5/9/14 Eyes Countries & VPNs: What You Need to Know (2023)

Indeed, the 5 Eyes, 9 Eyes, and 14 Eyes Alliances now collect a lot more data, including:

5 Eyes, 9 Eyes, 14 Eyes Alliances: Everything You Need to Know

The terms 5 Eyes, 9 Eyes, and 14 Eyes refer to government surveillance alliances established across different countries. Member nations can monitor and log internet activity gleaned from online users and share it across borders, typically for security and law enforcement.

The 5, 9, and 14 refer to the number of countries in each alliance. Here’s a rundown:

• 5 Eyes: The United States, the United Kingdom, Canada, Australia and New Zealand.
• 9 Eyes: The United States, the United Kingdom, Canada, Australia, New Zealand, Denmark, France, the Netherlands, and Norway.
• 14 Eyes: The United States, the United Kingdom, Canada, Australia, New Zealand, Denmark, France, the Netherlands, Norway, Germany, Belgium, Italy, Sweden, and Spain.

The Eyes Alliances collect a range of data on the average individual, including communications data, location data, and, internet activity. Such extensive data collection harms user privacy and also prevents them from browsing the internet anonymously.

If you want to remain anonymous in spite of this global surveillance effort, a VPN is your best bet. As long as it’s not headquartered in one of the 14 eyes countries, it will keep you anonymous online. A good option to consider is the Panama-based NordVPN.

NordVPN

Getting a good VPN is just the start. Want to learn more about the 5 Eyes, 9 Eyes, and 14 Eyes and how to protect yourself against mass surveillance? Keep reading on!

The Five Eyes, Nine Eyes, and Fourteen Eyes are global government surveillance and information-sharing alliances. These alliances center around monitoring and sharing data, often about their citizens, for national security and law enforcement.

The data monitoring and sharing practices of Eyes Alliances have significant ramifications for individual privacy and freedom online. To ensure our readers are aware of the surveillance they could be subject to, in this article, we’ve explained how the 5 Eyes, 9 Eyes and 14 Eyes alliances work.

We’ve also covered the kinds of information they typically collect and the measures you can take to protect yourself from online surveillance. While there are several precautions you can and should take, using a VPN is the most effective and convenient option, as it encrypts your online traffic. A VPN based outside Eyes Alliance member nations, like NordVPN, is your best bet to avoid surveillance.

What Are the 5 Eyes, 9 Eyes, and 14 Eyes Alliances?

The 5 Eyes, 9 Eyes, and 14 Eyes are alliances that enable collaboration between state agencies to share data about private citizens for national security purposes.

Initially, only five countries worked together to coordinate intelligence efforts against the Soviet Union. These countries primarily focused on sharing signals intelligence (SIGINT). SIGINT involves the interception of signals, which can broadly be of two types:

• Communication Intelligence (COMINT): Communications between individuals, such as messages, telegraphs, and emails
• Electronic Intelligence (ELINT): Electronic signals that can indicate activity or location, such as radar signals

With time, the 5 Eyes Alliance expanded to include other countries. Now, there are three main alliances with differing levels of information sharing. The image below captures the members of the 5, 9, and 14 Eyes Alliances.

The following sections provide a concise but detailed overview of each surveillance alliance.

What is the 5 Eyes Alliance?

The UK and USA were worried about the rise of Soviet Russia in the aftermath of World War II. To keep a check on Soviet activities, they entered into the UK-US Agreement (UKUSA), which enabled collaboration and information sharing in signals intelligence (SIGINT) about Russia and other adversaries.

Gradually, UKUSA expanded to include three other nations, namely, Canada, Australia, and New Zealand. All three nations were strategically aligned with the UK and the US, and their inclusion led to the creation of the 5 Eyes.

Five Eyes intelligence agencies gather SIGINT about individuals in adversary nations and share it with each other. The key surveillance and intelligence agencies in the 5 Eyes member nations are listed in the table below.

