This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.nytimes.com/2020/04/08/business/zoom-video-privacy-security-coronavirus.html

The article has changed 13 times. There is an RSS feed of changes available.

Version 10 Version 11
Zoom Rushes to Improve Privacy for Consumers Flooding Its Service Zoom Rushes to Improve Privacy for Consumers Flooding Its Service
(7 days later)
Over the last month, the Zoom videoconferencing service has emerged as the communication lifeline of the coronavirus pandemic. But the convenience fueling Zoom’s explosive popularity has come at a price.Over the last month, the Zoom videoconferencing service has emerged as the communication lifeline of the coronavirus pandemic. But the convenience fueling Zoom’s explosive popularity has come at a price.
Originally a service meant for businesses, Zoom was designed to make it easy for company employees, sales representatives and clients to hop on meetings. When consumers flocked to the video platform for school and socializing, however, those conveniences also made it easy to hijack videoconferences and harass participants in online attacks known as Zoombombing.Originally a service meant for businesses, Zoom was designed to make it easy for company employees, sales representatives and clients to hop on meetings. When consumers flocked to the video platform for school and socializing, however, those conveniences also made it easy to hijack videoconferences and harass participants in online attacks known as Zoombombing.
Now the company is scrambling to deal with privacy and security issues that keep popping up. On Wednesday morning, Zoom announced that it had formed a council of chief information security officers from other companies to share ideas on best practices. The company also announced that it had hired Alex Stamos, the former chief security officer of Facebook, as an outside adviser.Now the company is scrambling to deal with privacy and security issues that keep popping up. On Wednesday morning, Zoom announced that it had formed a council of chief information security officers from other companies to share ideas on best practices. The company also announced that it had hired Alex Stamos, the former chief security officer of Facebook, as an outside adviser.
Eric S. Yuan, the chief executive of Zoom Video Communications, the California company behind the video platform, said in an interview Tuesday evening that his greatest regret was not recognizing the possibility that one day Zoom might be used not just by digitally savvy businesses but also by tech neophytes.Eric S. Yuan, the chief executive of Zoom Video Communications, the California company behind the video platform, said in an interview Tuesday evening that his greatest regret was not recognizing the possibility that one day Zoom might be used not just by digitally savvy businesses but also by tech neophytes.
“We were focusing on business enterprise customers,” Mr. Yuan said. “However, we should have thought about ‘What if some end user started using Zoom’” for nonbusiness events, “maybe for family gatherings, for online weddings.” He added: “The risks, the misuse, we never thought about that.”“We were focusing on business enterprise customers,” Mr. Yuan said. “However, we should have thought about ‘What if some end user started using Zoom’” for nonbusiness events, “maybe for family gatherings, for online weddings.” He added: “The risks, the misuse, we never thought about that.”
Mr. Yuan said Zoom never felt the need until now to rigorously examine the platform’s privacy and security implications for consumers. “If not for this crisis,” he said, “I think we would have never thought about this.”Mr. Yuan said Zoom never felt the need until now to rigorously examine the platform’s privacy and security implications for consumers. “If not for this crisis,” he said, “I think we would have never thought about this.”
In addition to the Zoombombing episodes, Zoom has reacted with surprise to press reports that the company’s iPhone app leaked user data to Facebook as well as to criticism that the platform had allowed certain users to covertly access the LinkedIn profile data of other participants.In addition to the Zoombombing episodes, Zoom has reacted with surprise to press reports that the company’s iPhone app leaked user data to Facebook as well as to criticism that the platform had allowed certain users to covertly access the LinkedIn profile data of other participants.
Zoom’s trajectory from mass media darling to privacy pariah may seem like a familiar narrative in a tech industry with a build-it-first, beg-forgiveness-later culture. But the coronavirus has accelerated the Silicon Valley story arc at an incredible pace.Zoom’s trajectory from mass media darling to privacy pariah may seem like a familiar narrative in a tech industry with a build-it-first, beg-forgiveness-later culture. But the coronavirus has accelerated the Silicon Valley story arc at an incredible pace.
The coronavirus-fed boom has essentially forced Zoom to publicly acknowledge and address problems on a vastly shorter timetable than older companies like Facebook. Now attorneys general in several states are scrutinizing Zoom’s privacy and security practices even as the company has publicly committed to improving them.The coronavirus-fed boom has essentially forced Zoom to publicly acknowledge and address problems on a vastly shorter timetable than older companies like Facebook. Now attorneys general in several states are scrutinizing Zoom’s privacy and security practices even as the company has publicly committed to improving them.
