UPDATED 12:48 EDT / MARCH 31 2020

POLICY

New York AG raises concerns about Zoom’s security and privacy practices

New York Attorney General Letitia James is asking Zoom Video Communications Inc. to provide details on the security and privacy of its videoconferencing platform, which has exploded in popularity since the start of the coronavirus pandemic.

The New York Times reported Monday that James’ office sent a letter to the company requesting clarification around how it protects user data. Additionally, the attorney general raised concerns about some of Zoom’s practices, including the way it responded to a security vulnerability in its service last year.

The attorney general’s office is concerned that “Zoom’s existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network,” the letter reads. “While Zoom has remediated specific reported security vulnerabilities, we would like to understand whether Zoom has undertaken a broader review of its security practices.”

James’ office furthermore called into question whether the company is complying with state regulations around the management of student data. Zoom, which offers a free tier that allows videoconferences with up to 100 participants, is being widely adopted by schools and universities scrambling to switch to virtual learning.

The company is being asked to hand over information about several of its policies. First, the attorney’s general office is requesting details on how Zoom collects and verifies consent to its terms of service in primary and secondary schools, as well as a description of the third parties who have received data related to children. Second, the letter more broadly calls for the company to explain “the categories of data that Zoom collects, as well as the purposes and entities to whom Zoom provides consumer data.”

The third area where James is seeking clarification is cybersecurity. Zoom is being asked to detail what, if any, changes it has made to its security policies after an incident last year where the company was notified about a security vulnerability by a researcher, but downplayed the issue before finally issuing a fix.

Another potential security issue has since been discovered in the service. Motherboard today reported that one of Zoom’s settings allowed some users to view the names, email addresses and photos of upwards of hundreds of other users they didn’t know. The company told the publication in a statement that it has taken steps to fix the issue.

The scrutiny of Zoom by the New York attorney general’s office may also invite attention to the practices of other communications providers whose services have surged in adoption during the pandemic. Microsoft Corp., Slack Technologies Inc. and Cisco Systems Inc. are all seeing massive growth across their respective communications services, including a more than 775% usage surge in the case of Microsoft Teams.

Photo: Zoom

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU