What is the Fives Eyes, Nine Eyes and Fourteen Eyes – How it Concerns Your Privacy
Digital surveillance is an actual thing that exists in modern times. It’s reminiscent of a time when spies used to hang out in public gatherings to gather intelligence for the sake of national security. Now, in times when everything is powered by the internet, that same practice seems to follow through, now in the form of the Five Eyes, Nine Eyes, or Fourteen Eyes.
We know that different countries have established data retention laws. These laws force telecommunication and internet services to monitor users and record every activity. That means if you are in a country such as the United States, information about your calls, texts, and internet browsing history is tracked and stored.
Privacy advocates strongly contest that national security underscores against personal privacy, especially because authorities have no check and balance to access to such information.
However, what may not be general knowledge is that countries can work together when it comes to collecting and sharing information. The relationship of allied countries goes beyond mutual interest of trade and other forms of benefits.
You may have heard of the term Fives Eyes during privacy-related discussions. You may have drawn a vague idea, but this blog aims to educate you completely on what the Five Eyes are and why your privacy is under risk of data retention.
Five Eyes Explained
It began first with the alliance between the United States and the United Kingdom in 1946 under the UKUSA agreement couple of decades ago, after World War II. The Five Eyes alliance worked to intercept and decrypt intelligence from the Soviet Union. The NSA joined its UK counterpart, GCHQ, to help combat the Soviet Union during the Cold War.
It was during the 1950s that Canada, New Zealand, and Australia also joined the alliance. Thus, the term Five Eyes came to be. The surveillance network called ECHELON worked in the shadows until it was formally introduced to the world in 1971.
The sole purpose of the alliance is to share signal intelligence. The countries spy on their respective citizens in a mass surveillance fashion, collect information, then share it with other countries if needed. With the rapid expansion of the internet and the number of people coming online, the Five Eyes has only strengthened their pursuit.
If one country has a lead on something, it will share the information with the other country to draw out information on a user outside of its territory.
Whether it’s telecommunication or internet service, the Five Eyes keep tabs on every type of digital communication. The governments achieve this by working closely with service providers and giving them the mandate to keep logs of every user’s activity. It means every call you make, every text that you send, every website that you visit – it’s all recorded and maintained by the ISP. And they cannot do anything about it.
More Countries Joined the 5 Eyes Alliance
Five Eyes was just the beginning; more countries joined the alliance since 1950.
The Nine Eyes:
- All countries from the Five Eyes
The Fourteen Eyes:
- All Nine Eyes countries
Fourteen different countries, but only one goal: to spy on you.
Surveillance Programs Exist
The alliances are not a product of some conspiracy theory; they are very real. PRISM is a well-known surveillance program of the NSA aimed at collecting data of users in the United States. The spy program came under the light when whistleblower Edward Snowden – an ex-CIA and NSA contractor – revealed classified information to the public about the existence of such surveillance programs.
The revelation was one of the biggest revelations in the privacy and security space. The story was broken by The Guardian and The Washington Post back-to-back. Edward Snowden met with the reporters and delivered convincing evidence, who were briefed in the first very report that took the internet by storm.
There are several reports and interviews Snowden did, making it harder for people to keep track. However, you can out Washington Post’s timeline here. The curated view gives you a chronological timeline of the events that occurred, from the very first report to Snowden’s life in Russia.
The Extent of Mass Surveillance and Data Collection
The information revealed shocking truths about the extent of the mass surveillance in the United States, and how the NSA works without any oversight, making it dangerous to the right of privacy that is a fundamental right. The leaks also revealed how the government forced Verizon to hand over telecommunication data, confirming how ISPs are forced by authorities.
The government has free reign to demand data from telecommunication authorities. It contains information such as call duration, who the call was made to, the location from where the call was made, unique identifiers such as your device’s IMEI – basically, everything that is needed to identify you.
People outside of the United States are not safe either. Not only are other countries working with others, but they also have their own intelligence-gathering programs.
Similar to the PRISM program run by the NSA, its UK counterpart runs a program called Tempora. The Government Communications Headquarters (GCHQ) has never admitted to the existence of the program, but the collection of evidence is compelling, and the silence on the matter is another confirmation. Tempora’s existence was also part of Snowden’s revelations.
GCHQ not only works with service providers, but it also has fiber-optics installed in various parts of the country that intercept other signals. The signals aren’t exclusive to the UK; the Tempora system intersects the fiber-optic cables that provide the world with the internet. Yes – that’s how alarming the situation has become.
You will never the government or the service providers acknowledge the programs because they both protect each other.
Demanding Data from Companies
The list doesn’t end with internet service providers and telecommunication companies. Any company that is providing a service in any capacity and processing user data can be approached to share information.