Mr. Yuan said the company had not anticipated the exponential growth in new users during the coronavirus pandemic or the unrelenting public scrutiny that would come with it.Mr. Yuan said the company had not anticipated the exponential growth in new users during the coronavirus pandemic or the unrelenting public scrutiny that would come with it.
Four months ago, Zoom was a niche business tool with 10 million daily users, many of them people working in offices or at home. Today, it has emerged as a fundamental online utility, with 200 million daily users — including family members gathering to celebrate holidays, teachers leading online classes for students and members of Alcoholics Anonymous holding meetings.Four months ago, Zoom was a niche business tool with 10 million daily users, many of them people working in offices or at home. Today, it has emerged as a fundamental online utility, with 200 million daily users — including family members gathering to celebrate holidays, teachers leading online classes for students and members of Alcoholics Anonymous holding meetings.
Last week, Zoom said it was suspending work on features for the next 90 days to devote all of its engineering resources to shoring up its security and privacy practices.Last week, Zoom said it was suspending work on features for the next 90 days to devote all of its engineering resources to shoring up its security and privacy practices.
Security researchers also discovered that, despite its marketing promises, Zoom encrypted users’ communications but not with end-to-end encryption — a system that prevents third parties from accessing private communications. Mr. Yuan noted that end-to-end encryption was significantly more difficult with many users communicating simultaneously instead of something like Apple’s FaceTime, which is typically used by a handful of people at the same time.Security researchers also discovered that, despite its marketing promises, Zoom encrypted users’ communications but not with end-to-end encryption — a system that prevents third parties from accessing private communications. Mr. Yuan noted that end-to-end encryption was significantly more difficult with many users communicating simultaneously instead of something like Apple’s FaceTime, which is typically used by a handful of people at the same time.
Last week, the office of New York’s attorney general sent a letter to Mr. Yuan, questioning whether Zoom’s current security practices were capable of handling “the surge in both volume and sensitivity of data being passed” through its network.Last week, the office of New York’s attorney general sent a letter to Mr. Yuan, questioning whether Zoom’s current security practices were capable of handling “the surge in both volume and sensitivity of data being passed” through its network.
Several days later, the Federal Bureau of Investigation issued a warning saying that it had received multiple reports of Zoombombing, including incidents where school meetings were hijacked by strangers posting pornography and using threatening language.Several days later, the Federal Bureau of Investigation issued a warning saying that it had received multiple reports of Zoombombing, including incidents where school meetings were hijacked by strangers posting pornography and using threatening language.
Zoom quickly announced that it was removing the Facebook software from its iPhone app and eliminating the LinkedIn data-mining feature on its platform. To hinder Zoombombing, the company just introduced default settings that will require K to 12 schools to individually admit participants to videoconferences from virtual waiting rooms.Zoom quickly announced that it was removing the Facebook software from its iPhone app and eliminating the LinkedIn data-mining feature on its platform. To hinder Zoombombing, the company just introduced default settings that will require K to 12 schools to individually admit participants to videoconferences from virtual waiting rooms.
Mr. Yuan said Zoom was now making user privacy and security its top priority and was shutting down enterprise features that could present risks to consumers. “This is a turning point. We have to raise the bar,” he said. “Whenever there’s a conflict, privacy first.”Mr. Yuan said Zoom was now making user privacy and security its top priority and was shutting down enterprise features that could present risks to consumers. “This is a turning point. We have to raise the bar,” he said. “Whenever there’s a conflict, privacy first.”
Mr. Yuan, a former executive at Cisco Systems, founded Zoom in 2011. He has often described the company’s mission as “making video communications frictionless.”Mr. Yuan, a former executive at Cisco Systems, founded Zoom in 2011. He has often described the company’s mission as “making video communications frictionless.”
Before the pandemic, Mr. Yuan said, Zoom used a number of security measures to identify vulnerabilities, and invited hackers to probe its service for payment awards, through a bug bounty.Before the pandemic, Mr. Yuan said, Zoom used a number of security measures to identify vulnerabilities, and invited hackers to probe its service for payment awards, through a bug bounty.
It also developed security and privacy features that could have prevented Zoombombing. But Zoom left it to business customers, which included some of the biggest names in the cybersecurity industry, to decide how they wanted to configure privacy and security settings.It also developed security and privacy features that could have prevented Zoombombing. But Zoom left it to business customers, which included some of the biggest names in the cybersecurity industry, to decide how they wanted to configure privacy and security settings.
