Foreign VPNs in the spotlight after US government concerns

Concerns over the usage of foreign-based VPNs mean they could be next in line for an official investigation.

In a letter obtained by CyberScoop, a senior official at the US Department of Home Security expressed worries over the usage of VPN software among government employees.

The director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), Chris Krebs, said in a recent letter to Senator Ron Wyden:

“Open-source reporting indicates nation-state actors have demonstrated intent and capability to leverage VPN services and vulnerable users for malicious purposes.”

READ NEXT: Best VPN services 2019

Krebs added: “If a US government employee downloaded a foreign VPN application originating from an adversary nation, foreign exploitation of that data would be somewhat or highly likely.”

What this essentially means is that if foreign VPNs wanted to access web-browsing data from users, they likely could. This is because some apps send user data to servers in countries that may be interested in targeting government employees.

The original letter, which prompted Krebs response, was co-penned by senator Marco Rubio, and was sent just two days after Google severed ties with Huawei.

What could this mean for VPNs?

In a bid to avoid legal issues, VPN providers typically steer clear of countries that are part of international surveillance alliances, instead choosing to base themselves in countries with stricter privacy policies.

The issues highlighted in this letter likely means that more attention will be paid to foreign-owned VPNs. Whether this means the US government will try to gain greater control over the usage and setup of the software remains to be seen.

The CISA have said they will continue to monitor the risks posed by foreign VPNs and work with US companies to minimise any risks they may currently pose.