Country	Surveillance Agency	Surveillance Law/Policy
USA	National Security Agency (NSA)	The PATRIOT Act allows agencies to collect a vast amount of data, including call records and emails.
UK	Government Communications Headquarters (GHQC)	The Investigatory Powers Act allows for the bulk collection of internet records and requires internet service providers (ISPs) to keep user logs of websites.
Canada	Communications Security Establishment (CSE)	The Anti-Terrorism Act establishes the CSE’s mandate, which includes acquiring and using information from the global information infrastructure for intelligence and surveillance activities.
Australia	Australia Signal Directorate (ASD)	The Telecommunications Interception and Access Act allows intelligence agencies to intercept and access stored communications with a proper warrant.
New Zealand	Government Communications Security Bureau (GCSB)	The Intelligence and Security Act 2017 empowers surveillance agencies to collect and analyze data in keeping with government priorities.

What is the 9 Eyes Alliance?

The Nine Eyes alliance comprises members of the Five Eyes along with Denmark, France, the Netherlands, and Norway. These countries were included to broaden the scope of intelligence sharing and bolster the collective surveillance capabilities.

We have limited detail about the nature of information sharing between the Nine Eyes countries. Despite Edward Snowden’s leaks, the alliance’s work remains shrouded in secrecy. However, we can reasonably conclude that the Nine Eyes alliance members are not as closely knit as the original Five Eyes countries.

The intelligence agencies of the four additional members of the Nine Eyes are listed below.

Country	Surveillance Agency	Surveillance Law/Policy
Denmark	Danish Defence Intelligence Service (FE/DDIS)	Denmark has ratified the European Union’s Directive on Data Retention. Resultantly, telephone providers and ISPs have to log user data, including their IP address.
France	Directorate General for Internal Security (DGSE)	The French Intelligence Act 2015 allows intelligence agencies to lay telephone or internet wiretaps, exploit computer networks, and access metadata.
Netherlands	General Intelligence and Security Service (AIVD)	The Intelligence and Security Services Act 2017 allows agencies to intercept communications, hack third parties, and decrypt files.
Norway	Norwegian Intelligence Service (NIS)	The Norwegian Intelligence Service Act 2020 empowers the NIS to collect information with third parties for the purpose of bilateral/multilateral collaboration.

What is the 14 Eyes Alliance?

The Fourteen Eyes Alliance is also known as the SIGINT Seniors Europe. It includes all the Nine Eyes countries plus Germany, Belgium, Italy, Spain, and Sweden. Resultantly, the Fourteen Eyes mark a significant expansion of the surveillance and information-sharing capabilities of the Alliances.

It is believed that information sharing between the 14 Eyes is not as intense as the 5 or 9 Eyes Alliances. Indeed, nations like Germany have sought to be included in the “inner circle” to gain more access to surveillance information. The following agencies are responsible for information sharing and surveillance in the 14 Eyes member nations.

Country	Surveillance Agency	Surveillance Law/Policy
Germany	Federal Intelligence Service (BND)	The German Federal Constitutional Protection Act allows intelligence agencies to infiltrate foreign service providers to access relevant information. It also allows the decryption of encrypted messages.
Belgium	State Security Service (VSSE)	Belgium’s Data Retention Act required ISPs and TSPs to retain user activity logs. However, the Act was struck down by Parliament.
Italy	Italian Intelligence and Security Services (AISE)	Italy’s Anti-terrorism law includes provisions enabling intelligence agencies to lay wiretaps and share data for national security purposes.
Spain	National Intelligence Centre (CNI)	The Data Retention Law allows national intelligence agencies to access user logs retained by TSPs and ISPs.
Sweden	Swedish Military Intelligence and Security Service (MUST)	Sweden’s Data Collection Act grants the Swedish Security Service the power to obtain logs from TSPs and ISPs and decrypt electronic communication.

Who are third-party contributors?

Despite the expansion of the 5 Eyes alliance to include other nations, it is still largely comprised of Western nations. This can potentially limit the Alliances’ ability to surveil developing nations in Asia and Africa effectively. To plug this gap, the alliance members collaborate with third-party nations, such as South Korea, Singapore, Japan, and Israel.

As such, third-party contributors are additional sources of information for the alliance members. They also share surveillance technology with these third parties. However, third-party contributors do not bear the same obligations and responsibilities as alliance member nations.

What Data Do the 5, 9, and 14 Eyes Collect?

The Eyes Alliances were initially focused on monitoring traditional forms of communication and signals information, such as telephone conversations and text messages. However, the 2013 leaks of sensitive documents on the Five Eyes’ surveillance practices by Edward Snowden revealed that the scope of surveillance was much wider.

