VPN Services and the FTC, U.S. Congress, New Allegations

July 13, 2022 | 4 minutes read
VPN Services and the FTC, U.S. Congress, New Allegations

On July 14, 2022, U.S. Congress representative Anna G. Eshoo and Senator Ron Wyden wrote a letter to Federal Trade Commission (FTC) chair Lina Khan in relation to their concerns regarding the allegedly deceptive and misleading practices that have been promoted by the numerous companies around the country that provide consumers with Virtual Private Network (VPN) services. As VPNs are online services that give users the ability to access online internet services in a more secure and protected manner by hiding the locations of said users, the overturning of Roe v. Wade on June 24, 2022, has cast doubt on the ability of these services to truly protect women who may be using said services to access healthcare information in another region of the country.

More specifically, the letter states that “In December 2021, Consumer Reports (CR) found that 75 percent of leading VPN providers misrepresented their products and technology or made hyperbolic claims about the protection they provide users on their websites, such as advertising a ‘military-grade encryption’ which doesn’t exist. Advocacy groups have also found that leading VPN services intentionally misrepresent the functionality of their product and fail to provide adequate security to their users. We’re highly concerned that this deceptive advertising is giving abortion-seekers a false sense of security when searching for abortion-related care or information, putting them at a higher risk of prosecution.”

FTC Act

As Section 5 of the FTC Act forbids businesses and organizations within the U.S. from selling or promoting their products and services in a fashion that is inaccurate or misleading, the allegations that members of the U.S. federal government have levied against the wide range of VPN companies that serve consumers across the country would constitute a clear violation of the law. As many leading data privacy advocates within the U.S. have suggested that women looking to access healthcare information regarding reproductive healthcare issues should utilize VPN services in an effort to better protect their privacy, VPN services that advertise or promote capabilities that are not readily available or realistic are effectively putting the lives of American citizens at risk.

Violations of personal privacy

On top of recent allegations that have been made against companies that offer VPN services within the U.S., many VPN service providers have also been accused of violating the personal data and privacy of the people that use such services when browsing the internet. To illustrate this point further, ExpressVPN, one of the most popular VPN providers in the U.S., was embroiled in a controversy when it was revealed that its CIO, Daniel Gericke, was accused by the U.S. government of breaking several laws by committing export control, computer fraud, and access devices fraud violations. As it was revealed that Gericke has been employed by the UAE’s National Electronic Security Authority (NESA), the legitimacy of the services offered by ExpressVPN was brought into question.

Alternatively, it was revealed in May of 2022 that several top VPN providers, including GeckoVPN, SuperVPN, and ChatVPN, experienced a string of data breaches that resulted in 21 million unique records being disclosed to the general public without proper authorization. The categories of data that were exposed during the course of these breaches include but are not limited to email addresses, usernames, full names, financial billing information, and randomly generated password strings. As the entire purpose of using a VPN service is to gain a greater level of protection when using online services, the occurrence of data breaches that affected these services raises questions about the ability of the providers of said services to safeguard the personal data of their respective customers.

Impact of Roe v. Wade

While the implications of the overturning of Roe v. Wade and the ability of VPN service providers to secure the personal information of their users are two distinctly different issues, they have the potential to intersect in the coming months as many U.S. states take steps to effectively outlaw the practice of abortion. Despite the fact that President Biden signed an Executive Order on July, 8th, 2022 in order to “promote access to critical reproductive healthcare services, including abortion”, there is still a substantial level of grey area regarding the matter. For example, Rachel Morrison, an attorney at the Ethics and Public Policy Center, was quoted as saying “what Biden directs HHS and the other agencies to do was already happening without this executive order, and so it seems to be mostly performative.”

As the overturning of Roe v. Wade stands to completely overhaul the fashion in which people view the protection of personal information and data, VPN service providers are the latest organizations within the U.S. to come under scrutiny for making false claims about what their services are truly providing to prospective clients. While the FTC will undoubtedly have to investigate the claims that were recently made by U.S. Congress representative Anna G. Eshoo and Senator Ron Wyden, recent developments that have taken place in the VPN industry are certainly not reassuring. To this point, ensuring that American citizens have the ability to access reproductive healthcare services without having their personal privacy invaded should be the top priority of the federal government, businesses, and the general public alike.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »