Moneycontrol PRO
you are here: HomeNewsBusiness

New York attorney general looks into Zoom’s privacy practices

On March 30, the attorney general's office sent Zoom a letter asking what, if any, new security measures the company has put in place to handle increased traffic on its network and to detect hackers

March 31, 2020 / 04:58 PM IST

Zoom, the videoconferencing app whose traffic has surged during the coronavirus pandemic, is under scrutiny by the office of New York’s attorney general, Letitia James, for its data privacy and security practices.

On March 30, the office sent Zoom a letter asking what, if any, new security measures the company has put in place to handle increased traffic on its network and to detect hackers, according to a copy reviewed by The New York Times.

While the letter referred to Zoom as “an essential and valuable communications platform,” it outlined several concerns, noting that the company had been slow to address security flaws such as vulnerabilities “that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams.”

Over the last few weeks, internet trolls have exploited a Zoom screen-sharing feature to hijack meetings and do things like interrupt educational sessions or post white supremacist messages to a webinar on anti-Semitism — a phenomenon called ‘Zoombombing’.

The New York attorney general’s office is “concerned that Zoom’s existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network,” the letter said. “While Zoom has remediated specific reported security vulnerabilities, we would like to understand whether Zoom has undertaken a broader review of its security practices.”


COVID-19 Vaccine

Frequently Asked Questions

View more
How does a vaccine work?

A vaccine works by mimicking a natural infection. A vaccine not only induces immune response to protect people from any future COVID-19 infection, but also helps quickly build herd immunity to put an end to the pandemic. Herd immunity occurs when a sufficient percentage of a population becomes immune to a disease, making the spread of disease from person to person unlikely. The good news is that SARS-CoV-2 virus has been fairly stable, which increases the viability of a vaccine.

How many types of vaccines are there?

There are broadly four types of vaccine — one, a vaccine based on the whole virus (this could be either inactivated, or an attenuated [weakened] virus vaccine); two, a non-replicating viral vector vaccine that uses a benign virus as vector that carries the antigen of SARS-CoV; three, nucleic-acid vaccines that have genetic material like DNA and RNA of antigens like spike protein given to a person, helping human cells decode genetic material and produce the vaccine; and four, protein subunit vaccine wherein the recombinant proteins of SARS-COV-2 along with an adjuvant (booster) is given as a vaccine.

What does it take to develop a vaccine of this kind?

Vaccine development is a long, complex process. Unlike drugs that are given to people with a diseased, vaccines are given to healthy people and also vulnerable sections such as children, pregnant women and the elderly. So rigorous tests are compulsory. History says that the fastest time it took to develop a vaccine is five years, but it usually takes double or sometimes triple that time.

View more

With millions of Americans required to shelter at home because of the coronavirus, Zoom video meetings have quickly become a mainstay of communication for companies, public schools and families. Zoom’s cloud-meetings app is currently the most popular free app for iPhones in the United States, according to Sensor Tower, a mobile app market research firm.

Even as the stock market has plummeted, shares of Zoom have more than doubled since the beginning of the year.

As Zoom’s popularity has grown, the app has scrambled to address a series of data privacy and security problems, a reactive approach that has led to complaints from some consumer, privacy and children’s groups.

The company updated its privacy policy on March 29 after users reported concerns, and on March 30, Eric S Yuan, Chief Executive and founder of Zoom, posted a link on Twitter to a company blog item about the policy.

In a statement for this article, the company said it took “its users’ privacy, security and trust extremely seriously,” and had been “working around the clock to ensure that hospitals, universities, schools and other businesses across the world can stay connected and operational.”

“We appreciate the New York attorney general’s engagement on these issues and are happy to provide her with the requested information,” the statement added.

Last week, after an article on news site Motherboard reported that software inside the Zoom iPhone app was sending user data to Facebook, the company said it was removing the tracking software.

As many school districts adopted Zoom to allow teachers to host live lessons with students, some children’s privacy experts and parents said they were particularly concerned about how children’s personal details might be used. Some districts have prohibited educators from using Zoom as a distance-learning platform.

“There is so much we simply don’t know about Zoom’s privacy practices,” said Josh Golin, Executive Director of the Campaign for a Commercial-Free Childhood, a non-profit group in Boston.

In the letter, James’ office cited reports that Zoom had shared data with Facebook and asked for further information on “the categories of data that Zoom collects, as well as the purposes and entities to whom Zoom provides consumer data.”

The office expressed concern that the app may be circumventing state requirements protecting student data. To help educators, the company recently expanded meeting limits on free accounts. The attorney general’s office called such efforts ‘laudable’ but also said the company appeared to be trying to offload consent requirements to schools.

The office requested a description of Zoom’s policy for obtaining and verifying consent in primary and secondary schools as well as a description of third parties who received data related to children.

Zoom has said its service for schools complies with federal laws on educational privacy and student privacy.

The letter also asked for details about any changes the company put in place after a security researcher, Jonathan Leitschuh, exposed a flaw allowing hackers to take over Zoom webcams. The letter noted that the company did not address the problem until after the Electronic Privacy Information Centre, a public interest research centre, filed a complaint about Zoom with the Federal Trade Commission last year.

c.2020 The New York Times Company
New York Times
first published: Mar 31, 2020 04:56 pm
ISO 27001 - BSI Assurance Mark