• Home
  • Privacy
  • What Are the 5, 9, and 14 Eyes Countries?

What Are the 5, 9, and 14 Eyes Countries?

Alex Popa

By Alex Popa . 3 August 2024

Cybersecurity Journalist

Miklos Zoltan

Fact-Checked this

The Five, Nine, and Fourteen Eyes Countries are a government-approved global information-sharing alliance that engages in massive surveillance.

The alliance is comprised of the following countries:

  • The United States
  • The United Kingdom
  • Canada
  • Australia
  • New Zealand
  • The Netherlands
  • France
  • Denmark
  • Norway
  • Belgium
  • Italy
  • Germany
  • Spain
  • Sweden

You’re likely here because you’ve heard someone say something like “Don’t use that VPN. It’s based in a 14 Eyes Country.” And it’s true, the Alliance is particularly relevant to VPN use because of the data collection policies involved.

In the following guide, I’ll talk about every individual Alliance, explain what they do, what this means for VPN use, how to avoid the Alliance, and more.

Time is precious, so let’s start!

What Are the 5 Eyes Countries?

Constant surveillance

The 5 Eyes countries are the United States, the United Kingdom, Canada, Australia, and New Zealand. Together, they form the 5 Eyes Alliance, a government intelligence entity established in the aftermath of the Second World War.

The 5 Eyes Alliance serves as the foundation for the 9 Eyes and 14 Eyes Alliances, which include additional countries. These five founding nations are involved in the highest levels of surveillance and data-sharing protocols.

Let’s explore each country in the alliance:

The United States

  • Surveillance Agency – National Security Agency (NSA)
  • Surveillance Law/Policy – The PATRIOT Act, which allows US agencies to collect any amount of data considered necessary, including emails and call records of US citizens

The United States is still considered one of the two leaders of the 5 Eyes Alliance, alongside the United Kingdom. The two countries created the UKUSA Agreement, which led to the appearance of SIGINT (signals intelligence), a program for collaboration and information sharing through signals intelligence.

They were mainly preoccupied with Russia and its allies as the Second World War was nearing its end. However, the Alliance has since changed its goals as it expanded to the 9 Eyes and the 14 Eyes.

The United Kingdom

  • Surveillance Agency – Government Communications Headquarters (GHQC)
  • Surveillance Law/Policy – The Investigatory Powers Act, which allows government agency to collect internet records and force ISPs (internet service providers) to retain and surrender user logs of websites

Perceived as one of the two leaders of the 14 Eyes Alliance, the UK was a founding member of the 5 Eyes Alliance, alongside the US.

To this day, the Mi6, which is the UK’s intelligence agency, is one of the most active intelligence agencies in the world, even among other 14 Eyes countries.

Canada

  • Surveillance Agency – Communications Security Establishment (CSE)
  • Surveillance Law/Policy – The Anti-Terrorism Act allows the CSE to acquire and use any information from the global information infrastructure for surveillance and intelligence activities

Canada was there when the UKUSA Agreement was signed in 1946, and its early involvement shows its undaunted commitment to the intelligence sharing.

There’s a close tie between the intelligence agencies of the US, the UK, and Canada. This means that they exchange intelligence information freely.

At one point, several Canadian judges have condemned the fact that Canada had requested other Five Eyes countries to spy on Canadian citizens.

New Zealand

  • Surveillance Agency – Government Communications Security Bureau (GCSB)
  • Surveillance Law/Policy – The Intelligence and Security Act 2017 allows surveillance agencies in the country to collect and analyze massive amounts of data to serve the government’s goals

New Zealand’s role as a 5 Eyes member wasn’t always public knowledge. And when it was found out, it became a pretty controversial topic among its citizens.

Plus, the country has been criticized in the past for being an absent voice in criticizing China and not being comfortable with its status as a 5 Eyes member.

However, this has changed significantly when Winston Peters, the country’s Foreign Minister said that he will try to strengthen New Zealand’s ties to the other 5 Eyes Countries.

Australia

  • Surveillance Agency – Australia Signal Directorate (ASD)
  • Surveillance Law/Policy – The Telecommunications Interception and Access Act lets intelligence agencies in the country to intercept, collect, and access any stored communications if they have the proper warrant

Australia is the last member of the 5 Eyes Alliance, and just like with New Zealand, there was a public outcry about the country’s involvement in the intelligence gathering initiative.

