The COVID-19 epidemic has caused the demand for video conferencing services to skyrocket. As a result, the number of users of the cloud video conferencing platform Zoom has soared significantly. According to public information, during this period, Zoom’s daily meeting participants exceeded 200 million, a baffling increase from just 10 million in December 2019.
This dazzling performance surprised even the founder of the app, Chinese-American engineer Eric Yuan. “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home,” he wrote in an official statement.
The lack of foresight, although understandable, has caused Zoom to fall into a security and privacy turmoil. On April 7, Bloomberg reported that Taiwanese authorities had requested that “government agencies” not use Zoom. Previously, Zoom had been banned by SpaceX and NASA in the United States. The FBI also issued a warning against using Zoom, saying that it detected multiple incidents of hacking. Many schools in the United States, including those in New York City, have also announced that they would not be using Zoom for online classes.
On March 31, the American investigative news website The Intercept issued a report which pointed out that Zoom did not use end-to-end encryption while being marketed as an end-to-end encrypted product, implying that Zoom could have direct access to user data. On the same day, Vice reported that Zoom leaked email addresses and photos of thousands of users, treating them as if they all belonged to one company, and allowing those users to video-call each other.
Zoom was clearly not prepared to face the sudden increase in users. According to the Washington Post, at least 15,000 private user video records had been left viewable online, open to virtually anyone.
“For the past several weeks, supporting this influx of users has been a tremendous undertaking and our sole focus. However, we recognize that we have fallen short of the community’s – and our own – privacy and security expectations,” said Eric Yuan in his apology statement.
British Prime Minister Boris Johnson used Zoom to host cabinet meetings in pictures shared on his personal social media. This caused concern within the UK. The British government had to reassure the public that they only used Zoom for non-confidential conversations and that the software would not be used in high-level security meetings.
At the moment, Zoom is also facing scrutiny from US regulators. On Wednesday, Senator Ed Markey asked the FTC in an email to publish “comprehensive guidelines for companies that provide online conferencing services.”
“As Americans’ reliance on online conferencing grows, individuals are increasingly vulnerable to cyber-attacks and inappropriate access to their personal data,” the senator wrote in his letter to FTC Chairman Joseph Simmons and the other commissioners.
Another senator, Richard Blumenthal, also wrote a lettercalling for an investigation into the company’s security. Not to mention several other investigations by state attorneys general, and a class action lawsuitfiled against the company by a user.
Netizens’ opinions on Zoom are divided. Some are genuinely concerned. Others admit that the free and easy-to-use Zoom provides a lot of convenience to their lives, and criticize the US government who, in their opinion, should reflect on its own flawed regulatory policies.
In truth, even though Zoom’s current security debacle is unsettling to some degree, its outcomes are mostly positive. None of the big players in video conferencing expected the influx of users brought on by the forced COVID-19 self-isolation and it is very likely that their security protocols also have loopholes. Zoom set an important precedent forcing an entire industry to be more responsible.
On April 9, Zoom announced that it has hired Alex Stamos, former Facebook security director, as an advisor, forming an advisory committee to improve the privacy and security of the video conferencing platform.
On the same day, in a live YouTube broadcast, Eric Yuan once again apologized to users for his platform’s security vulnerabilities. In the two-hour broadcast, he laid out Zoom’s latest privacy update. As part of the new initiative, Zoom will freeze all of its planned feature updates for the next 90 days to focus on solving problems in its existing products.