VPN Services and the FTC, U.S. Congress, New Allegations
On July 14, 2022, U.S. Congress representative Anna G. Eshoo and Senator Ron Wyden wrote a letter to Federal Trade Commission (FTC) chair Lina Khan in relation to their concerns regarding the allegedly deceptive and misleading practices that have been promoted by the numerous companies around the country that provide consumers with Virtual Private Network (VPN) services. As VPNs are online services that give users the ability to access online internet services in a more secure and protected manner by hiding the locations of said users, the overturning of Roe v. Wade on June 24, 2022, has cast doubt on the ability of these services to truly protect women who may be using said services to access healthcare information in another region of the country.
More specifically, the letter states that “In December 2021, Consumer Reports (CR) found that 75 percent of leading VPN providers misrepresented their products and technology or made hyperbolic claims about the protection they provide users on their websites, such as advertising a ‘military-grade encryption’ which doesn’t exist. Advocacy groups have also found that leading VPN services intentionally misrepresent the functionality of their product and fail to provide adequate security to their users. We’re highly concerned that this deceptive advertising is giving abortion-seekers a false sense of security when searching for abortion-related care or information, putting them at a higher risk of prosecution.”
As Section 5 of the FTC Act forbids businesses and organizations within the U.S. from selling or promoting their products and services in a fashion that is inaccurate or misleading, the allegations that members of the U.S. federal government have levied against the wide range of VPN companies that serve consumers across the country would constitute a clear violation of the law. As many leading data privacy advocates within the U.S. have suggested that women looking to access healthcare information regarding reproductive healthcare issues should utilize VPN services in an effort to better protect their privacy, VPN services that advertise or promote capabilities that are not readily available or realistic are effectively putting the lives of American citizens at risk.
Violations of personal privacy
On top of recent allegations that have been made against companies that offer VPN services within the U.S., many VPN service providers have also been accused of violating the personal data and privacy of the people that use such services when browsing the internet. To illustrate this point further, ExpressVPN, one of the most popular VPN providers in the U.S., was embroiled in a controversy when it was revealed that its CIO, Daniel Gericke, was accused by the U.S. government of breaking several laws by committing export control, computer fraud, and access devices fraud violations. As it was revealed that Gericke has been employed by the UAE’s National Electronic Security Authority (NESA), the legitimacy of the services offered by ExpressVPN was brought into question.
Alternatively, it was revealed in May of 2022 that several top VPN providers, including GeckoVPN, SuperVPN, and ChatVPN, experienced a string of data breaches that resulted in 21 million unique records being disclosed to the general public without proper authorization. The categories of data that were exposed during the course of these breaches include but are not limited to email addresses, usernames, full names, financial billing information, and randomly generated password strings. As the entire purpose of using a VPN service is to gain a greater level of protection when using online services, the occurrence of data breaches that affected these services raises questions about the ability of the providers of said services to safeguard the personal data of their respective customers.
Impact of Roe v. Wade
While the implications of the overturning of Roe v. Wade and the ability of VPN service providers to secure the personal information of their users are two distinctly different issues, they have the potential to intersect in the coming months as many U.S. states take steps to effectively outlaw the practice of abortion. Despite the fact that President Biden signed an Executive Order on July, 8th, 2022 in order to “promote access to critical reproductive healthcare services, including abortion”, there is still a substantial level of grey area regarding the matter. For example, Rachel Morrison, an attorney at the Ethics and Public Policy Center, was quoted as saying “what Biden directs HHS and the other agencies to do was already happening without this executive order, and so it seems to be mostly performative.”
As the overturning of Roe v. Wade stands to completely overhaul the fashion in which people view the protection of personal information and data, VPN service providers are the latest organizations within the U.S. to come under scrutiny for making false claims about what their services are truly providing to prospective clients. While the FTC will undoubtedly have to investigate the claims that were recently made by U.S. Congress representative Anna G. Eshoo and Senator Ron Wyden, recent developments that have taken place in the VPN industry are certainly not reassuring. To this point, ensuring that American citizens have the ability to access reproductive healthcare services without having their personal privacy invaded should be the top priority of the federal government, businesses, and the general public alike.