Updated June 30, 2020 Updated July 7, 2020
The coronavirus can stay aloft for hours in tiny droplets in stagnant air, infecting people as they inhale, mounting scientific evidence suggests. This risk is highest in crowded indoor spaces with poor ventilation, and may help explain super-spreading events reported in meatpacking plants, churches and restaurants. It’s unclear how often the virus is spread via these tiny droplets, or aerosols, compared with larger droplets that are expelled when a sick person coughs or sneezes, or transmitted through contact with contaminated surfaces, said Linsey Marr, an aerosol expert at Virginia Tech. Aerosols are released even when a person without symptoms exhales, talks or sings, according to Dr. Marr and more than 200 other experts, who have outlined the evidence in an open letter to the World Health Organization.
Common symptoms include fever, a dry cough, fatigue and difficulty breathing or shortness of breath. Some of these symptoms overlap with those of the flu, making detection difficult, but runny noses and stuffy sinuses are less common. The C.D.C. has also added chills, muscle pain, sore throat, headache and a new loss of the sense of taste or smell as symptoms to look out for. Most people fall ill five to seven days after exposure, but symptoms may appear in as few as two days or as many as 14 days.Common symptoms include fever, a dry cough, fatigue and difficulty breathing or shortness of breath. Some of these symptoms overlap with those of the flu, making detection difficult, but runny noses and stuffy sinuses are less common. The C.D.C. has also added chills, muscle pain, sore throat, headache and a new loss of the sense of taste or smell as symptoms to look out for. Most people fall ill five to seven days after exposure, but symptoms may appear in as few as two days or as many as 14 days.
Scientists around the country have tried to identify everyday materials that do a good job of filtering microscopic particles. In recent tests, HEPA furnace filters scored high, as did vacuum cleaner bags, fabric similar to flannel pajamas and those of 600-count pillowcases. Other materials tested included layered coffee filters and scarves and bandannas. These scored lower, but still captured a small percentage of particles.Scientists around the country have tried to identify everyday materials that do a good job of filtering microscopic particles. In recent tests, HEPA furnace filters scored high, as did vacuum cleaner bags, fabric similar to flannel pajamas and those of 600-count pillowcases. Other materials tested included layered coffee filters and scarves and bandannas. These scored lower, but still captured a small percentage of particles.
A commentary published this month on the website of the British Journal of Sports Medicine points out that covering your face during exercise “comes with issues of potential breathing restriction and discomfort” and requires “balancing benefits versus possible adverse events.” Masks do alter exercise, says Cedric X. Bryant, the president and chief science officer of the American Council on Exercise, a nonprofit organization that funds exercise research and certifies fitness professionals. “In my personal experience,” he says, “heart rates are higher at the same relative intensity when you wear a mask.” Some people also could experience lightheadedness during familiar workouts while masked, says Len Kravitz, a professor of exercise science at the University of New Mexico.A commentary published this month on the website of the British Journal of Sports Medicine points out that covering your face during exercise “comes with issues of potential breathing restriction and discomfort” and requires “balancing benefits versus possible adverse events.” Masks do alter exercise, says Cedric X. Bryant, the president and chief science officer of the American Council on Exercise, a nonprofit organization that funds exercise research and certifies fitness professionals. “In my personal experience,” he says, “heart rates are higher at the same relative intensity when you wear a mask.” Some people also could experience lightheadedness during familiar workouts while masked, says Len Kravitz, a professor of exercise science at the University of New Mexico.
The steroid, dexamethasone, is the first treatment shown to reduce mortality in severely ill patients, according to scientists in Britain. The drug appears to reduce inflammation caused by the immune system, protecting the tissues. In the study, dexamethasone reduced deaths of patients on ventilators by one-third, and deaths of patients on oxygen by one-fifth.The steroid, dexamethasone, is the first treatment shown to reduce mortality in severely ill patients, according to scientists in Britain. The drug appears to reduce inflammation caused by the immune system, protecting the tissues. In the study, dexamethasone reduced deaths of patients on ventilators by one-third, and deaths of patients on oxygen by one-fifth.
The coronavirus emergency relief package gives many American workers paid leave if they need to take time off because of the virus. It gives qualified workers two weeks of paid sick leave if they are ill, quarantined or seeking diagnosis or preventive care for coronavirus, or if they are caring for sick family members. It gives 12 weeks of paid leave to people caring for children whose schools are closed or whose child care provider is unavailable because of the coronavirus. It is the first time the United States has had widespread federally mandated paid leave, and includes people who don’t typically get such benefits, like part-time and gig economy workers. But the measure excludes at least half of private-sector workers, including those at the country’s largest employers, and gives small employers significant leeway to deny leave.The coronavirus emergency relief package gives many American workers paid leave if they need to take time off because of the virus. It gives qualified workers two weeks of paid sick leave if they are ill, quarantined or seeking diagnosis or preventive care for coronavirus, or if they are caring for sick family members. It gives 12 weeks of paid leave to people caring for children whose schools are closed or whose child care provider is unavailable because of the coronavirus. It is the first time the United States has had widespread federally mandated paid leave, and includes people who don’t typically get such benefits, like part-time and gig economy workers. But the measure excludes at least half of private-sector workers, including those at the country’s largest employers, and gives small employers significant leeway to deny leave.
