Security Experts:

Senators Concerned Over DHS Employees Using Foreign VPNs

United States senators have voiced concerns over the use of foreign-made Virtual Private Network (VPN) applications within the Department of Homeland Security (DHS). 

VPN services promise improved security and privacy when browsing the Internet by routing all of the user’s traffic through the provider’s servers, and a large number of people, including mobile users, have adopted such services for increased online privacy.

Furthermore, users are also adopting data-saving apps, including mobile browsers such as Dolphin, Yandex, and Opera, which route traffic through their servers and compress it before serving them to the user, to provide data-saving functionality.

It is the growing adoption of mobile apps that could expose U.S. government employees’ web browsing data and the routing of users’ traffic on foreign servers is worrisome, Senators Marco Rubio (R-FL) and Ron Wyden (D-OR) told Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs in a letter dated February 7. 

“We are particularly concerned about the potential threat posed by foreign-made apps that are affiliated with countries of national security concern and urge you to examine the national security risk they pose,” the letter reads (PDF). 

The Senators point out that some of these applications, many which have been downloaded by millions of users, are developed by “foreign companies in countries that do not share American interests or values.”

“Because these foreign apps transmit users’ web-browsing data to servers located in or controlled by countries that have an interest in targeting U.S. government employees, their use raises the risk that user data will be surveilled by those foreign governments. The compromise of that data could harm U.S. national security,” the Senators say. 

The letter also notes that the U.S. government has already recognized the national security risks posed the use of foreign technologies. 

The House Intelligence Committee has already recommended the U. S. should view with suspicion the increased presence of Chinese companies on the U.S. telecommunications market and the DHS last year ordered all federal agencies to remove products from Kaspersky Lab from their networks, the Senators say.

“If U.S. intelligence experts believe Beijing and Moscow are leveraging Chinese and Russian-made technology to surveil Americans, surely DHS should also be concerned about Americans sending their web browsing data directly to China and Russia,” the letter reads. 

The Sens. urge for “a threat assessment on the national security risks associated with the continued use by U.S. government employees of VPNs, mobile data proxies, and other similar apps that are vulnerable to foreign government surveillance.”

Furthermore, the Senators say that, should these services be found to pose a risk to the national security, a Binding Operational Directive should be issued, to prohibit their use on federal government smartphones and computers.

Related: Marco Rubio Proposes New Federal Data Privacy Bill

Related: Senator Urges Federal Agencies to Ditch Adobe Flash

view counter