The United States National Security Agency (NSA) has used emergency legislation brought in following 9/11, plus numerous legal loopholes, to spy on just about everything every a US citizen does online.

And when these measures have proved insufficient to collect the vast troves of personal data that it craves, the NSA and US government have resorted to simply breaking the law, and then bare-faced lying about it in order to continue spying.

In its efforts to “collect it all”, the NSA has co-opted US tech companies (doing no end of damage to their reputations when found out) and then spied their communications when this proved insufficient. It has deliberately weakened and circumvented the international encryption standards that all internet users need to keep our data safe, infected thousands of computers with malware, and even resorted to extracting metadata from mobile apps such as Angry Birds.

In theory, the main piece of legislation underpinning the NSA’s legal right to perform mass surveillance of the US populace, Section 215 of the USA Patriot Act, was allowed to expire on 1 June this year (2015,) but in practice the government has authorized the collection of citizen’s data to continue unrestricted.

It should be stressed that while, thanks to Snowden, it is the NSA that has been caught with its pants down, it is almost certain that other government “alphabet agencies” (such as the FBI, CIA and DEA,) are also engaged in unconstitutional mass surveillance of ordinary Americans.

A good example of this is the FBI’s indiscriminate (and illegal) use of Stingray cell phone surveillance devices. The NS is also known to pass on data it collects to other government agencies.

A further point to note is that while US citizens’ constitutional rights have been ridden over roughshod by the US government its surveillance programs, they do at least have some rights. Non-US citizens who use US services, who even whose data simply passes through the US (as a huge proportion of it does,) have no such protections (theoretical though these they may be.)

Technically speaking, the only websites banned in the US relate to obvious crime (for example those promoting to terrorism or child pornography.) However, in 2014 the United States was added to Reporters Without Borders‘ list of “Enemies of the Internet“, a category of countries with the highest level of Internet censorship and surveillance, stating that,

“The US… has undermined confidence in the Internet and its own standards of security. U.S. surveillance practices and decryption activities are a direct threat to investigative journalists, especially those who work with sensitive sources for whom confidentiality is paramount and who are already under pressure.”

This is a view supported by findings from PEN America that have this year reconfirmed an earlier report showing that writers in the US are increasing resorting to self-censorship in the face of blanket government surveillance.

Furthermore, while perfectly legal websites dealing with how to improve internet security and evade surveillance and censorship are not themselves actively censored in the US, visiting them (or even researching them) is grounds for the NSA to take an active interest in you!

Note that this includes VPN websites, probably also including this one (as even something as innocuous Linux Journal made the NSA’s hit list!)
Copyright enforcement

In addition to government surveillance, internet users in the US have to contend with an extremely well-funded, and aggressive pro-copyright lobby that exerts its considerable power and influence to make the internet less free in the name of copyright protection.

Unlike in Europe, US providers have largely resisted demands to censor “BitTorrent” websites, streaming websites, and other content regarded as promoting or facilitating copyright infringement. However, most large ISPs (AT&T, Cablevision, Comcast, Time Warner Cable and Verizon) have been pressurized into implementing the Copyright Alert System (CAS, aka the “six-strikes program”.)

Under this scheme, participating ISPs impose a ‘graduated response’ on offenders when issued with a DMCA notice alerting them to a copyright violation. Initially this is a warning, which after up to six warnings leads to the implementation of ‘mitigation measures’, such as restricting which websites can be visited, or throttling internet speeds.

More worrying is the danger that your ISP will hand over your details to rights holders or copyright trolls (legal agencies who represent rights holders and specialize in making money through copyright litigation.)

This increasingly common practice typically results in offenders being sent letter demanding cash settlements (often for thousands of dollars) on pain of very costly legal proceedings. Nasty.
So is it safe to use US VPN companies?

1. Unlike many countries, the United Sates has no mandatory data retention laws, leading some to regard the US as a good location to base a VPN business. However…

If an ISP or VPN provider does retain any data relating to its customers (i.e. it keeps logs), then according to the Stored Communications Act it is required to hand these over on receipt of a court order from a law enforcement agency.

In addition to this, if investigators or prosecutors are able to identify an individual, they can require a VPN company to keep records of that individual’s on-line activity, and credit card payments etc. for a limited amount of time (90 days, renewable for another 90 days), and if a National Security (‘Pen’) Letter is issued under the Patriot Act, the provider can be ‘gagged’ i.e. prevented from informing its customers that they are being watched.

2. The NSA has proven that it will stop at nothing to undermine the internet’s encryption standards, to co-opt or otherwise access all users’ data from the big tech giants, and given its powers to strong-arm US companies into giving up their customers’ data (highlighted by security firm Lavabit’s refusal to conform to such tactics), it seems unlikely in the extreme that the NSA has not bothered to infiltrate/co-opt/strong-arm VPN companies whose very purpose it is to provide privacy for their users.

Small companies such as LiquidVPN may not have attracted such attention yet, but there is no way of knowing this for sure. The fact that high-profile VPN companies such as PIA claim not have been interfered with by the NSA and its ilk only reduces my level of trust in such providers.

3. Even without government interference, and despite not being required by law, most US-based VPN companies do keep logs. This is because it is by far the simplest way the highly aggressive anti-piracy lobby (discussed above) happy, as by keeping logs repeat copyright offenders can easily be banned.

Some US VPN providers do maintain strict no logs policies, however (ignoring the NSA for the time-being), and will defend their customers against DMCA notices and suchlike. Because the climate against downloading in the US is so hostile, these companies (and other non-US VPN providers) often ask or require users restrict to P2P downloading activity to non-US servers in order to avoid aggravation from right holders.
US TV and streaming

US programing is extremely popular worldwide, and geo-spoofing your physical location in order to watch US streaming services such as HBO Now and Netflix is a reason for many people use VPN in the first place (although Netflix is now available in most countries, Americans enjoy a much larger catalogue than do users elsewhere. For more information, check out our article on 5 Best VPNs for Netflix.

Hulu Plus is also a very popular service, but it now bans users of many VPN services from accessing it (based on the IP ranges of VPN providers.) Hulu Plus can, however, still be accessed through SmartDNS.

If you are concerned about your internet activity being spied on by the US government (as you should be!) then I strongly recommend using a non-US VPN provider (and preferably not one based in a Five Eyes partner countries either,) and avoiding US-based servers.

If your primary reason for using VPN is to download content via P2P, then a US-based provider that allows VPN (such as ExpressVPN or IPVanish might be a better choice, as these usually have lots of US servers, allowing you to connect to a fast one nearby (if permitted.)