Zoom Should Be Criticized for Poor Communication Rather Than Privacy, Security

Image by Daniel Zender for The New York Times

The video platform Zoom has experienced overnight success with offices and schools closed around the world due to the coronavirus pandemic. The increased usage has resulted in a string of security concerns, which, according to a University of Notre Dame cybersecurity and privacy expert, have largely been blown out of proportion.

Zoom is not dealing with a security and privacy crisis, it’s facing a communication and transparency crisis, according to Mike Chapple, associate teaching professor of IT, analytics and operations at Notre Dame’s Mendoza College of Business.

“Zoom’s recent privacy and security issues aren’t any more significant than those facing any other tech company, and Zoom has quickly moved to correct each one of them,” said Chapple, a former computer scientist with the National Security Agency. “The challenge Zoom faces is that they were a specialized niche company that was suddenly thrust into the role of a critical infrastructure provider overnight and they simply weren’t ready for the intense level of scrutiny that they’ve received as a result.”

Perhaps the most publicized of Zoom’s woes is the practice of ‘Zoombombing’ where people join unsecured Zoom calls and disrupt private conversations.

Mike Chapple

“These aren’t the result of a security flaw in Zoom,” Chapple explained. “Zoombombing occurs when people either don’t use a password to secure their Zoom meeting or give out the password on a public forum. You can protect yourself against this by following some simple best practices, such as not publishing your meeting password, using a waiting room to control access to your meeting and restricting screen sharing.”

Zoom also has been criticized for not offering end-to-end encryption for videoconferences, an approach Chapple says most people never use.

“It’s true that Zoom doesn’t offer this level of encryption,” Chapple said. “That’s because it’s technically very difficult to do so. Look at the other major videoconferencing providers. Skype, Microsoft Teams and BlueJeans don’t offer end-to-end encryption either. It’s simply not a reasonable security expectation. Cisco WebEx does offer an end-to-end encryption option, but choosing that option disables major features of the platform, including the ability to record a meeting.

Chapple points out that Zoom did make a major mistake in this area by publishing a false claim that the service supported end-to-end encryption. They’ve since apologized and published a technical description of exactly how their encryption works.

There also have been reports of Zoom video recordings appearing on public websites and cloud storage services, but Chapple says there is no indication this was Zoom’s doing.

“Zoom offers a recording feature to meeting hosts and discloses to all participants when a meeting is being recorded,” he said. “At the end of the meeting, the host gets a copy of the video file. If they post it on an open forum, it’s not reasonable to hold Zoom accountable for the meeting host’s actions.”

While researchers have identified a few security flaws in Zoom’s technology over the past few weeks, Chapple says that’s not unexpected for a platform suddenly thrust into the spotlight.

“The reality is that every software product has critical security flaws that we simply haven’t discovered yet,” he said. “Zoom reacted to each one of these with a patch that corrected the problem. That’s what any responsible technology company would do.”

Where Zoom really failed, according to Chapple, is with their pre-pandemic privacy policy.

“It contained some truly awful terms and conditions that basically granted the company the right to access private meeting information. After some scathing public criticism, Zoom revised their privacy policy to align with industry best practices.

“If you’re worried about the privacy and security issues at Zoom, don’t use the service. Personally, I’ve found Zoom to be a crucial part of my ability to teach and work from home. I’m comfortable that they’re focusing on correcting security issues quickly and have built a platform that is scalable, reliable, and secure.”

9 Comments
  1. Very good article! We are linking to this particularly great content on our site. Keep up the great writing.

  2. We stumbled over here different web page and thought I should
    check things out. I like what I see so i am just following you.
    Look forward to looking over your web page yet again.

  3. Howdy! I know this is kind of off topic but I was wondering if
    you knew where I could locate a captcha plugin for my comment form?
    I’m using the same blog platform as yours and I’m having problems finding one?
    Thanks a lot!

Leave a Reply

Your email address will not be published.

©2020 Global Cyber Security Report. Use Our Intel. All Rights Reserved. Washington, D.C.