Zoom got big fast. Then videobombers made it rework security

  • Cybersecurity
  • Thursday, 02 Jul 2020

On April 1, following a wave of lawsuits over privacy breaches, Zoom CEO Eric Yuan ordered a halt to work on new features and vowed to fix the service's weaknesses in 90 days. That time is up, and Zoom is ready to take a bow. — Reuters

SAN RAMON, California: Back in March as the coronavirus pandemic gathered steam in the United States, a largely unheralded video-conferencing service suddenly found itself in the spotlight.

And just as quickly as Zoom became a household name for connecting work colleagues, church and school groups, friends, family, book clubs and others during stay-at-home lockdowns, it also gained a reputation for lax security as intrusive "videobombers” barged into private meetings or just spied on intimate conversations.

On April 1, following a wave of lawsuits over privacy breaches, CEO Eric Yuan ordered a halt to work on new features and vowed to fix the service's weaknesses in 90 days. That time is up, and Zoom is ready to take a bow.

The work on "security and privacy is never going to be done, but it is now embedded in how we approach everything we do at Zoom now,” the company’s chief financial officer, Kelly Steckelberg, said in a recent interview. Zoom hailed some of the strides that it says it has made in a July 1 blog post.

The most visible changes included a switch that automatically protected all meetings with passwords and kept all participants in a digital waiting room until the meeting host let them in.

Behind the scenes, Yuan began meeting regularly with a council consisting of top security executives in the tech industry and brought in former Yahoo and Facebook executive Alex Stamos as a special consultant. He also conferred with other supportive executives such as Oracle founder Larry Ellison, who took the unusual step of posting a video hailing Zoom as an "essential service".

(Perhaps not coincidentally, Zoom relies on Oracle and Amazon for much of the computing power it needs to handle an expected two trillion minutes of meetings – the equivalent of 38,000 centuries – this year.)

The biggest security leap is still to come. Zoom has promised to make it virtually impossible for anyone outside a meeting to eavesdrop by scrambling conversations via end-to-end encryption. The technique would lock up conversations so that even Zoom couldn't play them back. Law enforcement generally opposes such encryption – already in use on apps such as iMessage, WhatsApp and others – saying it impedes legitimate police investigations.

Such a security feature would give the company an even bigger advantage over competing services from Google, Microsoft, Cisco Systems and Facebook, said Rory Mir, a grassroots advocacy organiser for the Electronic Frontier Foundation, a digital rights group.

"People don’t have a lot of great options right now, but Zoom is kind of leading the charge to make these improvements,” said Mir.

Zoom hasn't said when end-to-end encryption will be ready, but it's already had to expand on its original plan to make it available only to paid subscribers. The day after its original announcement, faced with a backlash, Zoom agreed to extend the encryption to free plans as well.

It's been a heady ride for the company. Its shares closed June 30 at US$253.54 (RM1,086.63), nearly four times their value in December, creating US$50bil (RM214bil) in shareholder wealth. The San Jose, California, company expects paid subscribers to generate US$1.8bil (RM7.7bil) in revenue for the company this year, triple what Zoom pulled in last year.

If Zoom wants to prove it puts the privacy of its users first, Mir believes it will have to show it’s willing to fight requests from law enforcement and other government agencies trying to pry into the conversations on its service. The Zoom CEO has said he wanted to limit the use of end-to-end encryption so that the company could continue to work with law enforcement; the company later said he was referring to efforts intended to prevent Zoom from being used for child pornography. "Some activists now believe Zoom is like a cop," Mir said.

In a familiar refrain among tech companies operating around the world, Steckelberg said Zoom complies with local laws in each of the more than 80 countries where its service is used.

More privacy issues could loom if, as some analysts anticipate, Zoom decides to start showing ads on the free version of its service to boost its profit. Steckelberg said the company doesn’t have any immediate plans to sell ads, but didn’t rule out that possibility.

If Zoom goes down that road, Mir believes it will be difficult to resist the opportunity to mine the personal information it’s collecting because, they said, "data is the new oil. But it also can be toxic.” –AP

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 18
Cxense type: free
User access status: 3



Did you find this article insightful?


100% readers found this article insightful

Across the site