Businessman reading newspaper and drinking coffee

Zoom is hitting back. After weeks of ongoing negative publicity about the security and privacy issues around the video-conferencing service, the CEO has launched an offensive that is heavy on both charm and real-life fixes

While the company has enjoyed unprecedented user grown since December last year — 10 million to 200 million from December to March — stories started to emerge in March about trolls crashing meetings, flashing porn or racist slurs on screens while security researchers released reports on newly discovered vulnerabilities that if used maliciously could enable hackers to access your webcam.

The publicity was so potentially damaging that the company’s CEO Eric S Yuan, penned a blog at the beginning of the month outlining what the company intends to do to manage the problems.

Among the many remarks in the blog post, Yuan explained that most of the problems arose from new, mostly consumer use cases that has “helped us uncover unforeseen issues with our platform.” Dedicated journalists and security researchers also helped to identify pre-existing ones, he added.

There is much that explains what has happened and why breaches were possible, but it is the future that is important. He also informed users that over the next 90 days [starting early April], the company is dedicating all the resources needed to better identify, address, and fix issues proactively. As a result, the company is the following precautions. 

  • Enacting a feature freeze, effectively immediately, and shifted all its engineering resources to focus on safety, trust and privacy issues.
  • Conducting a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases.
  • Preparing a transparency report that details information related to requests for data, records, or content.
  • Launching a CISO [Chief Information Security Officer] council in partnership with other CISOs from across the industry to establish security and privacy best practices.

He will also personally host a weekly webinar on Wednesdays to provide privacy and security updates to the Zoom community. There are other actions that the company will take but this is the starting point so expect a lot from this over the coming weeks.

Skype and Google Hangouts

Before leaving this, we need to turn back to Microsoft briefly because it too has been capitalizing on Zoom’s woe’s in other ways.  We saw last week that the Redmond, Wash.-based company announced that it is offering Skype as a practical video alternative in the shape of Skype Meet Now. Announced recently, Skype Meet Now is a web-based version of Skype.  

On the Meet Now website, Microsoft explains that it allows you to set up a collaboration space and invite both Skype contacts and friends who are not on Skype. Participants can then easily join meetings whether they have an account or not. 

Google too has been circling. It has started offering access to the Mountain View, Calif.-based company’s Meet video-conferencing capabilities to all G Suite and G Suite for Education customers globally. This means that users will be ale able to do the following.

  1. Hold larger meetings, for up to 250 participants per call 
  2. Offer live streaming for up to 100,000 viewers within a domain  
  3. Record meetings and save them to Google Drive 

These features are typically available in the Enterprise edition of G Suite and in G Suite Enterprise for Education and will be available at no additional cost to all customers until September 30, 2020.  

Eu Data Watchdog Clamps Down on Coronavirus Apps 

The coronavirus has also raised other privacy concerns.  It probably hasn’t gone unnoticed that there are several apps now that follow and provide information about the spread and impact of the coronavirus. It certainly hasn’t escaped the attention of the European Union data protection watchdog. Most of these apps require a certain amount of personal data to be made available for them to work as they should and with several countries developing tracking apps, guaranteeing data privacy is a problem.

Wojciech Wiewiorowski explained in a statement that the EU's main privacy law, the General Data Protection Regulation (GDPR), allowed the processing of sensitive private information when it was in the interest of public health. “The digital revolution has given us powerful tools to process information about the world we live in, about us — human beings — and about our behavior. Our 'mantra' is that big data means big responsibility. We have to know what we are doing, and to know that we are responsible for the results of our activity.”

His statement also gives deeper insights into how apps and the GDPR should operate. In the current crisis, the statement reads, apps that serve the public should be temporary, with limited purpose and have access limitations to the data.

 It also added the following, “GDPR states also that the right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. Legality of processing.”

These are interesting insights and should help enterprises understand how GDPR is being interpreted. It will become clearer again once the apps in question are developed and put into service.

Americans Care About Privacy

But does privacy matter? According to the Pew Institute, the American public certainly thinks it does. In a survey carried out last year between June 3-17, 2019 and which has just been made public recently, half of Americans have decided not to use a product or service because of privacy concerns. According to the research, 52% of US adults said that they had decided not to buy a product or service because of concerns over personal data harvesting and what the data would be used for.

It also showed how much impact data breaches have on buying decisions. Those who said someone attempted to open a line of credit or apply for a loan using their name were more likely than those who didn’t to not use a product or service out of privacy concerns (64% vs. 51%).

It also shows that:

  • Those who said someone took over their social media or email account without their permission and those who did not experience this (63% vs. 51%).
  • Those who said someone put fraudulent charges on their debit card or credit card were more likely than those who did not experience this to share this concern (56% vs. 51%). Education also appears to be a factor. Those who had college education and higher were also less likely to trust apps that harvest data.

When asked what really concerned them in the way data was harvested:

  • Most cited fears over sharing personal information (15%) in order to get access to the product or service.
  • Fears that that the product or service is untrustworthy (9%).
  • Others (8%) cited surveillance as a concern.

The findings are interesting and important especially for those trying to run a business online. It will be interesting to see similar figure when this current crisis is over and after millions of remote workers return to their workplace.