Senators Ron Wyden and Marco Rubio are worried about the possibility of foreign VPNs used to spy on U.S. government employees. They have asked the DHS to examine the risk (via PCMag).
[How To Choose a VPN for iPhone]
Foreign VPNs
A popular sentiment in the privacy community is using foreign VPNs, preferably in a country not part of the Five Eyes Alliance. But now those VPNs will be investigated.
In a letter [PDF] the Senators write:
In light of these concerns, we urge you to conduct a threat assessment on the national security risks associated with the continued use by US. government employees of VPNs. mobile data proxies, and other similar apps that are vulnerable to foreign government surveillance. If you determine that these services pose a threat to US. national security, we further request that you issue a Binding Operational Directive prohibiting their use on federal government smartphones and computers.
A virtual private network (VPN) routes your network traffic through the company’s servers. This makes it look like the traffic originated from those servers. It also encrypts your network traffic and so prevents your ISP from spying on you. But since your traffic is now routed through another company, you have to be able to trust them not to spy on you. And we’re back where we started.
Read: [Facebook’s Onavo VPN app]
If a foreign VPN has been compromised by an authoritarian government, then they could spy on all of your traffic. This leaves Senators Ron Wyden and Marco Rubio concerned. There is no evidence of this right now. However, the Senators point to other risks, like Huawei’s technology and Kaspersky Lab’s software.
Andrew:
In the climate of an unregulated market, still lacking in either oversight or accountability, and rife with proxy companies for foreign intelligence agencies, VPNs remain a ‘let the buyer beware’ proposition.
While many are adopting VPNs to evade government and/or private sector surveillance, they may, ironically, be diving directly into a hostile spider’s web. One factor that we lack is a reliable, credible third party assessment of which of these VPNs are truly user friendly, and the FB Onavo fiasco is a reminder that even truly private sector solutions are no guarantee of privacy.
Under such conditions, the relative security of the open web vs a VPN remains a complicated calculus rendered more so by unknown variables.
I use NordVPN partially because they are based outside of the Five Eyes group. IT all depends on who you fear most.