There’s this myth that those in the federal government are the best and smartest. One only need look to the stupidity in many federal agencies using the China security-compromised Zoom app to share conference videos during the Coronavirus shutdown to blow up that myth.
Now, some people are up on the problem….
Zoom is no longer an option for teleconferencing sessions involving service members and DOD civilians, according to a Monday report in Military.com. The site attributed the statement to Air Force Lt. Col. Robert Carver.
— Stars & Stripes, 4/14/20
If that’s the case, an explanation is in order as of what transpired on… May 4, 2020!
It’s not news that there are serious security issues with Zoom and why our federal government is still using their platform and giving China hours of American government correspondence is baffling.
Zoom, the video conferencing service whose use has spiked amid the Covid-19 pandemic, claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.
— The Intercept, 3/31/20
Zoom has faced a barrage of headlines this week over its security policies and privacy practices, as hundreds of millions forced to work from home during the coronavirus pandemic still need to communicate with each other.
The latest findings landed earlier today when Citizen Lab researchers said that some calls made in North America were routed through China — as were the encryption keys used to secure those calls. But as was noted this week, Zoom isn’t end-to-end encrypted at all, despite the company’s earlier claims, meaning that Zoom controls the encryption keys and can therefore access the contents of its customers’ calls.
— TechCrunch, 4/3/20
Forbes revealed U.S. agencies handling the coronavirus response had spent a collective $1.3 million on Zoom tech in just a few days at the end of March. Not only had the Centers for Disease Control and Prevention (CDC) and the Federal Emergency Management Agency (FEMA) spent hundreds of thousands on Zoom for COVID-19-related webinars and calls, but other government agencies had bought into the tech, too. That included the State Department and one organization that was the alleged victim of a major Chinese hack, the Office of Personnel Management, in a breach that saw the private data of 21 million Americans leak. The U.K. government is also a well-known user of the tool, hosting critical cabinet meetings over Zoom.
— Forbes, 4/3/20
Foreign intelligence agents are using online platforms and videoconferencing apps to spy on Americans, TIME reported, citing several US intelligence officials. Chinese spies, in particular, have exploited the coronavirus pandemic to get information about American companies as they take their operations digital and offices across the US shut down amid stay-at-home orders.
The video conferencing app Zoom has proven particularly susceptible to cyber intrusions because of its popularity — Zoom’s CEO said the number of people using the app jumped from 10 million in December to 200 million in March — and lack of encryption.
— Business Insider, 4/9/20
And with regards to the Department of Defense…?
The Department of Defense has issued new guidance on the use of the popular videoconferencing application Zoom following a week-old FBI warning about security issues and a VOA report Thursday that military and government employees had continued to use the app. In an email to VOA on Friday, a Pentagon spokesman said, “DOD users may not host meetings using Zoom’s free or commercial offerings.”
The spokesman said the new guidance permits use of Zoom for Government, a paid tier service that is hosted in a separate cloud authorized by the Federal Risk and Authorization Management Program, when videoconferencing about “publicly releasable DOD information not categorized as ‘For Official Use Only.’ ”
It was unclear, however, how many government employees have differentiated between the two services to date.
“Just because senior leadership enacts a policy does not automatically mean that everyone in every corner of an organization immediately gets the word,” a defense official said.
— Voice of America, 4/10/20
It remains unclear why any federal agency, given all the red flags issued, is STILL using Zoom.
Just because a teenage daughter uses today’s “it”, doesn’t mean discussions between government officials and employees should be using what is clearly a treasure trove of internal discussions that can be parked away in Chinese servers for future reference.