Several US lawmakers are urging the US government to disclose whether it has been surveilling user activity on VPN servers located in foreign countries.
On Thursday, six Democratic lawmakers, including Sen. Ron Wyden (D-Ore.), sent a letter to Director of National Intelligence Tulsi Gabbard, according to Wired, which first reported the news. “We write to urge you to let the American people know what, if any, impact the use of commercial Virtual Private Network (VPN) services can have on their privacy rights against warrantless surveillance by US intelligence agencies,” they wrote.
The three-page letter is somewhat cryptic. For example, it doesn’t flat-out say if the US is indeed conducting surveillance via VPN services. Instead, the letter notes that VPN “use by Americans has the potential to impact their privacy rights against warrantless government surveillance.” But since the lawmakers have access to classified intelligence, they may have seen evidence that the government can vacuum up VPN-related data from US users.
PCMag-Recommended VPN Services
The letter notes that VPN providers operate servers across the globe; a user can then choose which server to connect to, thereby obscuring their real IP address and accessing the internet from another country. However, the same VPN servers will be “used by hundreds, if not thousands of users concurrently from countries around the world, and their internet traffic will be comingled,” the lawmakers wrote.
The letter subtly suggests these foreign-based VPN servers might be a target for the US National Security Agency, which specializes in digital surveillance. The NSA can conduct such intelligence gathering through the controversial Section 702 authority of the Foreign Intelligence Surveillance Act, which allows government agencies to conduct warrantless surveillance of non-US persons outside the US. However, critics have long pointed out that Section 702 can also ensnare Americans since the alleged “bulk” surveillance can cover any communications a target had with people based in the US.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
(Photo by SAUL LOEB/AFP via Getty Images)
The lawmakers seem to be worried that the NSA is doing little to avoid collecting data from Americans through the potential VPN server surveillance. The letter points to the NSA’s declassified targeting procedures under Section 702 that state, “A person known to be located outside the United States or whose location is not known will be presumed to be a non-United States person unless such person is identified as a United States person, or the circumstances otherwise give rise to a reasonable belief that such person is a United States person.”
In other words, if the NSA is conducting surveillance on a single VPN server, then it could be sweeping up all the traffic, with no need to filter out the data of Americans from non-US persons.
Recommended by Our Editors
The lawmakers say this could be a serious problem, considering federal agencies, including the FBI, have talked up the privacy benefits of using VPNs. The letter adds: “To that end, we urge you to be more transparent with the American public about whether the use of VPNs can impact their privacy with regard to US government surveillance, and clarify what, if anything, American consumers can do to ensure they receive the privacy protections they are entitled to under the law and Constitution.”
Gabbard’s office didn’t immediately respond to a request for comment. In the meantime, Congress is debating whether to extend Section 702 authority, which is set to expire on April 20.
About Our Expert
Michael Kan
Senior Reporter
Experience
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
