Dell Cameron Security Mar 26, 2026 9:32 AM Using a VPN May Subject You to NSA Spying US lawmakers are pressing Tulsi Gabbard to reveal whether using a VPN that connects to overseas servers can strip Americans of their constitutional protections against warrantless surveillance. Photo Illustration: WIRED Staff; Getty Images Save this story Save this story Six Democratic lawmakers are pressing the nation's top intelligence official to publicly disclose whether Americans who use commercial VPN services risk being treated as foreigners under United States surveillance law—a classification that would strip them of constitutional protections against warrantless government spying. In a letter sent Thursday to Director of National Intelligence Tulsi Gabbard , the lawmakers say that because VPNs obscure a user's true location, and because intelligence agencies presume that communications of unknown origin are foreign, Americans may be inadvertently waiving the privacy protections they're entitled to under the law. Several federal agencies, including the FBI, NSA, and FTC, have recommended that consumers use VPNs to protect their privacy . But following that advice may inadvertently cost Americans the very protections they're seeking. The letter was signed by members of the Democratic Party’s progressive flank: Senators Ron Wyden, Elizabeth Warren, Edward Markey, and Alex Padilla, along with Representatives Pramila Jayapal and Sara Jacobs. The concern applies specifically to Americans who connect to VPN servers located in other countries—something millions of users do routinely, whether to access region-restricted content like overseas sports broadcasts, or simply because their VPN app selected a foreign server by default. When they do, their internet traffic can become indistinguishable from that of a foreigner. Under a controversial warrantless surveillance program, the US government intercepts vast quantities of electronic communications belonging to people overseas. The program also sweeps in enormous volumes of private messages belonging to Americans, which the FBI may search without a warrant, even though it is authorized to target only foreigners abroad. The program, authorized under Section 702 of the Foreign Intelligence Surveillance Act, is set to expire next month and has become the subject of a fierce battle in Congress over whether it should be renewed without significant reforms to protect Americans' privacy. Thursday’s letter points to declassified intelligence community guidelines that establish a default presumption at the heart of the lawmakers' concern: Under the NSA's targeting procedures , a person whose location is unknown is presumed to be a non-US person unless there is specific information to the contrary. Department of Defense procedures governing signals intelligence activities contain the same presumption. Commercial VPN services work by routing a user's internet traffic through servers operated by the VPN company, which may be located anywhere in the world. A single server may carry traffic from thousands of users simultaneously, all of it appearing to originate from the same IP address. To an intelligence agency collecting communications in bulk, an American connected to a VPN server in, say, Amsterdam looks no different from a Dutch citizen. The letter does not assert that Americans' VPN traffic has been collected under these authorities—that information would be classified—but asks Gabbard to publicly clarify what impact, if any, VPN use has on Americans' privacy rights. Among those pressing the question is Wyden, who as a member of the Senate Intelligence Committee has access to classified details about how these surveillance programs operate and has a well-documented history of using carefully worded public statements to draw attention to surveillance practices he is unable to discuss openly. The letter also raises concerns about a second, broader surveillance authority: Executive Order 12333 , a Reagan-era directive that governs much of the intelligence community's foreign surveillance operations, and permits the bulk collection of foreigners' communications with even fewer constraints than Section 702. While 702 is a statute with congressional oversight that requires approval from the Foreign Intelligence Surveillance Court, EO 12333 surveillance operates under guidelines approved by the US attorney general alone . The letter warns that the same foreignness presumption applies under both authorities, meaning Americans on foreign VPN servers could be exposed not just to targeted collection under 702 but to what the lawmakers describe as "bulk, indiscriminate surveillance of foreigners' communications." Americans spend billions of dollars each year on commercial VPN services, many offered by foreign-headquartered companies that route traffic through servers located overseas. The letter notes that these services are widely advertised as privacy tools, including by elements of the federal government itself. Despite the scale of the market, the letter suggests consumers have been given no meaningful guidance on how to protect themselves. The lawmakers urge Gabbard to "clarify what, if anything, American consumers can do to ensure they receive the privacy protections they are entitled to under the law and the US Constitution." Comments Back to top You Might Also Like In your inbox: Upgrade your life with WIRED-tested gear Nvidia plans to launch an open-source AI agent platform Big Story: He built the Epstein database —it consumed his life Should you leave your phone charging overnight ? Watch: How right wing influencers infiltrated the government Dell Cameron is an investigative reporter from Texas covering privacy and national security. He's the recipient of multiple Society of Professional Journalists awards and is co-recipient of an Edward R. Murrow Award for Investigative Reporting. Previously, he was a senior reporter at Gizmodo and a staff writer for the Daily ... Read More Senior Reporter, National Security Topics surveillance privacy NSA FBI VPN spying law Policy Read More US Lawmakers Move to Kill the FBI’s Warrantless Wiretap Access A bipartisan bill would force the FBI to get a warrant to read Americans’ messages and ban the federal purchase of commercial data on US residents ahead of a critical April deadline. Dell Cameron A Top Democrat Is Urging Colleagues to Support Trump’s Spy Machine Congressman Jim Himes claims a sweeping surveillance authority should stay intact because he hasn't seen abuses by Kash Patel's FBI, according to internal messaging obtained by WIRED. Dell Cameron DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal’ Orders Department of Homeland Security leaders removed top privacy officers who objected to mislabeling government records to block their public release, WIRED has learned. Dell Cameron How Vulnerable Are Computers to an 80-Year-Old Spy Technique? Congress Wants Answers A pair of US lawmakers are calling for an investigation into how easily spies can steal information based on devices’ electromagnetic and acoustic leaks—a spying trick the NSA once codenamed TEMPEST. Andy Greenberg Here’s What a Google Subpoena Response Looks Like, Courtesy of the Epstein Files The US Justice Department disclosures give fresh clues about how tech companies handle government inquiries about your data. Maddy Varner How Federal Agencies Got Caught Up in Trump's Anti-Immigration Crusade WIRED spoke with workers across seven government agencies—from the IRS to HUD—about how their work has been contorted to support ICE and other immigration efforts. Vittoria Elliott Senators Demand to Know How Much Energy Data Centers Use In a letter sent Thursday morning, Elizabeth Warren and Josh Hawley press the Energy Information Agency to mandate annual electricity disclosure for data centers. Molly Taft CBP Used Online Ad Data to Track Phone Locations Plus: Proton helped the FBI identify a protester, the Leakbase cybercrime forum was busted in an international operation, and more. Dell Cameron How Journalists Are Reporting From Iran With No Internet After strikes killed senior Iranian officials, Iran cut off internet access. Journalists are relying on satellite links, encrypted apps, and smuggled footage to report from inside the country. Mahmoud Aslan Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck Plus: The FBI admits it’s buying phone data to track Americans, Iranian hackers disrupt medical care at Maryland hospitals, and more. Matt Burgess Your Body Is Betraying Your Right to Privacy Attachment to smart devices and biometric surveillance leaves Americans more vulnerable to police searches than ever. Left unchecked it will only get worse. Andrew Guthrie Ferguson All the Ways Big Tech Fuels ICE and CBP A WIRED analysis shows that ICE and CBP have collectively spent at least $515 million on products from Microsoft, Amazon, Google, and Palantir in the last few years alone. Caroline Haskins