A few weeks ago on this blog, we addressed some of the legal issues that have arisen for Zoom, as it becomes a significant part of American daily life during the COVID-19 pandemic. 

Among those legal issues was an inquiry by the New York State Attorney General into Zoom’s privacy practices, and particularly into its measures to detect and prevent hackers or other outside parties attempting to observe or interfere with online meetings. In several incidents, the third parties interrupted meetings with disturbing messages or images. In fact, two other states – Connecticut and Florida - joined the New York probe after state government officials fell victim to “zoombombing.” Based on perceived security flaws, on April 6, 2020, the New York City Department of Education implemented a ban on public schools’ use of Zoom for classes and educational purposes. 

These problems inspired Zoom to implement a 90-day plan to expand security measures on its platform. It established a special version of its platform that is licensed by the New York City Department of Education. That version allows teachers to control what is shared and who participates in online class sessions, and prevents students from chatting privately with their classmates outside their teachers’ view. As a result of these, and other expanded security measures, on May 6, 2020 the New York City Department of Education lifted its ban on schools’ use of Zoom.

Around the same time, the company reached an agreement with the New York Attorney General’s office, which further expanded protections for those using the platform, even outside an educational context. Specifically, Zoom agreed to increase hosts’ ability to control their web conferences by allowing them to do the following:

• implement password protection (by default), or place users in a digital waiting room before accessing a meeting;
• control access to private messages sent via Zoom chat;
• control which, if any, participants can share screens; and
• limit access to email domains in a Zoom directory, or limit participation to specific email domains.

Zoom also agreed to take steps to stop sharing user data with Facebook, and to disable a feature which shared LinkedIn profiles with users. Many of the agreed-upon measures have already been implemented by Zoom, which has agreed to submit a copy of its annual data security assessment to the New York Attorney General’s office for review.

Zoom’s quick response to New York’s privacy and security concerns appears, thus far, to have helped it continue its forward momentum.