Towards the end of March, three of the American government’s key coronavirus response organizations spent a collective $1.3 million on videoconferencing tech from Zoom, a Forbes review of government contracts has found. That was despite widespread criticism of the app’s privacy and security.
The orders – from Centers for Disease Control and Prevention (CDC), the Federal Emergency Management Agency (FEMA) and the National Institutes of Health (NIH) – were all made in just a few days from March 23 to 26. They ranged in cost, the highest being $750,000, which the CDC ordered for hosting webinars on COVID-19. FEMA spent $320,000 on 1,500 Zoom software licenses, whilst CDC spent another $160,000 on Zoom webinar tech. An NIH contract at $90,000 also specified some Zoom licenses. They weren’t delivered directly by Zoom, but by partner government contractors CDW Government and Carahsoft Technology.
Neither the government departments nor the contractors had responded to questions on how they were using the technology at the time of publication. Zoom also hadn’t commented.
Bulletproof Zoom security ‘paramount’
The fact that the three organizations charged with managing America’s response to the COVID-19 pandemic have all ordered Zoom technology makes securing their communications vital, says Patrick Wardle, a cybersecurity researcher and former NSA technician who discovered vulnerabilities in Zoom’s Apple Mac software that could’ve allowed snoops to peek through users’ webcams.“As Zoom proliferates into the government organizations and agencies, it is paramount that its security is bulletproof,” Wardle told Forbes. “Undoubtedly hackers and nation state adversaries will take note and dedicate considerable efforts and resources to uncover new flaws in Zoom they can leverage to gain access to either virtual government meetings or worse, access to government systems.”
A review of government contracts also revealed a handful of other federal agencies who’ve purchased Zoom tech before, including the U.S. Navy and the Office of Personnel Management, both organizations that work closely with America’s intelligence agencies.
The U.S. isn’t alone in relying on Zoom. The U.K. government has become a big user of the service since Prime Minister Boris Johnson and other members of his cabinet contracted coronavirus. Johnson was guilty of a small snafu earlier this week when he tweeted the Zoom chat identifying number, meaning others could try to hack into it by guessing the password.
Zoom’s security shortcomings
But the negative attention has led not just to a dip in its value, but a class action for sending data to Facebook and questions from the New York’s attorney general. And just yesterday, Tesla ordered staff to cease using Zoom because of its privacy shortcomings.
So under fire was Zoom that CEO Eric Yuan wrote a blog post on Wednesday outlining how it was responding. It’s now ceased sending data to Facebook, rolled out fixes for the security weaknesses in its Mac and Windows products and stopped working on new products in favour of focusing on protecting users. It even ended a feature that tracked when users clicked away from a Zoom window. Expect to see Zoom become that much more secure thanks to a community of users who’re poking at its weaknesses.