Two senior US Senators have written to the Department of Homeland Security asking them to conduct an investigation into foreign-based VPN services over fears that they could be a threat to national security.
Senators Ron Wyden (Democrat – Oregon) and Marco Rubio (Republican – Florida) have written an open letter to Christopher Krebs, the Director of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security suggesting that government employees shouldn’t be permitted to use them.
The speculative letter
In the letter, they write, “Millions of consumers have downloaded these apps, some of which are made by foreign companies in countries that do not share American interests or values.”
They also suggest that people using these VPNs could be at risk of data interception.
They state that “because these foreign apps transmit users web browsing data to servers located in or controlled by countries that have an interest in targeting US government employees, their use raises the risk that user data will be surveilled by those foreign governments.”
Neither Wyden or Rubio offer a shred of evidence, either concrete or circumstantial, to back up these suggestions. But nevertheless, they demand that the Department for Homeland Security, “conduct a threat assessment on the national security risks associated with the continued use by US government employees of VPNs.”
The only hint of justification they give for their demand is the recent decision by the US Government to stop purchasing technology from Huawei and Kaspersky Systems.
But there is a fundamental difference between these two companies and most premium VPNs. Huawei is intrinsically linked to the Communist Regime in China while Kaspersky also has strong connections to Putin’s Kremlin in Russia, and both of these regimes are hostile to the USA.
There is absolutely no suggestion that most VPNs have any connections to authoritarian regimes like the ones in China and Russia, or for that matter anywhere else in the world.
There are proven links between a number of so-called free VPN providers and China. But this is just one of many reasons why we strongly advise people to avoid using these VPNs at all costs.
Of the top VPNs we recommend here at VPNCompare.co.uk, ExpressVPN is based in the British Virgin Islands, NordVPN is based in Panama, while both CyberGhost and VPN.ac are headquartered in Romania. IPVanish and VyprVPN are US-based VPNs and so presumably not a target for Wyden and Rubio.
To the best of our knowledge, neither the British Virgin Islands, Panama, or Romania are particularly hostile to US interests or values. They are chosen primarily because their local data retention laws make it possible for VPNs to retain as little user data as possible.
An exercise in hypocrisy
The implication that any VPN based overseas could compromise user data is both dangerous and unfounded. It is also rather hypocritical given the US Government’s policies on online surveillance and data retention.
With the possible exception of regimes like China and Iran, the United States has one of the most intrusive online surveillance regimes in the world. The National Security Agency engages in the routine collection and examination of the online data of almost all US citizens and many people from overseas as well.
It is a bit rich to ask the Government behind this Orwellian surveillance regime to investigate VPNs for posing a risk to user data.
VPNs are private enterprises in a competitive marketplace where delivering online privacy and security is their primary function. The market dictates that on the odd occasion when a VPN is found to be retaining or sharing user data, their business will usually not last much longer.
They depend on trust and user confidence to succeed. It is therefore in the interests of VPNs to offer strong encryption and no user logs guarantees. There is an element of trust when passing your data through a VPN, but it is in their interests to offer a trustworthy service.
What should be done?
It would make sense for the Department of Homeland Security to consider restrictions on access to so-called free VPNs, especially on US government networks. These have been proven to compromise user data and could well pose a risk to national security.
But trying to restrict access to all overseas VPNs would be both unnecessary and counter-productive.
What the Department for Homeland Security should do is advise American’s to do their research before signing up for a VPN. Read the reviews and guides on sites like VPNCompare.co.uk and make an informed decision about which VPN to use.
A VPN doesn’t have to be American to be good. It just has to offer a high-quality and dependable service. There are plenty of VPNs out there that do that. People just need to be sure they have found the right VPN for them.