Actionable Insights For CISOs:
-
Advocate Privacy-Centric Policies Internally: For organizations operating globally, or even within affected jurisdictions, ensure that security policies preserve lawful VPN and encrypted communications, to protect user and employee privacy, while meeting compliance.
-
Monitor Regulatory & Legal Developments: Track similar bills or laws in jurisdictions relevant to your operations. Assess impact on remote-access strategies, cloud access, partner/vendor connectivity, and cross-border data flow requirements.
-
Prepare VPN-Independent Secure Access Strategies: Consider alternate secure access technologies (e.g. zero-trust networking, secure web gateways, identity-based access, encrypted tunnels) so that business operations remain resilient if VPN availability becomes restricted.
-
Educate Stakeholders — Board / Legal / HR / Management / Employees: Clearly communicate the security, privacy, and operational implications of a VPN ban; show that VPNs are not just “tools for illicit behavior” but essential components of modern secure infrastructure.
-
Engage with Privacy & Civil-Liberties Advocacy (Where Possible): For CISOs in organizations with influence, consider supporting or aligning with industry groups / civil-liberties organizations when such regulatory efforts arise — both to protect user rights and preserve secure infrastructure practices.
About Author:
Bruce Schneier is an internationally renowned security technologist, cryptographer, and author, often called a “security guru” by The Economist. He serves as a Lecturer in Public Policy at Harvard Kennedy School and a Fellow at the Berkman Klein Center for Internet & Society.
Bruce has written numerous influential books, including Applied Cryptography, Secrets and Lies, Data and Goliath, and A Hacker’s Mind. He also runs the popular blog Schneier on Security and the newsletter Crypto-Gram.
Throughout his career, he has shaped global conversations on cryptography, privacy, and trust, bridging the worlds of technology and public policy.
Now, let’s hear directly from Bruce Schneier on this subject:
This is crazy. Lawmakers in several US states are contemplating banning VPNs, because…think of the children!
As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of “protecting children” in A.B. 105/S.B. 130. It’s an age verification bill that requires all websites distributing material that could conceivably be deemed “sexual content” to both implement an age verification system and also to block the access of users connected via VPN. The bill seeks to broadly expand the definition of materials that are “harmful to minors” beyond the type of speech that states can prohibit minors from accessing potentially encompassing things like depictions and discussions of human anatomy, sexuality, and reproduction.
The EFF link explains why this is a terrible idea.
By Bruce Schneier (Cyptographer, Author & Security Guru)
Original Link to the Blog: Click Here
Comments