Private Internet Access (PIA) is headquartered in the United States, which is a member of the "5 Eyes" intelligence-sharing alliance. While some privacy advocates express concern regarding this location, PIA maintains a structural and legal operating model that ensures user privacy remains absolute.
What is the 14 Eyes Alliance?
A 5 Eyes country is one that initially signed the UKUSA Agreement, which was an agreement to collect, analyze, and share intelligence between the signing countries. This means that while a country may not be able to collect information legally on its own citizens, they can ask another member to conduct surveillance on their behalf.
Initially, there were five signing members (5 Eyes), which later expanded to include a further four members (9 Eyes). More recently, members of the SIGINT Seniors Europe (SSEUR) were added, forming the 14 Eyes alliance.
Should I be concerned?
Online privacy sites, such as privacytools.io, recommend staying away from VPN providers located within 14 Eyes countries. Their concern is that security agencies could potentially demand access to customer data and "gag" the VPN provider to ensure secrecy and prevent transparency.
Why is PIA not concerned
At PIA, we have designed our operations to prevent this from happening in the first place. There are no logs. There is no identifying information that can be collected, regardless of the amount of force applied. While several companies claim they do not log but have been proven to do the opposite, PIA has stated in multiple court cases that we do not log. One case is available for public review (pages 11–12):
“All of the responses from 1&1, Facebook, Twitter, and Tracfone have been traced back by IP address to … privateinternetaccess.com. […] A subpoena was sent […] and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States. However, [PIA] did provide that they accept payment for their services with a vendor company of Stripe and/or Amazon. They also accept forms of payment online through PayPal, bitpay, bitcoin, cashyou, ripple, ok pay, and pay garden.”
Precedent for privacy
With the added security of end-to-end encryption and a verified no-logs policy, the question remains: what happens if PIA is coerced? For example, the NSA recently forced Yahoo to spy on its own users.
There is a precedent for resistance: Lavabit chose to shut down operations instead of selling out its users (specifically Edward Snowden). Private Internet Access has already done the same once before. When Russia demanded that we start logging our users' identities after seizing PIA servers, our response was to immediately shut down operations in Russia:
The Russian Government has passed a new law that mandates that every provider must log all Russian internet traffic for up to a year […] Upon learning of the above, we immediately discontinued our Russian gateways and will no longer be doing business in the region.
In summary, this is why Private Internet Access is not concerned about being located in a 14 Eyes country.