Five Eyes Alliance: How Countries Share Intelligence Secrets

While the assumption is that using a VPN keeps your online activities safe from prying eyes, it’s not a foolproof solution. VPN companies, like any other industry, are still governed by the laws of the country in which they are located. Have you heard about Five Eyes, Nine Eyes, or Fourteen Eyes? We’re not talking about some kind of hipster music group here, but rather a collection of countries that have agreements in place in regard to sharing information on citizens with other countries. Sometimes that sharing extends to data collected through VPNs. Before we delve into the intricacies behind the various “Eyes” alliances, let’s review a few pertinent points about VPNs: VPN Jurisdiction: Your ability to access a VPN in your country is determined by the laws and regulations enacted by your government. Each country can allow or ban the use of VPNs and your only real recourse would be to move to a more privacy-friendly country. VPN Provider Location: This is the VPN provider’s physical address. A VPN provider does not have to be located in the same country as their VPN servers. Thanks to this reality, you can bypass some of the VPN jurisdiction issues by using a server in a different country. VPN Server Location: This is where the actual VPN servers are physically located . Most reputable VPNs have multiple servers spread across the globe in order to offer you a greater level of anonymity as well as enhanced speed and security options. These terms refer to various alliances of countries that operate in unison globally to monitor and collect data within their own jurisdiction in order to share it amongst alliance members upon request. What does this mean to you? One thing it means is that your VPN data, which might be “private” in another country, could suddenly be shared with your government. For example, say you’re a citizen of the United States using a VPN server in New Zealand for privacy reasons. While the alliance agreement would prevent the U.S. from spying on New Zealand as an adversary, an American government agency could make an official request to New Zealand to see what you’ve been doing online. There’s a good chance the request would be honored since both countries are members of the Five Eyes Alliance. The reality is that if you live in any of the alliance countries and access the internet via a server in another alliance country, forget privacy. For you, it doesn’t exist. There are five countries that officially make up the Five Eyes alliance: The unofficial countries that are part of the Five Eyes alliance include: Nine Eyes Alliance: The Nine Eyes alliance includes member countries from the Five Eyes alliance, plus Denmark, France, The Netherlands, and Norway. Fourteen Eyes Alliance: This alliance was created from the Nine Eyes Alliance and adds Germany, Belgium, Italy, Sweden, and Spain. Does it matter which alliance a country is a part of? Not really. All of them exchange information collected through a variety of means (such as demanding VPN logs from providers) with each other upon request. Your browsing sessions are likely fair game any time if you use a VPN within their jurisdiction (even if it is a “no log” VPN). You thought a “no log” VPN was safe? Most “no log” VPNs still keep track of the IP address that connected, when they connected, when they disconnected, and how much data was transferred during the session. This basic information is often all that is needed to provide substantiating evidence against you. While there are internal laws against the government’s wholesale spying on U.S. citizens, an enterprising federal agency could easily take advantage of a data breach that occurs within its borders. Case in point is the popular hosting provider GoDaddy , which suffered a massive data breach related to one of their Amazon S3 buckets a few years ago. Though the leak involved server configurations rather than user information, it’s not much of a stretch to realize that it could also have been customer addresses or credit card numbers. Furthermore, you can bet that the information was noted and recorded by a Five Eyes member somewhere and perhaps fed back to the U.S. government under the alliance agreement. The letter of the law wasn’t violated, though the spirit certainly was. The bottom line is that this kind of data breach by a private American company like GoDaddy may have yielded personal data on citizens to the government as surely as if the government had done the spying itself. First, you should consider the jurisdiction and location of the VPN server you intend to use. Also, think about the protections offered by your VPN of choice . After that, there are a few other steps you can take: The “big picture” idea to keep in mind is that you cannot forget “they” are always watching you. Using a VPN outside of all the alliance jurisdictions is a good idea, but doesn’t mean you are completely protected. It just means you have a better chance of not being seen by government agencies playing the scarily-real part of Big Brother in today’s online world. While it might create a sense of frustration that governments seem to have the upper hand in this game, a VPN still serves well in protecting your anonymity and browsing data from non-governmental prying eyes such as hackers and scammers, and this is worth a lot.