back to article Senator: US govt staff may be sending their smartphone web traffic 'wrapped in a bow' to Russia, China via VPNs

US government workers may be placing America's national security at risk as there is no official policy banning them from running their smartphones' personal and official internet traffic through untrustworthy foreign-hosted VPN services. A letter [PDF] from Homeland Security's Cybersecurity and Infrastructure Security Agency …

  1. Kernel

    It's not really surprising.

    "That US government employees are still able to use foreign VPNs is also something of a glaring blind spot in the White House's crusade against eavesdropping from foreign IT vendors."

    Presumably US based VPN providers don't have enough lobbyists to raise "national security" concerns sufficiently high His Orangeness's awareness to get a ban tweeted - more investment required!

    1. IceC0ld

      Re: It's not really surprising.

      looking for the face palm icon :o(

      1. Spacedinvader
        Facepalm

        Re: It's not really surprising.

        That one? --->

        1. Anonymous Coward
          Anonymous Coward

          ICON

          How many people saw that as someone rubbing a large nose?

    2. GnuTzu

      Re: It's not really surprising.

      At least the places I've worked, both government and civilian, have had policies within the organization limiting BYOD to "guest" networks that are limited and forbidding dual homing for business-issued devices. It would be good for this sort of thing to be applied in some wider policy.

  2. Anonymous Coward
    Anonymous Coward

    It's called normalisation ..

    .. and it was about the first thing we did some 15 years ago when we interconnected all departments of a well known government.

    By simplifying interconnects and making the network more structured you end up with a simplified risk model which makes it then VERY simple to define standards that must be followed because you don't have a gazillion different ones. It also makes for simpler rules to follow for people.

    But hey, that needs (a) smart people and (b) a relative degree of freedom from politics so you can actually get some work done. I can't see that happen in the US..

    1. Robert Helpmann??
      FAIL

      Re: It's called normalisation ..

      I can't see that happen in the US.

      The way that things of this nature have played out in the US has been that something goes horribly wrong and then everyone reacts to it. Why should this be any different?

  3. FozzyBear
    Black Helicopters

    As a result, Krebs says, there is a "low to moderate" risk that some US government communications could be intercepted by an overseas VPN service and handed over to a hostile government in, oh, say, Russia or China.

    However, it is an absolute certainty that your personal information and Geospatial telemetry information is being gathered by Google & Apple. Even when you try to disable those options. I wonder which is more valuable over time

    1. Anonymous Coward
      Anonymous Coward

      My Motorola Razr V8 seems to get more valuable by the hour.

  4. redpawn Silver badge

    like babies' perception

    If I can't see where the data goes to get there, no one can.

  5. cantankerous swineherd Silver badge

    ditto opera browser?

    1. Paul Crawford Silver badge

      As Opera is now Chinese owned then most definitely.

      But why do you use Opera? If it is to bypass pr0n filters and similar then not really such a big issue, if it is for accessing gov web sites and similar then the MITM approach they use to compressing https pages is a much bigger risk than encrypted page info passing a VPN point in a foreign location.

  6. Anonymous Coward
    Anonymous Coward

    TL;DR ... but I bet

    there's nothing in that report to address why so many people feel the need to use VPNs and evade the gaze of Uncle Sam ?

  7. SotarrTheWizard
    WTF?

    So why do PUBLIC servants. . .

    . . . use a VPN to hide their traffic on GOVERNMENT-issued phones ?? Personal, no worries. But their issued phones ??

    1. Anonymous Coward
      Anonymous Coward

      Re: So why do PUBLIC servants. . .

      For the same reasons politicians prefer talking in back rooms.

      What cannot be subpoenaed is an advantage, working in a system full of individuals easily empowered to wage court fights.

  8. Anonymous Coward
    Anonymous Coward

    Varies across agancies

    Krebs told Wyden. "No overarching US government policy or whitelist restricts users from downloading a foreign VPN application on government-operated mobile devices. Policy restrictions vary across departments and agencies."

    I have been told on multiple occasions "you install anything unauthorized on this, and we wipe it and lock it out, until you bring it back." But the DOD is a little bit more anal than some other agencies. I was even once told "You do anything unauthorized with this, and we will come and get it.", and we are not talking about a nice visit from your manager, we are talking about armed personnel showing up at your house, or where ever you happened to be.

    So, ya, policies vary.

  9. batfink Silver badge

    I see a ban coming up...

    I predict that this will be an excuse to ban VPNs entirely, so that the Three-Letter Agencies can have an easier time reading your traffic.

    Plus of course we can't have people defeating geolocation...

  10. hmayle

    I suspect that the main thing that these foreign governments will learn from this traffic is how incredibly corrupt the US government really is from top to bottom.

  11. chrisgibson

    More likely the US Government are miffed that they can't intercept the traffic because people are using VPNs not covered by Five Eyes.

  12. Anonymous Coward
    Anonymous Coward

    Politician who knows........

    Mr. Wyden does seem to be one of the few Yankee politicians who knows what he's talking about and seems eminently sensible (for a politician - I would just qualify!). Could do with a few like him here in the UK, which currently seems to be full of "yes" men (and women too, of course. Mustn't be sexist!) who have little or no technical knowledge. How about him for president, then?

  13. Anonymous Coward
    Anonymous Coward

    Handed over?

    "...intercepted by an overseas VPN service and handed over to a hostile government..."

    The phrase "handed over" presupposes that the hostile or otherwise governments are somehow separated from those running at least some of these VPNs. It's a naive assumption.

    They'd have cheap ones, but offer some reassuringly expensive ones too. They'd be hosted offshore, and others on AWS. Whatever combination that you think is safe, they'd offer.

    Hilariously self-financing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021