14 Eyes Jurisdiction: What Is It, and What Does It Mean for Your Privacy?
VPN Providers for 14 Eyes Jurisdiction
14 Eyes Jurisdiction
As a regular consumer of privacy news and information surrounding privacy technologies, you might have come across the term “14 eyes” once or twice in your travels. Beyond the spooky name, the actual purpose of the 14 Eyes Collective is far more insidious than many people living in the developed world could imagine. But what exactly are the 14 eyes, and what is their ultimate purpose? Who do they target, and how can you avoid falling under their jurisdiction of intelligence gathering and sharing?
Read on in VPN.com's guide to the 14 eyes intelligence collective to find out everything you need to know on this shadowy group of surveillance agencies!
The 5 Eyes intelligence alliance: A history
To get started, it helps to know the history of the 14 Eyes collective, or more perhaps more accurately, how the original Five Eyes intelligence alliance morphed into so many more countries in such a short period of time.
The year was 1941, and the Allies were losing the war in Europe. Hitler was quickly gobbling up countries and territories and countries by the handful, and the UK was in desperate need of help from anyone who could offer it. With the US acting as a conscientious objector at the time, the UK government reached out in an attempt to establish an agreement with the States which said that if they could get help, the UK would no longer attempt to expand any more of their imperialist rule on their many colonies spanning the globe.
Despite this, it would take another several months before the United States threw their hat into the ring, and another few years before the two countries signed the British-US Communication Intelligence Agreement, otherwise known as the “BRUSA Agreement”.
BRUSA facilitated the first step in sharing what the two countries deemed “highly sensitive material”, which essentially just referred to any intelligence which would help either country succeed in their united effort against the Axis of Evil.
Finally, once the war was over, the UK and United States solidified their continuing intelligence relationship with the ratification of the UKUSA Agreement. The UKUSA Agreement was a full-fledged channel through which the two countries would share intelligence information leading into the Cold War with Russia. Soon after Canada was added into the ring of trusted commonwealth nations (1952), followed by Norway (same year), Denmark (1954), Australia (1956), and New Zealand (1956).
By 1957 the number of participating countries was reduced to just five: the United States, the United Kingdom, Canada, Australia, and New Zealand. Thus, the “Five Eyes Collective” was born.
Five Eyes, Six Eyes, Nine Eyes, and 14 Eyes: What’s the difference?
So now that you know how the whole Five Eyes collective got started, where do the rest of those numbers come into play? Before we dive into this section, we need to establish the difference between the “eyes” collectives and how they operate independently of other countries.
As we established above, the Five Eyes collective currently refers to only five countries around the globeonly five countries around the globe (for a full list see the previous section). These are considered the “head honchos” of the intelligence sharing network, and any country included in the list of the Five Eyes will always have priority when it comes to what intelligence is gathered or shared on their behalf.
Back in 2009, it was reported by the magazine L’Obs that France had requested entry into the Five Eyes collective, but wanted the other members to sign a “no-spy” agreement first which would prevent any of the other members from gathering intelligence on French citizens. Supposedly this addendum didn’t sit well with either the director of the CIA or then sitting US President Barack Obama, so the motion was denied.
That said, there have been reports that Singapore, Israel, and Germany have all “partnered” with the Five Eyes in one fashion or another, though the true extent of these relationships and how deep they actually go remain a closely guarded secret.
The Nine Eyes incorporates many of the original signatories of the UKUSA treaty back into the Five Eyes fold, including Denmark, France, the Netherlands and Norway. Many of the same privileges of the Five Eyes countries are afforded to those in the Nine Eyes, though the true extent of how much they can or can’t see (or trade with other countries who have deeper intelligence privileges) remains a guarded secret.
Finally, we come to the Fourteen Eyes collective. This alliance consists of the 9 nations mentioned previously, as well as Germany, Belgium, Italy, Spain, and Sweden. As you go down the list from five, to six, to nine and then 14 the level of intelligence shared (as well as the privileges of who can spy on who without repercussion) degrades in corresponding fashion.
Intelligence sharing collaborations
Although not recognized officially as a part of the 14 Eyes collective, there are a number of other countries which also began an intelligence sharing network with the 14 Eyes as a part of the invasion of Afghanistan starting in 2001. These include (but aren’t limited to): Austria, Belgium, Czech Republic, Denmark, Germany, Greece, Hungary, Iceland, Italy, Japan, Luxembourg, the Netherlands, Norway, Poland, Portugal, South Korea, Spain, Sweden, Switzerland and Turkey.
It’s believed that around 41 nations have shared intelligence with the 14 Eyes countries during the start of the invasion, which means that for every country you think is safe to harbor your personal data, there are 10 or more ready to prove you wrong.
What’s the problem with the 14 Eyes?
