Zoombombing Security & Privacy: Lessons from Zoom’s Recent Conduct
The outbreak of the coronavirus (“COVID-19”) pandemic in the United States has, with astounding speed, shifted much of America’s workforce to remote status. Videoconferencing apps like Zoom have surged, but so have security and data privacy concerns. Zoom’s recent circumstances provide important lessons for tech companies dealing with the tremendous shift to remote work.
Despite its recent success, Zoom is now scrambling to address security and data privacy concerns with its popular video conferencing app. Over the past few weeks, Internet trolls and consumer advocacy groups alike have highlighted vulnerabilities with Zoom’s technology, including one that enables uninvited guests to hijack Zoom’s screen-sharing feature during meetings—now dubbed “Zoombombing.” Consumer advocacy groups have also raised alarms over Zoom’s undisclosed sharing of users’ private information with third parties. Although Zoom recently responded to these concerns, its response has been criticized as too slow and inadequate.
There are several lessons to learn from Zoom’s conduct. Businesses, particularly tech businesses, should consider implementing the following in our remote work climate:
- Regularly update privacy policies to address new vulnerabilities.
- Routinely disclose to users what, if any, personal information may be shared with third parties, and how they can opt-out of such information sharing. California’s Consumer Privacy Act, for example, now mandates such transparency, and the state’s attorney general has reportedly stated that he will not delay enforcement of the Act.
- Re-examine, update, and remind employees of security policies.
- Determine whether end-to-end encryption is possible for the particular application.
- If using Zoom or other similar apps, use the most up-to-date version (which has the latest security features—Zoom removed the controversial remote web server).
- Consider publishing regular transparency reports, which disclose how users’ data is shared with federal, state and local governments.
In a time when so much is uncertain, consumers are demanding more transparency from tech companies that hold their personal information, and regulators are listening. Those companies should seek to do more for their users, building trust and strong relationships that extend past the current pandemic.
© 2020 Blank Rome LLP. All rights reserved. Please contact Blank Rome for permission to reprint. Notice: The purpose of this update is to identify select developments that may be of interest to readers. The information contained herein is abridged and summarized from various sources, the accuracy and completeness of which cannot be assured. This update should not be construed as legal advice or opinion, and is not a substitute for the advice of counsel.