Wyden pushes for information on federal agencies' Zoom use, citing security concerns

Wyden pushes for information on federal agencies' Zoom use, citing security concerns
© Greg Nash

Sen. Ron WydenRonald (Ron) Lee WydenThe Hill's Morning Report - Presented by Facebook - Bipartisan group reaches infrastructure deal; many questions remain Senate panel advances nominations for key Treasury positions Overnight Health Care: US to donate 500 million Pfizer doses to other countries: reports | GOP's attacks on Fauci at center of pandemic message | Federal appeals court blocks Missouri abortion ban MORE (D-Ore.) on Wednesday drilled the General Services Administration (GSA) over its ongoing approval of video conferencing app Zoom for government use, despite security vulnerabilities discovered by researchers. 

In a letter to acting GSA Administrator Katy Kale shared with The Hill, Wyden requested that the agency provide a copy of its “security package” detailing the decision by the GSA to approve Zoom for use by federal agencies through the Federal Risk and Authorization Management Program (FedRAMP).

“It is extremely concerning that after Zoom was cleared for government use by the General Services Administration in April 2019, security researchers discovered multiple serious vulnerabilities in the year that followed,” Wyden wrote. 


In light of the vulnerabilities, Wyden criticized the FedRAMP approval of Zoom for use first by U.S. Customs and Border Protection in 2019 and then for all other government agencies without allowing each agency to conduct their own security review of Zoom. 

“That researchers were able to discover so many serious security flaws in Zoom’s software after that software had been audited as part of the certification process for government use raised serious questions about the quality of FedRAMP’s audits,” Wyden wrote. 

“That is why in June 2020, I requested a copy of the security package provided by GSA to government agencies documenting the results of the audit and other relevant information regarding the steps taken to evaluate Zoom’s software,” he noted. “GSA refused my request. As there is now a new administration, and I now serve as Chairman of the Senate Committee on Finance, I am renewing the request.”

Zoom saw a huge spike in users during the COVID-19 pandemic, as Americans increasingly used the platform for school classes, work meetings and social gatherings. 

The company came under fire for a variety of security and privacy concerns in the early months of the pandemic, especially as “Zoom bombing” incidents increased. The incidents involved unauthorized users gaining access to meetings and disrupting them, often through indecent comments or photos. 


Zoom responded to the issues by implementing a range of security improvements, including end-to-end encryption on calls, the use of passwords and halting sharing data with Facebook last year. 

The GSA did not immediately respond to The Hill’s request for comment on Wyden’s concerns.

FedRAMP was established in 2011 to help facilitate the secure use of cloud technologies by federal agencies.