Hong Kong education officials are in discussions with schools over their use of video-conferencing app Zoom after security concerns were raised about personal data leaks and the hacking of online classes and posting of explicit material.
Schools across the city have been using the software to live-stream lessons since face-to-face teaching was suspended in early February because of the coronavirus.
Students from dozens of secondary schools have urged senior teachers to ban the application, which has soared in popularity during the Covid-19 pandemic, amid growing calls for the education sector to switch to alternatives seen as safer.
Security concerns such as data leaks, the routing of some calls through mainland China, and “Zoombombing” – when uninvited people hijack meetings – have triggered a backlash in parts of the world, with Taiwan and Germany recently restricting its use.
Hong Kong’s Education Bureau said schools had been reminded of Zoom’s potential security risks, while Secretary for Education Kevin Yeung Yun-hung said the government would continue to hold talks with schools over the issue.
“If there are security risks, after discussing with schools, [the Education Bureau] would then seek opinions from experts and decide on a next step,” Yeung told lawmakers during a Legislative Council meeting on Thursday.
At least two Hong Kong secondary schools have been a victim of “Zoombombing”. Both St Stephen’s Girls’ College and Christian Alliance International School had uninvited guests crash their digital classes and share graphic material.
The city’s privacy commissioner had also raised concerns over Zoom as it urged schools to step up security measures and consider using other apps or software until the security issues were resolved, a spokeswoman said on Thursday.
Charles Mok, who represents the information technology sector in the legislature, said schools should consider alternatives such as Microsoft Teams or Google Hangouts Meet, although he said he understood some teachers and pupils might have become used to Zoom over the past two months.
At least 40 secondary schools’ student concern groups on Wednesday issued a joint statement calling for management to ban Zoom for online classes, citing data leakage concerns and the possible impact on school operations.
Esther Pak, vice principal of St Stephen’s Girls’ College, said on Thursday the school had written parents and teachers about last month’s “Zoombombing”, adding there had been no repeat of the incident.
“We have reminded students to properly identify themselves when they join the meeting, while teachers should carefully check the identity of each participant,” she said, adding its IT team had been closely monitoring the latest security issues.
Pak said Zoom remained the most popular platform at the school, but teachers were free to use alternatives.
A North district secondary school principal, where students had called for Zoom’s ban, told the Post the school would be looking for suitable alternatives but there were barriers to removing it completely.
“Teachers have been more familiar with Zoom since they have used it for some time. It might be difficult to completely abandon it and switch to other software,” the principal said.
However, many cross-border students – Hongkongers living in mainland China who travel over the border to learn and account for about 30 to 50 per cent of pupils at each North district school – would not be able to access alternative platforms such as Google Hangouts Meet.
Teddy Tang Chun-keung, chairman of the Hong Kong Association of the Heads of Secondary Schools and principal of HKMA K S Lo College, said his school had also been looking into alternatives such as Cisco Webex for live-streamed lessons.
But he said the secondary school heads association had not discussed the issue recently.
All eight publicly funded universities in Hong Kong said they were aware of Zoom’s potential security risks and had issued guidelines and taken precautionary measures, although they did not comment on whether they would ban it.
The University of Hong Kong said it had reminded staff and students to download the latest version of Zoom and note the heightened security options, while Education University said users’ personal data other than their email address would not be kept by Zoom’s cloud system under normal circumstances.
City University said it had been assessing the various applications it used and if anomalies were identified, the university would take immediate action.
Responding to the security issues, Zoom founder and CEO Eric Yuan said this week: “Clearly we have a lot of work to do to ensure the security of all these new consumer use cases.
“But what I can promise you is that we take these issues very, very seriously. We’re looking into each and every one of them. If we find an issue, we’ll acknowledge it and we’ll fix it.” — South China Morning Post