One of the major selling points of a VPN service is that you’ll be anonymous online and protected from third-parties viewing your online activities. However, it was recently revealed that many countries have strict data retention laws and intelligence sharing and a VPN service may be required to hand over all your information to government agencies. Here’s what you need to know to stay safe online.
A VPN service is first and foremost a business with a fixed address and set location. As such VPN clients must operate in accordance with corporate and criminal laws which in force in their jurisdiction. Before subscribing to a VPN service (see VPN review), it’s crucial to first find out where they’re located and which data retention laws they are obliged to abide by. Even if a VPN service uses an ultra-secure encrypted network which is invulnerable to hackers, your true identity can still be traced and your web activities can be exposed depending on which laws are in effect in the VPN provider’s jurisdiction.
During WWII, the UK and the USA signed an informal agreement which stated that they would share intelligence with one another. After the war, this deal was formalized and it became known as the UKUSA Agreement. In the following years, three more countries, New Zealand, Australia, and Canada, joined the pact, and it became colloquially known as ‘the 5 Eyes.’ For decades, this agreement remained a secret and it was not known to the public until 2005, and in 2010, its full details were released online for public perusal.
This agreement was used extensively during the Cold War to combat Soviet spying activities and treason. Secret Service agencies such as the NSA in the US, the M16 in the UK, and the DIO in Australia were responsible with conducting covert counter-espionage and surveillance missions within their own countries, and to share their findings with each other.
In 2013, notorious whistleblower, Edward Snowden, claimed that the agencies responsible for intelligence sharing were engaging in spying on their own citizens and sharing private information with the rest of the 5 Eyes network. It was also affirmed that these agencies had aggressively spied on notable public figures, including John Lennon, Lady Diana, Nelson Mandela, and Jane Fonda. Edward Snowden also leaked documents which revealed that these agencies were now monitoring the digital sphere and paying close attention to what people did online.
The existence of the ‘9 Eyes’ has never officially been confirmed but it’s strongly suspected that four other countries joined and expanded the infamous ‘5 Eye’ Alliance. These countries are:
Essentially, the ‘9 Eyes’ is just an expansion of the original 5 country alliance.
The ‘14 Eyes’ is also unconfirmed, but Edward Snowden has revealed that several more countries have been working closely with US/UK intelligence, spying on their citizens, collating data, and sharing information. These countries are:
This group is also referred to as SIGINT Seniors Europe (SSEUR).
Are there any Additional Eyes?
As well as ‘the Eyes’ many other countries have colluded in surveillance operations and intelligence sharing. Approximately 30 countries have been described by Snowden as “third-party partners,” who assist the ‘eyes’ with wire-tapping, cyberspace monitoring, and information sharing. The most notable among them are:
- South Korea
- United Arab Emirates
Israel in particular has been accused of significant collusion with the NSA, intensive global monitoring, and cyber surveillance.
What is a No-Logs Policy?
A no-logs policy means that the VPN provider retains no records of its users’ activities. Any web browsing which is done over the VPN network is instantly deleted, even timestamps, user IP addresses, user emails, traffic logs, and user data.
A reputable VPN will have a strict no-logs policy which ensures user privacy. However, some VPNs claim to have a no-logs policy, but in truth, they do store some information which may potentially be incriminating. For example, the VPN client might not record web activity, but it will record a timestamp, i.e. when the user logged in and out of the VPN. This is usually done to ensure that the user doesn’t give their account credentials to other people and allow multiple users to use the same account, which is essentially stealing from the VPN provider.
Can Governments Compel VPN Providers to Share Information?
All the countries connected with the aforementioned alliances have implemented strict data retention laws which allows them to force business to release confidential information.
Government agencies can compel VPN services, especially those whose primary address is in that country, to release the web activities and identities of their clients. This information can then be shared across different networks, and intelligence agencies from many different countries will all examine it to see if anything is noteworthy. Certain countries have barred people from entering for posting discriminatory statements online, or criticizing the government, so even if what you do is legal in one jurisdiction, it may cause you problems if you travel abroad.
- In 2016, a criminal complaint was filed against a Massachusetts resident for cyber harassment. The alleged offender was surprised when his web activity was produced as evidence in court, as he always used a VPN provider. However, unbeknownst to him, the NSA and other US agencies were able to compel his VPN service to release this information to the authorities, under the Stored Communications Act.
- In Europe, the situation used to be far more draconian. Many EU member states operated under the Data Retention Directive which forbade VPNs from having a no-logs policy altogether. Instead, VPNs would be mandated to record all client web usage information. Thankfully, this Directive was repealed by the EU Parliament.
- In the UK, the Investigatory Powers Act 2016, allows multiple government agencies to intercept web traffic and monitor people’s web usage. Once the Brexit process has been completed, the UK will no longer be bound by the EU’s ruling, and full data retention laws may well come into effect.
Choosing the right VPN
If you want to be certain that your web traffic is secure and your identity is being hidden online, then it’s essential you choose the right VPN. Many VPNs claim to offer total privacy but this can be compromised by government agencies. Before subscribing to a VPN service, be sure to read VPN reviews which can verify whether or not the VPN is reliable and safe.