So far, the evidence seems to show it does. A widely cited paper published in April suggests that people are most infectious about two days before the onset of coronavirus symptoms and estimated that 44 percent of new infections were a result of transmission from people who were not yet showing symptoms. Recently, a top expert at the World Health Organization stated that transmission of the coronavirus by people who did not have symptoms was “very rare,” but she later walked back that statement.So far, the evidence seems to show it does. A widely cited paper published in April suggests that people are most infectious about two days before the onset of coronavirus symptoms and estimated that 44 percent of new infections were a result of transmission from people who were not yet showing symptoms. Recently, a top expert at the World Health Organization stated that transmission of the coronavirus by people who did not have symptoms was “very rare,” but she later walked back that statement.
Touching contaminated objects and then infecting ourselves with the germs is not typically how the virus spreads. But it can happen. A number of studies of flu, rhinovirus, coronavirus and other microbes have shown that respiratory illnesses, including the new coronavirus, can spread by touching contaminated surfaces, particularly in places like day care centers, offices and hospitals. But a long chain of events has to happen for the disease to spread that way. The best way to protect yourself from coronavirus — whether it’s surface transmission or close human contact — is still social distancing, washing your hands, not touching your face and wearing masks.Touching contaminated objects and then infecting ourselves with the germs is not typically how the virus spreads. But it can happen. A number of studies of flu, rhinovirus, coronavirus and other microbes have shown that respiratory illnesses, including the new coronavirus, can spread by touching contaminated surfaces, particularly in places like day care centers, offices and hospitals. But a long chain of events has to happen for the disease to spread that way. The best way to protect yourself from coronavirus — whether it’s surface transmission or close human contact — is still social distancing, washing your hands, not touching your face and wearing masks.
A study by European scientists is the first to document a strong statistical link between genetic variations and Covid-19, the illness caused by the coronavirus. Having Type A blood was linked to a 50 percent increase in the likelihood that a patient would need to get oxygen or to go on a ventilator, according to the new study.A study by European scientists is the first to document a strong statistical link between genetic variations and Covid-19, the illness caused by the coronavirus. Having Type A blood was linked to a 50 percent increase in the likelihood that a patient would need to get oxygen or to go on a ventilator, according to the new study.
The unemployment rate fell to 13.3 percent in May, the Labor Department said on June 5, an unexpected improvement in the nation’s job market as hiring rebounded faster than economists expected. Economists had forecast the unemployment rate to increase to as much as 20 percent, after it hit 14.7 percent in April, which was the highest since the government began keeping official statistics after World War II. But the unemployment rate dipped instead, with employers adding 2.5 million jobs, after more than 20 million jobs were lost in April.
If air travel is unavoidable, there are some steps you can take to protect yourself. Most important: Wash your hands often, and stop touching your face. If possible, choose a window seat. A study from Emory University found that during flu season, the safest place to sit on a plane is by a window, as people sitting in window seats had less contact with potentially sick people. Disinfect hard surfaces. When you get to your seat and your hands are clean, use disinfecting wipes to clean the hard surfaces at your seat like the head and arm rest, the seatbelt buckle, the remote, screen, seat back pocket and the tray table. If the seat is hard and nonporous or leather or pleather, you can wipe that down, too. (Using wipes on upholstered seats could lead to a wet seat and spreading of germs rather than killing them.)If air travel is unavoidable, there are some steps you can take to protect yourself. Most important: Wash your hands often, and stop touching your face. If possible, choose a window seat. A study from Emory University found that during flu season, the safest place to sit on a plane is by a window, as people sitting in window seats had less contact with potentially sick people. Disinfect hard surfaces. When you get to your seat and your hands are clean, use disinfecting wipes to clean the hard surfaces at your seat like the head and arm rest, the seatbelt buckle, the remote, screen, seat back pocket and the tray table. If the seat is hard and nonporous or leather or pleather, you can wipe that down, too. (Using wipes on upholstered seats could lead to a wet seat and spreading of germs rather than killing them.)
