Zoom to expand security, privacy safeguards as part of agreement with New York AG
Video conferencing group Zoom will expand certain privacy and security protections for users as part of an agreement announced Thursday with New York Attorney General Letitia James (D).
As part of an agreement, Zoom said it will implement a data security program and conduct risk assessment reviews to check for software vulnerabilities. The company will also enhance the security of user information by expanding encryption protocols, and will enable default passwords for every meeting to control access.
The company will also take steps to stop sharing user data with Facebook — an issue that has put the company in hot water over the past two months — and will investigate any reported misconduct on its platform, such as attacks around race, religion or sexual orientation. No monetary penalties were involved in the agreement.
Most of the changes agreed to by Zoom as part of the agreement in New York are steps the company already initiated in response to a spike in security and privacy concerns during the COVID-19 pandemic.
Zoom took steps to stop sharing data with Facebook in March, and later rolled out “Zoom 5.0” to enhance encryption and include default passwords.
“Our lives have inexorably changed over the past two months, and while Zoom has provided an invaluable service, it unacceptably did so without critical security protections,” James said in a statement. “This agreement puts protections in place so that Zoom users have control over their privacy and security, and so that workplaces, schools, religious institutions, and consumers don’t have to worry while participating in a video call.”
Zoom has seen record numbers of users as individuals move online for everything from work meetings to classes to happy hours during the coronavirus pandemic, increasing from 10 million daily participants in December to 300 million daily participants in April.
But the increased usage has also led to issues including the new phenomenon of “Zoombombing,” which involves malicious hackers or other individuals gaining access to meetings and disrupting them with obscene statements or drawings.
Elementary school classes, work meetings and other confidential gatherings have been interrupted on Zoom as a result, with the FBI issuing a warning about the phenomenon and Capitol Hill taking notice.
A Zoom spokesperson told The Hill that the company was “pleased to have reached a resolution with the New York Attorney General, which recognizes the substantial work that Zoom has completed as part of our 90-day security and privacy plan, including making a number of our pre-existing security features on by default and also introducing new security enhancements.”
“We are grateful for the New York Attorney General’s engagement on these important issues and are glad to have reached this resolution so quickly,” the spokesperson added.
The agreement comes less than two months after James began looking into security issues at Zoom, with James sending a letter to the company asking questions around how it ensured the privacy of its users.
The settlement was also reached the day after the New York City Department of Education announced an agreement with Zoom that would reinstate the use of the platform for online classes after halting the use of the service in April due to concerns over Zoombombings.
The city’s Schools Chancellor Richard Carranza said in a statement that the agency had “worked with Zoom to create a tailored platform that provides the safety and functionality schools need to engage in remote learning,” noting he was “happy that Zoom has addressed vulnerabilities over the last few weeks and effective immediately, our community can safely use the Department of Education licensed Zoom account for remote learning.”
Zoom CEO Eric Yuan said Zoom was “proud” to provide classes to the more than 1.1 million students in the city.
“We look forward to continued partnership with the DOE and service to the educators and students in New York,” Yuan said in a statement. “We are proud and humbled to enable remote applications for schools, businesses and other organizations to stay connected and operational during this time.”
-Updated at 8:45 p.m.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. Regular the hill posts