The ongoing COVID-19 pandemic has caused problems beyond its obvious harm to the health of people across the world. The economic effects of workers not being able to do their jobs has already caused significant damage to the global economy, with economists and financial analysts predicting an economic downturn for the entire world by the year’s end.
Both the public and private sector have attempted to mitigate the damage to their operations by switching to an entirely online format of working as far as possible. The Zoom app has played an integral part in this, jumping from a largely unknown application to an indispensable office tool in a matter of weeks. However, this has not been an entirely smooth ride.
As its popularity has boomed – both for business and personal use – and the company’s stock price rocketed, Zoom has come under pressure on a number of fronts.
On Tuesday, shareholder Michael Drieu filed suit in a California federal court, alleging that Zoom “significantly overstated” the degree to which its platform is encrypted, failing to disclose these “deficiencies” to shareholders.
In early April, Zoom to a “discrepancy” in its definition of end-to-end encryption from the commonly accepted definition. Drieu claims he and other shareholders have suffered “significant losses and damages” due to a drop in Zoom’s share price after the admission.
It is the second recent lawsuit Zoom faces; the company is also being sued in a California-based federal court for allegedly sharing user data with Facebook. In late March, Zoom said in a press release that it “has never sold user data in the past and has no intention of selling users’ data going forward,” and would remove the Facebook SDK (software development kit) from its iOS client. That SDK, it said, was responsible for collecting device data.
The list of organizations that have banned use of Zoom on security and privacy grounds has also grown. According to the Financial Times, the U.S. Senate has reportedly directed members not to use the app, while the German Foreign Ministry has banned its use on mobile devices to protect confidential conversations. In addition, Taiwan’s government warned against using Zoom outright, instead highlighting rival options from Microsoft and Google.
Google, which has its own video app – Hangouts Meet – has also reportedly banned Zoom due to security vulnerabilities, as has Elon Musk’s Space X. US law enforcement authorities, meanwhile, warned of unauthorized access to virtual classrooms and recommended that users change security settings to protect meetings; the app has been blacklisted by schools in New York.
Zoom had previously drawn criticism over its security practices – even before the COVID-19 crisis – because of a flaw in its Mac desktop app that let hackers take control of a user’s webcam. In response, Zoom has recently upped efforts to improve security and privacy, with CEO Eric Yuan pledging to suspend Zoom’s feature development for three months while the company directs resources to “better identify, address, and fix issues proactively.”
Yuan acknowledged in an interview with CNN that the company “moved too fast” as the COVID-19 crisis unfolded and should have tightened security; the company also acknowledged that its encryption efforts need more work.
The app’s security failures have even led to the emergence of a new term – ‘Zoom bombing’. This is when a Zoom meeting or discussion is interrupted by outside, uninvited parties. These unwanted attendees have caused significant media interest, with online school lessons becoming so frequent that Singapore’s education authorities banned use of the application outright. Most alarmingly, some schools in the United States have reported their pupils being exposed to images of child pornography; one school in Berkeley, California, was Zoom bombed by a man screaming obscenities and flashing his genitals.
Yet it is not only criminals who are perceived to be a threat. US intelligence officials have stated that foreign intelligence agencies – specifically those in China, Iran, North Korea and Russia – are spying on American companies in order to disrupt their operations or steal information that could be of use for their own purposes.
Zoom is particularly vulnerable to intrusion by Chinese cyberspies because some of its encryption keys are routed through Chinese servers, according to a research group at the University of Toronto. Since the work restrictions in place due to the Coronavirus will likely not be lifted any time soon, work will remain online for the foreseeable future – however, it is far less certain whether the increasingly-beleaguered team at Zoom will prevent its users from abandoning it in favour of its corporate rivals.