The 5 /9/14 Eyes Alliances are international surveillance networks in which various countries collaborate to share intelligence information collected on their citizens.
The Eyes Alliances collect data from your internet traffic, phone calls, emails, and other forms of communication and share the collected intelligence among member countries, collectively called the 5/9/14 Eyes. If you’re in one of these participating 14 countries, private conversations and images you share with friends or family are accessible to surveillance agencies. These agencies also monitor global tech companies like Google, Microsoft, Facebook, and Apple, so your data is being collected even if you’re outside the Eyes Alliances, as per ”vpnmentor.com” .
”Five Eyes” (abbreviated as FVEY) Alliance
Secret agreements allow secretive intelligence agencies in Australia, Canada, New Zealand, the United Kingdom, and the USA to spy on the world, according to ”privacyinternational.org”.
In 1946, an alliance was formed between five anglophone countries and their security agencies: the US (NSA), the UK (GCHQ), Australia (ASD), Canada (CSEC) and New Zealand (GCSB) comprising of a series of bilateral agreements(signals intelligence agreements) on surveillance and intelligence-sharing.
Though these arrangements are commonly referred to as the United Kingdom-United States Communication Intelligence Act (UKUSA) agreement, the documents underpinning the Five Eyes alliance are numerous, intricate, and secret.
Pursuant to these arrangements, each of the Five Eyes states conducts interception, collection, acquisition, analysis and decryption activities, sharing all intelligence information obtained with the others by default.
To understand the Five Eyes, it’s important to know what signals intelligence (SIGINT) is. This term essentially means two things:
– Communications intelligence (COMINT) – interception of voice communications, such as telephone calls, as well as text comms (emails, text messages, etc.)
– Electronic intelligence (ELINT) – use of electronic sensors to signals unrelated to communication, e.g. signals from radars or surface-to-air missile systems
5 Eyes countries have intelligence agencies such as the NSA (US) or GCHQ (UK) gathering mass signals intelligence data (i.e. spying) on people in various parts of the world and sharing it with each other.
Although these activities are mainly directed towards geopolitical adversaries, no country is truly exempt from such surveillance, according to ”cybernews.com” .
Each of these countries has passed serious laws that give their intelligence agencies a lot of power to monitor people, according to ”vpnmentor.com” .
”9 Eyes” Alliance
The Nine Eyes is an extension of the FVEY and consists of the following countries:
5-Eyes states + Denmark; France; Netherlands; Norway.
The 9 Eyes uses various programs and technologies to intercept and analyze communications. These activities are a key part of the alliance’s operations. Individuals’ communications in member countries and beyond can be monitored and shared without their knowledge or consent, for example:
– Denmark. Danish ISPs are required by law to retain user data for a specified period, such as browsing history, connection times, and communication metadata. This data can be accessed by intelligence agencies like the Danish Defense Intelligence Service (Forsvarets Efterretningstjeneste, FE) and the Danish Security and Intelligence Service (Politiets Efterretningstjeneste, PET).
– France. Following the Charlie Hebdo and Paris attacks, surveillance laws in France allow for the monitoring of electronic communications, including the bulk collection of metadata, wiretapping, and the use of algorithms to detect potential threats. The primary agencies conducting this surveillance are the General Directorate for Internal Security (DGSI) and the National Commission for the Control of Intelligence Techniques (CNCTR).
– Netherlands. The Intelligence and Security Services Act 2017, also known as the „Sleepwet” or „Dragnet Act,” allows for the interception, monitoring, and analysis of large-scale internet and telecommunications data. This is conducted by Dutch intelligence agencies such as the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD).
-Norway. Intelligence agencies like the Norwegian Intelligence Service (NIS) and the Norwegian Police Security Service (PST) are authorized to monitor emails and phone calls. They also monitor social media interactions and other forms of electronic communication.
”14 Eyes” Alliance (also known as SSEUR or SIGINT Seniors Europe )
The Fourteen Eyes are a further extension of the UKUSA Agreement, known as the SIGINT Seniors Europe (SSEUR). The countries belonging to it are:
9-Eyes states + Belgium; Germany; Italy; Spain; Sweden.
