Before it became nine eyes, the first five eyes countries list pertained to the data collection agreement that Australia, Canada, the UK, the United States and New Zealand made in the aftermath of World War II. If you want to know what this means to you, think of the Planning Tool for Resource Integration, Synchronization, and Management (PRISM) program leaked by Edward Snowden in 2013.
Snowden used to work as a technical assistant for a CIA agent until he leaked National Security Agency information the NSA thought he should keep to himself. This began a surge of heightened awareness about security breaches not only in the U.S. but around the world. It also began to induce paranoia in people who may have never thought of being watched while using the Internet.
According to Dave Davies of NPR, Snowden wanted to warn three U.S. journalists about the U.S. Government’s Intelligence Agency keeping an eye on (performing surveillance on) American citizens.
As of 2019, that’s where he still is, and he became a permanent resident of the country in 2020. Supposedly, he will speak at The Next Web Conference in 2022. Considering the Ukraine War in all starting this same year, some people may be shocked Snowden would still attend.
At least 14-16 countries continue to participate in surveillance activities and work together to collect and share data. Multiple nations collaborating also ask internet service providers to hand over customer data to government agencies.
This is similar to what occurred with in the U.S. PRISM program in 2013 and beyond. In 2017, the government also supposedly gave ISPs the right to sell the information they recorded to third parties. However, the Federal Trade Commission and other consumer agencies, as well as Congress members, continue to fight for privacy rights for private citizens.
However, not all lists include the same countries on it. It still is known as the 14 eyes countries as of 2022.
Surveillance Law Policy
|Australia||Yes||Yes||Yes||Australia Signal Directorate (ASD)||The Telecommunications Interception and Access Act allows intelligence agencies to intercept and access stored communications with a proper warrant.|
|Belgium||Yes||No||No||State Security Service (VSSE)||Belgium’s Data Retention Act required ISPs and TSPs to retain user activity logs. However, the Act was struck down by Parliament.|
|Canada||Yes||Yes||Yes||Communications Security Establishment (CSE)||The Anti-Terrorism Act establishes the CSE’s mandate, which includes acquiring and using information from the global information infrastructure for intelligence and surveillance activities.|
|Denmark||Yes||No||Yes||Danish Defence Intelligence Service (FE/DDIS)||Denmark has ratified the European Union’s Directive on Data Retention. Resultantly, telephone providers and ISPs have to log user data, including their IP address.|
|France||Yes||No||Yes||Directorate General for Internal Security (DGSE)||The French Intelligence Act 2015 allows intelligence agencies to lay telephone or internet wiretaps, exploit computer networks, and access metadata.|
|Germany||Yes||No||No||Federal Intelligence Service (BND)||The German Federal Constitutional Protection Act allows intelligence agencies to infiltrate foreign service providers to access relevant information. It also allows the decryption of encrypted messages.|
|Italy||Yes||No||No||Italian Intelligence and Security Services (AISE)||Italy’s Anti-terrorism law includes provisions enabling intelligence agencies to lay wiretaps and share data for national security purposes.|
|Netherlands||Yes||No||Yes||General Intelligence and Security Service (AIVD)||The Intelligence and Security Services Act 2017 allows agencies to intercept communications, hack third parties, and decrypt files.|
|New Zealand||Yes||Yes||Yes||Government Communications Security Bureau (GCSB)||The Intelligence and Security Act 2017 empowers surveillance agencies to collect and analyze data in keeping with government priorities.|
|Norway||Yes||No||Yes||Norwegian Intelligence Service (NIS)||The Norwegian Intelligence Service Act 2020 empowers the NIS to collect information with third parties for the purpose of bilateral/multilateral collaboration.|
|Spain||Yes||No||No||National Intelligence Centre (CNI)||The Data Retention Law allows national intelligence agencies to access user logs retained by TSPs and ISPs.|
|Sweden||Yes||No||No||Swedish Military Intelligence and Security Service (MUST)||Sweden’s Data Collection Act grants the Swedish Security Service the power to obtain logs from TSPs and ISPs and decrypt electronic communication.|
|United Kingdom||Yes||Yes||Yes||Government Communications Headquarters (GHQC)||The Investigatory Powers Act allows for the bulk collection of internet records and requires internet service providers (ISPs) to keep user logs of websites.|
|United States||Yes||Yes||Yes||National Security Agency (NSA)||The PATRIOT Act allows agencies to collect a vast amount of data, including call records and emails.|
Australia, Canada, the UK, the US, and New Zealand were the first five members of the 'Eyes' group. Today, these countries are joined by the Netherlands, Norway, Belgium, France, Denmark, and Sweden as the Nine Eyes Countries.