In a bi-partisan effort by a pair of United States Senators, Marco Rubio (R- Florida) and Ron Wyden (D – Oregon) have drafted a letter imploring that the director of the Cybersecurity & Infrastructure Security Agency begin an investigation into the use of foreign operated VPN services by federal employees.
The sense of urgency is prompted by a fear that national security could be jeopardized by unvetted VPN services potentially acting as outlets of foreign surveillance upon unsuspecting employees of the United States government.
The threat of foreign-based security software first came onto the U.S government’s radar in the fall of 2017, when the Russian owned and operated antivirus firm Kaspersky Lab was ordered to be removed from all U.S government computers by Homeland Security. Israeli intelligence found evidence of the software being used by the Russian government to probe federal systems in search of American intelligence secrets. Subsequent testimony by officials from both the FBI and CIA about the trustworthiness of Kaspersky products helped lead to an outright ban of Kaspersky Lab software from all U.S government networks thanks to a formal vote by the United States Senate.
As a result, the British and Dutch governments followed suit with the Americans and banned Kaspersky from their government networks, and soon after were followed by the entire European Union. Retail-giant Best Buy even pulled all Kaspersky products from their shelves in response to their actions.
Kaspersky Lab was initially founded back in 1997 by Eugene V. Kaspersky, a prominent Russian software developer whose background as a student at a KGB operated high school in the former Soviet Union and later as a software writer for the Red Army led to some raised eyebrows in the intelligence community.
All of which in the new push to vet the credibility of foreign-based VPN services, has placed the Kaspersky relationship with AnchorFree’s Hotspot Shield in a negative light. The partnership between the two was initially public but has since been downplayed, with Hotspot Shield pulling language about their partnership away from the privacy/ FAQ page on their website.
But by Eugene V. Kaspersky’s own social media boasting, it’s clear that he deems the Hotspot Shield VPN to be one and the same with his company’s own Kaspersky Secure Connection.
@bmconlon we partner w Anchorfree for VPN. Kaspersky Secure Connection = rebranded version of award winning Hotspot Shield
— Eugene Kaspersky (@e_kaspersky) June 1, 2017
The user privacy problems associated with Hotspot Shield were well documented before their Kaspersky connection threatened to undermine the remaining credibility they had enjoyed as a trustworthy VPN. The renowned internet privacy watchdog Center for Democracy & Technology (CDT) filed a 14-page report back in 2017 that urged the Federal Trade Commission (FTC) to investigate the company on account of deceptive practices.
In response, AnchorFree CEO David Gorodyansky disputed the CDT claims as unfounded. “We have never given or sold any user data, and our perspective on user data is not to store any data related to user IP addresses or Personally Identifiable Information.” The problem being that this language didn’t align with the lofty promises his company’s privacy page made at the time he went on the record with this quote.
David Gorodyansky did some delicate backtracking when confronted by the misalignment between his company’s website language and his own statement, “We are in the process of updating our user policy to reflect the reality around how our systems work, and the reality is that many of the items are not actually accurate”.
These revelations are not necessarily unique grievances to Hotspot Shield; but are indicative of a lack of transparency with consumers about the specific policies that their company is practicing when it comes to data logging and sharing. If the VPN industry would endeavor to be more collectively transparent and to permit itself to be openly audited for the sake of public scrutiny, many of these embarrassing miscues or bad optics could be avoided. And VPN companies would not feel complacent about not being open and candid about their logging practices, it would force VPN companies to be in alignment with all of their marketing claims in order to remain in good standing amongst their competition and with consumers.
Sloppy practices aside, the dubious Russian ties between AnchorFree and Kaspersky are cause for great pause when it comes to assessing the reliability and trustworthiness of a VPN such as Hotspot Shield. Between Eugene V. Kaspersky’s KGB influenced education and background as a Soviet military operative alongside AnchorFree’s Soviet born CEO, the natural rapport between the two entrepreneurs goes deeper than an average business partnership. And with one company banned from several western government networks and the other being hounded by privacy watchdogs for deceptive practices, it seems as though it is a partnership between two companies comfortable with duplicitous reputations.
And reputations (preferably ones backed by verified audits) are the only thing the average consumer has to go by when it comes to protecting themselves from untrustworthy VPN providers, foreign or domestic. All thing considered, with blatantly suspicious outfits such as those run by Kaspersky and Gorodyansky becoming commonplace, Senator Rubio and Senator Wyden were well-advised when they asked the head of federal cybersecurity to investigate the potential impact of unvetted foreign VPN services upon the security of the United States government.