The 14 Eyes Alliance is an extension of the 5 Eyes and 9 Eyes alliances, forming one of the most comprehensive international surveillance networks, officially known as SIGINT Seniors Europe (SSEUR). The alliance includes the original five members of the 5 Eyes (United States, United Kingdom, Canada, Australia, New Zealand), the additional four members of the 9 Eyes (Denmark, France, the Netherlands, Norway), and five more countries: Germany, Belgium, Italy, Sweden, and Spain.
Each member country of the 14 Eyes Alliance has its own surveillance programs and technologies to intercept and analyze internet traffic, emails, phone calls, and other communications. The 14 Eyes countries then share this data among themselves, including signals intelligence (SIGINT), human intelligence (HUMINT), and other forms of data, for example:
– Germany. The Federal Intelligence Service (Bundesnachrichtendienst, BND) is the country’s primary foreign intelligence agency. The BND has broad authority to monitor satellite communications, internet traffic, and other forms of communication data.
– Belgium. Belgian intelligence agencies like the VSSE and SGRS are permitted to use a variety of surveillance techniques to gather information. This includes real-time monitoring and recording of conversations and data exchanges, as well as monitoring internet activities and conducting physical surveillance.
– Italy. The Pisanu Law grants broad surveillance powers to Italian authorities, allowing for extensive monitoring of communications and internet activities. The law mandates data retention by ISPs and telecommunications companies for up to 24 months
– Sweden. The Swedish National Defence Radio Establishment (FRA) and the Swedish Security Service (Säpo) are authorized to monitor electronic communications under specific legal conditions. While its surveillance activities are not as widespread, Sweden can still benefit from intelligence gathered by other member countries.
– Spain. Spanish laws, like the „Gag Law,” allow the National Intelligence Centre (CNI) to monitor and intervene in communications. Additionally, Spanish telecommunications providers are required to retain metadata and other communication data for a specified period.
What are third-party contributors?
Aside from the 5-9-14 Eyes country groups, there are other third-party contributors to the UKUSA Agreement alliance. These countries share with and receive intelligence data from the Eyes group, but have fewer rights and responsibilities.
Among the third-party contributors are countries belonging to NATO (Iceland, Greece, Hungary, Romania, the Baltics and many other European countries), as well as other strategic allies – Israel, Singapore, South Korea, Japan, India, and more.
What Impact Does the 5/9/14 Eyes Alliances Have on Citizens?
Widespread surveillance can lead to a significant invasion of citizens’ privacy. Vast amounts of personal data, including emails, calls, social media interactions, and internet browsing activities, are collected and shared.
Without strict oversight, intelligence agencies can misuse surveillance powers, potentially violating civil liberties by monitoring individuals for non-security reasons like political dissent or activism. Member countries may also bypass legal restrictions by requesting surveillance from other alliance members.
Laws in member countries often require ISPs to store user data, making it accessible to intelligence agencies and vulnerable to unauthorized access. This can deter individuals from discussing certain topics or activities, out of fear that might attract surveillance, impacting basic human rights like freedom of expression.
Surveillance Systems Used By These Alliances and the Data They Collect
These alliances have many mass surveillance systems in place, with some remaining unknown to the public. Some that have received significant media attention include:
– ECHELON
ECHELON intercepts communications using a network of ground-based radio antennas and satellites. It was originally developed to monitor Soviet communications during the Cold War but has since expanded to cover a wide range of communications worldwide. This data is processed and stored in facilities operated by member countries. Surveillance agencies can then search specific keywords to filter relevant information from vast amounts of data.
Data Collected: Telephone calls; Faxes; Emails; Internet traffic.
– PRISM
PRISM is a surveillance program operated by the NSA that collects internet communications from major tech companies. Tech companies like Google, Apple, Facebook, and Microsoft are compelled to share data under legal orders. This program focuses on non-US persons but can incidentally collect data on US citizens.
Data Collected: Emails; Chat messages (including video and voice); Photos and video; Stored data; VoIP calls; Social networking details; Login information and metadata.
– XKeyscore
XKeyscore is a highly classified program of the United States National Security Agency (NSA) that was exposed by Edward Snowden in 2013. It is a powerful tool used for the collection and analysis of global internet data. It’s designed to collect and analyze nearly everything you do on the internet.
