US lawmakers have requested Lina Khan-led Federal Trade Commission (FTC) to address abusive and deceptive data practices by companies providing Virtual Private Network (VPN) services for individuals.
A VPN is an online service that purports to give users more security when connecting to the Internet by creating an encrypted data tunnel, and hiding your IP address.
US lawmakers argue that the consumer VPN industry is rife with deceptive advertising and abusive data practices.
The letter by Anna G. Eshoo and Ron Wyden describe several abusive practices in the consumer VPN industry, including promoting false and misleading claims about their services, selling user data and providing user activity logs to law enforcement, despite promises of 'total anonymity,' and a lack of oversight of the industry, in general.
"We urge you to use your authority to take enforcement actions against the problematic actors in the consumer VPN industry, focusing particularly on those that engage in deceptive advertising and data collection practices," they said.
In India, a directive from The development comes after The Indian Computer Emergency Response Team (CERT-In) sought additional compliance requirements for all VPN providers whose users are in the country. The compliance requirements mandated by newly drafted VPN rules enforces data recording and maintenance for a minimum of five years. This data would include personal details such as validated names of their customers, the period for which they hired the service, the IP addresses allotted to these users, the email addresses, the IP addresses and the time stamps used at the time of registration of the customers. VPN service providers have, however, strongly opposed the new regulations while stating that it stands against the core principles that they intend to serve, - privacy, and data protection.
This prompted major VPN service providers like NordVPN, Express VPN, and SurfShark to announce their exit from the country.
The US lawmakers said it is extremely difficult for someone to decipher which VPN service to trust, especially for those in crisis situations.
"There are hundreds, if not thousands, of VPN services available to download, yet there is a lack of practical tools or independent research to audit VPN providers' security claims," the letter read.
In December 2021, Consumer Reports (CR) found that 75 per cent of leading VPN providers misrepresented their products and technology or made hyperbolic claims about the protection they provide users on their websites, such as advertising a 'military-grade encryption' which doesn't exist.
Advocacy groups have also found that leading VPN services intentionally misrepresent the functionality of their product and fail to provide adequate security to their users.