A new bill would try to make tools like Zoom and Teams work together securely
Cath Virginia / The VergeA new proposal from Sen. Ron Wyden (D-OR) would require videoconferencing and messaging tools used by the federal government to be able to communicate with each other, even if made by different companies. It would...
A new proposal from Sen. Ron Wyden (D-OR) would require videoconferencing and messaging tools used by the federal government to be able to communicate with each other, even if made by different companies. It would also enforce high security standards for government collaboration tools, including end-to-end encryption.
The Secure and Interoperable Government Collaboration Technology Act, a discussion draft shared exclusively with The Verge, would make it so that a government user on Teams, for example, would be able to talk to a colleague at a different agency using Zoom. While the bill would only implement the requirement for tools used by the government, if passed, it could push the industry toward greater interoperability across their user bases.
Here’s how it would work: the bill would direct the General Services Administration (GSA) to compile a list of collaboration technology features that the government uses — including videoconferencing, text-based messaging, file sharing, scheduling, and live document editing. Then, the National Institute of Standards and Technology (NIST) would come up with a list of interoperability standards for those features. The standards would also have to include end-to-end encryption where possible to protect government communications from foreign surveillance. At the same time, they’d also have to make sure the government remains compliant with federal record-keeping rules.
The industry would have four years from when NIST identifies the interoperability standards to become compliant if they want to sell their tools to the federal government. Every other year, a GSA and Office of Management and Budget working group would review the technology used by the federal government to suggest updates to the standards. On top of that, the Department of Homeland Security would be tasked with cybersecurity reviews of widely used collaboration technology tools in the federal government.
The bill underscores concerns in the government of serious security risks that could arise through technology vendors. It comes shortly after the DHS released a blistering report that found Microsoft could have prevented a Chinese hack of US government emails. It blamed a “cascade of security failures” at Microsoft for the incident.
In a statement on the bill, Wyden referenced Microsoft’s wide reach within the federal government. “It’s time to break the chokehold of big tech companies like Microsoft on government software, set high cybersecurity standards and reap the many benefits of a competitive market,” he said. Wyden added that “Vendor lock-in, bundling, and other anticompetitive practices result in the government spending vast sums of money on insecure software.”
The bill has gained the backing of groups, including Accountable Tech, Demand Progress, Fight for the Future, and encrypted email and cloud storage provider Proton. Digital rights activist Cory Doctorow also voiced his support, sharing in a statement through Wyden’s office that “Interoperability — the ability to plug something new into a technology, with or without permission from the manufacturer — is the key to defeating Big Tech.”