show image

Government struck Zoom deal just weeks before NCSC warned of security risks

The UK government struck a deal with the video conferencing company Zoom just weeks before security officials warned that its platform should not be used for sensitive Whitehall communications, NS Tech can reveal.

The contract, worth up to £2m, allows a range of government departments, including the Ministry of Defence, the Cabinet Office and the Department of Health and Social Care, to directly procure corporate Zoom licences.

According to a procurement notice, the agreement went live on 7 April, around a fortnight before the National Cyber Security Centre (NCSC) sought to discourage politicians and civil servants from using the software for confidential business.

NCSC officials said the platform should only be used for public matters and explicitly said that it should not be used to discuss issues that may have been interpreted as “detrimental to the interests of China”, the Guardian reported.

A survey of government departments by Parliament Street, a think tank, separately revealed that 731 Zoom licences have been purchased since the start of the crisis, with the Ministry of Defence driving most of the procurement.

The popularity of the service has soared in recent weeks as businesses have been forced to transition to remote working in the wake of the coronavirus crisis. But as Zoom’s daily user-base has swollen to around 300 million, the security of the platform has come under intense scrutiny.

While the firm has been praised for its transparent and rapid approach to fixing vulnerabilities, it has also faced criticism for routing security keys through Chinese servers. It says it did so accidentally and temporarily after failing to “implement its usual geo-fencing best practices”. Taiwan has banned the platform.

Security officials believe Zoom will have become a new target for state-sponsored espionage, and digital rights experts have called for the company to produce transparency reports on data requests made by law enforcement agencies.

GlobalData analysis shows that before the end of March, Zoom had secured £233,000 in deals through the government’s G-Cloud framework, including £152,000 from UK Research and innovation, £65,000 from Swansea University and £16,000 from Anglia Ruskin University.

A spokesperson for the company said: “We are proud of the role we are playing during this challenging time, including helping governments and government agencies around the world continue fulfilling their public duties safely and effectively.”

A government spokesperson told NS Tech: “Zoom is being used for unclassified communications in Government under unprecedented circumstances.

“Other services are in place for more sensitive communications, and the availability of these services is being increased to meet the demand of more staff having to work remotely.”

Note: This story has been updated to include new data on the number of Zoom licences purchased.