Indeed, the 5 Eyes, 9 Eyes, and 14 Eyes Alliances now collect a lot more data, including:

• Communications data: Includes contents of phone calls, emails, and text messages. Metadata, which provides context about the communications — such as their time and location, is also included.
• Internet activity: Intelligence agencies also capture and share data on search queries, social media activity, browsing history, and other online activities. Most nations have laws that require ISPs to retain user activity logs.
• Location data: Location sensors in electronic devices, computer browsers, and other tracking systems collect data about a person’s whereabouts. Intelligence agencies can scrutinize this data to know more about a suspect’s location.
• Financial data: Agencies often track financial information, such as credit card usage and bank transactions, to create money trails, locate suspects, or freeze their assets.
• Biometric information: Fingerprints, iris scans, and DNA information are key biometric markers used to identify individuals by law enforcement and intelligence agencies.

What Surveillance Systems Do the Eyes Alliances Use?

The 5 Eyes, 9 Eyes, and 14 Eyes Alliances have developed a number of surveillance systems and networks to streamline information collection and sharing. Some of the prominent surveillance systems used by the Eyes Alliances are:

• ECHELON: Developed by the Five Eyes during the Cold War, Echelon was used to monitor and intercept communications from Soviet Russia and the People’s Republic of China.
• STONEGHOST: A highly secured network used to share information about military and intelligence topics among the Five Eyes. In 2012, a Canadian Marine was sentenced to 20 years for downloading and selling data from the STONEGHOST network.
• PRISM: Perhaps the most well-known surveillance system used by the Eyes Alliances, PRISM was operated by the NSA, GCHQ, and ASD, to obtain information from US internet companies. The 2013 Snowden leaks revealed the vast extent of online surveillance being carried out by these countries.
• XKeyscore: A metadata analysis tool developed by the NSA, XKeyscore allows intelligence agencies to search through emails and other online communication metadata without prior authorization.

How Do the Eyes Alliances Impact User Privacy?

The complex and confidential surveillance carried out by the 5, 9, and 14 Eyes raise several concerns for user privacy and anonymity online. We’ve highlighted some of the most pressing concerns below:

1. Mass surveillance: The alliances collect data on a large scale, often indiscriminately. This means that even individuals who are not suspected of any wrongdoing can have their data collected and analyzed, a clear violation of user privacy.
2. Undermining encryption: The alliances have increasingly tried to undermine encryption, a vital tool for protecting privacy and online security. For example, in 2020, they warned internet companies of the perils of end-to-end encryption and urged them to create backdoors for law enforcement and intelligence agencies.
3. Data sharing: The alliances share the data they collect with each other, effectively creating a global surveillance network. As such, intelligence agencies in one nation can collect and share information about citizens in another without complying with privacy requirements. For instance, under the PRISM program, UK agencies collected data about US citizens and shared it with the NSA.
4. Compromising anonymity: In addition to undermining encryption, the alliances have also sought to compromise anonymity online by requiring ISPs and TSPs to log user data and provide access when required. Additionally, member countries have often asked VPN providers to share user logs for law enforcement purposes. Notably, “no logs” VPN provider IPVanish led Homeland Security to a Comcast IP address via user logs, while VPN provider Riseup opted to comply with FBI warrants “rather than facing contempt of court.”

What Can You Do to Protect Yourself From the Eyes Alliances?

Given the expansive and pervasive nature of surveillance by the 5 Eyes, 9 Eyes, and 14 Eyes Alliances, it’s difficult to evade surveillance completely. However, there are a few steps you can take to reduce the scope of personal information available online.

Switch to an anonymous email service provider

Emails constitute one of the most common sources of communication information for the Eyes Alliances. Anonymous service email providers prevent your emails from ending up in the wrong hand by encrypting them and removing any personal information, such as your IP address.

ProtonMail is a good place to start creating an anonymous identity online. But read our roundup about the best email providers for privacy if you want more.

Use an end-to-end encrypted messaging service

Like anonymous email providers, end-to-end encrypted messaging services ensure that Governments and ISPs cannot pry on your messages. The only way to access your messages is if the agencies control your device.

