New York AG raises concerns about Zoom’s security and privacy practices
New York Attorney General Letitia James is asking Zoom Video Communications Inc. to provide details on the security and privacy of its videoconferencing platform, which has exploded in popularity since the start of the coronavirus pandemic.
The New York Times reported Monday that James’ office sent a letter to the company requesting clarification around how it protects user data. Additionally, the attorney general raised concerns about some of Zoom’s practices, including the way it responded to a security vulnerability in its service last year.
The attorney general’s office is concerned that “Zoom’s existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network,” the letter reads. “While Zoom has remediated specific reported security vulnerabilities, we would like to understand whether Zoom has undertaken a broader review of its security practices.”
James’ office furthermore called into question whether the company is complying with state regulations around the management of student data. Zoom, which offers a free tier that allows videoconferences with up to 100 participants, is being widely adopted by schools and universities scrambling to switch to virtual learning.
The company is being asked to hand over information about several of its policies. First, the attorney’s general office is requesting details on how Zoom collects and verifies consent to its terms of service in primary and secondary schools, as well as a description of the third parties who have received data related to children. Second, the letter more broadly calls for the company to explain “the categories of data that Zoom collects, as well as the purposes and entities to whom Zoom provides consumer data.”
The third area where James is seeking clarification is cybersecurity. Zoom is being asked to detail what, if any, changes it has made to its security policies after an incident last year where the company was notified about a security vulnerability by a researcher, but downplayed the issue before finally issuing a fix.
Another potential security issue has since been discovered in the service. Motherboard today reported that one of Zoom’s settings allowed some users to view the names, email addresses and photos of upwards of hundreds of other users they didn’t know. The company told the publication in a statement that it has taken steps to fix the issue.
The scrutiny of Zoom by the New York attorney general’s office may also invite attention to the practices of other communications providers whose services have surged in adoption during the pandemic. Microsoft Corp., Slack Technologies Inc. and Cisco Systems Inc. are all seeing massive growth across their respective communications services, including a more than 775% usage surge in the case of Microsoft Teams.
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.