Article Detail

News & Knowledge

Video Calling and Coronavirus: Is Zoom Safe?

April 07, 2020

By: Drew Sorrell

The use of Zoom as a meeting platform has exploded corresponding to the explosion of COVID-19. With that explosion have come many questions regarding its security and privacy. Those concerns are usually two-fold: (1) Is it secure; and, (2) are meetings private?

As to the first question, is it secure? That question has a lot of different possible meanings, but for this article let’s assume it means, “Can people intercept and access my communications in a technical sense?” While no encryption set-up is perfect, technical analysts have pointed out—again not being technical in describing it—that Zoom did not take a stock-approach to security and “went their own way”. This is known as “roll your own” in security circles. 

There is nothing per se wrong with this encryption approach, but it may give rise to non-standard issues. Stated differently, if you build your own engine and install it in a vehicle you built, the vehicle may perform better, worse or just differently, than a vehicle that rolled off the assembly line.

Regardless of the encryption/engine/vehicle metaphor, Zoom catches a lot of heat for not being so-called “end-to-end” encrypted. End-to-end encryption, in this sense, is when the video call data is encrypted at all times in transmission and the platform provider is unable to decrypt. As it currently stands, Zoom is somewhat opaque in revealing the details of its encryption.  

Most technical experts seem to agree that the primary issue is that Zoom itself could be capable of decrypting the call data for its own uses, or for the use of the government, or a commercial partner. This last issue has raised the specter of regulatory enforcement, actually, and primarily under the sort of new California Consumer Privacy Act. 

Zoom does have the ability to be “end-to-end”, but that would require hardware installation at your company, for which most companies have no appetite. That said, while I would not use Zoom to plan the overthrow of a country, I probably would not be too worried about the standard business fare with respect to technical security.

Given that security (in this article meaning encryption) and privacy are not the same thing, let’s talk privacy for a moment.  

Zoom has been criticized for being susceptible to trolling and meeting crashing by Internet trolls who obtain meeting IDs and use them to disrupt meetings. From my perspective, this issue results from the user misunderstanding the technology more than a failing of Zoom itself. When you leave the directions to a party out in the open, it is not really surprising that unwanted people are going to crash the party. There are several ways to address this issue, including not posting or broadcasting the meeting ID, requiring a password, creating a “waiting room”, restricting screen-sharing, and locking the meeting. Each of which, you will see, is more a matter of educating the user than a defect in and of itself. 

While this is not to diminish the issues and criticism (especially the lack of clear disclosure which is more or less an industry standard), every tool has its limits. The key is knowing what those limits are. If you don’t think Zoom is for you, there are plenty of alternatives, including FaceTime, WebEx, GoToMeeting, Skype, Slack, Facebook Messenger, and Microsoft Teams. I for one, will still use Zoom… for most things.

For up-to-date news please follow our Coronavirus (COVID-19) Response Team page.


This article is informational only. You should consult an attorney before acting or failing to act. The law may change rapidly and no warranty is given. LOWNDES DISCLAIMS ALL IMPLIED WARRANTIES AND WITHOUT LIMITATION, ANY WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. ALL ARTICLES ARE PROVIDED AS IS AND WITH ALL FAULTS. Consult a Lowndes attorney if you wish to establish an attorney/client relationship.
Drew

Drew’s practice focuses on complex commercial issues, relating to both litigation and contract/policy drafting. He has years of experience litigating business matters, intellectual property/patent infringement disputes, data breach/privacy issues, wire fraud (spoofing/spear phishing), business torts/disputes, insurance coverage, personal injury and employment litigation. Likewise, he has significant experience drafting and negotiating software licenses (SaaS), Internet service provider agreements, data privacy/breach policies and procedures, employment/services agreement as well as the indemnity and insurance coverage related to those agreements.

Initially, Drew began his legal career as a judicial clerk to Senior United States District Judge John H. Moore II, in Jacksonville, Florida, and then practiced with an AmLaw top 10 firm in Manhattan primarily in their litigation department. After spending some time as an assistant county attorney responsible for litigation, he joined Lowndes and is currently chair of the firm’s multi-discipline Cybersecurity, Privacy & eDiscovery Group.

A founding member of the Sedona Conference Group 11 (Privacy/Data Security), Drew is frequently asked to speak and write on legal and ethical issues arising from technology, including unfair and deceptive trade practices, data breach, privacy, data governance, and technology contract drafting. He is also currently serving as chair of the Orange County Bar Association Intellectual Property Committee.

Drew has argued to the United States Court of Appeal for the Eleventh Circuit, at the federal level, and the Fifth District Court of Appeal at the state level. He is admitted to The United States Supreme Court Bar, as well as the Florida, New York and District of Columbia Bars. He is admitted to practice before all federal district courts in Florida as well as the Southern District of New York.

Born in Florida, Drew roots for his adopted football team—the FSU Seminoles (because neither Rollins nor George Washington has a football team). He is a proud father of two sons who play basketball and soccer, make great grades and generally keep him very busy in his spare time.

Meritas Law Firms Worldwide logo Media Kit