This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.nytimes.com/2020/04/08/business/zoom-video-privacy-security-coronavirus.html
The article has changed 13 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| Zoom Rushes to Improve Privacy for Consumers Flooding Its Service | Zoom Rushes to Improve Privacy for Consumers Flooding Its Service |
| (2 months later) | |
| Over the last month, the Zoom videoconferencing service has emerged as the communication lifeline of the coronavirus pandemic. But the convenience fueling Zoom’s explosive popularity has come at a price. | Over the last month, the Zoom videoconferencing service has emerged as the communication lifeline of the coronavirus pandemic. But the convenience fueling Zoom’s explosive popularity has come at a price. |
| Originally a service meant for businesses, Zoom was designed to make it easy for company employees, sales representatives and clients to hop on meetings. When consumers flocked to the video platform for school and socializing, however, those conveniences also made it easy to hijack videoconferences and harass participants in online attacks known as Zoombombing. | Originally a service meant for businesses, Zoom was designed to make it easy for company employees, sales representatives and clients to hop on meetings. When consumers flocked to the video platform for school and socializing, however, those conveniences also made it easy to hijack videoconferences and harass participants in online attacks known as Zoombombing. |
| Now the company is scrambling to deal with privacy and security issues that keep popping up. On Wednesday morning, Zoom announced that it had formed a council of chief information security officers from other companies to share ideas on best practices. The company also announced that it had hired Alex Stamos, the former chief security officer of Facebook, as an outside adviser. | Now the company is scrambling to deal with privacy and security issues that keep popping up. On Wednesday morning, Zoom announced that it had formed a council of chief information security officers from other companies to share ideas on best practices. The company also announced that it had hired Alex Stamos, the former chief security officer of Facebook, as an outside adviser. |
| Eric S. Yuan, the chief executive of Zoom Video Communications, the California company behind the video platform, said in an interview Tuesday evening that his greatest regret was not recognizing the possibility that one day Zoom might be used not just by digitally savvy businesses but also by tech neophytes. | Eric S. Yuan, the chief executive of Zoom Video Communications, the California company behind the video platform, said in an interview Tuesday evening that his greatest regret was not recognizing the possibility that one day Zoom might be used not just by digitally savvy businesses but also by tech neophytes. |
| “We were focusing on business enterprise customers,” Mr. Yuan said. “However, we should have thought about ‘What if some end user started using Zoom’” for nonbusiness events, “maybe for family gatherings, for online weddings.” He added: “The risks, the misuse, we never thought about that.” | “We were focusing on business enterprise customers,” Mr. Yuan said. “However, we should have thought about ‘What if some end user started using Zoom’” for nonbusiness events, “maybe for family gatherings, for online weddings.” He added: “The risks, the misuse, we never thought about that.” |
| Mr. Yuan said Zoom never felt the need until now to rigorously examine the platform’s privacy and security implications for consumers. “If not for this crisis,” he said, “I think we would have never thought about this.” | Mr. Yuan said Zoom never felt the need until now to rigorously examine the platform’s privacy and security implications for consumers. “If not for this crisis,” he said, “I think we would have never thought about this.” |
| In addition to the Zoombombing episodes, Zoom has reacted with surprise to press reports that the company’s iPhone app leaked user data to Facebook as well as to criticism that the platform had allowed certain users to covertly access the LinkedIn profile data of other participants. | In addition to the Zoombombing episodes, Zoom has reacted with surprise to press reports that the company’s iPhone app leaked user data to Facebook as well as to criticism that the platform had allowed certain users to covertly access the LinkedIn profile data of other participants. |
| Zoom’s trajectory from mass media darling to privacy pariah may seem like a familiar narrative in a tech industry with a build-it-first, beg-forgiveness-later culture. But the coronavirus has accelerated the Silicon Valley story arc at an incredible pace. | Zoom’s trajectory from mass media darling to privacy pariah may seem like a familiar narrative in a tech industry with a build-it-first, beg-forgiveness-later culture. But the coronavirus has accelerated the Silicon Valley story arc at an incredible pace. |
| The coronavirus-fed boom has essentially forced Zoom to publicly acknowledge and address problems on a vastly shorter timetable than older companies like Facebook. Now attorneys general in several states are scrutinizing Zoom’s privacy and security practices even as the company has publicly committed to improving them. | The coronavirus-fed boom has essentially forced Zoom to publicly acknowledge and address problems on a vastly shorter timetable than older companies like Facebook. Now attorneys general in several states are scrutinizing Zoom’s privacy and security practices even as the company has publicly committed to improving them. |
| Mr. Yuan said the company had not anticipated the exponential growth in new users during the coronavirus pandemic or the unrelenting public scrutiny that would come with it. | Mr. Yuan said the company had not anticipated the exponential growth in new users during the coronavirus pandemic or the unrelenting public scrutiny that would come with it. |
