From Zero to Zoom: Video conferencing app under scrutiny for security risks

April 21, 2020

2 min read

Sign up to our mailing list! 👇

What's going on here?

As “work from home” policies are implemented globally as a result of national coronavirus lockdowns, Zoom has come under scrutiny from its users and regulators for its lax data security and privacy practices.

What does this mean?

Since the beginning of 2020, the video conferencing app, Zoom, has benefited from a 21% increase in monthly active users, including the UK Cabinet. However, this swift rise in popularity has been coupled with revelations about the app’s security risks, including the lack of end-to-end encryption and its third-party data-sharing practices. This raises questions, including from New York’s Attorney General, about whether Zoom can cope with the increase in users and its consequent vulnerability to hackers, as demonstrated by “Zoombombing”, where uninvited guests interrupt meetings.

What's the big picture effect?

Apologies will not be enough to satisfy regulators or some users; Zoom could find itself losing clients as quickly as it has acquired them. Zoom’s CEO, Eric Yuan, has promised to pause development of new features in order to work on existing bugs and issues.

Law firms, whether old or new Zoom customers, should take note of these potential problems and update their working-from-home policies to cover video conferencing etiquette. This can range from muting your audio when not speaking, to the more serious issues like when lawyers should use Zoom when sensitive client issues are involved.

Despite Zoom claiming it has end-to-end encryption, it does not use existing standards. Several security experts have demonstrated that it is possible to collect data from a meeting and decipher what was said or viewed by the meeting attendees. This could also pose issues for meeting recordings and chat records, which can be saved to Zoom’s cloud environment (instead of the user’s computer),  making the software inadequate for use by law firms as it could breach a solicitor’s duty of care and client confidentiality.

After it was discovered that calls and encryption keys were being routed through its servers in China (where Zoom has a data server and R&D department), private companies, like SpaceX, have joined US, Taiwanese, Australian, and Canadian government agencies, like NASA, in shunning Zoom for internal communication.

In addition, Zoom could risk being sued for the transfer of users’ personal data without their consent, after it was revealed third parties like Facebook received information about users’ devices, location and so on to enable better targeted adverts.

This enforced move to remote working could be a turning point for the legal industry by proving law firms do not need to maintain a “facetime” culture. However, it also highlights the need for law firms to properly understand and mitigate the technology they use and ensure their policies are updated to make remote working effective and up to the necessary standards expected of lawyers.

Report written by Hanna-Mei Grisley

If you’d like to write for LittleLaw, click here!

Share this now!

Check out our recent reports!