Data Collected: Emails; Online chats; Social media; Browsing history; File transfers ; Internet-based voice calls; Geolocation data; Search queries; Login events; Network traffic; Cookies and tracking; Browser fingerprints.
– Tempora
Tempora is operated by the UK’s GCHQ and involves tapping into undersea fiber-optic cables to intercept internet traffic. Large amounts of data are stored for up to 30 days for analysis and shared with other 5 Eyes members.
Data Collected: Internet communications (emails, social media interactions, browsing histories); Telephone calls; Content and metadata of online activities.
– MUSCULAR
The program, run by the NSA and GCHQ, captures a vast amount of user data without the knowledge or consent of the companies or users involved. The primary targets are the internal data flows of major internet companies like Google and Yahoo. MUSCULAR intercepts data traveling between the data centers of these companies, which are often unencrypted in transit. The program captures millions of records each day, including personal communications.
Data Collected: Emails; Search queries; Cloud-stored files; User activities and interactions.
– Stone Ghost
Stone Ghost, also known as the Defense Network Intelligence Exchange (DNIE), involves NATO members and is used for sharing intelligence primarily related to defense and security. The network allows for the seamless sharing of a wide range of intelligence data, including intercepted communications, satellite imagery, and reports from field agents.
Data Collected: Defense intelligence; Operational information; Strategic analyses.
HOW TO AVOID SURVEILLANCE FROM 5/9/14 EYES COUNTRIES
Hiding your IP address and using end-to-end encrypted communication apps can help protect against surveillance. Plus, being mindful of the information you share online and adjusting privacy settings on social media platforms can reduce exposure to surveillance.
Here are the best tools to protect your online identity and activity from prying eyes:
1. Use a VPN
One of the most effective ways to protect your privacy online is to use a Virtual Private Network (VPN). ISPs often log user activities and share this data with government agencies. A VPN encrypts your traffic and routes it through a secure server so your ISP can only see that you are connected to a VPN, not the websites you visit or the data you transmit, effectively blocking a key source of surveillance data.
To prevent your data from being shared, choose a VPN that:
– Is based outside 5/9/14 Eyes jurisdictions.
– Follows a verified no-logs policy.
– Uses strong AES 256-bit encryption.
– Has a kill switch and IP/DNS leak protection to protect against accidental data exposure.
– Obfuscation prevents your VPN from getting blocked on restricted networks, like work.
Important: Use a VPN With Headquarters Outside the 5/9/14 Eyes Alliances
While a VPN with AES 256-bit encryption can protect you from these surveillance systems, the alliances are constantly devising new methods to access your data. For example, requesting that tech companies (including VPN providers) provide a means for law enforcement to access end-to-end encrypted communications.
Choose a VPN with its headquarters outside the 5/9/14 Eyes Alliance, so it won’t be compelled to share your information with government agencies. Also, check that the VPNs no-logs policy has been verified so that no information can be collected that can be used to identify you or trace your online activities.
2. Opt for Secure Browsers and Search Engines
To stay anonymous online and prevent tracking, look for a secure browser that can protect you against hackers and online vulnerabilities. Our top picks include Brave, Tor Browser, and Mozilla Firefox with privacy extensions (uBlock Origin, HTTPS Everywhere).
Combine a secure browser with a reputable private search engine, such as DuckDuckGo, and Startpage. They won’t collect any personal data that can be used to identify you, like your IP address.
3. Avoid Cloud Services from 5/9/14 Eyes Countries
Using secure cloud storage with strong encryption protects your data from unauthorized access, even by government agencies within the 5/9/14 Eyes Alliance, as the data remains encrypted and inaccessible without your private keys. This significantly reduces the risk of your information being intercepted or shared, even if a cloud provider is compelled to cooperate with government surveillance requests.
Use services like Tresorit (Switzerland-based) or pCloud (Switzerland-based). Avoid mainstream services like Google Drive, OneDrive, and Dropbox, which are subject to US jurisdiction.
4. Use Secure and Encrypted Communication Tools
End-to-end encryption tools endeavor that only the sender and recipient can access the content of communications, preventing interception by third parties, including government agencies within the 5/9/14 Eyes Alliance. This encryption protects your data by making it unreadable to anyone without the specific decryption keys.
