author photo
By Bruce Sussman
Thu | Feb 14, 2019 | 7:23 AM PST

Are VPNs secure? And are VPNs safe to use?

That's the question a prominent and bipartisan pair of U.S. senators are asking CISA, the new Cybersecurity and Infrastructure Security Agency.

"Millions of consumers have downloaded these apps, some of which are made by foreign companies in countries that do not share American interests or values," wrote Republican Senator Marco Rubio and Democrat Senator Ron Wyden.

[RELATED: Senator Wyden proposes putting CISOs and CPOs in jail if they fail at security or privacy.]

The senators wrote their letter to CISA Director Christopher Krebs, trying to make the case for a VPN investigation:

"Because these foreign apps transmit users' web-browsing data to servers located in or controlled by countries that have an interest in targeting U.S. Government employees, their use raises the risk that user data will be surveilled by those foreign governments."

The question: are VPNs safe and secure?

The final paragraph of their letter finally gets to the question they want to be investigated: Are VPNs secure, and are VPNs really safe?

"In light of these concerns, we urge you to conduct a threat assessment on the national security risks associated with the continued use by U.S. government employees of VPNs, mobile data proxies, and other similar apps that are vulnerable to foreign government surveillance. If you determine that these services pose a threat to U.S. national security, we further request that you issue a Binding Operational Directive prohibiting their use on federal government smartphones and computers."

VPNs market themselves as private and secure

The idea of a Virtual Private Network, in simple terms, is to create a secure digital tunnel between your device and whatever you are connecting to or through.

For corporate America, it is good news as employees can use public Wi-Fi to connect to company servers and company data remains secure inside the digital tunnel.

However, the way many VPNs are marketed makes it seem like they give you the freedom to do whatever you would like without any entity coming after you—especially government. 

Check out this statement from "Le VPN:" 

"Agencies around the world, ranging from the MPAA (Motion Picture Association of America) to the NSA, the GCHQ (The UK’s Government Communications Headquarters) and many, many others are constantly monitoring the Internet looking for illegally shared and downloaded information. Not all data downloads and file shares are illegal but this doesn’t stop them from putting you on their watch list if they can identify you. Most of the Torrent services will provide some level of security but the problem is that they are most often not effective at preventing ID leaks. If you want to legally download and share files without winding up on one of these lists a VPN is the only way to go"

And perhaps a VPN will keep your government from seeing your information.

But now Senators Rubio and Wyden are asking another question: Will it keep a foreign government from seeing what you do, if your VPN provider is based in Russia, China, or another country that engages in cyber warfare?

We'll let you know how CISA responds.

Top 3 cyber threats to the U.S.

We know we'll hear a lot about cyber threats at 2019 SecureWorld cybersecurity conferences. Just like we did from the former Director of Operations at U.S. Cyber Command, after his keynote on the top three cyber threats to the United States: