Are American VPN users at risk of 'warrantless' government surveillance? Lawmakers now demand answers

• Six Democratic lawmakers seek clarity on whether using a VPN can strip citizens of their privacy rights
• Intelligence agencies operate under a default presumption that unknown traffic is foreign, they warn
• The FBI and NSA have historically recommended using a VPN for privacy

Millions of Americans rely on the best VPN to secure their data on public Wi-Fi or to bypass geo-restrictions. However, a new congressional inquiry suggests that this widely adopted privacy tool could inadvertently be making some users a target for US intelligence agencies.

Six Democratic lawmakers have officially pressed Director of National Intelligence Tulsi Gabbard for answers. The core concern is whether Americans using commercial VPNs are being misclassified as foreigners under US surveillance law, potentially stripping them of their constitutional rights.

The irony is not lost on the lawmakers. Several federal agencies, including the FBI, the NSA, and the Federal Trade Commission, have historically recommended that consumers use VPNs to protect their online privacy.

Yet, the open letter argues that by obscuring a user's true location, these services might lead intelligence agencies, which presume that communications of unknown origin are foreign, to inadvertently waive the privacy protections that American citizens are legally entitled to.

Why VPN traffic could be a target

The issue stems from how US intelligence agencies conduct surveillance under some controversial programs, such as those authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) and Executive Order 12333. These are designed to intercept communications belonging to foreign targets, but they often sweep up massive amounts of data from Americans in the process.

Because a virtual private network (VPN) routes traffic through VPN servers that can be located anywhere in the world, the data of thousands of users from different countries is often comingled. To an intelligence agency performing bulk collection, an American routing their traffic through a server in Europe may appear identical to a foreign citizen.

The letter explicitly references declassified guidelines stating that, under NSA procedures, a person whose location is unknown is "presumed to be a non-US person unless there is specific information to the contrary."

Because the VPN hides the user's actual location, this default assumption of being "foreign" could theoretically pull American traffic into the dragnet of warrantless surveillance.

The lawmakers do not assert that such surveillance is definitely happening, as specific details regarding these operations remain classified. Instead, they are demanding that the Director of National Intelligence "publicly disclose whether Americans who use commercial VPN services risk being treated as foreigners under United States surveillance law."

One of the signatories, Senator Ron Wyden, who serves on the Senate Intelligence Committee, has long used his position to draw attention to potential surveillance overreach.

As the debate over the renewal of Section 702 continues in Congress, this inquiry adds a significant new dimension to the privacy conversation, challenging the government to reconcile its own contradictory advice regarding digital security.

The VPN industry reaction

Christine Bannan, Senior Public Policy Manager (U.S), Proton, the provider behind Proton VPN, told TechRadar that "this ambiguity about how American VPN users will be treated under FISA 702 underlines the abuse of mass surveillance systems to spy on law-abiding people."

"Proton supports reforms that would protect the privacy rights of everyone, regardless of nationality," she added.

Gytis Malinauskas, Head of Legal at Surfshark, also told TechRadar that, while the company cannot comment on specific government surveillance laws or reforms, it "firmly believes that using a tool essential to cybersecurity should never result in diminished protection."

"Our top priority is protecting users' digital security," said Malinauskas. "When someone uses our VPN, their internet traffic is encrypted without exception in any countries we operate."

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!