Growing Zoom Struggles to Keep Up With Privacy Concerns
Zoom emerged as a tool for everyone from businesses to clubs to houses of worship to hold meetings online in the COVID-19 era. The U.K. government used it for cabinet meetings. The load such conferencing sites are putting on networks appears mostly manageable. Zoom users question whether data is adequately protected.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
New York City told public schools to move away from the platform, because of growing privacy and security concerns, a spokesperson noted Tuesday. New York State Attorney General Letitia James (D) asked the firm “questions to ensure the company is taking appropriate steps to ensure users' privacy and security are protected,” a spokesperson emailed: “With so many businesses and schools relying on Zoom to move their operations forward, it is vital we ensure that appropriate safety and security measures are in place.” Other state AGs are concerned (see 2004030070).
Zoom “moved too fast,” CEO Eric Yuan said Sunday on CNN: “We had some missteps.” The company announced last week that for the next 90 days, it’s “committed to dedicating the resources needed to better identify, address, and fix issues proactively.”
Privacy experts said in interviews Zoom is trying but struggling to keep up with the challenges. The company didn't comment.
What’s happening is “unprecedented and Zoom has fallen into a role as kind of the default remote meeting provider, not just for private companies and private groups, but literally to make our government run and to make our schools educate our children,” said Media Alliance Executive Director Tracy Rosenberg. Zoom never saw it coming, she said. “Like all tech companies the intensity of that effort has partially been based on public uproar.” Rosenberg is concerned about third-party data sharing. “Facebook is one that has come to light -- there are others,” she said. Zoom should also add end-to-end encryption “which we think would be the broadest and the most effective change they could make,” she said: “It’s not a small one. It’s not incremental. ... It’s a big change for them.”
Consumer Reports keeps identifying new issues, said Justin Brookman, director-consumer privacy and technology policy. It has “a surprising number of privacy and security holes,” he said. Zoom was something he used to use once every three months, “not three times a day,” he said: “There was just less scrutiny.” Many issues didn’t have to be addressed in the past, Brookman said. “They didn’t try to minimize” problems, he said. It's “making real changes,” Brookman said. “That we’re still digging ... still finding things is a little bit disheartening.”
“Zoom is a really good case study for what can happen when you’re not designing a product with privacy and security in mind,” said Sara Collins, Public Knowledge policy counsel. It wasn’t designed to be used where security is a concern, she said. The rapid growth “means that you’re going to see new ways that users are interfacing with your product and how malicious actions can take place,” she said. Asking users to require a password to enter a meeting or making URLs “super long” would help, she said. “They’re taking the concerns seriously,” she said. “This is one of the better responses I’ve seen from companies when somebody looks at your product goes, ‘Here are problems.’”
“Zoom has let down so many with its privacy mistakes, which is really unfortunate since so many people are depending on it amid the pandemic,” emailed Karen Gullo, analyst at the Electronic Frontier Foundation. “Zoom should have done robust testing to discover vulnerabilities like those that led to Zoombombing,” she said: “Instead, trolls have easily manipulated the app because of how Zoom's defaults and meeting ID's were designed. Zoom's response and plans to fix the problems are welcome, but it needs to deliver what it's promised.”
The Electronic Privacy Information Center asked the FTC this week to follow up on a 2019 complaint that Zoom "placed at risk the privacy and security of the users of its services." EPIC said Zoom has "exposed users to the risk of remote surveillance, unwanted videocalls, and denial-of-service attack."
American Enterprise Institute Visiting Fellow Shane Tews noted daily users increased to more than 200 million in March, up from 10 million in December. “Consumers should assume that companies they interact with online are collecting information to connect with them,” Tews blogged Tuesday. “Consumers are now increasingly aware and savvy about the use of their data, so companies must balance the importance of their customer relationships, as Zoom recently did, with the return it can get from selling customer data.”
Craig Labovitz, Nokia Deepfield chief technology officer, blogged about “dramatic growth” in the use of videoconferencing apps by the end of March, with “some now showing a 700% increase" from Feb. 1. Labovitz said overall, networks had “stabilization of peak demand.” Others report similar (see 2004070060).
Providers are all seeing home network use soar as most Americans stay at home. Most don’t break out use by apps like Zoom. Use of collaboration tools, including Skype, Slack and Cisco's WebEx, is up 87%, and education tools, including Google Classroom and Khan Academy, increased 135%, T-Mobile reported Monday.