– Email. ProtonMail (Switzerland-based), Tutanota (Germany-based but with strong privacy laws).
– Messaging. Signal (end-to-end encryption), Wire (Switzerland-based).
– Voice and video calls. Jitsi (open-source and encrypted).
5. Practice Good OpSec (Operational Security)
Implementing specific personal security measures helps protect your accounts from unauthorized access. These measures add an extra layer of security by making it much harder for government agencies within the 5/9/14 Eyes Alliance to access your personal information even if they obtain your login credentials.
– Use strong, unique passwords. Use a password manager like Bitwarden or LastPass.
– Enable Two-Factor Authentication (2FA). Prefer hardware tokens like YubiKey over SMS-based 2FA.
– Regular software updates. Keep your operating system and apps up-to-date to protect against vulnerabilities.
6. Encrypt Your Data
Encrypting your data „at rest” (when stored) and „in transit” (when being transmitted) helps keep your information inaccessible to unauthorized entities even if they intercept it. This dual-layer encryption protects your data from being easily decrypted or shared without your consent, as it remains secure throughout its entire lifecycle.
– Encrypting data at rest. Use full-disk encryption tools.
– Encrypting data in transit. Always use HTTPS websites.
7. Use Privacy-Focused Operating Systems
Using privacy-focused operating systems helps minimize data exposure by reducing tracking, avoiding default data collection, and employing strong encryption. These systems are designed to prioritize user privacy and security.
– Desktop. Tails, Qubes OS, or Linux distributions with strong privacy features.
– Mobile. GrapheneOS (Android), or iOS with careful configuration.
8. Be Wary of Metadata
Even encrypted communications can reveal metadata (who you communicate with, when, and how often). Minimize the amount of metadata generated by:
– Use burner devices and accounts.
– Avoiding linking accounts together.
– Use anonymous payment methods like cryptocurrency.
Metadata can also reveal you’re using a VPN, which could alert firewalls and content filters. Mask your VPN traffic by using obfuscation and secure protocols.
9. Regular Privacy Audits
Checking for IP leaks and reviewing app permissions help identify and close potential vulnerabilities that could expose your data to surveillance by the 5/9/14 Eyes Alliance. By proactively managing these risks, you help secure your digital footprint.
– Check for leaks. Regularly check if your VPN or other services are leaking your IP or DNS.
– Review permissions. Regularly review app permissions on your devices and revoke unnecessary ones.
Additional Privacy Measures
– Don’t overshare. Do not share personal or identifiable information on public apps. Many online services also allow you to disable browsing activity and location data logging. I recommend you disable these tracking services if possible and avoid apps that don’t allow you to prevent your data from being shared.
– Continual education. Privacy and security are moving targets. Stay updated on the latest practices and threats.
Sources:
– Five Eyes – ”privacyinternational.org”
– What Are 5/9/14 Eyes Countries? Your Privacy at Risk (2025) – ”vpnmentor.com”
– 5-Eyes, 9-Eyes, and 14-Eyes agreement explained – ”cybernews.com”
Related art. (ro; en):
– 20.03.2025: A new era of attacks on end-to-end encryption – ”stiridigitale.ro”
– 28.12.2024: Cele mai bune aplicații de comunicare securizată și criptată – 2024 – ”stiridigitale.ro” (ro/en)
– 29.11.2024: Top 10 furnizori de servicii de e-mail privat și securizat 2024 – ”stiridigitale.ro”
– 29.11.2024: Cele mai bune VPN-uri gratuite în 2024 – ”stiridigitale.ro”
– 02.10.2024: Permisiunile aplicațiilor/programelor instalate – explicații – ”stiridigitale.ro”
– 18.09.2024: Sfaturi pentru utilizarea, în siguranță, a conturilor anonime pe rețelele sociale – ”stiridigitale.ro”
– 28.03.2024: Wi-Fi Hacking Happens! Here Are 10 basic actions to secure your home Wi-Fi network – ”stiridigitale.ro”
– 01.02.204: 12 Secure Browsers That Protect Your Privacy in 2024 – ”stiridigitale.ro”
– 25.09.2023: Ghidul începătorilor despre VPN-uri – ”stiridigitale.ro”
Foto: ”freepik.com”
