Image Description: A screenshot of a large meeting on Zoom, with twenty people concurrently in the call.
By Christine Chen
Zoom has become a clear staple of coronavirus lockdown life—an online platform as ubiquitous as Facebook or Twitter—weathering the disruption of a pandemic which has otherwise upended the operating models of virtually every industry, from food and entertainment, to tourism and manufacturing.
With Zoom’s daily user numbers ballooning from ‘just’ ten million last year to 200 million in March, it seems everyone has turned to Zoom as the de facto means of convening whilst practising social distancing. It has been used to deliver online lessons, teach ballet classes, deliver religious sermons, host ASX board meetings, and even to facilitate Boris Johnson’s “digital cabinet meetings”. Western Australian universities, including UWA, have also adopted the platform for remote learning purposes.
Caption: The widespread adoption of Zoom has resulted in many memes satirising the idiosyncrasies of online meeting etiquette.
However, it’s quickly becoming clear that there is trouble boiling in Zoom’s online paradise.
As people migrated to Zoom, so too did trolls and hackers. And the trolls and hackers did what they do best—a pernicious phenomenon known as “Zoombombing”, where uninvited people jump into Zoom calls, has become an increasingly popular occurrence for public events. In what started out as harmless pranks, Zoombombing cases have risen to the level of harassment and hate speech, with offenders exploiting platform’s screen-sharing feature to project graphic content onto unwitting participants; some severe cases have caught the attention of the FBI and other law enforcement agencies.
On Thursday, TIME reported that Zoom has even become a playground for foreign spies, with operatives from countries such as Russia, China, and North Korea targeting video calls to glean private and sensitive information. Zoom appears to be acutely vulnerable to intrusion by Chinese spies because of its encryption keys, many of which are routed through Chinese servers, according to a new report from The Citizen Lab.
Caption: Thousands have watched comedian Hamish Blake’s “Zoom for One More” series, where he crashes various Zoom meetings as a harmless joke. However, when he dropped into an Air Force meeting, high-ranking officials didn’t find the joke funny—Zoom was subsequently banned by the ADF.
Image Description: The text “Zoom for one more” appears on the left side, next to Hamish Blake’s face.
In a scramble to adopt Zoom and promptly comply with social distancing requirements, numerous oversights have evidently been made. Now, skittish about the privacy and security risks posed, it seems that Zoom is being prohibited as fast as it was first adopted, by an ever-growing list of companies—most notably, Google, NASA, SpaceX and Tesla. Government organisations around the world are also shunning the app: Zoom has been banned from use in government business in Taiwan; the German foreign ministry has restricted Zoom’s use to only fixed-connection computers; the Australian Defense Force has outright prohibited staff usage of Zoom; New York’s Department of Education has also instituted a ban on Zoom for schools.
On Saturday, Singapore became the latest country to ban Zoom for remote learning after “very serious incidents” occurred in the country’s first week of coronavirus lockdown.
Amid these mounting security and privacy concerns, should UWA also be concerned?
When the coronavirus outbreak worsened in mid-March, like many other organisations, UWA scrambled to migrate all learning to online platforms. Prior to the outbreak, UWA had never needed to deliver online learning to such an extent; its adoption of Zoom is, by and large, a novel experiment—and students are the guinea pigs.
“UWA is aware of the concerns [surrounding Zoom],” says UWA Guild President, Bre Shanahan. “In conversation with UWA’s Chief Digital and Information Officer, Warwick Calkin, he mentioned a number of Zoom protocols that have been introduced to address the privacy concerns.”
Calkin, himself, did not respond to a request for comment at the time of writing.
When asked if UWA has plans to transition away from Zoom, Shanahan says that “I have not heard of any plans as of yet. My understanding is it is currently up to unit coordinators to choose.”
If UWA did move to ban Zoom, the clear alternative would be Microsoft Teams. With purportedly superior security features, schools in New York are among those who are making the switch.
Jared Spataro, Microsoft 365’s Corporate Vice President, outlined in a blog post the advantages of using Teams (without naming Zoom by name), explaining how its privacy and security controls can prevent Zoombombing, how Teams encrypts data, and how Microsoft handles law enforcement requests–all of which were flagged as areas of concerns for Zoom.
To its credit, Zoom has committed to work to enhance its security. “We recognise that we have fallen short of the community’s–and our own–privacy and security expectations,” Eric Yuan, Zoom’s chief executive, wrote in a blog post of his own. Yuan also announced that the company will freeze its updates for 90 days to address all the concerns raised, hiring Facebook security chief Alex Stamos as an adviser.
Whether this will engender greater security is yet to be determined. Perhaps a similar scramble to rashly enact measures is what got us here in the first place—perhaps we should all prepare to make another migration to a different online platform for our video-conferencing needs very soon.
Another alternative is BigBlueButton, an education-focused, open source web conference system. In March I set it up on a server at the University Computer Club (a UWA guild-affiliated club) for our members to use while the campus is closed. I also run it at the high school I work for. The security is good because it runs on your own server, and meetings can be restricted to those who have Office 365 accounts, preventing Zoom-bombing.