Zoom takes heat for site security and consumer privacy concerns.
Zoom Video Communications Inc, a popular online webinar service, was recently cited in a class action lawsuit brought by a shareholder contending the video-conferencing app is “overstating its privacy standards and failing to disclose that its service was not end-to-end encrypted.” Privacy is of outmost importance during COVID-19 social distancing and the transitioning of medical, mental health, educational, and other sensitive meetings online. A platform that is not compliant might inadvertently violate consumers’ privacy rights.
Shareholder Michael Drieu claimed in a court filing that “a string of recent media reports highlighting the privacy flaws in Zoom’s application have led to the company’s stock, which had rallied for several days in the beginning of the year, to plummet.”
Zoom Chief Executive Officer Eric Yuan apologized to users this month in a live YouTube call, saying the company “had fallen short of the community’s privacy and security expectations, and was taking steps to fix the issues.” The company has reportedly been taking measures to enhance encryption in order to address COVID-19 stay-home concerns.
“Clearly we have a lot of work to do to ensure the security of all these new consumer use cases,” Yuan said on the call. “But what I can promise you is that we take these issues very, very seriously. We’re looking into each and every one of them. If we find an issue, we’ll acknowledge it and we’ll fix it.”
Former Facebook security chief Alex Stamos also announced he would be collaborating with the company to enhance the platforms security. Stamos said, “In a time of global crisis, Zoom has become a critical link between co-workers, families, friends and, most importantly, between teachers and students. That has created privacy, trust and safety challenges that no company has ever faced.”
In addition to the latest lawsuit, the company was the recipient of a letter from the Federal Trade Commission (FTC) stating, “During the ongoing coronavirus pandemic, millions of Americans have become dependent on online conferencing services for work, school, and contact with loved ones. Unfortunately, a growing number of incidents over the past several weeks have revealed that these technologies may expose their users to significant cybersecurity and privacy risks. I write to urge the Federal Trade Commission (FTC) to help Americans address these dangers by issuing comprehensive guidelines for companies that provide online conferencing services, as well as best practices for users that will help protect online safety and privacy during this pandemic and beyond.”
The letter continued, “As Americans’ reliance on online conferencing grows, individuals are increasingly vulnerable to cyber-attacks and inappropriate access of their personal data. For example, recent reports indicate that cyber-criminals may be exploiting Zoom’s growing popularity to perpetrate phishing scams and spread malware. Users have also reported having their Zoom meetings hijacked by intruders spreading pornography and racist messages. Relatedly, Zoom video calls containing personally identifiable information and intimate conversations have been stored in publicly accessible places. Although much of the recent reporting has focused on Zoom due to its growing user base, and I would urge the FTC to conduct a thorough investigation into Zoom, it is clear that no platform is immune from risks. Other services, including Cisco Webex, Microsoft Teams, and Slack have all previously had security flaws exposed, raising the need for the FTC to issue guidance generally ‘to help businesses understand their responsibilities and comply with the law,’ particularly during this pandemic.”