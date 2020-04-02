Video conferencing vendor cited for privacy flaws as use by at-home workers surges

As millions of employees and students around the world suddenly find themselves working and studying from home due to the coronavirus pandemic, demand on video conferencing companies like Zoom is skyrocketing. Zoom has seen use of its technology rise sharply, but it also is rushing to respond to privacy and security issues that continue to snowball.

The Lowdown: Zoom has been beset by a number of news articles, threat researchers’ reports, and incidents that have highlighted the security shortcomings in the company’s products and convinced some high-profile organizations to stop using its technology.

The Details: The issues facing Zoom range from what has become known as “zoom-bombing” – uninvited guests jumping onto Zoom conferences and disrupting them – and information being sent from devices using the Zoom iOS app to Facebook to Zoom sharing email addresses and photos of thousands of Zoom users. The company also was criticized by the investigate news site The Intercept for not having end-to-end encryption despite marketing that had promoted the capability.



Zoom officials admitted that it encrypts content from meetings in which all participants are using the Zoom app and the meetings aren’t being recorded. It can’t encrypt content when participants log in using other devices.



The privacy and security issues have led to organizations like NASA and Elon Musk’s SpaceX to prohibit employees from using Zoom. In addition, agencies from the FBI to the New York Attorney General’s Office have begun looking into the problems and issuing warnings about the use of Zoom technology.



The company has been making fixes – such as removing the Facebook SDK from its iOS client – and updating users about the moves in a series of blog posts for more than a week. In an April 1 blog post, CEO Eric Yuan noted that Zoom initially was built for larger enterprises that have full IT staffs, adding that “we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.”



Zoom also has updated its privacy policy to more accurately reflect what data the company collects and how it’s used, including that it does not sell user data.

The Impact: As with other video conferencing vendors, the surge in at-home working has been a boon to Zoom, but the concerns over security and privacy threaten to derail that. Yuan noted that at the end of December 2019, the maximum number of daily meeting participants in Zoom meetings was about 10 million. In March, the demand has reached more than 200 million daily participants. Such demand will likely continue in the coming months as stay-at-home situations are expected to continue as the outbreak spreads.

The Buzz: For the past several weeks, supporting this influx of users has been a tremendous undertaking and our sole focus,” Yuan wrote in the blog post. “We have strived to provide you with uninterrupted service and the same user-friendly experience that has made Zoom the video-conferencing platform of choice for enterprises around the world, while also ensuring platform safety, privacy, and security. However, we recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry.”