Taiwan’s government agencies have been told not to use Zoom over security and privacy concerns, but have given the go-ahead to use alternatives such as Google and Microsoft. The ban comes after Zoom admitted to security lapses and apologised over its privacy issues.
In a statement released Tuesday, Taiwan’s cabinet ordered all of its government agencies to be more stringent with its use of video conferencing software. Pointing to its Cyber Security Management Act 2019, it said the legislation required all organisations to not use goods and services that are linked to security issues.
Furthermore, in procuring such information and communication systems, locally produced goods and services or those provided by government-contracted suppliers should be prioritised, it said.
Amidst the COVID-19 pandemic, it noted that Taiwan’s Department of Cyber Security (DCS) on Tuesday issued an advisory to all government agencies and selected non-government agencies that, should they need to use video conference tools, the underlying software of such applications “should not have associated security or privacy concerns, such as Zoom”.
The DCS also recommended alternative international products, pointing to the likes of Google and Microsoft, which it said offered video conferencing tools for free during the current outbreak. “Organisations should certainly consider these options after evaluating any associated data security risks,” it said.
Taiwan’s move comes after Zoom acknowledged it had fallen short on its security measures. Other organisations that recently banned the use of the video conferencing tool included SpaceX and schools in New York City.
Zoom’s usage had climbed significantly in recent weeks, as countries went into lockdown and employees worked from home. This triggered an avalanche of Zoom-bombing cases, during which strangers would show up, uninvited, to Zoom meetings and exhibit disruptive behaviour. Such instances became so widespread that the FBI in the United States sent out a nationwide security alert.
In another security lapse, Zoom admitted it had mistakenly routed calls involving users located outside China, through China. According to Zoom CEO Eric Yuan, it had ramped up server capacity to meet the increased demand but failed to properly implement its geo-fencing procedures. “As a result, it is possible certain meetings were allowed to connect to systems in China, where they should not have been able to connect,” Yuan said.
The US company said it has since fixed the oversight, removing its data centres in China from a list of secondary backup bridges for users outside of China.