UK government defends PM's use of Zoom Gordon Corera

Security correspondent, BBC News

@gordoncoreraon Twitter Published duration 1 April Related Topics Coronavirus pandemic

image copyright Boris Johnson

The UK government has defended using Zoom to hold cabinet video conferences.

Questions had been raised about potential security risks after the prime minister tweeted a picture in which a meeting ID was visible.

"In the current unprecedented circumstances, the need for effective channels of communication is vital," a government spokeswoman told BBC News

A source added the app was quick to set up between the varying systems used by different government departments.

Over time, a more coherent system was expected to be introduced, the person said.

Self-isolating ministers

Zoom has become widely used by individuals, companies and schools.

But questions have been raised about its use by governments, amid fears others could spy on conversations.

"Covid-19 has created - and continues to create - awe-inspiring intelligence-collection opportunities," says Thomas Rid, at Johns Hopkins University.

"Zoom would be a big part of that intelligence bonanza."

The UK government does have highly secure video teleconferencing at key sites, including the intelligence agencies.

This can be used for "top secret" conversations.

It has also been rolling out a system called Rosa for secret-level working more broadly across government.

But a number of members of the Cabinet have been self-isolating at their houses, which are not equipped with these systems.

These ministers have needed to communicate with their staff and attend cabinet meetings.

And that has left little option but to use commercial systems, of which Zoom has become the most popular.

"NCSC [National Cyber Security Centre] guidance shows there is no security reason for Zoom not to be used for meetings of this kind," the government spokeswoman said.

'Dismal security'

Security researchers have been examining Zoom for flaws.

Among their discoveries are:

earlier versions of the app used to send analytics data to Facebook without making this clear to users

the product does not use end-to-end encryption, as had been claimed, which would have made it impossible for the developer to listen in to chats

the software sometimes exposes people's email addresses and photos to strangers

On Tuesday, details of a issue that could expose Windows passwords was reported

And this Wednesday, a former US government hacker published details of two newly disclosed vulnerabilities that he said could be exploited on Mac computers.

"Though Zoom is incredibly popular, it has a rather dismal security and privacy track record," blogged former US National Security Agency employee Patrick Wardle

In response, Zoom told BBC News it "takes its users' privacy, security, and trust extremely seriously".

In a crisis, communication at speed is the priority.

And UK officials say the risks of not communicating in the middle of fast-moving events far outweigh the possible security risks of using such a system.

They add most government work to do with the coronavirus is unclassified and anything highly classified is communicated over secure systems

Government meetings use the paid-for version of the system and are password protected to prevent "Zoom-bombing", when uninvited individuals intrude on calls.

The UK Ministry of Defence also said Zoom should not be used for classified conversations.

And it is understood Nato's policy not to use Zoom for any meetings, briefings or conversations between member state ambassadors if classified or sensitive information is shared.