NYC schools step away as Zoom sets remediation plan

Concerns over privacy prompted New York City to ban the use of Zoom by city schools and move instead to an approved platform like Google Meet or Microsoft Teams “as soon as possible.”

“We want people to gradually transition to another format,” Schools Chancellor Richard Carranza said at Mayor Bill de Blasio’s coronavirus press conference Sunday.

The move is another blow to the suddenly popular teleconferencing platform, which has drawn scrutiny after miscreants exploited it to “Zoom bomb” conference participants, security researchers discovered a trio of vulnerabilities and the New York Attorney General launched a probe of its privacy policy.

“Our goal is to get more classrooms videoconferencing on a safe and secure platform,” Carranza said in a series of tweets that same day. “We know the transition away from Zoom will take time for many educators and we will support them. We know maintaining continuity of teaching means it won’t happen overnight.”

Noting that Zoom usage “has ballooned overnight, with more than 200 million daily meetings (compared to 10 million per day by last December), company Founder and CEO Eric S. Yuan acknowledged the company has “fallen short of the community’s – and our own – privacy and security expectations.”

And in a letter to Zoom, New York AG Letitia James worried “that Zoom’s existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network.”

The letter acknowledged that “Zoom has remediated specific reported security vulnerabilities,” but said the AG’s office “would like to understand whether Zoom has undertaken a broader review of its security practices.”

In a blog post last week, Yuan said going forward, Zoom would be:

  • Enacting a feature freeze, effectively immediately, and shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues.
  • Conducting a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases.
  • Preparing a transparency report that details information related to requests for data, records, or content.
  • Enhancing our current bug bounty program.
  • Launching a CISO council in partnership with leading CISOs from across the industry to facilitate an ongoing dialogue regarding security and privacy best practices.
  • Engaging a series of simultaneous white box penetration tests to further identify and address issues.

Yuan also will host weekly webinars to discuss privacy and security updates.

“We don’t need Zoom’s apologies. We need them to actually implement the type of security measures needed to keep people safe,” said Evan Greer, deputy director of Fight for the Future. “They’ve said that they are pivoting to focus on user privacy and security, and I want to believe them. It’s time for them to take their previously misleading claims and make them true.

Fight for the Future has launched a campaign to compel Zoom to fulfill its promise to implement end-to-end encryption.

“Zoom implementing end-to-end encryption by default is perhaps the single biggest thing that any company could do right now to protect people’s online safety during the COVID-19 crisis. I hope the engineers who work there realize the power that they have and the importance of the decisions they make over the next several weeks,” said Greer. “Strong encryption saves lives. It’s needed now more than ever. Zoom has a chance to lead the way. I hope, for the sake of the children using this for school, the therapists using this to treat patients, the health officials using this to share confidential information, that they do the right thing.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.