Taiwan has become the first country to formally block public sector bodies from using the embattled video conferencing platform Zoom in light of mounting security concerns.
The executive branch of its government’s Department of Cyber Security (DCS) has issued a formal advisory to government organisations and non-government agencies against using platforms associated with security risks.
Zoom has been singled out, by name, as a platform which, if used, contravenes rules set out under the nation’s Cyber Security Management Act, which passed last year. The legislation introduced robust information and data security measures, which aim to defend Taiwan’s critical communications infrastructure.
Organisations and businesses, under the advisory, should use services that are developed domestically, and platforms that haven’t been publicly associated with security issues - which Zoom has.
If it’s not possible to find local video conferencing applications, the official advisory recommended that organisations use products developed by Google and Microsoft, as well as other “global information and communications giants”. Many of these companies are offering their services for free amid the global coronavirus pandemic.
The platform has just endured a nightmare couple of weeks, in which a litany of issues, both major and minor, have been brought to light by researchers and reporters.
The software, for example, claimed to have end-to-end encryption when this simply wasn’t the case. Concerns were raised, moreover, that iPhone users’ personal and device data was being transferred to Facebook against their explicit consent. This aspect of the platform was fixed shortly after it was first reported, with Zoom killing the particular Facebook integration.
These issues have arisen in addition to the phenomenon of ‘Zoom-bombing’ in which unauthorised third-parties are dropping into sessions unannounced. The extent to which this was happening led the FBI to issue an official warning. This major privacy concern has sent Zoom stocks plummeting over the last couple of days, falling nearly 15% as of Monday 7 April.
The constant stream of news has led to organisations considering whether or not to ban staff from using the video conferencing platform altogether. Elon Musk’s SpaceX, for example, has gone so far as to disable all staff access to the software in light of the threat of ‘Zoom bombing’ and the lack of true end-to-end encryption.
Five essentials of a secure modern workplace
The CIO's guide to unleashing productivity whilst minimising risk
Although no other country has yet banned Zoom, the UK’s Ministry of Defence (MoD) has recommended that staff working in government refrain from using the platform while security concerns are investigated. Despite this, prime minister Boris Johnson hosted at least one cabinet meeting over the platform in recent weeks.
The official advisory has come after a surge in users flocking to Zoom to keep in touch with friends and colleagues while self-isolating due to lockdown measures. The same is true for users in Taiwan, although its government has been stricter than many.
US officials, for example, have been pleased with the extent by which Zoom is taking the security concerns seriously, according to Reuters. A memo drafted by the Department of Homeland Security (DHS) cyber security branch praised the company for its response to the issues raised over the past few days.
Zoom’s CEO Eric Yuan had issued a statement last week admitting the company “moved too fast” during the COVID-19 surge, and made several missteps. The firm announced it would suspend all development amid the widespread criticism, to instead focus on resolving the security issues through patches and fixes. This is in addition to weekly Q&As and frequent updates on how Zoom is progressing.
