Zoom To Crack Down on Zoombombing, In Deal With NY Attorney General
Updated Thursday at 6:51 p.m. ET
Zoom has agreed to do more to prevent hackers from disrupting video conferencing sessions and to protect users' data, according to a deal announced on Thursday by New York Attorney General Letitia James.
The coronavirus pandemic has unleashed incredible growth for Zoom. Daily use of the remote-meeting service ballooned to 300 million from about 10 million in a matter of months. As more people logged on, Zoom's security and privacy flaws became evident.
Hackers began disrupting online school classes, government meetings, cocktail hours and other events in a trend that became known as Zoombombing.
Federal law enforcement and state investigators across the country started paying attention.
"Our lives have inexorably changed over the past two months, and while Zoom has provided an invaluable service, it unacceptably did so without critical security protections," James said in a statement released by her office. "This agreement puts protections in place so that Zoom users have control over their privacy and security, and so that workplaces, schools, religious institutions, and consumers don't have to worry while participating in a video call."
Zoom has pledged to take more steps to block hackers from gaining access to chat sessions and user accounts. It must now run a "vulnerability management program" to identify and avert breaches into livestreaming conversations on the video platform, New York regulators wrote in the deal.
Reported bad actors will now be investigated by Zoom, and the company will ban those who violate Zoom's anti-abuse policies, the state regulators said.
Zoom began as a communication tool geared toward businesses. But as scrutiny on Zoom intensified, security experts found that the company did not use end-to-end encryption, as it had claimed. Zoom officials later admitted as much. Such encryption all but ensures that the content of a conversation is confidential.
Now, according to the agreement, Zoom will encrypt "all personal information in transit except where the user fails to utilize a Zoom app or Zoom software for the transmission."
Zoom is also taking steps under the agreement to stop sharing user data with Facebook and LinkedIn.
In response to its swirling controversies, Zoom has hired outside security consultants and has announced that it has acquired Keybase, a company that specializes in encryption products. Zoom officials say the acquisition was made in order to strengthen user privacy.
Before the announcement of Thursday's deal with New York regulators, Zoom had taken steps to respond to public outcry.
The company said it in early April that it was halting work on all other projects to devote resources to beefing up security and privacy. Among other changes, Zoom began to require passwords for creating or joining a meetings by default.
In a statement, a Zoom spokesperson said Thursday that the company is pleased it has reached an accord with New York regulators, saying the out-of-court settlement "recognizes the substantial work that Zoom has completed as part of our 90-day security and privacy plan, including making a number of our pre-existing security features on by default and also introducing new security enhancements."
As Zoom's popularity and problems mounted, two tech giants spied an opportunity. Facebook has announced a new competitor to Zoom, a feature called Messenger Rooms. Google has made its existing videoconferencing tool, called Meet, free and easier to access from Gmail.