The 14 Eyes: What Are SIGINT Alliances?
Back in 2013, the world was rocked by the Snowden Revelations, a leak of top secret US government information released by a former-NSA sub-contractor, Edward Snowden. In it, the sheer scale of global surveillance operations carried out by the NSA and its allies among the 14 Eyes were brought to light. To many, it sounded like something straight out of a Hollywood Spy Thriller…true to nature Hollywood adapted it three years later.
The NSA is arguably the most famous Signals Intelligence (SIGINT) Agency in the world, but practically every nation has one – from GCHQ in the UK to the ASD in Australia. All of them focus on intelligence/counterintelligence operations, law enforcement support, and the interception of electronic signals. These are the people that tap phones and snoop on emails, among other underhanded things.
In this article, I'm going to take a brief look into the formation and history of the 14 Eyes, touch on other, similar organizations around the world. Then, I'll tell you why you should be concerned about them.
The Origins and Expansion of the 14 Eyes
Many SIGINT agencies have close working relationships with each other. The most notable of these relationships is a formalized intelligence-sharing alliance known as the 14 Eyes. It began way back in 1943 with a treaty known as BRUSA (alternatively the UKUSA Agreement) between the US and the UK. This was the basis for the “special relationship” (*nudge nudge wink wink*) between the US and the UK that continues to this day.
Originally, it was an intelligence-sharing alliance focused on working together against the Soviet Union. Over the next decade or so, Australia, New Zealand, and Canada were all brought on board, and the group became known as the 5 Eyes.
Throughout the Cold War, as tensions between the West and Russia continued to escalate, membership of the 5 Eyes was expanded to include Denmark, the Netherlands, Norway, and France, all as “third party” members. This group is called the 9 Eyes. Interestingly, the new members were not given the same privileges as the original 5 – most notably, they were not protected from being spied upon by the other members of the group. Apparently, the members-only club has its own members-only club.
Currently the group is known as the 14 Eyes, having gained more “third-party” allies in Sweden, Belgium, Italy, Spain, and Germany (at the time, West Germany).
A few other countries have also entered into agreements with the 14 Eyes group, but are not currently classified as members – these are Israel, Japan, Singapore, and South Korea.
Other SIGINT Alliances
The 14 Eyes (officially the SIGINT Seniors of Europe, or SSEUR) is not the only group to formally share intelligence information.
The SIGINT Seniors of the Pacific (SSPAC) include the 5 Eyes nations, plus France, Singapore, South Korea, India, and Thailand, and was formed by the NSA in 2005 to “fight terrorism in the Asia-Pacific region”.
The most significant non-western SIGINT alliance is the Shanghai Cooperation Organization (SCO). It comprises China, Russia, India, Pakistan, Kazakhstan, Kyrgyzstan, Tajikistan, and Uzbekistan. Several other states are either actively looking to join, or are currently in dialogue with the SCO, including (but not limited to) Iran, Afghanistan, Belarus, Egypt, Qatar, and Saudi Arabia.
Spy Agencies Aren't New
Look, the use of espionage as a military tactic isn't exactly a new concept; and even before the Snowden report, the public was at least partially aware of the existence and operations of spy agencies. There's a larger discussion about the necessity of spy agencies that could be had, but for this article, I'm less concerned about whether they should exist or not, and more concerned with how they bypass what little legal restrictions are imposed upon them.
The most common restriction placed upon these agencies is that they are not allowed to spy on their own people. This sounds good on paper, but the law doesn't prevent these agencies from using information gathered by other parties, so they can just sidestep the issue.
Let's say that the NSA wants to gather intelligence on an American citizen for whatever reason; as mentioned, under their laws, they are not allowed to carry out surveillance themselves. At the same time, the UK also wants some intelligence on one of its own citizens. So, they help each other out by spying on the other’s target, then trading that information completely legally, and without repercussions.
This goes beyond simple one-off trades, and expands to include the sharing of mass-surveillance information, like the NSA's xKEYSCORE project. The project functions like a search engine for digital information, able to search terabytes of data at a rate of up to 10 gigabytes per second. It can pull phone numbers, e-mail addresses, login information, user activity, and more, using it to build a digital fingerprint to track their targets. It's an incredibly powerful tool that is unequivocally a threat to online privacy; the NSA, of course, claim its usage is properly restricted, and that it is a necessary tool for the USAs national security.
This project has already been shared with the NSAs allies, and is a demonstration of how, if one country in the 14 Eyes alliance expands its electronic surveillance powers, then all countries in the alliance can use and benefit from the data that country is allowed to gather.
But What Does It Mean For You?
If you live in any of the countries that are members of the 14 Eyes, then you are open to covert surveillance and government data collection from every other member of that alliance – and by proxy, your own government. Data collection casts a wide net, and you don’t have to be under direct scrutiny to get swept up along with countless others.
If you're reading this, then you likely are already at least slightly aware of how much of your personal information is being tracked when using the internet. We know that social networks, streaming services, and more all track user information. For the NSA and friends, this means that there is more data than ever for them to access if they want.
Many people connect to a virtual private network (better known as a VPN) server to prevent their data from being tracked like this, and that’s an excellent step - but it’s also important to recognize that VPN services are not exempt from the laws of their host nation. If their Government comes a-knocking with above-board information requests, then they must provide any and all information they have on the user in question.
Of course, if you’re with a VPN like Windscribe, then it’s actually impossible to hand over data, because they don’t have any identifying data on you themselves. I’ll touch on this more a bit further on.
How Do I Avoid Their Prying Eyes?
The most obvious solution is to not live in a country that is part of a SIGINT sharing agreement...but believe it or not, that's not actually a solution for most citizens of these countries.
For most people, the solution to maintaining their privacy is by routing their traffic through a VPN server (specifically from a no-logging VPN service, but more on that in a moment), which will prevent your ISP, network administrator, or other outside parties from being able to access your digital information.
First, it is important to ensure that the VPN you use does not maintain any logs themselves. Beyond that, most people will tell you to avoid using a VPN service that is based in one of the 14 Eyes nations (or a nation that is part of any other SIGINT alliance), with the idea being that they're more likely to spied upon or sent requests for personal information than in non-alliance countries.
The logic behind this is flawed, however. Our friendly neighborhood CEO spoke about this concept in more detail a while back, but the gist of it is that the existence of due process, and the lack of laws that force VPNs to keep detailed logs is a boon. It means that it is more likely a VPN based in one of these countries is able to maintain a true no-logging service, and be able to successfully fight their case in court.
Windscribe is based in Canada, which is one of the original 5 Eyes members. Our government can make information requests of us, but they cannot force us to keep any identifying information - and we don't, unless you voluntarily signed up for the email newsletter, in which case we have your email address and nothing else.
Of all the many information requests we have had from authorities, we have not complied with a single one of them - because the data they requested simply did not exist. We genuinely believe we're the best VPN out there at the moment; we offer a free VPN service as well as our paid options, with a number of server locations around the world. What's more, we always endeavour to be transparent and open with the community.
Whatever your opinion on spy agencies, I think we can all agree that using loopholes to circumvent legal restrictions placed upon them is, ahem, a bit dodgy. We, as citizens, are well within our rights to take measures to protect ourselves from an overbearing state.