Senators Ron Wyden and Marco Rubio are worried about the possibility of foreign VPNs used to spy on U.S. government employees. They have asked the DHS to examine the risk (via PCMag).
A popular sentiment in the privacy community is using foreign VPNs, preferably in a country not part of the Five Eyes Alliance. But now those VPNs will be investigated.
In a letter [PDF] the Senators write:
In light of these concerns, we urge you to conduct a threat assessment on the national security risks associated with the continued use by US. government employees of VPNs. mobile data proxies, and other similar apps that are vulnerable to foreign government surveillance. If you determine that these services pose a threat to US. national security, we further request that you issue a Binding Operational Directive prohibiting their use on federal government smartphones and computers.
A virtual private network (VPN) routes your network traffic through the company’s servers. This makes it look like the traffic originated from those servers. It also encrypts your network traffic and so prevents your ISP from spying on you. But since your traffic is now routed through another company, you have to be able to trust them not to spy on you. And we’re back where we started.
Read: [Facebook’s Onavo VPN app]
If a foreign VPN has been compromised by an authoritarian government, then they could spy on all of your traffic. This leaves Senators Ron Wyden and Marco Rubio concerned. There is no evidence of this right now. However, the Senators point to other risks, like Huawei’s technology and Kaspersky Lab’s software.