Image copyright
Boris Johnson

The UK government has defended using Zoom to hold Cabinet video conferences.

Questions had been raised about potential security risks after the Prime Minister tweeted a picture in which a meeting ID was visible.

“In the current unprecedented circumstances the need for effective channels of communication is vital,” a government spokeswoman told the BBC.

A source added the app was quick to set up between the varying systems used by different government departments.

Over time, a more coherent system is expected to be introduced, the person said.

Self-isolating ministers

Zoom has become widely used by individuals, companies and schools.

But questions have been raised about its use by governments, amid fears that others could spy on conversations.

“Covid-19 has created – and continues to create – awe-inspiring intelligence collection opportunities,” argues Thomas Rid, an expert on cyber-security and intelligence at Johns Hopkins University.

“Zoom would be a big part of that intelligence bonanza.”

The UK government does have highly secure video teleconferencing located at key sites, including the intelligence agencies.

This can be used for “top secret” conversations. It has also been rolling out a system called Rosa for secret-level working more broadly across government.

But the challenge in the current crisis has been that a number of members of the Cabinet have been self-isolating at their houses, which are not equipped with these systems.

These ministers have needed to communicate with their staff and attend cabinet meetings. That has left little option but to use commercial systems of which Zoom has become the most popular.

“NCSC [National Cyber Security Centre] guidance shows there is no security reason for Zoom not to be used for meetings of this kind,” said the government spokeswoman.

‘Dismal security’

Security researchers have been examining Zoom for flaws.

Among their discoveries are:

Yesterday, details of a issue that could expose Windows passwords was reported.

And this Wednesday, a former US government hacker published details of two newly-disclosed vulnerabilities that he said could be exploited on Mac computers.

“Though Zoom is incredibly popular it has a rather dismal security and privacy track record,” blogged the ex-NSA employee Patrick Wardle.

In response, Zoom told the BBC it “takes its users’ privacy, security, and trust extremely seriously”.

In a crisis, communication at speed is the priority. UK officials argue that the risks of not communicating in the middle of fast-moving events far outweigh the possible security risks of using such a system.

They add that most government work to do with the coronavirus is unclassified and that anything highly classified is communicated over secure systems.

Government meetings use the paid-for version of the system and are password protected. That is designed to prevent the phenomenon of zoombombing, when individuals intrude on calls onto which they have not been invited.

The UK Ministry of Defence has not banned Zoom but has also said it should not be used for classified conversations.

And it is understood that Nato’s policy on Zoom is not to use the system for any meetings, briefings or conversations between member state ambassadors if classified or sensitive information is shared.

Nato staff are understood to currently use “more stable and secure” means of communication.

Source Article