What Are the 9 Eyes Countries?

Cyber eye

The 9 Eyes countries were formed from the 5 Eyes Countries plus the Netherlands, France, Denmark, and Norway. It’s unclear when this Alliance was formed or when these countries joined it.

This Alliance is also less known and widely-recognized compared to the 4 Eyes or the 14 Eyes. The four countries entered the Alliance to bolster their intelligence gathering and surveillance capabilities.

The 9 Eyes Alliance was also part of Edward Snowden’s leaks that were exposed in June 2013. While it wasn’t the focus of the leaks, the world still found out about the alliances and no one liked it.

Let’s go over them below:

The Netherlands

  • Surveillance Agency – General Intelligence and Security Service (AIVD)
  • Surveillance Law/Policy – The Intelligence and Security Services Act 2017 allows government agencies to intercept communications, decrypt files, and hack third parties at their discretion

Not much is known about the role of The Netherlands as part of the 9 Eyes Alliance but it’s safe to assume that they’re fully cooperating with the other members in their intelligence gathering operations.

France

  • Surveillance Agency – Directorate General for Internal Security (DGSE)
  • Surveillance Law/Policy – The French Intelligence Act 2015, which allowed all intelligence agencies to employ telephone tapping and internet wiretaps, access metadata, and exploit computer networks

France is a big contributor to the 9 Eyes Alliance, just like the Netherlands and the rest of the newly-added countries that form the 9 Eyes Alliance.

Denmark

  • Surveillance Agency – Danish Defence Intelligence Service (FE/DDIS)
  • Surveillance Law/Policy – European Union’s Directive on Data Retention that forces telephone providers and internet service providers to log user data, which includes their IP address

Again, there’s nothing specific about Denmark’s membership in the 9 Eyes Alliance worth to mention. Most of the information about their actions or involvement is not public knowledge, as you can probably imagine.

Norway

  • Surveillance Agency – Norwegian Intelligence Service (NIS)
  • Surveillance Law/Policy – The Norwegian Intelligence Service Act 2020 allows the NIS to collect information using third parties and share it in a bilateral/multilateral collaboration

Norway is a staunch supporter of the SIGINT collaboration and is likely participating in the global intelligence gathering efforts of the Alliance. International cooperation and threat monitoring has always been at the forefront of the Alliance’s priorities.

What Are the 14 Eyes Countries?

Eye Surveillance

The 14 Eyes Alliance is the final “form” of the global surveillance initiative. It includes the 5 Eyes and the 9 Eyes members plus Germany, Belgium, Italy, Spain, and Sweden.

It’s the coalition of 14 nations, which makes signals intelligence sharing (SIGINT) more extensive than ever before. The intelligence network’s capabilities are broader and more acute, allowing for more performant monitoring and threat mitigation.

The 14 Eyes also shows how more European states have seen the merits of a global intelligence initiative and the sharing of information between like-minded states. International privacy and security have clearly changed substantially ever since this Alliance was formed.

Let’s go over the new member countries below:

Germany

  • Surveillance Agency – Federal Intelligence Service (BND)
  • Surveillance Law/Policy – The German Federal Constitutional Protect Act permits intelligence agencies to access any relevant information from foreign service providers by infiltrating their servers incognito. They’re also allowed to decrypt any encrypted messages

Germany is one of the main contributors to the 14 Eyes Alliance and a powerful European nation whose influence over the intelligence initiative cannot be overstated.

Belgium

  • Surveillance Agency – State Security Service (VSSE)
  • Surveillance Law/Policy – The Data Retention Act that requires TSPs and ISPs to keep activity logs. This act was struck down by the Parliament in 2021, though

Belgium’s role as a 14 Eyes Country is well known but what may be less known is that the Belgian Constitutional Court annulled the Data Retention Act in 2021.

The Court mentioned that, even though data retention is allowed under specific circumstances, the Data Retention Act was not compliant with the exceptions described by the CJEU. Therefore, the provisions of the Law regarding data storage were annulled.

We don’t know how this will affect Belgium’s standing within the 14 Eyes Alliance, though.

Italy

  • Surveillance Agency – Italian Intelligence and Security Services (AISE)
  • Surveillance Law/Policy – Italy’s Anti-Terrorism law has provisions that enables intelligence agencies in the country to use wiretaps and share the data for national security purposes

Italy is also a member of the 14 Eyes Alliance and it actively collaborates in gathering and sharing military intelligence with the other members of the alliance. We don’t have any other information at our disposal at the moment.

Spain

  • Surveillance Agency – National Intelligence Centre (CNI)
  • Surveillance Law/Policy – The Data Retention Law permits national intelligence agencies to access user logs kept by ISPs and TSPs

Spain’s role in the 14 Eyes is not as well known as that of the US or the UK. This type of information is not public but we can safely assume that the country cooperates extensively with all the other members.

Sweden

  • Surveillance Agency – Swedish Military Intelligence and Security Service (MUST)
  • Surveillance Law/Policy – Sweden’s Data Collection Act gives the Swedish Security Service the authority to obtain data logs from ISPs and TSPs and decrypt electronic communication

Sweden is the last country in the 14 Eyes and, coincidentally or not, we have no information about its role in the Alliance. It’s all surrounded by secrecy.

How Does the 14 Eyes Alliance Affect VPN Use?

Total surveillance

This is the most important part of this article – why does the 14 Eyes Alliance matter to VPN users?

Well, simply put, because the 14 Eyes Alliance is equal to a lack of privacy and anonymity. A company based in one of these countries is vulnerable to subpoenas requesting data on its users or it may be forced to keep logs on you.

And we know what the most powerful selling point of VPNs is. That’s right, zero-logs policies. You don’t want your VPN company to keep logs on you, track your activities, and know who you are.

If a VPN company is based in one of these 14 Eyes countries, the government may:

  • Force them to keep logs on their users, which includes personally identifiable information
  • Force them to keep logs on the activities of their users
  • Force them to hand over those logs in case the authorities need them

This third requirement isn’t necessarily bad as long as they can’t force the VPN company to keep logs in the first place. After all, even if you’re legally obligated to hand over the logs, if you don’t keep any, there’s nothing to hand over.

But even this isn’t enough. Either one of these 14 Eyes countries could force a VPN company to keep logs under specific circumstances. For instance, a simple request from the government – see the Proton case.

And this isn’t necessarily the company’s fault. They have to obey the laws. The problem is that they chose to set their headquarters in one of these privacy-unfriendly countries.

Compromised Privacy & Anonymity Through Data Retention Laws

The 14 Eyes Countries are well-known for their data retention laws. The intelligence agencies in these countries have both the authority and power to order any company to hand over user data, given the right circumstances.

As a user of a VPN company based in the US, for instance, your privacy and anonymity are at the hands of the US government. And the US is one of the founders of the 14 Eyes Alliance, their intelligence service being among the best in the world.

When it comes to VPN services, they’re the number one target when it comes to privacy and data retention laws. People use VPNs to remain anonymous, yet the VPN company might be forced to keep logs on them and deanonymize them to the authorities.

This contravenes the VPN company’s promises of privacy and anonymity. It’s also entirely legal for the authorities to intervene if the VPN is based in one of the 14 Eyes countries.

Most VPN users don’t like someone else keeping tabs on what they’re doing. They signed up for a VPN subscription to avoid being tracked in the first place.

What Data Does the Alliance Collect?

Man collecting data

The 14 Eyes Alliance collects all types of electronic communications, including emails, telegraphs, messages, and has the power to force companies to keep user logs.

And contrary to popular belief, the Alliance doesn’t only keep tabs on high-profile individuals. Their intelligence network spreads far beyond that, especially when you consider all 14 countries engage in data collection.

Their combined intelligence networks collect enormous batches of data belonging to high-profile and regular users.

Here’s what the Alliance likely collects from you:

  • A history of all the websites you visit
  • A summary of the time you spend online
  • Your IP address
  • Your Personally Identifiable Information (PII)
  • Timestamps of different activities
  • Connection duration
  • Everything you type into a search engine
  • Location data taken from browsers and other tracking systems
  • Financial data like bank transactions, credit card usage, and more
  • Biometric information like DNA information, fingerprints, and iris scans
  • Social media activity and search queries
  • The content of phone calls, text messages, emails, and other types of electronic communication

We still don’t fully know what else the Alliance collects, but it’s safe to assume that all of the above are part of the data collection.