| Four months ago, Zoom was a niche business tool with 10 million daily users, many of them people working in offices or at home. Today, it has emerged as a fundamental online utility, with 200 million daily users — including family members gathering to celebrate holidays, teachers leading online classes for students and members of Alcoholics Anonymous holding meetings. | Four months ago, Zoom was a niche business tool with 10 million daily users, many of them people working in offices or at home. Today, it has emerged as a fundamental online utility, with 200 million daily users — including family members gathering to celebrate holidays, teachers leading online classes for students and members of Alcoholics Anonymous holding meetings. |
| Last week, Zoom said it was suspending work on features for the next 90 days to devote all of its engineering resources to shoring up its security and privacy practices. | Last week, Zoom said it was suspending work on features for the next 90 days to devote all of its engineering resources to shoring up its security and privacy practices. |
| Security researchers also discovered that, despite its marketing promises, Zoom encrypted users’ communications but not with end-to-end encryption — a system that prevents third parties from accessing private communications. Mr. Yuan noted that end-to-end encryption was significantly more difficult with many users communicating simultaneously instead of something like Apple’s FaceTime, which is typically used by a handful of people at the same time. | Security researchers also discovered that, despite its marketing promises, Zoom encrypted users’ communications but not with end-to-end encryption — a system that prevents third parties from accessing private communications. Mr. Yuan noted that end-to-end encryption was significantly more difficult with many users communicating simultaneously instead of something like Apple’s FaceTime, which is typically used by a handful of people at the same time. |
| Last week, the office of New York’s attorney general sent a letter to Mr. Yuan, questioning whether Zoom’s current security practices were capable of handling “the surge in both volume and sensitivity of data being passed” through its network. | Last week, the office of New York’s attorney general sent a letter to Mr. Yuan, questioning whether Zoom’s current security practices were capable of handling “the surge in both volume and sensitivity of data being passed” through its network. |
| Several days later, the Federal Bureau of Investigation issued a warning saying that it had received multiple reports of Zoombombing, including incidents where school meetings were hijacked by strangers posting pornography and using threatening language. | Several days later, the Federal Bureau of Investigation issued a warning saying that it had received multiple reports of Zoombombing, including incidents where school meetings were hijacked by strangers posting pornography and using threatening language. |
| Zoom quickly announced that it was removing the Facebook software from its iPhone app and eliminating the LinkedIn data-mining feature on its platform. To hinder Zoombombing, the company just introduced default settings that will require K to 12 schools to individually admit participants to videoconferences from virtual waiting rooms. | Zoom quickly announced that it was removing the Facebook software from its iPhone app and eliminating the LinkedIn data-mining feature on its platform. To hinder Zoombombing, the company just introduced default settings that will require K to 12 schools to individually admit participants to videoconferences from virtual waiting rooms. |
| Mr. Yuan said Zoom was now making user privacy and security its top priority and was shutting down enterprise features that could present risks to consumers. “This is a turning point. We have to raise the bar,” he said. “Whenever there’s a conflict, privacy first.” | Mr. Yuan said Zoom was now making user privacy and security its top priority and was shutting down enterprise features that could present risks to consumers. “This is a turning point. We have to raise the bar,” he said. “Whenever there’s a conflict, privacy first.” |
| Mr. Yuan, a former executive at Cisco Systems, founded Zoom in 2011. He has often described the company’s mission as “making video communications frictionless.” | Mr. Yuan, a former executive at Cisco Systems, founded Zoom in 2011. He has often described the company’s mission as “making video communications frictionless.” |
| Before the pandemic, Mr. Yuan said, Zoom used a number of security measures to identify vulnerabilities, and invited hackers to probe its service for payment awards, through a bug bounty. | Before the pandemic, Mr. Yuan said, Zoom used a number of security measures to identify vulnerabilities, and invited hackers to probe its service for payment awards, through a bug bounty. |
| It also developed security and privacy features that could have prevented Zoombombing. But Zoom left it to business customers, which included some of the biggest names in the cybersecurity industry, to decide how they wanted to configure privacy and security settings. | It also developed security and privacy features that could have prevented Zoombombing. But Zoom left it to business customers, which included some of the biggest names in the cybersecurity industry, to decide how they wanted to configure privacy and security settings. |
| Technologists at those companies vetted Zoom’s code for security vulnerabilities, decided whether their own employees should be required to use passwords to join meetings, and how much of their data should be exposed to colleagues and managers. | Technologists at those companies vetted Zoom’s code for security vulnerabilities, decided whether their own employees should be required to use passwords to join meetings, and how much of their data should be exposed to colleagues and managers. |
| Updated June 5, 2020 | |
