The Supreme Court issued notice on May 22 on a writ petition to ban Zoom until “appropriate legislation” is passed, Bar & Bench reported. The petition asks that the government do a security audit of the app as well. Among other things, the petition points to an April advisory by the Home Ministry for government officials to not use the app, and for normal users to take certain precautions while doing so. The next hearing is tentatively set for July 7, according to the Supreme Court’s website.
In a statement, a Zoom spokesperson told MediaNama:
Zoom takes user privacy, security, and trust extremely seriously. We have been focused on enhancing our commitment to security and privacy under our 90-day plan announced April 1st, and have made significant progress.
Zoom is an American company listed on Nasdaq and for close to a decade we have been helping some of the world’s largest financial services companies, leading telecommunications providers, government agencies, universities and others stay connected in a safe and secure manner. Many of these entities have done exhaustive security reviews of our user, network and data center layers and confidently selected Zoom for complete deployment, and we actively engage with them to provide them with any information they need to make informed decisions.
In India, we’ve been proud to help businesses, government agencies, communities, school teachers, and other users stay connected during this challenging and unprecedented time.
The petition made the following arguments to make her case:
- Zoom CEO admitted bugs: “The CEO of [Zoom] has already apologised publically [sic] and has accepted the app to be faulty in terms of providing a secure environment digitally which is against the norms of cyber security,” the petition says. “Continued usage of this app may put our national security at stake and may also give a boom to number of cyber-threats and cybercrimes in India.”
- Effect on cyberspace: “The sudden boom in the use of Zoom App has severely affected the cyberspace by leaking the personal data of its users and the poor privacy and security of the app has further enabled the hackers to get access to the meeting, classes and conferences being conducted online through this app,” the petition argues. “Zoom is reported to have a bug that can be abused intentionally to leak information of users to third parties. The app has falsely claiming calls are end-to-end encrypted when they are not.”
- Selling data to Facebook? The petition claims that ” Zoom was capitalizing off of the global pandemic by selling user information to Facebook without user consent,” referring to a patched iOS bug where the app was sharing user data with Facebook, even if users were not registered on the site. The petition also lists out a series of news reports on organisations that banned Zoom and different security flaws of the service —
- Lack of session security: “Further, the Hon’ble High Court of Kerala has also started live-streaming of court hearings through the Zoom App. The hearing in the court of Hon’ble Mr. Justice Patel could be accessed by anyone and everyone via the Zoom app/plugin, thorough the videolink viz., [Zoom URL], without any password,” the petition said. The Kerala High Court’s proceedings are on Zoom are indeed livestreamed, and while sessions are not password protected, court staff individually let users in through a waiting room.
- Lack of data protection law: “The Indian Government have multiple times tried to take steps for data privacy online by introducing National Cyber Security Policy and bringing Personal Data Protection Bill, 2019, nothing till date has successfully been implemented regarding the cyberspace. If now this app is not banned in time it is only going to take disadvantage of the said fact and further cause threat to the Indian cyber ecosystem,” the petition argues.