House of Commons meeting virtually on a platform described as a 'gold rush for cyber spies' - Action News
Home WebMail Saturday, November 23, 2024, 12:11 AM | Calgary | -11.5°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Politics

House of Commons meeting virtually on a platform described as a 'gold rush for cyber spies'

Canada's House of Commons will reconvene today forvirtual session on Zoom, a videoconferencing platform described by security researchers as a "privacy disaster."

Parliament using a reconfigured version of Zoom that has different security features, Speaker's office says

MPs participate in a dry-run of a virtual sitting of the House of Commons. (Michelle Rempel Garner/Twitter)

Canada's House of Commons will reconvene today for a virtual meeting on Zoom, a videoconferencing platform described by security researchers as a "privacy disaster."

Zoom's popularity has skyrocketed in recent weeks as Canadians took to online platforms to connect with friends and family while practising physicaldistancing to limit the spread of COVID-19. But the transition hasn't been problem-free.

Jewish users have seenreligious serviceshijackedby people screaming anti-Semitic abuse. A hacker posted a racial slur hundreds of times on a Zoom video chat hosted bya black National Hockey League player.

The term "Zoom-bombing" has entered the lexicon as virtual classroom sessions on the platform have been interrupted by random people brandishing Nazi imagery, such as swastika tattoos. The U.S. Federal Bureau of Investigation has told teachers toexercise due diligience when using the platform.

While some ofthe early concerns about the platformhave been addressed in subsequent software updates, a recent report by researchers at the University of Toronto's Citizen Lab found that while Zoom has "exceptional usability," it also made use of "non-industry-standard cryptographic techniques with identifiable weaknesses" to safeguard its conferences.

Citizen Lab found Zoom didnot use "true end-to-end encryption" and the company has the "theoretical ability to decrypt and monitor Zoom calls." A spokesperson for Zoom said Tuesday the company has since changed its practicesandwill now use"one of the most secure encryption standards" available for open videoconferencing platforms.

Moreover, Citizen Lab found the Zoom encryption keys a string of random numbers and letters used to scramble and unscramble data were sometimes routed through servers in China, even when all of the meeting's participants were outside of China.

Watch: Commons Speaker Anthony Rotaguides MPs from all parties through the start of the first full virtual sitting of the House

The House of Commons sits virtually for the first time

4 years ago
Duration 3:13
Commons Speaker Anthony Rota guides MPs from all parties through the start of the first full virtual sitting of the House

The report described the widespread use of Zoom and other such platformsas a "gold rush for cyber spies," with business negotiations, diplomatic conferencesand political strategy meetings moving from in-person encounters to "platforms whose security properties are unknown."

"Now, some of the most sensitive conversations in the world are taking place on devices and platforms vulnerable to basic forms of eavesdropping and attack techniques," the report concluded. Itrecommendsthat "governments worried about espionage ... discourage the use of Zoom."

Commons using different version of Zoom

To address these concerns, the House of Commons will use a reconfigured version of Zoom that has security features different from those in the free and paid consumer versions, a spokesperson for Speaker Anthony Rota said in a statement.

"This version enables the administration to manage and configure the technology and impose security controls," Heather Bradley said.

"We are working closely with national and international security partners and leaders in the technology industry. This is to ensure that all appropriate measures are in place, in keeping with existing threat management protocols."

Bradley said that because most parliamentary proceedings are open to the public, "confidentiality is not a requirement."

After the Citizen Lab reported on Zoom's use of some Chinese servers, the CEO of the company said itsgovernment cloud was not affected becausethere is a "separate environment available for our government customers and any others who request the specifications."

The company said the"dramatic increase of use during the pandemic" forced some non-Chinese calls to go through datacentres in China. The company has changedits server policies to give customersmore control over which data centreregions their accounts can use.

"We know we have a long way to go to earn back your full trust, but we are committed to throwing ourselves into bolstering our platform's security," Eric Yuan said ina post on the company's website.

Green Party parliamentary leader Elizabeth May has been calling for virtual meetings. She said she fears commercial travel posesa health risk to parliamentarians.

May participated in a dry run of the Commons virtual sitting Monday. She described the rehearsal as "extremely good" and said it produced "nothing untoward."

Watch:Scheerquestions Trudeau in the first virtual House of Commons

Scheer questions Trudeau in the first virtual House of Commons

4 years ago
Duration 5:31
Opposition Leader Andrew Scheer questioned the Prime Minister for the allotted five minutes during the first virtual House of Commons.

"If it wasn't for a pandemic, no one would think Zoom meetings were a good replacement for the real sittings in the House of Commons. Butgiven we have the technology, this is a very good option and I think it's working well," she said in an interview with CBC.

As for the security concerns, May said the Commons' procedure and house affairs committee will be studying the issue in the days ahead.

"I wouldn't want the cabinet of Canada to meet using this platform. But these meetings are public meetings, so I'm not concerned about that aspect of it," she said."But ideally, I'd like us to be developing the most secure ways of communication.

"It is a subject for concern and for study to look at the security implications, bearing in mind we're not transiting the work of Parliament to virtual meetings forever."

PM, cabinet not using Zoom

While MPs and senators are pressing ahead with the new platform, security agencies in this country have warned against using Zoom for secret conversations among top government officials.

The Communications Security Establishment (CSE), the national foreign signals intelligence agency, said the platformhas not been reviewed by the Canadian Centre for Cyber Security and so has not been approved for any government discussions that require any level of secrecy.

The Prime Minister's Office confirmed Monday that the prime minister and cabinet ministers use other secure technology that "fully supports conversations at the appropriate classification level." For privacy reasons, the PMO would not say which platform Prime Minister Justin Trudeau relies on for his calls.

Watch:Trudeau faces technical glitch but virtual Commons continues

Trudeau faces technical glitch but virtual Commons continues

4 years ago
Duration 1:29
Prime Minister Justin Trudeau joined other MPs for the first virtual sitting of the House of Commons

The Senate also is using Zoom for public committee meetings. The chamber isn't scheduled to reconvene until June 2but its internal economy, budget and administration committee (CIBA) has relied on Zoom to conduct its business during thepandemic.

One suchmeeting was beset by translation issuesa problem that could prompt privilege concerns, since parliamentarians have a right to hear proceedings in their preferred official language. It also experiencedtechnical glitches as microphones malfunctioned and random participants flashed on-screen even when they weren't speaking.

To avoid Zoom-bombing incidents, the Senate has adopted "additional controls and appropriate mitigation strategies" to ensure the "safety and reliability" of public committee meetings.

Beyond security, one former Commons Speaker said the Zoom calls could devolveinto a shouting match given the penchant for some MPs to heckle. With all 338 MPs on hand for a virtual sitting, it could become unwieldy, he said.

"It would be very difficult, I think, for the presiding officer on a television screen show of this kind to manage the disorder,"Peter Milliken said at a recent committee meeting.

"It's going to be a very complicated process and not one I think is going to be terribly helpful," he said.

Corrections

  • A previous version of this story incorrectly stated that the U.S. Federal Bureau of Investigation told teachers not to use Zoom. In fact, they told teachers to exercise "due diligence" with the platform.
    Apr 28, 2020 2:21 PM ET

Add some good to your morning and evening.

Your daily guide to the coronavirus outbreak. Get the latest news, tips on prevention and your coronavirus questions answered every evening.

...

The next issue of the Coronavirus Brief will soon be in your inbox.

Discover all CBC newsletters in theSubscription Centre.opens new window

This site is protected by reCAPTCHA and the Google Privacy Policy and Google Terms of Service apply.