However, not all end-to-end encrypted messaging apps are the same. For instance, WhatsApp is based in the US and can be forced to give up information to the NSA. It also shares information with other Meta apps, like Instagram. Conversely, apps like Signal are privacy-focused and resist attempts by governments to acquire user communications.

Take a deeper look at these two in our piece about Signal vs. WhatsApp and their six key privacy differences.

Choose a privacy-friendly browser

While popular browsers like Chrome are convenient and feature-packed, they collect a lot of user information through trackers and cookies. This provides another source of information that intelligence agencies can tap into. Privacy-friendly browsers limit the use of cookies and trackers, which prevents communications surveillance.

The Tor browser is one of the best browsers if you care about anonymity and personal protection. However, it can be slow and clunky. Check out our article on the best browsers for privacy for some alternatives to Tor.

Use a reliable VPN provider

While privacy-friendly browsers and messaging services encrypt some of your online information, a lot of it still remains accessible. For instance, your IP address remains visible to other websites on the internet. This is where a VPN comes in handy, as it encrypts all your online traffic and prevents prying eyes from seeing what you’re doing online.

However, there’s one thing that should be noted: if you want to use a VPN to escape the reach of the 5, 9, and 14 Eyes countries, you should choose a VPN that isn’t based in one of these countries. Our top pick is the Panama-based NordVPN — which we’ll go into more detail on in the next section.

Many providers might be forced to hand over information simply because their HQ is located in, for example, the United States — as is the case with StrongVPN.

Best VPNs Outside the 14 Eyes Alliance

There are a number of good VPNs that are based outside the 14 Eyes countries. However, there are a number of additional factors to consider when choosing a VPN to protect yourself from global surveillance:

• Encryption standards and protocols used by providers to secure your information
• The extent of its data collection and logging practices
• Network of servers globally, and in the 5, 9, and 14 Eyes countries

After extensive testing based on the above criteria, we shortlisted the following three as the best VPNs outside the 14 Eyes Alliance.

1. NordVPN: Security-focused VPN based in Panama

Features:

• Encryption protocols: OpenVPN, IKEv2, Wireguard
• Number of servers: More than 5,700 in 60+ countries
• Audited and certified no-logs policy
• Offers obfuscated servers and DoubleVPN

NordVPN is our highest-ranked VPN. Their company’s headquarters is situated in Panama, which isn’t a part of the 5, 9, or 14 Eyes alliances. Panama also doesn’t have mandatory data retention laws, which means NordVPN isn’t legally bound to store user activity logs.

Not only is NordVPN based outside the Eyes Alliances, but it’s also one of the most secure VPNs we’ve tested. User data is secured using AES-256-bit encryption and the latest protocols, including the proprietary Wireguard protocol. It also has an automatic kill switch on most devices, which keeps your data safe in case your VPN connection is disrupted.

NordVPN is serious about user privacy, reflected in its no-logs policy, which has been audited by Deloitte as recently as 2023. This means it couldn’t hand over user logs to agencies even if they legally demanded it. Nord’s Onion over VPN and Double VPN features can help provide added anonymity and protection, and surveillance.

To access content available only in 14 Eyes countries, you will need a VPN with an extensive North American and European server network. NordVPN stands out in this regard and has one or more servers in all 14 Eyes nations. Its servers deliver excellent speeds and help unblock all kinds of content, including TV and some of the best free sports streaming sites.

Get more information on this provider’s speed, safety, and privacy in our full NordVPN review. NordVPN offers a 30-day money-back guarantee, which lets you try out its features and cancel the subscription at no cost if you don’t like it.

5/9/14 Eyes Countries & VPNs: What You Need to Know (2023)

If you’re a VPN user, you’ve probably heard of the 5 Eyes, 9 Eyes, and 14 Eyes Alliances. These alliances may sound like something out of a spy movie, but they pose a very real threat to your privacy.

The Eyes Alliances are international intelligence-sharing agreements between governmental bodies. Participating countries are known to spy on their citizens through various means, acquiring sensitive and private information that may be shared with the other members of the alliance. But what exactly does that mean for you? And will a VPN really protect you from these threats to your privacy?

The answer is yes — but only if you choose a quality and trustworthy VPN. There are many critical features you have to consider in a VPN to ensure your privacy really will be protected. My top recommendation is ExpressVPN, which is based in the privacy-friendly British Virgin Islands, outside the reach of the Eyes Alliances. It’s also passed several independent security audits from top auditing firms, meaning that you can use it with confidence.

