On a live YouTube stream on Wednesday, Zoom CEO Eric Yuan apologized to users for a string of security lapses that have rocked the app in recent weeks. Speaking to viewers for more than two hours, Yuan touted the company’s recent privacy updates and pledged to take any lapses seriously.
“We have a lot of work to do to ensure the security of all these new consumer use cases,” Yuan said on the call. “But what I can promise you is that we take these issues very, very seriously. We’re looking into every one of them. If we find an issue, we’ll acknowledge it and we’ll fix it.”
The live chat comes on the heels of similar interviews with CNN and The Wall Street Journal, as Zoom scrambles to adapt to its new consumer audience. As part of that new focus, Zoom has also instituted a 90-day freeze on planned features, allowing staff to work solely on addressing concerns with its current product. Earlier this week, the company rolled out a series of changes intended to prevent “zoombombing” and other harassment on the service.
Yuan also specifically addressed a Citizen Lab report published last week, which showed encryption keys being processed through a server in China even when all of the meeting participants were outside the country. According to Yuan, the communication happened as a result of client applications attempting to contact a timing server, but he said it happened in a vanishingly small percentage of cases. Still, the mere possibility of such communication could open the door for bad actors, making it a significant vulnerability for the service.
“To be clear, this should never have happened,” Yuan said, “and the issue was completely addressed last Friday.” Zoom is also bringing in help to manage its new security and privacy challenges. This morning, former Facebook security chief Alex Stamos announced he would be collaborating with the company on its security work, although he will not be an employee or an executive with Zoom.
“In a time of global crisis, Zoom has become a critical link between co-workers, families, friends and, most importantly, between teachers and students,” Stamos said in a Medium post. “that has created privacy, trust and safety challenges that no company has ever faced.”
Zoom is also facing new levels of scrutiny from US lawmakers and regulators. In a letter to the Federal Trade Commission earlier today, Sen. Ed Markey (D-MA) called on the agency to issue “comprehensive guidelines for companies that provide online conferencing services, as well as best practices for users that will help protect online safety and privacy during this pandemic and beyond.” Such guidance would affect not only Zoom but competitors like Skype and Google Hangouts, opening the door for new regulatory action in the space.