Foreign VPN apps need a close look from DHS, senators say

If the U.S. intelligence community worries about Huawei and Kaspersky, DHS should worry about federal government use of certain foreign VPN apps, says Sens. Marco Rubio and Ron Wyden.
mobile technology
(Getty Images)

The Department of Homeland Security should assess the security threat posed by foreign VPN applications to U.S. government employees, a bipartisan pair of senators says.

Some popular VPN apps send a phone’s web-browsing data to servers in countries interested in targeting federal personnel, raising “the risk that user data will be surveilled by those foreign governments,” Sens. Marco Rubio, R-Fla., and Ron Wyden, D-Ore., wrote in a letter to DHS Thursday. VPN providers promise to obfuscate the physical location of a web browser, but users are generally at the mercy of those companies’ decisions to collect and log data.

The senators cite government warnings about products made by Chinese telecommunications companies and Russian antivirus vendor Kaspersky Lab as examples of the surveillance that certain foreign technology can enable. (Kaspersky and Chinese companies Huawei and ZTE have denied those allegations.)

“If U.S. intelligence experts believe Beijing and Moscow are leveraging Chinese and Russian-made technology to surveil Americans, surely DHS should also be concerned about Americans sending their web browsing data directly to China and Russia,” states the letter to Chris Krebs, director of DHS’s Cybersecurity and Infrastructure Security Agency.


If a DHS assessment finds foreign VPN apps to be a threat to U.S. national security, the department should issue a Binding Operational Directive (BOD) barring their use on government smartphones and computers, the senators advised. In September 2017, DHS issued a BOD banning Kaspersky products on federal civilian networks.

You can read the full letter below.

[documentcloud url=”” responsive=true]

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts