through the STONEGHOST network, as well as share technology and methods. The other two associations, the Nine and Fourteen Eyes, are removed one and two steps away from this inner circle, respectively.

Again, details are sketchy, but it appears the four extra members that make up the Nine Eyes have to request permission to get information and don’t receive everything, while the five that make up the Fourteen Eyes get even less.

On top of these “official” members, there also seem to be deals in place with countries like Israel and South Korea, though we don’t know much beyond that.

The Purpose of the Five, Nine, and Fourteen Eyes

The reason these surveillance agencies set up these agreements was, initially at least, to simply share information and methods. All these countries are allied to each other in NATO, it makes sense that they all work from the same set of facts and knowledge. However, we should be worried not about them working together against NATO’s enemies, but rather against their own populations.

In 2013 Edward Snowden, a former contractor for the CIA, revealed to the world that western governments were spying on their own people en masse. Agreements like the Five Eyes greatly aided that information gathering, not only through sharing data on countries’ citizens but also through more direct means.

For example, the NSA and GCHQ aren’t allowed to listen in on their own citizens’ communications without a warrant. So, if GCHQ wants to listen in on a British citizen’s phone calls, it would ask the NSA to do it, as it’s not bound by the same rules for British citizens. The GCHQ could then listen to U.S. citizens’ calls.

Protection Against Surveillance: VPNs

As you can imagine, many people the world over were shocked to find out that, not only were their governments spying on them, they did so quite blatantly and never really stopped, even after the Snowden leaks. In response, many people turned to ways to protect their online communications.

First and foremost among these tools are virtual private networks, which can encrypt your internet connection and thus make it impossible for any third party, be they spies or marketers, to see what you’re doing online. VPN providers, unsurprisingly, jumped at the free marketing spy agencies were giving them and advertised their products as a great way to prevent this kind of snooping.

It should be said that this is true: if you’re worried about surveillance, either from the government or from elsewhere, a VPN is a great tool to use. It’s not the only one, nor are they bulletproof, but they’re a good option, especially if used with incognito mode.

Does It Matter if My VPN Is Based in the Five Eyes?

However, many VPNs go a step further than these claims and will tell you that any VPN based inside the jurisdiction of the Five, Nine, or Fourteen Eyes is dangerous for users. We disgree: if the VPN you’re using is a trustworthy no-log VPN, one that doesn’t keep a record of what you’ve been up to online, then it doesn’t really matter where they’re based.

The whole point of a VPN is to avoid detection, so as long as the VPN itself is safe, it doesn’t matter where a VPN is based. The only exception is countries where VPN use itself is illegal (a pretty short list, thankfully.) Other than that, you should be okay. That said, if you’re particularly worried, you could always use a VPN that lets you sign up anonymously. That way, you can be sure nobody can track you—it doesn’t matter how many eyes they have.

Profile Photo for Fergus O'Sullivan Fergus O'Sullivan
Fergus is a freelance writer for How-To Geek. He has seven years of tech reporting and reviewing under his belt for a number of publications, including GameCrate and Cloudwards. He's written more articles and reviews about cybersecurity and cloud-based software than he can keep track of---and knows his way around Linux and hardware, too.
Read Full Bio »