If you’ve been exposed to the coronavirus or think you have, and have a fever or symptoms like a cough or difficulty breathing, call a doctor. They should give you advice on whether you should be tested, how to get tested, and how to seek medical treatment without potentially infecting or exposing others.If you’ve been exposed to the coronavirus or think you have, and have a fever or symptoms like a cough or difficulty breathing, call a doctor. They should give you advice on whether you should be tested, how to get tested, and how to seek medical treatment without potentially infecting or exposing others.
Technologists at those companies vetted Zoom’s code for security vulnerabilities, decided whether their own employees should be required to use passwords to join meetings, and how much of their data should be exposed to colleagues and managers.Technologists at those companies vetted Zoom’s code for security vulnerabilities, decided whether their own employees should be required to use passwords to join meetings, and how much of their data should be exposed to colleagues and managers.
Mr. Yuan also said the company created certain services, like the features enabling Zoom users to log in from Facebook or access the LinkedIn profiles of other participants, to accommodate requests from enterprise customers. But outsourcing such decisions to business customers created blind spots for Zoom.Mr. Yuan also said the company created certain services, like the features enabling Zoom users to log in from Facebook or access the LinkedIn profiles of other participants, to accommodate requests from enterprise customers. But outsourcing such decisions to business customers created blind spots for Zoom.
Some cybersecurity and privacy experts said the time for Zoom to reassess its privacy and security was last year, after Jonathan Leitschuh, a cybersecurity researcher, discovered a flaw that attackers could use to activate a Zoom user’s webcam without their permission. Even when users tried to remove the app from their computers, researchers discovered Zoom would secretly reinstall itself.Some cybersecurity and privacy experts said the time for Zoom to reassess its privacy and security was last year, after Jonathan Leitschuh, a cybersecurity researcher, discovered a flaw that attackers could use to activate a Zoom user’s webcam without their permission. Even when users tried to remove the app from their computers, researchers discovered Zoom would secretly reinstall itself.
In its letter last week to Mr. Yuan, the New York attorney general’s office noted that Zoom did not address the problem until after the Electronic Privacy Information Center, a public interest research center, filed a complaint about the company with the Federal Trade Commission last year.In its letter last week to Mr. Yuan, the New York attorney general’s office noted that Zoom did not address the problem until after the Electronic Privacy Information Center, a public interest research center, filed a complaint about the company with the Federal Trade Commission last year.
Mr. Yuan admitted that his drive to open access to Zoom during the pandemic sometimes moved faster than the platform’s privacy protections.Mr. Yuan admitted that his drive to open access to Zoom during the pandemic sometimes moved faster than the platform’s privacy protections.
Early in the crisis, for instance, a few U.S. schools that foresaw they would need to quickly move classes online contacted him for help, he said, and he personally set up free accounts for them. Soon after, Mr. Yuan made basic Zoom accounts free for schools.Early in the crisis, for instance, a few U.S. schools that foresaw they would need to quickly move classes online contacted him for help, he said, and he personally set up free accounts for them. Soon after, Mr. Yuan made basic Zoom accounts free for schools.
But the company did not have experience working with K-12 school districts, he said, and was not set up for federal privacy laws requiring special protections for students’ and children’s information, noting that the company has had to update its privacy policy for schools several times.But the company did not have experience working with K-12 school districts, he said, and was not set up for federal privacy laws requiring special protections for students’ and children’s information, noting that the company has had to update its privacy policy for schools several times.
Now, however, Zoom has gone even further and signed an extensive privacy compliance agreement with the Board of Cooperative Educational Services for school districts in Chautauqua County, southern Erie County, and part of Cattaraugus County, in New York.Now, however, Zoom has gone even further and signed an extensive privacy compliance agreement with the Board of Cooperative Educational Services for school districts in Chautauqua County, southern Erie County, and part of Cattaraugus County, in New York.
The landmark agreement, which Zoom signed on March 31, meets stringent new state privacy rules for schools and could serve as a model for other school districts. Among other things, Zoom agreed to delete any data it had collected or stored about the districts’ students, teachers or principals when the contract expires later this year.The landmark agreement, which Zoom signed on March 31, meets stringent new state privacy rules for schools and could serve as a model for other school districts. Among other things, Zoom agreed to delete any data it had collected or stored about the districts’ students, teachers or principals when the contract expires later this year.
Mr. Yuan said his three children were now home doing distance learning over Zoom and he recently asked his daughter, an eighth-grader, if her teacher used certain security features meant to keep out troublemakers. He was relieved when she said “yes.”Mr. Yuan said his three children were now home doing distance learning over Zoom and he recently asked his daughter, an eighth-grader, if her teacher used certain security features meant to keep out troublemakers. He was relieved when she said “yes.”