Is Zoom Endangering Government Data?
U.S. military and government employees continue to use the popular videoconferencing application Zoom for official business, despite FBI warnings about privacy and security issues, an action experts fear is increasing the risk of government data breaches. Zoom has seen a surge in activity during the coronavirus pandemic as office workers across the country have turned to the free app to quickly arrange video calls with dozens of participants. The federal government has been no different, despite an FBI announcement April 1 that hackers could exploit weaknesses in videoconferencing software systems like Zoom to “steal sensitive information, target individuals and businesses performing financial transactions, and engage in extortion.” The security concern is much greater than “Zoom CEO Eric Yuan attends the opening bell at Nasdaq as his company holds its IPO, April 18, 2019, in New York.Zoom CEO Eric Yuan said in an April 1 blog post that the company was freezing work on new features to focus on fixing its privacy and security problems. In the meantime, VOA reporting shows that Zoom remains one of the most popular videoconferencing applications for U.S. government employees from the Pentagon to Capitol Hill, not all of whom are aware of its potential risks. “I’m not aware of any issues with Zoom,” a senior official in the Office of the Joint Chiefs of Staff told a small group of reporters a day after the FBI guidance was issued. The U.S. defense official said he was using Zoom to videoconference amid the need to social distance, but when pressed by VOA about the potential security risks, the official added that every discussion his team had while on Zoom was “at the unclassified level.” Government employees can use Zoom for Government, a paid tier service that is hosted in a separate cloud authorized by the Federal Risk and Authorization Management Program. It is unclear, however, how many government employees have differentiated between the two services thus far. To date, Zoom remains on the approved list of mobile phone applications for U.S. Department of Defense employees, according to multiple officials. However, one senior defense official said the Pentagon was currently looking into “guidance adjustments” for the application. Multiple employees at the State Department have also been using Zoom for official business. One staff member said he and his colleagues have daily Zoom meetings and have not received any guidance against using the app for internal and external communication. Assistant Secretary of State for Political-Military Affairs R. Clarke Cooper last week tweeted about his department’s use of a “Zoom Room.” Be it via “Zoom Room,” WebXing, or VTC, U.S. Defense Secretary Mark Esper gestures during a news conference at the Pentagon, March 5, 2020.Concerns of Chinese cybertheft Scott Stewart, vice president of Stratfor’s Threat Lens and a former diplomatic security service special agent, told VOA a “good portion” of Zoom’s development team is in China, and the videoconferencing company’s failure to use end-to-end encryption could allow an employee under pressure by the Chinese government to access and share private conversations. Defense Secretary Mark Esper has repeatedly said maintaining a military advantage over China is the Pentagon’s “highest priority,” and for years top military officers have warned of China’s use of forced technology transfer, intellectual property theft and cyber-espionage to expand their military capabilities. Steinberg told VOA he would not recommend Zoom use on military or government computers. “Other apps are more time tested,” he said. Nike Ching, Katherine Gypson, Michelle Quinn and Patsy Widakuswara contributed to this report.
…