Quebec recommends that health facilities use video conferencing application Zoom for consultations on these time containment. The platform is yet in the face of an avalanche of criticism for the very poor protection of privacy.
The academic centers of health of the Estrie, and to the West of the Island of Montreal come in to renew their licenses to use the software in california. In fact, Zoom TeleHealth is part of the three applications as recommended by the Department to make the telemedicine throughout the network.
The Order of the psychologists of the suggests for its members to communicate with patients.
In the United States, large organizations such however, the platform one after the other by the fear of their discussions confidential compromised by Zoom : NASA, the manufacturer of the rockets SpaceX, schools…
Last Friday, a research centre of ontario published the last of a series of articles devastating on the platform.
The Citizen Lab of the University of Toronto, explains how he has managed to decrypt a video communication he had initiated with a person in the United States.
“Given these security concerns troubling, we do not recommend the use of Zoom in this time, for any purpose that is secret or that demand a high degree of confidentiality, including the health care providers who handle sensitive information on patients,” write Bill Marczak, and John Scott-Railton, the Citizen Lab.
In addition to the poor encryption of the data, the researchers also note that Zoom had to communicate with a server in China to provide the service for their experience. The california firm is also achieving in this country a large part of its programming work.
“This arrangement could make it Zoom vulnerable to pressure from the chinese authorities,” wrote the Citizen Lab.
This is far from the only problem with the platform : a false representation on the confidentiality of communications, the sharing of user information with Facebook and LinkedIn, poor protection against intrusion, video conferencing…
On the 1st of last April, CEO Eric Yuan himself has done his mea culpas and has “apologized” for the “confusion caused” as to the methods of data protection that uses Zoom.
The firm is accused of having claimed falsely that the images and the sound of its users were encrypted “end-to-end” (end-to-end encyption), so that no one can decipher between the two. However, this is not the case.
“We recognize that we have failed to meet the expectations of the community regarding privacy and security – and ours. For this reason, I am deeply sorry, ” he wrote in his blog.
The founder of Zoom however does not provide any technical response to criticism about its data protection measures.
The Ministry will keep the cape
Nothing to shake the confidence of Quebec to Zoom.
The ministry of Health refuses to grant a telephone interview to our Office to investigate this matter.
In an email, a spokesperson stresses, however, that the version of the platform allowed for in the québec network is Zoom TeleHealth and that it has been configured ” in order to ensure the protection of personal data “.
“The Ministry has opted for a specific license to health based in Canada, so it would not be the versions that are mentioned in the previous articles,” writes Marie-Claude Lacasse.
It also ensures that a security team and specialists “telemedicine” have asked their provider about the articles on Zoom.
“The exchanges have allowed us to understand that the problems cited in the newspapers were not applicable to the license and health infrastructure in canada, as used “, says the spokesperson.
The Ministry has not however explained why him no more.
The government’s choice raised some eyebrows the expert in information security, Steve Waterhouse.
“For now, continue to use the Zoom in the network of the health is put at risk the personal data, he said. Unless the government is able to demonstrate that the infrastructure is up to snuff. ”
According to experts, it is even more worrying is that the customers for any stolen information abound in the world of brokerage, insurance, financial products and the medical industry, for example. “There has been a growing interest for health data,” said the consultant in cyber security Jean Loup Le Roux.
The Ministry to demonstrate that they are not within the reach of the first attacker came.
Zoom has not responded to our questions merely to direct us to the sections of blocks that were not.