Six Democratic lawmakers have called on the nation's top intelligence official to clarify whether Americans who use commercial Virtual Private Network (VPN) services risk losing their constitutional privacy protections under U.S. surveillance laws. The concern arises because VPNs obscure a user's true location, and intelligence agencies reportedly treat communications of unknown origin as foreign. Such a classification could lead to Americans being subject to warrantless government spying, a practice that ordinarily applies only to foreign targets under current law.
The letter, sent on Thursday to Director of National Intelligence Tulsi Gabbard, was signed by prominent progressive Democrats: Senators Ron Wyden, Elizabeth Warren, Edward Markey, and Alex Padilla, along with Representatives Pramila Jayapal and Sara Jacobs. These lawmakers expressed worry that Americans who follow government advice to use VPNs for privacy protection may inadvertently forfeit the very safeguards they seek.
Several federal agencies, including the FBI, the National Security Agency (NSA), and the Federal Trade Commission (FTC), have recommended that consumers use VPNs. These services help shield users' internet traffic from surveillance, particularly on public Wi-Fi networks, and allow users to access region-restricted content such as overseas sports broadcasts. However, because VPNs route user data through servers that can be located anywhere globally, the lawmakers fear this practice may expose Americans to surveillance frameworks designed for foreigners.
At the heart of the concern is how intelligence agencies handle internet traffic routed through commercial VPN servers. Because such servers aggregate traffic from many users across various countries, a single VPN server-even one physically located in the United States-may carry communications from foreign users. This makes the server-and by extension any data passing through it-a potential target for surveillance under laws that permit the government to compel U.S.-based service providers to hand over data, sometimes without a warrant.
One particularly controversial surveillance program implicated in this issue operates under Section 702 of the Foreign Intelligence Surveillance Act (FISA). This program authorizes the U.S. government to intercept vast amounts of electronic communications belonging to foreign individuals overseas. However, it also collects enormous volumes of private messages belonging to Americans, which the FBI may search without a warrant. The program's authorization is set to expire next month, prompting fierce debate in Congress over whether it should be renewed and, if so, whether reforms are necessary to better protect Americans' privacy.
The letter cites declassified intelligence community guidelines that underscore the lawmakers' concerns. According to the NSA's targeting procedures, a key principle is that if a person's location is unknown, that individual is presumed to be a non-U.S. person unless there is specific information proving otherwise. Similar presumptions exist in Department of Defense procedures governing signals intelligence. This means that Americans using VPNs that mask their location may be treated as foreigners under surveillance rules, potentially losing constitutional protections against warrantless searches.
Commercial VPN services function by routing a user's internet traffic through servers operated by the VPN company. These servers can be located anywhere in the world, and a single server may handle traffic from thousands of users simultaneously, all appearing to come from the same IP address. To an intelligence agency collecting communications in bulk, an American connected to a VPN server in Amsterdam, for example, may be indistinguishable from a Dutch citizen. This raises the possibility that Americans' communications could be swept up in foreign intelligence collections without their knowledge or consent.
The lawmakers' letter does not claim that Americans' VPN data has definitively been collected under these authorities-that information remains classified. Instead, they seek public clarification from Director Gabbard on whether using a commercial VPN affects Americans' privacy rights and, if so, how consumers can protect themselves.
Senator Ron Wyden, who sits on the Senate Intelligence Committee and has access to classified surveillance program details, is among those pressing this issue. Wyden has a well-established record of raising public awareness about intelligence practices through carefully worded statements when he cannot discuss classified information openly.
The letter also highlights concerns related to a broader surveillance authority: Executive Order 12333. This Reagan-era directive governs much of the intelligence community's foreign surveillance operations and permits bulk collection of foreigners' communications with fewer constraints than Section 702. Unlike Section 702, which is a statute subject to congressional oversight and requires approval from the Foreign Intelligence Surveillance Court, surveillance under EO 12333 operates under guidelines approved solely by the U.S. attorney general.
The same "foreignness presumption" that applies under Section 702 also applies under EO 12333. This means Americans using VPNs that route traffic through foreign servers could be exposed not just to targeted collection under Section 702 but also to broad, indiscriminate surveillance of foreign communications under EO 12333. The lawmakers warn that this situation further complicates the privacy risks VPN users face.
Americans collectively spend billions of dollars annually on commercial VPN services, many of which are offered by companies headquartered outside the United States and route traffic through overseas servers. These services are widely marketed as privacy tools, and, paradoxically, some recommendations to use VPNs come from U.S. government agencies themselves. Despite the scale of the market and the government's promotion of VPNs as privacy-enhancing technologies, consumers have received little meaningful guidance on how to safeguard their constitutional privacy rights when using these services.
In their letter, the lawmakers urge Director Gabbard to provide clear public guidance on whether and how Americans can ensure they receive the privacy protections guaranteed under U.S. law and the Constitution when using commercial VPNs. They emphasize the need for transparency around how the government interprets VPN users' legal status and what steps consumers might take to avoid inadvertent exposure to warrantless surveillance.
This issue comes at a critical moment as Congress debates the renewal of Section 702 authority. The lawmakers' call for clarification highlights broader concerns about balancing national security needs with protecting the privacy and civil liberties of ordinary Americans in an era of increasingly sophisticated digital surveillance.
An update to the story on March 26, 2026, added further details to clarify the scope of the potential surveillance described in the letter, underscoring the complexity and importance of the issue.
In summary, the letter from six Democratic lawmakers raises urgent questions about the intersection of commercial VPN use and U.S. surveillance laws. By obscuring users' locations, VPNs may unintentionally place Americans outside the reach of constitutional safeguards against warrantless government spying. The lawmakers seek transparency from intelligence officials to ensure that consumers understand the privacy implications of VPN use and to secure protections that reflect Americans' rights under the law. As surveillance authorities approach renewal deadlines, this issue underscores the ongoing tension between privacy, technology, and national security in the digital age.