Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Senators Ask DHS To Look Into US Government Workers Using Foreign VPNs (zdnet.com)

Posted by msmash on from the tussle-continues dept.

Two US senators have asked the Department of Homeland Security (DHS) to look into the possible dangers of US government workers using VPN apps that are owned by foreign companies and which redirect sensitive government-related traffic through servers located in other countries -- namely China and Russia. From a report: "If U.S. intelligence experts believe Beijing and Moscow are leveraging Chinese and Russian-made technology to surveil Americans, surely DHS should also be concerned about Americans sending their web browsing data directly to China and Russia," said Senator Ron Wyden (D-OR) and Marco Rubio (R-FL) in a letter sent to Christopher Krebs, Director of the DHS' newly founded Cybersecurity and Infrastructure Security Agency (CISA). The two would like the DHS to issue an emergency directive and ban the use of foreign VPN apps if intelligence experts deem them a national security risk.

4 of 93 comments (clear)

  1. We Amelican VPN we Plomise! by Anonymous Coward · · Score: 5, Insightful

    As if a VPN located anywhere even in the US is rated for any clearance.

  2. Just block them? by hawguy · · Score: 4, Informative

    I don't see why some congressional oversight is needed -- just block VPN apps on government owned laptops. If employees are using the apps on their personal devices, they should not have sensitive government data on those devices.

    1. Re:Just block them? by drinkypoo · · Score: 4, Insightful

      If employees are using the apps on their personal devices, they should not have sensitive government data on those devices.

      Sensitive data should never be on personal devices, period. If users need sensitive data on portable devices, those devices should be provided by the employer, and no personal data (or use) should be permitted on those devices. There are zero exceptions. If that means users need to carry two devices, so be it. What are they getting paid for, anyway?

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  3. Re:catching up to private business practices by Austerity+Empowers · · Score: 3, Interesting

    At my corporation I sure as hell am not allowed to use third-party VPN or traffic anonymizer services.

    Allowed? No. But in companies with strict firewalls and web proxies, many people who have the know-how to do it, are doing it. I have never used a VPN, I always have been able to create an SSH tunnel to a server I own, one way or another. But given the popularity of VPNs for bypassing other forms of spying and eavesdropping, it's not a surprising this ends up being the more popular way of doing the same thing... just not a good idea whether you work for the government or the corporate world. Plenty of shady Chinese companies are looking for the opportunity to steal trade secrets, don't open the door for them.

    If your companies forces web proxies, or lets your bosses spy on your browsing habits, or has some other ridiculous oppression over their network, expect it to happen.