The private testing has started!

Blog Privacy as seen through fourteen eyes

Please, mind this article is being drafted or rewritten and may contain imperfections. It has not been yet reviewed for final publication.

How countries monitor the citizens and each other? This article is based on secondary research, covers 5-Eyes, 9-Eyes, 14-Eyes agreements, and other possible partners. It also discusses what this means for you and what you could do to protect your online privacy.

An opening eye as a symbol of global surveillance system

Which countries are in the Five Eyes, Nine Eyes and Fourteen Eyes agreement?

When people think of large-scale surveillance, they undoubtedly think of the National Security Agency. Snowden's revelations indicate that the NSA is conducting electronic surveillance on a global scale. It also exposed the network of intelligence agencies.

The fact is almost every country in the world has its signal intelligence (SIGINT) agency. From GCHQ in the UK to BND in Germany, these organisations have focused on intelligence gathering, counterintelligence operations and law enforcement by intercepting communications and other electronic signals. SIGINT covers a wide range of activities, from clicking on the phone to using XKEYSCORE to access a user's email database. Generally, one of the several legal restrictions placed on these institutions is that they cannot monitor their citizens. However, these restrictions motivate them to cooperate and trade information. Five Eyes, Nine Eyes and Fourteen Eyes are the largest and most important agreements that establish a legal framework for such coordination activities.

All SIGINT organizations rely on the cooperation of telecommunications companies and internet service providers(ISP) to access personal private data. By installing a fibre splitter at the ISP handover point, the SIGINT organisation can accurately replicate the data being processed at that point. Then, use deep packet inspection to analyse these data and store them in different data centres.

5-Eyes

The Five Eyes (FVEY) surveillance alliance includes the following countries:

  • Australia
  • Canada
  • New Zealand
  • the United Kingdom
  • the United States

The UKUSA agreement is an agreement for collecting, analysing, and sharing intelligence between the US, UK, Australia, Canada, and New Zealand. Five eye members focus on collecting and analysing intelligence from all over the world.

The agreement was initially thought to be an action taken between Britain and the United States in 1946 after World War II to monitor foreign governments (especially the Soviet Union). Over the years, the treaty has grown in membership and scope. Because the Internet and the amount of data that can be used for interception grow exponentially, the agreement focuses more on domestic surveillance.

The treaty was built based on the Cold War and became the foundation of ECHELON (a series of electronic spy stations worldwide), which can intercept data transmitted by telephone, fax and computer. In essence, the ECHELON station can intercept the transmission data from and to the satellite relay station.

The 5-Eyes is the foundation of a broad network of cooperative relations between SIGINT agencies in Western countries to share intelligence. In almost all aspects, NSA is the global leader of SIGINT. Therefore, most SIGINT agreements (such as 5-Eyes or bilateral agreements) are multilateral agreements, focusing on who can access NSA data and technology. The signatories of the UKUSA agreement are called "second parties". They have the greatest amount of access to NSA data and have the closest relationship with the agency. Other Western countries, such as NATO or South Korea, are "third parties." These third-party agreements are formal, bilateral arrangements between the National Security Agency and the national SIGINT agency. Third parties can still exchange raw data with the NSA, but they have less access to its database.

Although the "Five Eyes" countries agreed not to monitor each other. Snowden's leak showed that some members of the "Five Eyes" monitor each other's citizens and share intelligence to avoid violating domestic laws. There are no official comments from any of the Five Eyes members, and it is not clear whether the Five Eyes members have conducted unauthorised surveillance in the past. The Five Eyes Alliance cooperates with the third parties to share intelligence (forming nine eyes and fourteen eyes); however, the five eyes and the third parties can monitor each other. There is no such restriction for third parties.

9-Eyes

Nine Eyes countries include:

  • 5-Eyes countries
  • Denmark
  • France
  • the Netherlands
  • Norway

The Nine Eyes Alliance refers to a group of countries that share intelligence. The Five Eyes Alliance member states and Denmark, France, the Netherlands and Norway participate as third parties. This group is more exclusive club of SIGINT Seniors Europe (SSEUR) and is not backed by any known treaties. It is just an arrangement between SIGINT agencies. The Nine Eyes Alliance's existence has been mentioned in various online resources and became widely known after Snowden's revelation in 2013. The Nine Eyes Alliance is an extension of the 5-Eyes, which collects and shares large-scale surveillance data through similar cooperation.

14-Eyes

The 14-Eyes surveillance countries include:

  • 9-Eyes countries
  • Germany
  • Belgium
  • Italy
  • Sweden
  • Spain

Fourteen Eyes refers to an intelligence group composed of 5-Eyes member states and Belgium, Denmark, France, Germany, Italy, the Netherlands, Norway, Spain and Sweden. They participate in SIGINT sharing as a third party. The official name of 14-Eyes is SIGINT European Seniors (SSEUR), which has existed in one form or another since 1982. Similar to the UKUSA agreement, its initial task was to discover information about the Soviet Union. The heads of SIGINT agencies (NSA, GCHQ, BND, French DGSE, etc.) participated in the SIGINT senior meeting to share information and discuss issues. Although this group has many of the same members as "9-Eyes", it is a different group. According to the leaked documents, this is not a formal treaty but an agreement reached between SIGINT agencies.

Other partners

Israel, Japan, South Korea and Singapore are also suspected of being third parties to the National Security Agency. Just like the European seniors with SIGINT, there are also Pacific seniors with SIGINT, which was established in 2005. Its members include 5 Eyes member countries and France, India, Singapore, South Korea and Thailand.

Our knowledge of these groups mainly comes from leaks, resulting in indistinct pictures. The membership of these different groups is continually changing in response to global and political developments. And these intelligence agencies, which have access to almost unlimited amounts of personal data, are under little supervision.

National security letter and gag order

The National Security Letter (NSL) is an administrative subpoena issued by the US government to collect information for national security purposes. NSL does not need to obtain prior approval from a judge.

When authorities compel businesses to collect and hand over data, they usually serve them with a gag order as well. It prevents the businesses from disclosing any information to their customers

These laws give a government the authority to compel a legitimate privacy-focused company to become a data collection tool for state agencies without any warning or notification.

What does this mean to you? What can you do for your online privacy?

As the Electronic Frontier Foundation said, the existence of international surveillance protocols like 14 Eyes allows member states to take advantage of minimum public privacy standards. It means that NSA or SIGINT agencies can capture your digital activities and share the data between them, no matter where you are. The scale of large-scale surveillance operations is indeed shocking. Fortunately, there are now some tools to protect your privacy and maintain your online freedom.

VPN

Using VPN services will make it more difficult for surveillance agencies to record and track your Internet activities.

End-to-end encryption for online communication

The best protection measure is to use strong encryption. If you encrypt the data before it reaches the network, monitoring and targeting become more complex. Suppose you use an end-to-end encrypted email service. In that case, all mail is stored with zero-access encryption, making it difficult for surveillance agencies to violate your privacy and read your mail. You can also use similar encryption applications (such as Wire or Signal) to protect chat communications.

Liverado offers an end-to-end encryption email service with the most advanced technologies. Liverado's server is located in Switzerland, which has the strictest privacy laws globally and has not signed any of these surveillance agreements. It provides another layer of legal protection on top of the encryption we use to protect your online privacy and to safeguard your right to online freedom.

Ready to join Liverado? Start your free 14-day trial today.