VPN Ban Would Sabotage Cybersecurity in Michigan

This op-ed was originally published in The Detriot News.

A new bill in the Michigan Legislature threatens to ban one of the most important tools for online privacy and security.

On Sept. 11, Rep. Josh Schriver, R-Oxford, introduced HB 4938, the Anticorruption of Public Morals Act, which primarily targets the state’s obscenity laws but also includes a troubling provision against virtual private networks (VPNs). Banning VPNs would be nearly impossible to enforce and would strip universities, businesses, governments and everyday users of a critical tool for protecting sensitive data.VPNs are technologies that encrypt and reroute internet traffic through a remote server. They are commonly known for their ability to “trick” websites and apps to make it appear as if someone is browsing the internet from a different location than where they are physically present. As the redirected traffic is also encrypted, all trails of potentially identifying information — such as a user’s location or browsing history — are hidden from third parties, protecting personal data. Because of these privacy protections, the popularity of VPNs has risen in recent years. A CNET survey found that about 43% of U.S. adults use a VPN.

Proponents of the bill likely introduced this prohibition because of the shortfalls that similar content-related bills have faced with VPNs. As bills aiming to tackle different obscene content have come into effect, users of all ages have resorted to VPNs to circumvent some of the privacy-invasive practices that these bills introduced, such as mandatory age verification. However, in trying to fix this issue, banning VPNs would create havoc for the public’s privacy and cybersecurity in ways that exceed any potential justification.Businesses, researchers and government employees usually rely on VPNs as they are effective tools to protect their privacy, and any third-party personal information that might be present in their data. VPNs make their users less susceptible to cyberattacks, as they might steer potential cyber-attackers away from the digital infrastructure they connect to by showing a different location.

They also allow users to remotely access internal networks, which usually have a plethora of safety tools that protect them from any potential threats. Consumers also have benign uses for VPNs. By masking their location or IP address, consumers can prevent anyone from tracking their browsing habits. VPNs can also add additional protection when using public networks, which are more prone to cyber risks. American travelers routinely use VPNs to access U.S. news and entertainment websites that may be blocked in foreign countries.Under the current bill, all VPNs, regardless of purpose, would be outlawed. Removing this widely adopted cybersecurity tool would leave Michiganians — businesses, government agencies and consumers — more exposed to cyberattacks. Sensitive information, including financial, health and government data, would face higher risks of interception.This proposal illustrates a recurring problem: laws designed to protect minors from obscene content can inadvertently compromise privacy and safety for everyone. While protecting children online is important, banning VPNs is a blunt and counterproductive approach. Policymakers should pursue alternative solutions that protect online safety without undermining privacy. For example, law enforcement agencies addressing sexual exploitation or cybercrime could benefit from increased funding ― a solution highlighted in NetChoice’s Digital Safety Shield for America.Online safety and cybersecurity go hand in hand. By banning VPNs, Michigan would make the internet riskier, not safer, for both children and adults. Lawmakers must recognize that protecting privacy is a central component of protecting users and their data in the digital age.