A hot potato: The growing popularity of commercial VPN services – long promoted as essential privacy tools – has prompted a new warning from Capitol Hill: the same technology that hides Americans' online footprints could be placing them under surveillance as if they were foreign nationals.
Six Democratic lawmakers on Thursday asked Director of National Intelligence Tulsi Gabbard to reveal whether US citizens who connect through VPNs are losing constitutional protections against warrantless spying. Their letter argues that because virtual private networks obscure a user's true location, intelligence agencies may presume those communications are foreign in origin – a classification that could leave Americans exposed to surveillance programs meant for non-US targets.
The signatories, Senators Ron Wyden, Elizabeth Warren, Edward Markey, and Alex Padilla, along with Representatives Pramila Jayapal and Sara Jacobs, said the situation demands transparency. Their message to Gabbard is that ordinary privacy practices may be undermining legal safeguards many Americans assume remain intact.
Commercial VPNs route internet traffic through servers that can sit anywhere in the world. That makes it harder for US intelligence agencies to determine where a communication truly originates. According to declassified guidelines cited in the letter, the National Security Agency presumes that "a person whose location is unknown is presumed to be a non-US person unless there is specific information to the contrary." The Department of Defense applies a similar rule in its own signals-intelligence procedures.
That blanket assumption carries significant risk for domestic users, especially as millions of Americans rely on VPNs for ordinary reasons: securing connections on public Wi-Fi, accessing region-locked media, or shielding personal data from advertisers. The lawmakers said that under current intelligence-collection authorities, packets of data flowing through these global VPN networks could easily be swept into foreign surveillance streams.
Section 702 of the Foreign Intelligence Surveillance Act is the legal mechanism that permits warrantless targeting of foreigners overseas. The program sweeps up vast quantities of communications, including messages sent by Americans, and the FBI may later search them without a warrant.
Section 702 is due to expire next month, and its possible renewal has become one of the most politically charged fights in Washington over the balance between national security and personal privacy.
Wyden – who sits on the Senate Intelligence Committee and has a history of pressing the government on secret spying practices – has often used public letters like this one to flag classified concerns that he cannot discuss openly. His presence signals that this is more than a routine question about how internet traffic is routed.
Beyond Section 702, lawmakers also raised alarms about Executive Order 12333, the Reagan-era directive that authorizes wide-ranging foreign surveillance operations with far fewer constraints. Unlike Section 702, which requires court oversight, surveillance under EO 12333 proceeds under guidelines approved solely by the US attorney general. The letter cautions that the same "foreignness presumption" that applies under 702 also governs collection under 12333, meaning that data from Americans routed through foreign VPN servers could be swept into "bulk, indiscriminate surveillance of foreigners' communications."
Adding to the irony, multiple US agencies – from the NSA to the Federal Trade Commission – have recommended VPNs to strengthen online security. Yet, as the lawmakers note, consumers have received little official guidance about how to use those services without inadvertently forfeiting the rights intended to protect them. "Clarify what, if anything, American consumers can do to ensure they receive the privacy protections they are entitled to under the law and the US Constitution," the letter concludes.