U.S. Senators Urge VPN Ban for Federal Workers Over Spying | Threatpost | The first stop for security news

U.S. Senators Urge VPN Ban for Federal Workers Over Spying

Wyden and Rubio are eyeing VPN services they say could be instruments of espionage for Russia and China.

UPDATE

Two U.S. senators are taking bipartisan aim at foreign-owned virtual private networks (VPNs), which they say are often headquartered “in countries that do not share American interests or values” – specifically, China and Russia.

Sens. Ron Wyden (D-Ore.) and Marco Rubio (R-Fla.) have signed a joint letter to Christopher Krebs, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA). They’re urging an investigation into whether such VPNs present a risk to homeland security – the concern is that the services are logging web browsing data and sending it directly to Chinese and Russian intelligence.

“Because these foreign apps transmit users’ web browsing data to servers located in or controlled by countries that have an interest in targeting US government employees, their use raises the risk that user data will be surveilled by those foreign governments,” according to the letter.

Justin Jett, director of Audit and Compliance for Plixer, noted that mobile VPNs are of particular concern.

“Because apps installed on mobile devices often install ‘profiles’ that include root certificates, the apps could be written to man-in-the-middle HTTPS traffic by using TLS decryption,” he explained via email. “This happens when the app does the HTTPS handshake instead of the user’s browser. When this happens, the user’s entire interaction, including login details, is visible to the app’s developers.”

If the answer to the risk question proves to be “yes,” the senators are requesting that CISA, a recently setup division of Department of Homeland Security, issue a ban on the use of these VPNs for federal government smartphones and computers.

“In light of these concerns we urge you to conduct a threat assessment on the national security risks associated with the continued use by US government employees of VPNs, mobile data proxies and other similar apps that are vulnerable to foreign government surveillance,” the letter concluded.

Distrusting foreign services that have access to American data is not a new theme. Chinese telecom giants like Huawei and ZTE for instance have been blacklisted from bidding on major federal contracts, over fears their presence within US infrastructure could enable Beijing’s espionage efforts.

Similarly, the Department of Energy (DoE) said at the beginning of February that it will ban foreign talent-recruitment programs that are sponsored by China, Russia, Iran and North Korea, among others. It will now ask all “personnel, contracted scientists and future grant recipients” to disclose and sever ties to programs in “sensitive” countries. The DoE oversees 17 national laboratories that conduct research in sensitive fields like nuclear physics.

This posting was updated on Feb. 12 at 1:22 p.m. to reflect a copy-editing error: Rubio represents Florida, not Texas.

Interested in learning more about data privacy trends? Watch the free, on-demand Threatpost webinar, as editor Tom Spring examines the data breach epidemic with the help of noted breach hunter and cybersecurity expert Chris Vickery. Vickery shares how companies can identify their own insecure data, remediate against a data breach and offers tips on protecting data against future attacks.

 

Suggested articles

Discussion

  • Heinz Manhart on

    Look who is talking. I would never get a VPN that is located in a 5, 9 or 14 eye country. Least one in the US of A. They are obliged to hand over the log to the gouvernment on request. Some state not to log personal data (but do it anyway) or do not have a statement at all. Bottom line is, use VPN like ExpressVPN located in the British Virgin Islands, Nord VPN in Panama.
  • Rob on

    Okay but at these senators that's take money from cable lobbyists? Because if so, they can f*ck off.
  • Ssmith on

    Because only the us are allowed to monitor ands steal information from government workers of other countries.
  • Michael on

    Marco Rubio is not a Texas Republican but FL.
    • Tara Seals on

      Thanks Michael-- A bit embarrassing given that I'm actually from Texas and I know very well that Rubio does not represent my home state! It was a copy-and-paste error (I overlooked the mistake initially) but have fixed it now. Thanks again!
  • Luis R. on

    FYI, one important thing is “Please removing the democratic Taiwan out of the communist PRC on your reporting map”. Taiwan is a democratic country and also has its own elected President and sovereignty. Therefore, merging democratic Taiwan and dictatorship China together in the same country on the map that would be the most ridiculous thing. How come a democratic Taiwan is a part of Communist china?! It’s based on the China CCP govt’s declaration?! The democratic Taiwan is just not a member of the UN, which doesn’t mean democratic Taiwan is a part/regime of Communist China! Guess the article is also under communist China CCP govt’s monitoring and obeying its self-censorship rule.
    • Tara Seals on

      Hi Luis -- I replaced the picture-- which is just a stock photo pulled from the archives. It certainly wasn't an intentional political statement on our part. Thanks!
  • Mike on

    Hey Tara, Is it possible to maybe update the photo to one that is accurate? Taiwan is not a part of China and this image only adds to Chinese propaganda. Best, Mike

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.