So a couple countries around the world (almost all developed Western nations that are currently members of NATO) are sharing information, what’s wrong with that?
Well, the real trouble started when governments began abusing the Eyes agreement in order to get around domestic spying laws and local surveillance restrictions. How it worked was something like this: say for example the GCHQ wanted to get a warrant on a domestic member of the UK, but their request was denied by local courts due to one hangup or another. Rather than admit defeat, the GCHQ would simply send a request over to the NSA (the United States surveillance agency) to spy on the target instead since the NSA had no laws in place which would prevent them from starting an investigation on foreign soil (i.e - the UK).
Then, using the agreement set up between the two countries the information gathered by the opposing agency would then be shared back to the original agents on the case. According to documents from the Snowden leak published by Der Spiegel, this system of “you scratch my back and I scratch yours” was abused extensively by members of the Five Eyes collective on a daily basis:
"Britain's GCHQ intelligence agency can spy on anyone but British nationals, the NSA can conduct surveillance on anyone but Americans, and Germany's BND (Bundesnachrichtendienst) foreign intelligence agency can spy on anyone but Germans. That's how a matrix is created of boundless surveillance in which each partner aids in a division of roles.
They exchanged information. And they worked together extensively. That applies to the British and the Americans, but also to the BND, which assists the NSA in its Internet surveillance."
And as of this workaround weren’t already bad enough on its own, the effect is only compounded when you consider the immense amount of funding that certain countries get for their intelligence agencies. The United States (obviously) leads the pack in this regard, and why this is important is the subject of our next section.
The Snowden leaks change everything
If all the countries currently signed on as a part of the 14 Eyes jurisdiction were following the rules and abiding 100% to the letter of the law when it comes to surveillance, that would be one thing. But as the Snowden documents released in 2013 clearly show, it wasn’t long after agencies like the NSA and GCHQ got their hands on the surveillance tools afforded to them by the PATRIOT Act that they just as soon began abusing the hell out of every system imaginable.
Whether it was creepy investigators passing illicit webcam recordings around the office or agents using the tools at their disposal to spy on the online activities of their former lovers (ex-wives and the like), it was clear that if you hand one of the most extensive spying tools ever created over to a bunch of regular people, people are going to do what people do best: abuse their power as much as humanly possible.
Not only were the systems abused on a personal level, but it soon became clear that large multinational technology firms had also gotten in on the action. Monoliths like Google, Yahoo, AOL and Facebook had all been both voluntarily and involuntarily leaking literal petabytes of data through the cracks in their own systems, making it so that essentially any member of the 14 Eyes could gain access to the “backbone” of the internet as long as they went through the NSA or GCHQ channels to get it.
This meant that not just the major superpowers of the world had a grip on surveillance dominance anymore. Any of the 14 Eyes countries could claim an equal amount of power in the equation, extending what was already a completely overblown system into the grips of much smaller, essentially neutral countries like Norway and Denmark.
Ultimately the 14 Eyes collective is designed to let anyone with membership have access to every system that every other country develops, and that in and of itself is one of the most dangerous prospects of all.
Here is a full list of the operations that were managed and shared between every member of the Five Eyes collective:
14 Eyes and VPNs: Why should you care?
All of this just goes to show that even if you think you’re out of reach from major surveillance countries like the US or the UK, if you (or your VPN provider) resides in or operates servers out of any of the nations mentioned above, your data and your privacy could still be at risk.
Say for example you choose a VPN provider that doesn’t reside within the Five Eyes countries, but is still apart of the 14 Eyes collective. If for any reason the United States wanted to get data on a VPN provider that operates out of Spain, they would simply exercise the power afforded to them by the original Five Eyes agreement and pressure the Spanish government to hand over any logs that were collected from the VPN provider in question.
This is an issue because it essentially means that what was originally a way for a VPN provider to avoid prosecution has now just become a minor inconvenience for the host governments who are intent on destroying any semblance of digital privacy as we know it in 2018.
14 Eyes and VPNs: What can you do?
In order to combat this overreaching abuse of ancient surveillance agreements that were signed before the internet was even invented, we at VPN.com recommend you choose a VPN provider which is based out of a non-14 Eyes country, and also one that commits to a 100% “no-logs” policy for all its users.
We’ve combed the internet for all the VPN providers currently operating in the space today and found that only around 115 of them don’t have home bases which fall under the 14 Eyes jurisdiction. Of these, only 32 commit to a full no-log policy, which can sound like a bit of a limitation but when you get down to it what’s more important to you when you use a VPN: convenience, or privacy?
VPNs are designed to keep the privacy of your digital information as safe as humanly possible, and the only way you can completely guarantee that your data will never end up in the hands of a malicious government surveillance agency is by going with a provider that operates outside of any 14 Eye country.