| So far, the evidence seems to show it does. A widely cited paper published in April suggests that people are most infectious about two days before the onset of coronavirus symptoms and estimated that 44 percent of new infections were a result of transmission from people who were not yet showing symptoms. Recently, a top expert at the World Health Organization stated that transmission of the coronavirus by people who did not have symptoms was “very rare,” but she later walked back that statement. | |
| A study by European scientists is the first to document a strong statistical link between genetic variations and Covid-19, the illness caused by the coronavirus. Having Type A blood was linked to a 50 percent increase in the likelihood that a patient would need to get oxygen or to go on a ventilator, according to the new study. | |
| The unemployment rate fell to 13.3 percent in May, the Labor Department said on June 5, an unexpected improvement in the nation’s job market as hiring rebounded faster than economists expected. Economists had forecast the unemployment rate to increase to as much as 20 percent, after it hit 14.7 percent in April, which was the highest since the government began keeping official statistics after World War II. But the unemployment rate dipped instead, with employers adding 2.5 million jobs, after more than 20 million jobs were lost in April. | |
| Mass protests against police brutality that have brought thousands of people onto the streets in cities across America are raising the specter of new coronavirus outbreaks, prompting political leaders, physicians and public health experts to warn that the crowds could cause a surge in cases. While many political leaders affirmed the right of protesters to express themselves, they urged the demonstrators to wear face masks and maintain social distancing, both to protect themselves and to prevent further community spread of the virus. Some infectious disease experts were reassured by the fact that the protests were held outdoors, saying the open air settings could mitigate the risk of transmission. | |
| Exercise researchers and physicians have some blunt advice for those of us aiming to return to regular exercise now: Start slowly and then rev up your workouts, also slowly. American adults tended to be about 12 percent less active after the stay-at-home mandates began in March than they were in January. But there are steps you can take to ease your way back into regular exercise safely. First, “start at no more than 50 percent of the exercise you were doing before Covid,” says Dr. Monica Rho, the chief of musculoskeletal medicine at the Shirley Ryan AbilityLab in Chicago. Thread in some preparatory squats, too, she advises. “When you haven’t been exercising, you lose muscle mass.” Expect some muscle twinges after these preliminary, post-lockdown sessions, especially a day or two later. But sudden or increasing pain during exercise is a clarion call to stop and return home. | |
| States are reopening bit by bit. This means that more public spaces are available for use and more and more businesses are being allowed to open again. The federal government is largely leaving the decision up to states, and some state leaders are leaving the decision up to local authorities. Even if you aren’t being told to stay at home, it’s still a good idea to limit trips outside and your interaction with other people. | |
| Touching contaminated objects and then infecting ourselves with the germs is not typically how the virus spreads. But it can happen. A number of studies of flu, rhinovirus, coronavirus and other microbes have shown that respiratory illnesses, including the new coronavirus, can spread by touching contaminated surfaces, particularly in places like day care centers, offices and hospitals. But a long chain of events has to happen for the disease to spread that way. The best way to protect yourself from coronavirus — whether it’s surface transmission or close human contact — is still social distancing, washing your hands, not touching your face and wearing masks. | |
| Common symptoms include fever, a dry cough, fatigue and difficulty breathing or shortness of breath. Some of these symptoms overlap with those of the flu, making detection difficult, but runny noses and stuffy sinuses are less common. The C.D.C. has also added chills, muscle pain, sore throat, headache and a new loss of the sense of taste or smell as symptoms to look out for. Most people fall ill five to seven days after exposure, but symptoms may appear in as few as two days or as many as 14 days. | |
| If air travel is unavoidable, there are some steps you can take to protect yourself. Most important: Wash your hands often, and stop touching your face. If possible, choose a window seat. A study from Emory University found that during flu season, the safest place to sit on a plane is by a window, as people sitting in window seats had less contact with potentially sick people. Disinfect hard surfaces. When you get to your seat and your hands are clean, use disinfecting wipes to clean the hard surfaces at your seat like the head and arm rest, the seatbelt buckle, the remote, screen, seat back pocket and the tray table. If the seat is hard and nonporous or leather or pleather, you can wipe that down, too. (Using wipes on upholstered seats could lead to a wet seat and spreading of germs rather than killing them.) | |
| Taking one’s temperature to look for signs of fever is not as easy as it sounds, as “normal” temperature numbers can vary, but generally, keep an eye out for a temperature of 100.5 degrees Fahrenheit or higher. If you don’t have a thermometer (they can be pricey these days), there are other ways to figure out if you have a fever, or are at risk of Covid-19 complications. | |
| The C.D.C. has recommended that all Americans wear cloth masks if they go out in public. This is a shift in federal guidance reflecting new concerns that the coronavirus is being spread by infected people who have no symptoms. Until now, the C.D.C., like the W.H.O., has advised that ordinary people don’t need to wear masks unless they are sick and coughing. Part of the reason was to preserve medical-grade masks for health care workers who desperately need them at a time when they are in continuously short supply. Masks don’t replace hand washing and social distancing. | |