Short on Time? Here Are the Best VPNs Outside 5/9/14 Eyes Jurisdiction in 2023

1. ExpressVPN — Best VPN for privacy with a proven and thoroughly audited no-logs policy. Based in the privacy-friendly British Virgin Islands.
2. CyberGhost — Romania-based VPN with “NoSpy” servers that can only be accessed by authorized CyberGhost staff.
3. NordVPN — Panama-based VPN offers a Double VPN feature, making your online activity harder to both decrypt and trace.

What Are the 5 Eyes, 9 Eyes, and 14 Eyes Alliances?

5 Eyes Alliance

The 5 Eyes Alliance arose out of a cold war era intelligence pact called the UKUSA Agreement. This was originally an intelligence-sharing agreement between the United States and the UK aimed at decrypting Soviet Russian intelligence.

By the late 1950s, Canada, Australia, and New Zealand had also joined the Alliance. These five English-speaking countries make up the Five Eyes Alliance as we know it today. The intelligence-sharing agreement between these five countries has only strengthened over time, extending to surveillance of online activity.

The scope of activity performed by the Five Eyes Alliance was made clear in 2013 after Edward Snowden leaked a number of documents that he obtained while working as an NSA contractor. Widespread government surveillance of citizens’ online activity was exposed to the public. The leak provided clear evidence that the international intelligence-sharing network was more extensive than previously thought.

Evidence was also revealed of member countries using the alliance to circumvent the privacy laws of their own citizens. For example, the UK was found to be working around surveillance laws protecting its populace by asking the USA’s NSA to spy on UK nationals instead. They would then simply request the NSA share the data they pulled. Very clever.

The UK and US in particular have been named as some of the worst violators of online privacy. Here’s a further example of how each country has and continues to monitor the personal information of its citizens:

• United Kingdom. In November 2016, the Royal Assent passed the Investigatory Powers Bill (aka Snoopers’ Charter) into law. The bill grants exclusive surveillance powers to the government. As per the act, internet service providers are required to retain user data such as browsing history, connection times, and text messages for two years, which can be accessed by government agencies and their partners without a warrant.
• United States. After the 9/11 incident, the NSA was authorized to monitor the phone calls and internet data of millions of Americans without a warrant. In 2017, the US Senate also approved a law that would give ISPs the authority to collect and sell user data without their consent.

Other member nations have also implemented similar data retention laws. For example, in 2015, the Australian government passed a law that mandates ISPs to retain customers’ metadata for 2 years.

Member countries of the 5 Eyes:

• United States
• United Kingdom
• Australia
• Canada
• New Zealand

9 Eyes Alliance

The 9 Eyes is an extension of the 5 Eyes Alliance. It includes all the 5 Eyes nations and 4 additional countries: Denmark, France, the Netherlands, and Norway. The alliance was established to enhance intelligence sharing between member nations, with the common goal of preventing threats to national security.

Member countries:

• 5 Eyes countries +
• Denmark
• France
• The Netherlands
• Norway

14 Eyes Alliance

The 14 Eyes alliance is a further extension of the 5 Eyes. It consists of the 9 Eyes countries and 5 additional members: Germany, Belgium, Italy, Sweden, and Spain. This group of countries is officially called SIGINT Seniors Europe (SSEUR).

Member countries:

• 9 Eyes countries +
• Germany
• Belgium
• Italy
• Sweden
• Spain

Third-Party Contributors

Aside from these confirmed alliances, it is also worth mentioning another handful of countries that have been caught or suspected of exchanging information with the Fourteen Eyes Alliance. These include Israel, Japan, Singapore, and South Korea.

Possible 6th Eye?

The 6th Eye is a term used to refer to Japan as a possible addition to the 5 Eyes Alliance. While Japan is not officially a member of the alliance, it has close intelligence-sharing relationships with the 5 Eyes countries.

In August 2020, the Japanese Defense Minister expressed the desire for even closer cooperation with the 5 Eyes and suggested that Japan could become known as the “6th Eye”. Both the US and UK have shown interest in Japan’s possible involvement. However, the concept of Japan being the 6th Eye is not an official designation and remains largely speculative.

