Taiwan bans government use of Zoom after data was ‘mistakenly’ routed through China

Zoom, the video conferencing app that has seen a twentyfold increase in traffic during the COVID-19 pandemic, has dealt with a corresponding increase in scrutiny of its security practices in recent weeks. A CNET article documents the unsettlingly long list of security problems in the app that have come to light.

A China-related security vulnerability was uncovered by University of Toronto’s Citizen Lab last Friday. As the Financial Times explains (paywall), “in some cases, Zoom’s encryption keys — the code used to unscramble meetings data — appeared to be being sent to servers in Beijing,” and given China’s cybersecurity laws, Citizen Lab said that “Zoom may be legally obligated to disclose these keys to authorities in China.”

In a blog post, the company’s founder, Eric Yuan (Yuán Zhēng 袁征), explained that the data had been “mistakenly” routed through the company’s two Chinese data centers, and emphasized that government customers had not been affected.

Taiwan, however, is taking no chances: Quartz reports, “In a statement (in Chinese), Taiwan’s executive branch said it had informed all government agencies to cease the use of ‘products with information security concerns, such as Zoom.’ Instead, it recommended that officials use conferencing software provided by other companies, such as Google and Microsoft.”

—Lucas Niewenhuis