Although the popular teleconferencing service Zoom appeared to have come out of nowhere, it actually has origins that go back a decade or more.
Zoom Video Communications, founded by current CEO Eric Yuan in 2011, became a billion dollar company by 2017. But it wasn’t until the company became publicly traded (symbol ZM) in March 2019 that it caught widespread attention, quickly reaching a valuation in excess of $15 billion.
It was already well-established in the corporate sector by this time, but it was not until the appearance of the coronavirus that causes COVID-19 that its growth really took off, reaching around 200 million daily average meeting participants in March 2020.
With such massive growth, up by around a factor of 10 from the same period a year ago, came a host of problems, in part associated with use by less technically adept users. However, the company has known for some time that its platform could be misused, and clearly Zoom failed with new security measures it implemented last year.
A rethink is needed here. Security and privacy have apparently been an afterthought for the company. That has caught the attention of regulators in at least two important jurisdictions, New York state, and California.
This unwanted attention to security woes, as well as missteps by CEO Yuan, caused Zoom’s share price to take a tumble in early April. The unprecedented move to work from home as nations around the world went into COVID-19 lockdown mode propelled Zoom’s share price from around $70 at the turn of the year to a high of around $160.
This rapid growth in the overall valuation of the company occurred as much of the rest of the stock market experienced percentage declines not seen since the Depression. Even with the decline over regulatory attention, as this column went to press Zoom was valued at around $35 billion, very impressive for what is essentially a one-product company.
Basically, the company needs to turn on, and in some cases now has, sensible default security settings and not leave them to be discovered afterwards by embarrassed users. By now, many readers, and certainly Zoom users, will have heard of the term “Zoom bombing,” the hijacking of a Zoom teleconference to unleash offensive, often xenophobic and racist, images and language on participants.
In the Archdiocese of Vancouver, Father Paul Goo was leading about 300 young adults in online prayer April 1 when the group was “Zoom bombed” by people shouting obscenities. The online community responded in prayer.
Although there are means to prevent Zoom bombing, and you can be sure such experiences have already hit B.C. educators, who have embraced Zoom enthusiastically, the company admits some of these measures aren’t obvious or in some cases don’t work as they should. So widespread is Zoom bombing becoming that even the FBI issued a warning about it.
Zoom was also hit with revelations by a security researcher that its application compromised Mac computers, giving hackers essentially root level control of the machine and the ability to turn off and on the webcam and microphone at will. Zoom acted quickly to patch this issue but it was another embarrassment for the company.
That happened only a few days after concern over the Zoom iOS app sending user data to Facebook, even for users without a Facebook account. The company said that was a mistake and removed the connection within two days, although legal action remains pending.
With all these security issues you might think Zoom’s days are numbered, but you’d be wrong. On the night before B.C. schools’ spring break ended, the B.C. government temporarily lifted privacy restrictions on provincial organizations, including hospitals and public schools, regarding the use of web-based tools that store data outside of Canada. Essentially the order recognized that tools such as Zoom, Microsoft Teams, and Google’s GSuite and Classroom would be important during the shutdown of B.C. schools.
Andrew McCracken, a philosophy and religion teacher at Notre Dame Regional Secondary in Vancouver notes, “The Zoom experiment has been surprisingly successful” for him and his students.
The app “has allowed us to continue classes without any delay and with a reasonable approximation of the experience of a bricks and mortar classroom. It is no substitute, of course, for actually being in the same room with students, but at least we can see each other’s faces, have a decent conversation, and continue to build the community that is so essential to Catholic education.”
He goes on to observe, “So far this week (the week immediately after spring break), I have had almost 100 per cent attendance in my Zoom classes and solid participation from students.”
Zoom is and will likely remain the go-to tool for many high-profile institutions. However, it is a security nightmare and the CEO’s promise that the company will devote the next 90 days to cleaning up the service and put new initiatives on hold may be crucial to its long term viability.
As of early April, multiple jurisdictions, such as the government of Taiwan and New York City schools, have banned the use of Zoom. The government of Canada has said the service must not be used for any confidential government business. NASA and two Elon Musk ventures, SpaceX and Tesla, have forbidden its use in their corporate environments.
For now, if your job entails using Zoom as a meeting host, follow these basic steps: don’t share the meeting ID publicly, use a waiting room to vet participants, and use a password in addition to that meeting ID.
There are undoubtedly more security lapses to surface with Zoom. Stay tuned.
Follow me on Facebook (facebook.com/PeterVogelCA), on Twitter (@PeterVogel), or on Instagram (@plvogel)