A quick-guide to which countries feature in the alliance

Surveillance Systems Used By These Alliances and the Data They Collect

These alliances have a large number of mass surveillance systems in place, with some remaining unknown to the public. Some that have received significant media attention include:

ECHELON

ECHELON is a global surveillance program operated by the 5 Eyes countries. It was originally developed to intercept the military and diplomatic communications between the Soviet Union and its Eastern bloc allies during the Cold War.

By the end of the 20th century, the program had expanded beyond its original scope. Reportedly, it can now monitor telephone calls, faxes, e-mails, and other data streams. It can even trace bank account activity.

PRISM

PRISM is a US government-led initiative that allows the USA’s National Security Agency (NSA) to collect communications data from big corporations like Microsoft, Facebook, Google, Apple, Yahoo, and others. The program was revealed to the public by Edward Snowden in 2013.

XKeyscore

XKeyscore is yet another mass surveillance program operated by the NSA. This can collect and analyze internet data in real-time. According to Snowden, the system enables almost unlimited surveillance. NSA analysts can access your phone calls, emails, search history, and even Microsoft Word documents without a warrant.

How Can This Affect VPN Users?

While a VPN with military-grade encryption can protect you from these surveillance systems, the alliances are always devising more methods to get at your data. For example, in 2018, the 5 Eyes countries released a statement calling on tech companies (including VPN providers) to provide a means for law enforcement to access end-to-end encrypted communications.

Australia is an example of a country that has already passed a bill that permits government authorities to access user data, even if it’s encrypted.

There have also been several instances where VPN providers shared user data with authorities. Riseup, a US-based privacy-focused email/VPN provider, complied with two warrants to share user data. However, the company didn’t disclose this information to the public until much later because of a court-issued gag order.

As another example, UK-based HMA VPN handed over user data to the feds in response to a court order in 2011, which led to the arrest of a LulzSec hacker.

It is also safe to assume that if any of these 14 nations gain access to your data online, your data can then be shared with the other countries in the alliance.

What Can You Do?

So, how do you protect your online data? A VPN should still be your first line of defense against invasive surveillance and monitoring, but your choice of provider is highly important. Not all VPNs will keep you safe from the Eyes Alliances — as I’ve shown above, some do and will continue to cooperate with them.

Listed below are a few critical things to consider if you’re (rightfully) concerned about your online data while using a VPN.

Check the Location of Your VPN’s Headquarters

It’s important to consider where your VPN is headquartered as a business. It’s strongly recommended that you do not choose a VPN provider based in a country associated with the Fourteen Eyes Alliance if you are concerned about online privacy.

If it is, your VPN provider could be forced to hand over user information to the government. This data could then be shared with other countries in the alliance. You may not even know that your privacy has been breached.

Check Your VPN’s No-Logs Policy

The many ways that VPNs can fall under the jurisdiction of various governments (such as the location of the user, location of the server, etc) is why the best VPNs for privacy have strict no-logs policies. This means that they do not retain any kind of identifying information about their users or their online activity.

A great example of this policy in action comes from the well-known VPN provider ExpressVPN. During a Turkish investigation into an ExpressVPN user, law enforcement tried to compel this VPN to hand over identifying data. Despite their best attempts, authorities were unable to find any identifying information due to ExpressVPN’s commitment to protecting its users’ privacy.

Check VPN Legality in Your Country

You need to be aware of the online laws and regulations regarding VPNs of the country you live in. For example, is VPN use even legal in your country? In most cases, the answer is yes, but not always.

Some countries (like China and Iran) have heavily regulated VPN use to a short list of “government approved” VPNs — which you can safely assume are sharing data with the authorities. Others have outright banned VPNs altogether. We always recommend you check your local laws regarding VPNs, as we do not condone breaking the law.

3 Best VPNs Outside 14 Eyes Countries

If privacy protection is the goal, you should always choose a VPN with a strict no-logs policy that is based outside of Eyes Alliance jurisdiction. Even this isn’t enough if you’re serious about staying private online — you need to choose a VPN that is truly dedicated to privacy and can back this up with robust features and proven policies. That’s why I tested dozens of VPNs outside of the 14 Eyes jurisdictions to find the best ones for protecting your personal data.