- The Ministry of Home Affairs (MHA) issued an advisory in April 2020 calling Zoom unsafe.
- Zoom India Head,
Sameer Raje , tells Business Insider that the MHA’s advisory is factually incorrect. - He explains that Zoom is currently in conversation with the MHA and is hoping for a positive outcome soon.
“We expect the MHA to give some positive feedback very soon. We’re at advanced stages of discussion so it should change,” said Raje, explaining that 9-year-old company is sharing any and all prerequisite information that the ministry may need.
US-based Zoom has been heavily scrutinised since its popularity boomed in a matter of three weeks from just 10 million participants a day to over 300 million from March to April when news of the coronavirus pandemic broke.
The advisory is factually incorrect, says Zoom
The MHA asserted that Zoom should not be used by government officers for official use based on an earlier advisory from Indian Computer Emergency Response Team (CERT-In). “Zoom is a not a safe platform and advisory of CERT-In on the same dated 6 February 2020 30 and March 2020 may kindly be referred,” said the ministry in its note.
However, Raje points out that CERT-In never actually said that Zoom isn’t safe — it pointed out that Zoom has certain vulnerabilities, as is its responsibility for all applications that are currently in use in India.
“Unfortunately, due to the misinformation out there, the MHA released its advisory which is factually incorrect. It is based on the CERT-In advisory citing that Zoom is unsafe to use, but CERT-In never said that,” he explained.
India's nodal cybersecurity agency may not have said that Zoom is unsafe but it did point out that there are multiple vulnerabilities on the platform, which could allow an attacker to gain elevated privileges or obtain sensitive information on the targeted system.
“If you look at their advisory, nowhere does it say that Zoom is not safe for users. It says that please be secure, upgrade your applications, these are the vulnerabilities reported and these are the fixes,” said Raje.
Zoom is working with MHA to change the narrative
To Zoom’s credit — since the MHA’s advisory and the multiple incidents of ‘Zoom Bombing’ — it has introduced a number of measures to make the platform more secure like hiding meeting IDs and making it mandatory for schools to set meeting passwords.
Earlier this month, Zoom announced that it will begin beta testing free end-to-end encryption for both free and paid users in July. However, there is a catch. End-to-end encryption only works if a person connects to a call using the Zoom client.
As a communications platform, Zoom also allows the audio conferring lines to come in — and that’s where the encryption pattern changes, according to Raje. This means that since the call is no longer restricted to the Zoom platform, encryption at that end is not during the app’s purview.
SEE ALSO:
US-based Zoom app left stunned to see itself in list of flagged Chinese apps
Say Namaste — a Mumbai startup is pitching itself as a challenger to Zoom
How to ensure privacy and security while using Zoom