Senators Ask Tulsi Gabbard To Tell Americans That VPN Use Might Subject Them To Domestic Surveillance
from the unfun-twist-on-an-old-story dept
This may not be an actual “Wyden siren,” but it still has his name attached to it. What’s being said here isn’t nearly as ominous as this single sentence he sent to CIA leadership earlier this year:
I write to alert you to a classified letter I sent you earlier today in which I express deep concerns about CIA activities.
Few people are capable of saying so much with so little. This one runs a bit longer, but it has implications that likely run deeper than the surface level issue raised by Wyden and others in a recent letter to Trump’s (satire is dead) Director of National Intelligence, Tulsi Gabbard. Here are the details, as reported by Dell Cameron for Wired:
In a letter sent Thursday to Director of National Intelligence Tulsi Gabbard, the lawmakers say that because VPNs obscure a user’s true location, and because intelligence agencies presume that communications of unknown origin are foreign, Americans may be inadvertently waiving the privacy protections they’re entitled to under the law.
Several federal agencies, including the FBI, the National Security Agency, and the Federal Trade Commission, have recommended that consumers use VPNs to protect their privacy. But following that advice may inadvertently cost Americans the very protections they’re seeking.
The letter was signed by members of the Democratic Party’s progressive flank: Senators Ron Wyden, Elizabeth Warren, Edward Markey, and Alex Padilla, along with Representatives Pramila Jayapal and Sara Jacobs.
That’s alarming. It’s also a conundrum. VPN use (often required for remote logins to corporate systems) is a great way to secure connections that are otherwise insecure, like those made originating from people’s homes (to log into their work stuff) or utilizing public Wi-Fi. There are also more off-the-book uses, like circumventing regional content limitations or just ensuring your internet activity can’t be tied to your physical location.
The trade-off depends on the threat you’re trying to mitigate. It’s kind of like the trade-off in cell phone security. Using biometrics markers to unlock your phone might be the best option if what you’re mainly concerned with is theft of your device. A thief might be able to guess a password, but they won’t be able to duplicate an iris or a fingerprint.
But if the threat you’re more worried about is this government, you’ll want the passcode. Courts have generally found that fingerprints and eyeballs aren’t “testimonial,” so if you’re worried about being compelled to unlock your device, the Fifth Amendment tends to favor passwords, at least as far as the courts are concerned.
It’s almost the same thing here. VPNs might protect you against garden-variety criminals, but the intentional commingling of origin/destination points by VPNs could turn purely domestic communications into “foreign” communications the NSA can legally intercept (and the FBI, somewhat less-legally can dip into at will).
That’s the substance of the letter sent to Gabbard, in which the legislators ask the DNI to issue public guidance on VPN usage that makes it clear that doing so might subject users to (somewhat inadvertent) domestic surveillance:
Americans reportedly spend billions of dollars each year on commercial VPN services, many of which are offered by foreign-headquartered companies using servers located overseas. According to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, VPNs have the potential to be vulnerable to surveillance by foreign adversaries. While Americans should be warned of these risks, they should also be told if these VPN services, which are advertised as a privacy protection, including by elements of the federal government, could, in fact, negatively impact their rights against U.S. government surveillance. To that end, we urge you to be more transparent with the American public about whether the use of VPNs can impact their privacy with regard to U.S. government surveillance, and clarify what, if anything, American consumers can do to ensure they receive the privacy protections they are entitled to under the law and Constitution.
I wouldn’t expect a response from ODNI. I mean, I wouldn’t expect one in any case, but I especially don’t expect Tulsi Gabbard to respond to a letter sent by a handful of Democratic Party members.
A warning would be nice, but even an Intelligence Community overseen by competent professionals, rather than loyalists and Fox News commentators would be hard-pressed to present a solution. To be fair, this letter isn’t asking for a fix, but rather telling the Director of National Intelligence to inform the public of the risks of VPN usage, including increasing their odds of being swept up in NSA dragnets.
Certainly the NSA isn’t concerned about “incidental collection.” It’s never been too concerned about its consistent “incidental” collection of US persons’ communications and data in the past and this isn’t going to budge the needle, especially since it means the NSA would have to do more work to filter out domestic communications and the FBI would be less than thrilled with any efforts made to deny it access to communications it doesn’t have the legal right to obtain on its own.
Since the government won’t do this, it’s up to the general public, starting with everyone sharing the contents of this letter with others. VPNs can still offer considerable security benefits. But everyone needs to know that domestic surveillance is one of the possible side effects of utilizing this tech.
Filed Under: alex padilla, domestic surveillance, ed markey, elizabeth warren, executive order 12333, fbi, national security, nsa, odni, pramila jayapal, ron wyden, sara jacobs, section 702, surveillance state, tulsi gabbard, vpn


Comments on “Senators Ask Tulsi Gabbard To Tell Americans That VPN Use Might Subject Them To Domestic Surveillance”
Eliminate section 702. Completely.
pretty vague stuff about a VPN surveillance trigger ??
but the Feds are already surveilling all of us daily at a fairly close level — and certainly need no further pretenses to do whatever they want
How utterly stupid, since there are lots of remote employees who use VPNs to securely access their work, including medical staff.
Somehow, quite unconsciously, I long ago came to the conclusion that most “incidental inclusion” isn’t actually incidental.
If only there was some sort of service that could sit between me and the wider internet, that bounced my origin so it appeared to be coming from somewhere else entirely (possibly another country even!), and had strong encryption between my PC and that service regardless of what ISP I used at home. Oh if only…
Re:
Wouldn’t this kind of hypothetical service make users of it terrorists because they could have a lot to hide since they’re trying their best to go stealth?
Also theses computer terrorists wouldn’t be tempted to start explaining too much things about any three-letter agency and will have to life in Russia because it’s safer?
No really, just accept the USA is much better than the rest of the world, and that all threats could only come from outside, and thanks CIA for getting so much data about you without bothering you to ask for it.
Well start surveilling, morons…
That is why you want your own private vpn and not a commercial one
I plan to retire to mexico and when I do I plan to park a computer here in the USA to continue to get Heartland and YouTube music down there by installing vpn software on there and connecting to that so I will still display a US address to those sites
I will not be breaking any laws in either the USA or Mexico when I do that. There is no law in either country that makes it a crime to bypass geo blocking.
By renting the space in my friends house and putting the computer there any USA web site will never detect that I am using a VPN because I will not be using a data center which is what software to detect vpn and proxy usage
question for the tech knowledgeable in the crowd...
A question for the tech knowledgeable – are there VPNs that do an ‘end to server’ encryption of all content? Perhaps after the connection is made, with a large-bit key that changes each connection instance? That way, NSA could collect data, but they might need a while to unencrypt it. Of course, with the kind of mindset driving these fools in the first place, being encrypted would be cause for them to be suspicious, because ‘secrets’. Only our government, and the Epstein class can have secrets, it seems.
Re: Only the Epstein..
Your comment reminded me of the Clash song “Know your rights” ‘Murder is a crime unless it is done by a policeman or an aristocrat” (Possibly a reference to Klaus Von Bulow)
I'm surprised...
…that this is news. Like, haven’t we known since the Snowden disclosures that they target VPN traffic under the assumption that it might be foreign in nature?
Or is there some kind of “reading between the lines” going on here that reveals something new, rather than what people have expected since forever?