Regardless of if the service is using encryption to secure communication, the intelligence authorities can force it to share private cryptographic keys.
The 2015 San Bernadino shootout saw the FBI and smartphone maker Apple in a heated situation. The guilty of the attack carried an iPhone, and Apple was forced to develop a custom version of its iOS operating system that would enable the FBI to extract data off the iPhone. Apple refused on privacy concerns, but it’s believed that the phone was eventually unlocked and that all of it was just a PR show. It’s something that also Snowden didn’t buy into.
HideMyAss is another example. The UK-based VPN service was forced to deliver logs of users to identify a hacker group by the name of Lulzsec, which attacked the Sony Pictures website in 2011. Although it has been a long time since then and HideMyAss promises to have upped its policies regarding logs, it gives you an idea how even companies that function to keep you anonymous can be forced to reveal your identity.
In a similar fashion, an email provider was approached by US authorities. Lavabit was a startup that was serving more than 4 million users worldwide with an encrypted email service until it was shut down on ethical grounds.
The owner of Lavabit, penned an article revealing what went behind the scenes and what compelled him to shut down a growing service. He revealed how a court order forced him to install surveillance equipment to spy on the userbase. Later, a subpoena ordered him to hand over the company’s private encryption keys.
Private encryption keys are a company’s best-kept secret. End-to-end asymmetric encryption relies on the exchange of keys between an authenticated user and the webserver. Encryption is generated using a public key that can only be decrypted by the recipient’s private key. It’s made possible because public keys are derived from private keys in the first place.
So, once anyone obtains the private key, it can decrypt secure communication. And in the case of Lavabit, it meant the US authorities could access and read a user’s email in plain-text.
Technology Giants and Privacy
Social media platforms such as Facebook and big tech companies such as Google have been facing heat regarding how they handle privacy. And several revelations have not helped their case.
Google admitted that it allowed third-parties to scan the inbox of users for advertisement purposes. And even though it promised to stop the practice, it reportedly still continued. Yahoo went a step ahead by scouring through millions of emails through custom software on the behest of the NSA and FBI, said a Reuters report.
In 2018, the Cambridge Analytica scandal was making headlines. It was a data-analysis firm that profiled US citizens for the 2016 elections. Cambridge Analytica acquired data on millions of social media users’ data through a third-party app on Facebook. The social media giant then was unaware of the massive leak.
Profiling was allegedly used to shape the outcome of the 2016 elections by delivering targeted ads that spoke to the psychological profile of each user.
How VPN Prevents Data Retention
Your ISP serves as the traffic cop for every request that you make, such as opening a website. If you want to send a request to open topvpnservice.com, the request will be received by the ISP. It will then use its DNS server to look up the correct IP address attached to the domain name, then return you the webpage.
Thus, it knows your browsing history. Your activities get logged by the ISP and kept as records for as long as mandated by the local laws.
VPN takes away that power from the ISP because it routes the requests to its server instead; the VPN server is what services the DNS queries. The ISP only forwards the request to the VPN server, and because data is encrypted, it cannot see what website you are visiting.
Let’s take an example. You connect to a VPN then make a request to open topvpnservice.com. Once the request goes to the ISP, the instruction will say it needs to be sent to an IP address (the VPN server). The contents of the data packets are wrapped and hidden from the prying eyes of the ISP. The VPN server will decrypt your request then use its DNS server to return the requested content. The process goes in reverse now. All the while, the ISP is only acting as a middle-man between you and the VPN server.
So, how can the government not just compel the VPN service to log data? The answer: because it has no jurisdiction. Most of the top VPN services operate in the safe zone. These territories are not under the jurisdiction of the Five Eyes, Nine Eyes, or Fourteen Eyes. The authorities cannot force data retention on an entity that’s not under its jurisdiction.
A no-logs policy is something you must always look for in a VPN. If a VPN service is operating its servers and not relying on a third-party hosting service, then it’s a huge plus.
FastestVPN – for example – has a strict no-logs policy. Do you know how great that is? This means you can now browse the internet without your history getting tracked or logged, ensuring a private browsing experience.
Encryption ensures that only the VPN server can decrypt data. The best VPN services utilize military-grade AES 256-bit encryption that’s widely trusted by security experts, including the United States military.
Privacy is a long battle. In the wake of such leaks and Net Neutrality discussions, the general public is becoming more aware of its privacy. Although the ISP can identify you on the network, it cannot see the browsing history. It may seem a small victory, but the fact that you can safely surf the internet in this era is a big deal.
As privacy advocates often say, if the general public realized the amount of surveillance they undergo and how much data platforms are mining to target users, it would defeat their imagination.