TL;DR: The Five Eyes alliance (US, UK, Canada, Australia, New Zealand) is the world's most powerful intelligence-sharing partnership. Member countries agree to share all signals intelligence by default. The crucial loophole: they can spy on each other's citizens and share that data back, bypassing domestic privacy laws. The NSA can't legally surveil Americans without a warrant, but GCHQ can, and then share the results. Edward Snowden called it "a supra-national intelligence organisation that does not answer to the known laws of its own countries."

What Is Five Eyes?

Five Eyes (often abbreviated FVEY) is an intelligence alliance comprising five English-speaking countries:

Country Agency Role
United States NSA (National Security Agency) Largest contributor; operates XKeyscore, PRISM
United Kingdom GCHQ (Government Communications Headquarters) Operates Tempora; taps undersea cables
Canada CSEC (Communications Security Establishment) Northern surveillance focus
Australia ASD (Australian Signals Directorate) Asia-Pacific intelligence
New Zealand GCSB (Government Communications Security Bureau) Pacific region surveillance

These countries are parties to the UKUSA Agreement, a treaty for joint cooperation in signals intelligence that dates back to World War II.

Origins: From WWII to Today

The alliance began informally during World War II when British and American codebreakers shared intelligence at Bletchley Park. The formal agreement came in 1946:

  • 1946: The British-U.S. Communication Intelligence Agreement (BRUSA, later UKUSA) was signed, promising transparency between the two nations and sharing of all signals intelligence
  • 1955: Canada, Australia, and New Zealand were formally added to the agreement
  • 1960s: The ECHELON surveillance system formalized intelligence sharing and collection
  • 2013: Snowden revelations exposed the full scope of Five Eyes operations

For decades, the alliance operated in complete secrecy. The existence of the UKUSA Agreement wasn't officially acknowledged until 2010. By then, it had been operating for 64 years.

How Intelligence Sharing Works

The core principle of Five Eyes is simple: share everything by default.

What They Share

  • SIGINT (Signals Intelligence): Intercepted communications, phone calls, emails, texts, internet traffic
  • MILINT (Military Intelligence): Defense-related information
  • HUMINT (Human Intelligence): Information from human sources
  • GEOINT (Geospatial Intelligence): Satellite imagery and mapping data
  • Methods and techniques: How they collect and analyze intelligence

Key Surveillance Programs

Program Operated By What It Does
PRISM NSA (US) Collects data from major tech companies (Google, Microsoft, Apple, Facebook, etc.)
XKeyscore NSA (US) Searches and analyzes global internet traffic; shared with Five Eyes partners
Tempora GCHQ (UK) Taps undersea internet cables; stores communications for 30 days
ECHELON All Five Eyes Global interception network for satellite, radio, and telephone communications

The Surveillance Loophole

This is the part that matters for ordinary citizens.

Every Five Eyes country has laws restricting what its intelligence agencies can do to their own citizens. The NSA needs a warrant to surveil Americans. GCHQ faces restrictions on monitoring Britons. In theory, these laws protect privacy.

In practice, the Five Eyes arrangement creates a loophole:

  • The NSA can't legally mass-surveil Americans
  • But GCHQ can surveil Americans
  • GCHQ then shares that data with the NSA
  • The NSA now has American communications without violating American law

This works in all directions. Canadian intelligence can surveil Britons and share with GCHQ. Australian intelligence can surveil Canadians and share with CSEC. Each country can "subcontract" surveillance of its own citizens to its partners.

Is This Legal?

Technically, yes. The surveillance doesn't violate the collecting country's laws (they're monitoring foreigners). The receiving country didn't conduct the surveillance itself. Both countries claim their hands are clean.

But the effect is the same as if domestic agencies had conducted mass surveillance on their own citizens, they just did it through partners.

In 2013, Canadian federal judge Richard Mosley ruled that CSIS had been "illegally enlisting FVEY allies in global surveillance dragnets, while keeping domestic federal courts in the dark." The agencies were using the alliance to circumvent judicial oversight.

What This Means for You

If you're a citizen of a Five Eyes country, your communications may be collected by a partner nation and shared with your own government, all without the legal protections that would apply if your government collected the data directly.

Data That Can Be Collected

  • Emails and attachments
  • Phone calls and SMS messages
  • Internet browsing history
  • Social media activity
  • Location data from mobile devices
  • Video calls and VOIP communications
  • Encrypted communications (metadata even if content is protected)

How Long Is Data Kept?

  • UK (Tempora): Content stored for 3 days, metadata for 30 days
  • UK (ISP retention): Since 2016, ISPs must store browsing history for 2 years
  • US (NSA): Varies by program; some data retained indefinitely

Who Can Access It?

In the UK alone, dozens of government agencies can request communications data without a warrant, including:

  • Intelligence agencies (GCHQ, MI5, MI6)
  • Police forces
  • HM Revenue & Customs
  • Department for Work and Pensions
  • Food Standards Agency
  • Gambling Commission

Data shared through Five Eyes can flow to any of these entities.

Nine Eyes and Fourteen Eyes

Five Eyes has expanded into larger alliances with different levels of access:

Nine Eyes

The original Five Eyes plus:

  • Denmark
  • France
  • Netherlands
  • Norway

These countries share intelligence with Five Eyes but don't have full access to all collected data.

Fourteen Eyes

The Nine Eyes plus:

  • Germany
  • Belgium
  • Italy
  • Spain
  • Sweden

Formed in 2010, this alliance focuses on SIGINT sharing and cooperation. Members contribute to the surveillance network but have even more limited access than Nine Eyes countries.

What This Means for Privacy

If you're in any of these 14 countries, your government may share surveillance data with the alliance, even if your country has strong privacy laws domestically.

Protecting Yourself

Complete protection from Five Eyes surveillance is difficult. These agencies have vast resources and operate with minimal oversight. But you can make mass collection harder:

Encryption

  • Messaging: Use Signal or WhatsApp (end-to-end encrypted)
  • Email: Use ProtonMail or Tutanota (encrypted email providers based outside Five Eyes)
  • Browsing: Use HTTPS everywhere; consider Tor for sensitive browsing
  • Storage: Encrypt local files with VeraCrypt or similar

VPNs: Know the Limits

A VPN can hide your traffic from your ISP, but:

  • VPNs based in Five Eyes countries may be compelled to provide data
  • Consider VPNs based in Switzerland, Panama, or other privacy-friendly jurisdictions
  • No VPN protects you if the endpoint is monitored (like major websites)

Metadata

Even with encrypted content, metadata (who you communicate with, when, how often) is harder to protect. Intelligence agencies often find metadata as valuable as content.

The Bottom Line

Five Eyes is the world's most comprehensive intelligence-sharing alliance. It has operated for 80 years, most of that time in complete secrecy.

The alliance creates a legal loophole that renders domestic privacy protections largely meaningless. When your government can't legally surveil you, it asks a partner to do it instead. The data flows back, and no laws are technically violated.

Edward Snowden's description remains accurate: Five Eyes is "a supra-national intelligence organisation that does not answer to the known laws of its own countries." It operates above the legal frameworks citizens believe protect them.

For 600 million people living in Five Eyes countries, and the billions more in Nine and Fourteen Eyes nations, this means that privacy depends not on legal protections, but on whether you're interesting enough to monitor.

References

  1. Wikipedia, Five Eyes
  2. Privacy International, Five Eyes
  3. Yale Law School, Five Eyes Documents
  4. Britannica, Five Eyes
  5. Global Information Society Watch, Five Eyes Surveillance Practices
  6. Comparitech, Guide to Five, Nine, and Fourteen Eyes