FBI Warning: ZOOM-BOMBING is now a threat in your business and your child’s classroom

If you rely on teleconferencing or web-conferencing software like Zoom in order to continue to work or to keep your children in school during the coronavirus outbreak, be wary of leaving your kids watching that screen alone. According to the FBI, video-teleconference (VTC) hijacking, also called “Zoom-bombing,” is on the rise. This not only potentially exposes meeting participants to pornographic images and threatening language but, perhaps even more problematic, has the potential to expose private information and conversations in previously unencountered ways[1].

So far, Zoom-bombings that have been detected have been mainly vandalistic in nature. This month, a Massachusetts online classroom experienced a VTC-hijacking when an unidentified party dialed into the classroom, yelled profanity and shouted out the teacher’s home address. In another incident at a different school but also in Massachusetts, an unidentified individual dialed in and displayed swastika tattoos. A virtual meeting with black University of Texas students also reported Zoom-bombing by visitors using racial slurs[2]. Numerous educational institutions have reached out to Zoom to ask how the company will protect user privacy during the pandemic.

The FBI recommends keeping meetings and classroom settings private by using the meeting password option or keeping members in the “waiting room” until the moderator enters. They also recommended private meetings be treated as such, with hosts only sending access codes to those meetings in private correspondence rather than posting them online.

Privacy Policy Concerns

Senior Forbes contributor and cybersecurity analyst Kate O’Flaherty warned earlier this week that Zoom’s privacy policy, in her opinion, leaves something to be desired. Although on the surface, the policy is relatively similar to that of Google or Facebook in that Zoom collects and stores personal data and shares it with some third parties, O’Flaherty wrote that her concerns revolve around the company’s definition of “customer content,” defined as “the content contained in cloud recordings, and instant messages, files, and whiteboards…shared while using the service.”[3]

That information includes:

  • Videos
  • Transcripts (including those that can be generated automatically)
  • Documents shared on-screen
  • The names of everyone on the call

Consumer Reports privacy researcher Bill Fitzgerald analyzed the company’s policies and said that Zoom is “not necessarily doing anything users would object to with the data… [but the guidelines] provide a whole lot of leeway to collect information and share it, both now and in the future.”

Justin Brookman, director of privacy and technology policy at Consumer Reports, also expressed concern about the amount of “power” Zoom puts “in the hands of the meeting hosts.” He made particular note of corporate accounts, which have the ability to monitor whether you are paying attention to the Zoom call and record the call without notifying participants.

Zoom Has Reacted Quickly to Concerns

In response to the melee of concerns and ongoing reports of various “Zoom-bombings,” Zoom issued a clear statement and update to its privacy policy. In that statement, Zoom wrote:

“We are not changing any of our practices. We are updating our privacy policy to be more clear, explicit, and transparent….

Zoom takes its users’ privacy extremely seriously. Zoom collects only the data from individuals using the Zoom platform required to provide the service and ensure it is delivered effectively under a wide variety of settings in which our users may be operating. This data includes basic technical information, such as the user’s IP address, OS details, and device details.”

The company went on to say that it uses “robust and validated controls to prevent unauthorized access to any content that users share during meetings” and that the content is not stored “unless a meeting is recorded by a host.” Zoom also emphasized that participants are notified via both audio and video if the meeting is being recorded, and elaborated, “We have access controls to prevent unauthorized access to meeting recordings saved to our cloud.”[4]

Zoom also has implemented K-12-specific privacy policies and “guardrails” to protect the personal data associated with minor users and schools using Zoom to conduct class. The statement concluded, “Aside from providing services to K-12 students through school subscribers as discussed above, Zoom does not knowingly allow children under the age of 16 to sign up for their own accounts.”

Do you think Zoom is a good platform for business and personal meetings at this time?

How do you protect your own privacy and that of your clients and customers when teleconferencing?

Thank you for reading the Bryan Ellis Investing Letter!

Your comments and questions are welcomed below.

 

 

 

[1] https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic?fbclid=IwAR3YR0MKJ571d4AwvFvzwKr2gz2OWbmN-GoyKEj1Y4imZVpWz83uwjZYhbc

[2] https://thehill.com/homenews/state-watch/490402-virtual-meeting-with-black-university-of-texas-students-cut-off-by-racist-zoom

[3] https://www.forbes.com/sites/kateoflahertyuk/2020/03/25/zooms-a-lifeline-during-covid-19-this-is-why-its-also-a-privacy-risk/#2014684328ba

[4] https://blog.zoom.us/wordpress/2020/03/29/zoom-privacy-policy/

Leave a Reply