The founder of video conferencing platform Zoom has apologised for “falling short of the community’s privacy and security expectations” amid growing controversies that have dampened the company’s explosion in popularity due to the COVID-19 pandemic.
With much of the world’s workforce now working from home due to the ongoing coronavirus crisis, usage of Zoom has skyrocketed in recent weeks.
According to the company, as of the end of last year, the maximum number of daily meeting participants on Zoom was about 10 million.
In March of this year alone, there were 200 million daily meeting participants.
Zoom’s technology is now also used by over 90,000 schools across 20 countries.
But this vast increase in popularity has led to an increase in scrutiny on the company’s policies, specifically around its data security and encryption.
Zoom has faced criticism recently for its data-sharing policies with Facebook, “misleading” claims over encryption and the platform’s susceptibility to ‘zoombombing’.
The New York Attorney-General recently launched an investigation into Zoom’s data privacy and security practices, questioning the company’s response to identified vulnerabilities and flaws, saying they could “enable malicious third parties to, among other things, gain surreptitious access to consumer webcams”.
In a lengthy statement, Zoom CEO and founder Eric Yuan has issued a mea culpa for these controversies, and promised that the company will better protect privacy in the future.
“We recognise that we have fallen short of the community’s – and our own – privacy and security expectations,” Yuan said.
“For that, I am deeply sorry.”
To combat the growing issues, Zoom will be freezing all future features to focus its resources on trust, safety and privacy, conducting a comprehensive review with third-party experts, preparing a transparency report, improving its bug bounty program and launching a new CISO council.
“We appreciate the scrutiny and questions we have been getting – about how the service works, about our infrastructure and capacity, and about our privacy and security policies,” Yuan said.
“These are the questions that will make Zoom better, both as a company and for all its users. We take them extremely seriously.
“We are looking into each and every one of them and addressing them as expeditiously as we can.
“We are committed to learning from them and doing better in the future.”
Zoom was originally built for large enterprise customers, and the platform wasn't ready for such a large influx in users, Yuan said.
“We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying and socialising from home,” he said.
“We now have a much broader set of users who are utilising our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.”
A recent report revealed that Zoom does not provide end-to-end encryption, despite the company claiming that it did.
The company has now published a separate statement “acknowledging and apologising for the confusion”.
“While we never intended to deceive any of our customers, we recognise that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it,” Yuan said.
Meetings held on Zoom where all participants are using the Zoom app will be fully encrypted, with no contact with the servers or company employees, but other meetings are not.
“Zoom has never built a mechanism to decrypt live meetings for lawful intercept purposes, nor do we have means to insert our employees or others into meetings without being reflected in the participant list,” the post read.