Intelligence agencies can also force VPN companies to start keeping user logs that contain PII and can link internet activities to specific users. Anonymity is thrown out the window just like that.

And once the Alliance gets hold of your data, you are no longer in control of it, which is what privacy stands for. The subversion of privacy and anonymity as a means of control and mass surveillance – that’s what the 14 Eyes Alliance is.

Asking Alliance Countries to Spy on Your Own Citizens

What happens when a country specifically dictates a right to data privacy in the constitution? That should make it harder for governments to spy on their own citizens, right?

Well, wrong. 14 Eyes members can ask one another to spy on each other’s citizens, since this wouldn’t be a breach of their constitution.

For instance, the US can ask France to keep tabs on a US citizen of interest that the US government technically can’t track because of the constitution right to privacy.

France doesn’t have this problem because it’s a foreign state. They don’t have to follow the US constitution. And so, the US government gets what it wants, the French government receives new information, and no laws are ever broken.

That’s how 14 Eyes countries can effectively collect any data from their own citizens, even if the laws don’t permit it. It’s a legal workaround that renders privacy and anonymity obsolete and takes control over your data away from the individual.

Four Ways that the 14 Eyes Alliance Impacts User Privacy

The 14 Eyes Alliance impacts user privacy in four major ways:

  • Mass Surveillance – The alliance can collect data indiscriminately from anyone and everyone, including innocent people who are never suspected of anything. This mass surveillance is a clear violation of user privacy but they have the plausible deniability on their side
  • Backdoors Into Encryption – The alliance knows that, as encryption protocols become stronger, their surveillance tools will become less efficient. In 2020, the US Office of Public Affairs issued a press release saying that end-to-end encryption can have an impact on public safety, and that it would be ideal for companies to have backdoors in place for law enforcement and intelligence agencies
  • Collective Data Sharing – As stated above, partner 14 Eyes members can ask one another to collect information about each other’s citizens. This workaround evades the applicable privacy requirements in that specific country
  • Destroying Anonymity – The Alliance can legally require ISPs and TSPs to keep user logs and provide them to the authorities when needed. They can also do this with VPNs, which has happened several times in the past. In 2017, VPN provider Riseup chose to comply with two FBI warrants for fear of being found in contempt of the court

It doesn’t help much that you don’t live directly in one of the 14 Eyes countries either. The services and products you use might be based in these countries, in which case your data is vulnerable.

But not all hope is lost. Below, I’ll give you a few actionable methods to protect your privacy and anonymity from the 14 Eyes!

How Can You Avoid the 14 Eyes Alliance?

Hiding from surveillance

Right now, you’re probably thinking that there’s nothing you can do. With such a massive surveillance network spying on you with virtually unlimited resources, what can you do?

Well, a couple of things:

1. Use a Privacy-Friendly Browser & Search Engine

Let’s get one thing straight – all Google products are massive data collection tools. Google Chrome and the Google search engine are the worst enemy of privacy and anonymity.

So, the first step I would take (which I did take) is change my internet browser and search engine to more private alternatives.

I’ve personally used Mozilla Firefox, Brave (Chromium-based browser), and Librewolf (Firefox-based browser) throughout the years. Currently, I’m using the latter and I’m quite happy with it.

As for search engines, there’s DuckDuckGo, Searx, Startpage, Quant, and a few others. I’m still using Google’s search engine because it provides the best search results by far, and I need it for SEO. So sadly, that’s less privacy for me.

But you may be perfectly happy with a different search engine, so try them out and see which one you like best. A word of warning – most private search engines are slower because of the extra privacy layers.

2. Use a Private Email Provider

You’re likely using Google Mail (gmail) or the obsolete Yahoo mail. That’s fine but these mail providers aren’t encrypted, and they’re both based in the US, which is the leader of the 14 Eyes Alliance.

An anonymous and private email provider like ProtonMail applies end-to-end encryption over your emails, making them inaccessible to external parties.

Proton is also based in Switzerland, which is outside the 14 Eyes Alliance. This means your data is much safer compared to Google or Yahoo.

I’ve been personally using ProtonMail for almost half a year and I’m quite happy with it. It has both a free and premium plan, with both using the same level of encryption. You can easily use the free plan as long as you manage the limited storage space regularly.