| If you’ve been exposed to the coronavirus or think you have, and have a fever or symptoms like a cough or difficulty breathing, call a doctor. They should give you advice on whether you should be tested, how to get tested, and how to seek medical treatment without potentially infecting or exposing others. | |
| If you’re sick and you think you’ve been exposed to the new coronavirus, the C.D.C. recommends that you call your healthcare provider and explain your symptoms and fears. They will decide if you need to be tested. Keep in mind that there’s a chance — because of a lack of testing kits or because you’re asymptomatic, for instance — you won’t be able to get tested. | |
| Mr. Yuan also said the company created certain services, like the features enabling Zoom users to log in from Facebook or access the LinkedIn profiles of other participants, to accommodate requests from enterprise customers. But outsourcing such decisions to business customers created blind spots for Zoom. | Mr. Yuan also said the company created certain services, like the features enabling Zoom users to log in from Facebook or access the LinkedIn profiles of other participants, to accommodate requests from enterprise customers. But outsourcing such decisions to business customers created blind spots for Zoom. |
| Some cybersecurity and privacy experts said the time for Zoom to reassess its privacy and security was last year, after Jonathan Leitschuh, a cybersecurity researcher, discovered a flaw that attackers could use to activate a Zoom user’s webcam without their permission. Even when users tried to remove the app from their computers, researchers discovered Zoom would secretly reinstall itself. | Some cybersecurity and privacy experts said the time for Zoom to reassess its privacy and security was last year, after Jonathan Leitschuh, a cybersecurity researcher, discovered a flaw that attackers could use to activate a Zoom user’s webcam without their permission. Even when users tried to remove the app from their computers, researchers discovered Zoom would secretly reinstall itself. |
| In its letter last week to Mr. Yuan, the New York attorney general’s office noted that Zoom did not address the problem until after the Electronic Privacy Information Center, a public interest research center, filed a complaint about the company with the Federal Trade Commission last year. | In its letter last week to Mr. Yuan, the New York attorney general’s office noted that Zoom did not address the problem until after the Electronic Privacy Information Center, a public interest research center, filed a complaint about the company with the Federal Trade Commission last year. |
| Mr. Yuan admitted that his drive to open access to Zoom during the pandemic sometimes moved faster than the platform’s privacy protections. | Mr. Yuan admitted that his drive to open access to Zoom during the pandemic sometimes moved faster than the platform’s privacy protections. |
| Early in the crisis, for instance, a few U.S. schools that foresaw they would need to quickly move classes online contacted him for help, he said, and he personally set up free accounts for them. Soon after, Mr. Yuan made basic Zoom accounts free for schools. | Early in the crisis, for instance, a few U.S. schools that foresaw they would need to quickly move classes online contacted him for help, he said, and he personally set up free accounts for them. Soon after, Mr. Yuan made basic Zoom accounts free for schools. |
| But the company did not have experience working with K-12 school districts, he said, and was not set up for federal privacy laws requiring special protections for students’ and children’s information, noting that the company has had to update its privacy policy for schools several times. | But the company did not have experience working with K-12 school districts, he said, and was not set up for federal privacy laws requiring special protections for students’ and children’s information, noting that the company has had to update its privacy policy for schools several times. |
| Now, however, Zoom has gone even further and signed an extensive privacy compliance agreement with the Board of Cooperative Educational Services for school districts in Chautauqua County, southern Erie County, and part of Cattaraugus County, in New York. | Now, however, Zoom has gone even further and signed an extensive privacy compliance agreement with the Board of Cooperative Educational Services for school districts in Chautauqua County, southern Erie County, and part of Cattaraugus County, in New York. |
| The landmark agreement, which Zoom signed on March 31, meets stringent new state privacy rules for schools and could serve as a model for other school districts. Among other things, Zoom agreed to delete any data it had collected or stored about the districts’ students, teachers or principals when the contract expires later this year. | The landmark agreement, which Zoom signed on March 31, meets stringent new state privacy rules for schools and could serve as a model for other school districts. Among other things, Zoom agreed to delete any data it had collected or stored about the districts’ students, teachers or principals when the contract expires later this year. |
| Mr. Yuan said his three children were now home doing distance learning over Zoom and he recently asked his daughter, an eighth-grader, if her teacher used certain security features meant to keep out troublemakers. He was relieved when she said “yes.” | Mr. Yuan said his three children were now home doing distance learning over Zoom and he recently asked his daughter, an eighth-grader, if her teacher used certain security features meant to keep out troublemakers. He was relieved when she said “yes.” |