According to PCMag, members of the United States government are worried that virtual private networks – VPNs – are becoming a gateway for foreign cyberthreats.
Senator Ron Wyden of Oregon and Senator Marco Rubio of Florida expressed those concerns in a letter, and asked the Department of Homeland Security to investigate current VPNs for potential security threats, PCMag said.
The senators’ worries lie in who controls the VPNs – VPNs protect users’ privacy by encrypting an internet connection, meaning that all internet traffic is routed through a private server run by the VPN provider. This helps prevent internet service providers (ISPs) from viewing what sites were visited, etc. However, this method puts internet traffic into someone else’s control, including, potentially, foreign governments looking to attack the U.S.
PCMag says that past studies by review site 10TOPVPN have found that many free VPN apps were based in China, or have Chinese ownership. PCMag also says that it has viewed other services, some of which are based in the U.S., others that are based in Panama, Canada, Seychelles and other places out of U.S. jurisdiction.
Neither senator pointed to clear cases of “VPN-based espionage,” though; they only cited “recent US efforts to stop technology sales from Chinese vendor Huawei and Russian security firm Kaspersky Lab over similar spying fears,” PCMag says.
In response to the senators’ letter, the Department of Homeland Security told PCMag it could not comment on congressional correspondence. But, if the department does detect a risk, Wyden and Rubio will request that the government issues an order banning foreign-based VPN use on government computers and devices.
Takeaway for decision makers:
While it isn’t clear if actual threats are hot on the U.S.’s tail at this point in time, decision makers should keep tabs on this case. Doing so will give them a good idea what the government’s course of action will be on cyberthreats, and if and when they ever have to hand over any data to the government. This case may also serve as a wakeup call for decision makers, especially if they aren’t sure who controls their VPN services, or what part of the world they’re located. Bringing key players up to speed on these details will increase decision makers’ control over their VPNs and sensitive information, and decrease their risks of a data breach.