Yes, Private Internet Access is located in the USA which is a 5 Eyes country. But we're not concerned about it...
But what is a 5 Eyes country?
A 5 Eyes country is a country that initially signed the UK/USA Agreement which was an agreement to collect, analyze, and share intelligence between the signing countries. This means that while a country may not be able to collect information legally on its own citizens, they can ask another member to conduct surveillance on their behalf.
Initially, there were 5 signing members (5 Eyes) which later expanded to include a further 4 members (9 Eyes), and more recently, members of the SIGINT Seniors Europe (SSEUR) were added (14 Eyes).
Should I be concerned?
Online privacy sites such as privacytools.io recommend staying away from VPN Providers located within the 14 Eyes countries as it could potentially mean that Security Agencies are able to demand access to customer data. Furthermore, they could gag the VPN provider to ensure secrecy and prevent transparency.
This is why at PIA, we have designed our operations to prevent this from happening in the first place. There are no logs. There is no identifying information that can be collected, regardless of the amount of force applied. There are several companies who claim they don’t log, but have been proven to be the opposite. In contrast, we have stated in multiple court cases that we do not log. One case is available for anyone to read (pages 11-12):
“All of the responses from 1&1, Facebook, Twitter, and Tracfone have been traced back by IP address to … privateinternetaccess.com. […] A subpoena was sent […] and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States. However, [PIA] did provide that they accept payment for their services with a vendor company of Stripe and/or Amazon. They also accept forms of payment online through paypal, bitpay, bitcoin, cashyou, ripple, ok pay, and pay garden.”
With the added security of end-to-end encryption and with nothing logged that can identify our users, with public court records to show for it, the question remains what to do if PIA is coerced into something – or rather, if authorities try to coerce PIA into something, such as was the case with Yahoo recently, when the NSA had forced it into spying on its own users.
There is a precedent for this, and it is Lavabit choosing to shut down operations instead of selling out its users (specifically, selling out Edward Snowden). That’s also exactly what Private Internet Access has already done once, when Russia demanded that we start logging our users’ identities, after seizing PIA servers.
Our response was to immediately shut down operations in Russia:
The Russian Government has passed a new law that mandates that every provider must log all Russian internet traffic for up to a year […] Upon learning of the above, we immediately discontinued our Russian gateways and will no longer be doing business in the region.
And this, in summary, is why Private Internet Access isn't concerned about being located in a Fourteen Eyes Country.