EFF to Wisconsin Legislature: VPN Bans Are Still a Terrible Idea

State‑level attempts to regulate the internet have surged in recent years, and Wisconsin’s S.B. 130/A.B. 105 exemplify the latest trend. The proposals combine mandatory age‑verification for sites deemed "sexual" with a blanket prohibition on virtual private networks. While the intent is to protect minors, the legislation conflates a legitimate cybersecurity tool with a loophole, ignoring the nuanced ways VPNs safeguard business data, academic research, and personal anonymity. By mandating that websites block VPN traffic, the bill forces providers into a legal catch‑22, where compliance could mean either over‑blocking legitimate users or exposing themselves to liability.

Technical feasibility quickly unravels under scrutiny. Determining a user’s physical location through a VPN is inherently unreliable; IP addresses can be masked, rerouted, or shared across continents. Consequently, websites would likely resort to broad IP blacklists, inadvertently denying access to non‑VPN users in Wisconsin or, worse, implementing nationwide restrictions to avoid state‑specific penalties. The age‑verification component compounds the problem, demanding collection of government IDs, financial details, or biometric data—information that transforms routine browsing into a surveillance exercise. For enterprises, universities, and journalists, such mandates threaten operational security and could trigger data breach liabilities.

Beyond the immediate technical and privacy concerns, the bill raises profound free‑speech implications. By expanding the definition of "harmful to minors" to include any depiction of human anatomy or discussion of sex, the legislation opens the door to sweeping censorship of lawful content. This approach mirrors broader national debates over internet regulation, where overbroad statutes risk chilling legitimate expression. EFF’s outreach underscores the need for policymakers to balance child protection with constitutional rights, urging Wisconsin’s senators to reject the measure and signaling to other states the dangers of similar VPN bans.