One of the primary advantages of using a VPN is anonymity and privacy. One could even say that these are the sole reasons individuals purchase VPN service. What some people may not know is that VPN providers based in the UK are subject to laws which require mandatory data retention. This can compromise the overall security a VPN provides.
Before you purchase VPN service, there are a few things you should know about the data retention laws in the UK and how they affect providers in the country. This information is especially useful if you are planning to travel to or work in the UK.
The Data Retention and Investigatory Powers Act of 2014
Theresa May, the current Prime Minister of the UK, introduced the Data Retention and Investigatory Powers Act in July 2014. The measure swiftly gained Royal Assent and became law three days after May proposed the measure.
This data retention law was promoted as a benefit of national security. Parliament essentially granted wide-sweeping powers to security agencies which permits the collection of browsing data and telephone records. The measure also requires an ISP to retain data logs for its customers.
Strangely, VPN logging in the UK remains a bit of a mystery. It is unclear how many UK-based VPN providers are in compliance with a mandate to log traffic. What can be said with certainty is that the UK has a long reputation of pressuring VPN providers to release browsing histories. This became crystal clear in 2011 as a result of a hacking incident that made world headlines.
Hide My Ass and the LulzSec Incident
Cody Kreitsinger, a hacker and member of the hacker collective LulzSec, was arrested in September of 2011 on charges of hacking into the Sony Pictures website. It was not immediately known how Kreitsinger was caught, but when court documents were revealed the information was of concern to VPN users.
Kreitsinger had been using the VPN service Hide My Ass as he participated in the hacking of the Sony website. Hide My Ass had provided data logs to the FBI which directly implicated the hacker. The IP address was traced to Hide My Ass and from there the FBI obtained a court order to force the VPN provider to release their logs.
This action caused a large outcry among other users of HMA. These people were under the impression that their browsing histories and data were not retained by the provider. In one fell swoop, the Sony hack revealed holes in the security promised by many VPN providers.
To be clear, the overwhelming majority of individuals using a VPN are not hacking websites. They are using the VPN to stay in touch with family members when working or traveling abroad, or they are using it to unblock services that are permitted in their own countries such as Netflix and Skype. Most people simply want to browse the Internet without worrying about someone looking over their shoulder.
The LulzSec Incident emphasizes that individuals should do their homework before choosing a VPN provider. This is especially true for those individuals who are thinking about using a free provider.
Questions You Should Ask Your VPN Provider
Before you agree to purchase VPN service from a provider, it is important that you understand the terms and conditions of the service you are purchasing. A trusted VPN provider like VPNAccounts.com will be happy to answer any questions you may have, and they will be transparent about their policies.
First, ask in which country the VPN provider is based. If they are based in the UK, it is possible that they are subject to mandatory logging. In addition, all VPN providers with UK servers may or may not comply with the data retention mandate if they are based in another country. The fact is that the law is murky and can be hard to interpret. Still, your best bet will be to choose a provider that is based somewhere other than the UK.
Next, ask specifically what the logging and data retention policies of the VPN provider are. What you want is a VPN provider that does not retain logs of any kind. This greatly simplifies and enhances the security features of a VPN. It is a simple concept. If no logs are kept, it is impossible to turn them over to a government agency.
The one thing you should not do is jump into an agreement with a VPN provider if you do not know the answers to these questions. Be especially wary of providers who provide so-called “free” VPN service. This applies to providers based in any part of the world. Free VPN always comes with a price, even if you do not know what the price could be.