Zooming In On Privacy: Is Zoom Safe?
As the novel Coronavirus spreads across the globe, society has finally come to grips with the adaptation of virtual connection platforms. Zoom Video Communications is a renowned software company that provides videoconferencing services to educational institutions, businesses and those seeking to indulge in extracurricular activities during the pandemic. In March 2020, the company announced an upsurge in National Association of Securities Dealers Automated Quotations (NASDAQ) stock prices to 101%, claiming the “eleventh spot on the Apple App Store’s popularity list.” The daily number of online meeting participants increased from 10 million in December 2019 to 300 million users by April 2020. Yet, despite its growing popularity, numerous issues have surfaced in regard to privacy and confidentiality, cybersecurity and the hijacking of virtual sessions.
In a statement released by Zoom’s Chief Operating Officer Aparna Bawa, the company asserted that its current practices would not be amended. Although the institution claims that user data has yet to be auctioned, a class-action lawsuit leveraged against Zoom alleges that the company shared consumer information on Facebook without proper consent. In March 2020, the corporation faced scrutiny from New York Attorney General Letitia James as a result of numerous privacy concerns. Within two months, the investigation was finalized and the company agreed to implement improved security features that encompassed an accurate representation of “consumer information and regulation of abusive activity on the platform.”
Online video conferences are vulnerable to hijacking by unauthorized persons who employ a well known tactic called Zoom-bombing. Anonymous hackers utilize social media communications to organize mass Zoom-bombings with the intent to terrorize private meetings and harass active participants. On 30 March 2020, the Federal Bureau of Investigation issued a public warning regarding security vulnerabilities in response to several incidents of online classroom interruptions. Allegedly, true end-to-end (E2E) encryption with associated key management is not a security feature that is supported on the Zoom platform. Thus, the potential for third-party adversaries to access encrypted private messages is alarming.
Approximately 352 accounts on the videoconferencing platform were recently compromised, including one medicinal service provider and seven institutions of higher learning. Conversely, 500,000 Zoom accounts have been sold for incredibly cheap prices on hacker forums and the dark web.
As a solution to the flagrant disregard for consumer security, the California Consumer Privacy Act (CCPA) provides legal protection and enforcement of privacy rights. Per the CCPA mandate, organizations that aggregate consumer information must fully disclose specifics regarding that which was acquired, in addition to the intended utilization of such content. Yet, the legal precedence is limited to citizens who reside within the state of California.
Singapore, Germany and Taiwan have banned Zoom for both business and educational activities. Similarly, the Pentagon and the United States Senate have restricted utilization of the videoconferencing software throughout their respective organizations. Google has also banned employees from operating the application on company issues devices.
Despite facing state and federal investigations for breaching consumer confidence, the implementation of firm measures to protect personal data has not yet materialized. The mounting pressures associated with the Coronavirus outbreak have increased the popularity of Zoom for both its videoconferencing prowess, in addition to the looming presence of potential confidentiality breaches for consumers.
1659 EDT – Author: Tanzil Fatima