The premium plan provides a host of critical anonymity features like the Aliases or alternative email addresses that you can have.

For instance, I have 6 email addresses on my Proton account. One is for shopping, one for social media, another for banking, one for work, another one for crypto accounts, and one is the master email address.

Any email coming to these addresses will arrive in the same inbox, so you don’t have to juggle around with multiple windows. You can also change the email address you’re replying from on the fly.

And the Alias system is another system in itself. I still haven’t had time to get into it but I surely will at some point.

3. Use a Premium VPN Service not Based in the 14 Eyes Alliance

There’s no getting around this. If you want comprehensive privacy and anonymity, a VPN is a hard requirement. It does much more than spoofing your IP address!

But the most important thing when choosing a VPN provider is to make sure they’re not based in the 14 Eyes Alliance. So, go for providers like NordVPN (based in Panama), ExpressVPN or ProtonVPN.

For maximum privacy and anonymity, I can only recommend these three. But it’s up to you which one you choose, depending on their services, offerings, and features.

These three are also in the top three of most popular VPN providers. Surfshark is another famous one but it’s located in The Netherlands, which is in the 14 Eyes Alliance. As a disclaimer, though, Surfshark has been audited externally and its no-logs policy is the real deal.

It’s a great exception of a trustworthy VPN company based in the alliance!

4. Use End-to-End Encrypted Messaging Services

These days, end-to-end encryption is becoming the norm but there are still plenty of people who use unsecured and unencrypted messaging services.

And even among end-to-end encrypted messaging apps, not all equally safe. Take WhatsApp or Facebook Messenger, for instance. Both are end-to-end encrypted but they’re based in the US.

The NSA can force them to keep user logs, access user chats, and surrender the information to the government. These two apps also share information with the rest of the Meta ecosystem, and that’s another vulnerability by itself.

Signal, on the other hand, collects nothing from you. They only data they have is when you created your account and when you last used Signal. That’s all. No chat records, no IPs address, name, or anything else.

This was proven when the FBI issued a subpoena to Open Whisper Systems (OWS), the company behind Signal, and demanded information about two Signal users.

However, OWS could only provide the time of the account creation and the date of the last connection to the Signal servers. No names, telephone numbers, email address, payment methods, or anything else.

It’s not that they didn’t want to surrender this data. They did not have it in the first place. At the moment, I can only recommend Signal for proven end-to-end encryption, privacy, and anonymity.

5. Never Take Your PII for Granted

Your personal information is your most important asset online and in real life. And if you don’t control it, someone else will. I’ve said this before in my comparative study between privacy and anonymity.

Here’s what this means in practice:

  • Don’t create an account for any pointless service and platform. Try to use a service as an anonymous user where possible. If you need an account, use an alias email address
  • Avoid exposing yourself publicly on social media too much or limit your social media usage
  • Don’t publish your PII unnecessarily anywhere. It’s yours, and it should stay private
  • Don’t assume privacy and anonymity anywhere. Always expect your data to be vulnerable, within reason
  • Be very mindful of who can control your data and to what degree. If you can opt out of data sharing features, do so

Protecting your data and avoiding the 14 Eyes Alliance isn’t easy, especially if you live in one of these countries. However, there are still steps you can take to anonymize your identity as much as possible and keep your data as private as you can.

To Summarize

The 5 Eyes Alliance includes the US, the UK, Canada, Australia, and New Zealand. The 9 Eyes includes the 5 Eyes plus Denmark, France, the Netherlands, and Norway. And the 14 Eyes includes the 5 and 9 Eyes plus Germany, Belgium, Italy, Sweden, and Spain.

The Alliance controls the largest data collection and surveillance operations in the world, and the cooperation between the intelligence agencies in the Alliance is unequaled.

It’s up to you which services you use, how to protect your data, and how to remain anonymous. I hope this guide serves you well and if you have any questions, comment below!

Sources

Hunton Privacy BlogPrivacy & Information Security Law Blog

Tech CrunchProtonMail Logged IP Address of French Activist After Order by Swiss Authorities

Justice.Gov International Statement: End-to-End Encryption and Public Safety

RiseupRiseup Moves to Encrypted Email in Response to Legal Requests

Leave a Comment