Sen. Michael Bennet, D-Colo., asked Zoom Communications CEO Eric Yuan in an April 6 letter for a detailed accounting of the company’s security and privacy practices following numerous press reports of security complaints about the company’s teleconference services.
The senator’s letter cites reports of Zoom sharing user data with Facebook without permission, the ability of third parties to access Zoom calls, user-generated problems with leaving calls searchable on the open internet, and doubts about the company’s claims of its use of end-to-end encryption. Sen. Bennet noted reports that Zoom’s users have grown 20-fold in the past three months, and said, “the increased use of your platform has surfaced significant problems concerning user privacy and safety.”
“These revelations have forced technical and policy responses from the company, from strengthening password protection to expanding the ‘waiting room’ feature to block unauthorized participants,” said Sen. Bennet, who added, “In case after case, these issues consistently stem from Zoom’s deliberate decision to emphasize ease of use over user privacy and safety.”
Sen. Bennet asked Yuan to provide by April 15 information about: data that Zoom collects from users; how long it keeps data; with whom it shares data; whether the company will require participants to provide affirmative consent if calls are recorded; whether it will change naming conventions that allow video calls to become easily searchable online; and whether it plans to expand default privacy settings.
For its part, Zoom has been addressing privacy and security concerns in frequent blog posts, including an April 3 response to research findings on use of encryption, and “geo-fencing” of calls to geographic areas where they originate to avoid running calls through servers in China. It said the geo-fencing problem had been fixed, and that it was “working on improving our encryption and will be working with experts to ensure we are following best practices.”