Zoom should be criticized for poor communication rather than privacy, security, expert says – ND Newswire

The video platform Zoom has experienced overnight success with offices and schools closed around the world due to the coronavirus pandemic. The increased usage has resulted in a string of security concerns, which, according to a University of Notre Dame cybersecurity and privacy expert, have largely been blown out of proportion.

Zoom is not dealing with a security and privacy crisis, its facing a communication and transparency crisis, according to MikeChapple, associate teaching professor of IT, analytics and operations at Notre Dames Mendoza College ofBusiness.

Zooms recent privacy and security issues arent any more significant than those facing any other tech company, and Zoom has quickly moved to correct each one of them, said Chapple, a former computer scientist with the National Security Agency. The challenge Zoom faces is that they were a specialized niche company that was suddenly thrust into the role of a critical infrastructure provider overnight and they simply werent ready for the intense level of scrutiny that theyve received as a result.

Perhaps the most publicized of Zooms woes is the practice of Zoombombing where people join unsecured Zoom calls and disrupt private conversations.

These arent the result of a security flaw in Zoom, Chapple explained. Zoombombing occurs when people either dont use a password to secure their Zoom meeting or give out the password on a public forum. You can protect yourself against this by following some simple best practices, such as not publishing your meeting password, using a waiting room to control access to your meeting and restricting screen sharing.

Zoom also has been criticized fornot offering end-to-end encryptionfor videoconferences, an approach Chapple says most people never use.

Its true that Zoom doesnt offer this level of encryption, Chapple said. Thats because its technically very difficult to do so. Look at the other major videoconferencing providers.Skype,Microsoft Teams andBlueJeansdont offer end-to-end encryption either. Its simply not a reasonable security expectation. Cisco WebEx does offer an end-to-end encryption option, butchoosing that option disables major features of the platform, including the ability to record a meeting.

Chapple points out that Zoom did make a major mistake in this area by publishing a false claim that the service supported end-to-end encryption. Theyve sinceapologized and published a technical descriptionof exactly how their encryption works.

There also have been reports ofZoom video recordings appearing on public websitesand cloud storage services, but Chapple says there is no indication this was Zooms doing.

Zoom offers a recording feature to meeting hosts anddiscloses to all participants when a meeting is being recorded, he said. At the end of the meeting, the host gets a copy of the video file. If they post it on an open forum, its not reasonable to hold Zoom accountable for the meeting hosts actions.

While researchers have identified afew security flaws in Zooms technologyover the past few weeks, Chapple says thats not unexpected for a platform suddenly thrust into the spotlight.

The reality is that every software product has critical security flaws that we simply havent discovered yet, he said. Zoom reacted to each one of these with apatch that corrected the problem. Thats what any responsible technology company would do.

Where Zoom really failed, according to Chapple, is with their pre-pandemic privacy policy.

It containedsome truly awful terms and conditionsthat basically granted the company the right to access private meeting information. After some scathing public criticism, Zoomrevised their privacy policyto align with industry best practices.

"If youre worried about the privacy and security issues at Zoom, dont use the service. Personally, Ive found Zoom to be a crucial part of my ability to teach and work from home. Im comfortable that theyre focusing on correcting security issues quickly and have built a platform that is scalable, reliable, and secure.

Contact: Mike Chapple, mchapple@nd.edu

Follow this link:
Zoom should be criticized for poor communication rather than privacy, security, expert says - ND Newswire