Zoom emerged as the preferred video conferencing platform during the Covid-19 pandemic, and because of that status, it has been heavily scrutinized by industry experts in privacy and cybersecurity. If these experts had applied the same scrutiny to other video conferencing platforms, similar issues would have been exposed. Willamette closely monitors security issues reported with Zoom, to help ensure that our use is private and secure. We have always had Zoom integrated into our technical architecture in ways that provide greater privacy and security, as compared to most other organizations. Here’s some additional information:
In privacy terms, Willamette is the Controller of the Zoom data. This means that it is our responsibility to control the privacy of Zoom classes and recordings in the same way that we control the privacy of on-campus classes. We are using WISE to make Zoom links and recordings available to class participants, which means they are available to only the registered students in a course.
Some privacy experts have criticized Zoom for offering an 'Attention Tracking' ability, which provided the option for a call’s host to be notified anytime someone on the call does not have the Zoom Desktop Client or Mobile App in focus for more than 30 seconds. Please understand that feature has to be explicitly turned on, and Willamette University has always had this function disabled and Zoom disabled it for everyone in April 2020.
Some privacy experts have reported that Zoom makes it possible for a remote person to turn on a user's camera without their knowledge. Willamette has verified that on July 10th, 2019, Zoom corrected this issue and users are prompted and must agree before their camera is turned on.
Zoom does allow administrators to see details of how, when, and where users are using Zoom. These administrators are in WITS, and there are four of them. They have access to this information so that they can provide support to users in case of any issues, and they understand that this data is private and to be accessed only when supporting the use of Zoom.
Zoom provides AES 256-bit GCM encryption, one of the most secure encryption standards used today. This means that external individuals cannot tap into a call.
On April 1st, 2020, the Zoom CEO made a public commitment to do the following within the next 90 days: have third party security experts conduct a comprehensive review, aggressively address any issues found, and be transparent about the status. Willamette closely monitored these results and has enabled the additional security features that arose, to help ensure that our Zoom implementation is private and secure. Zoom is committed to maintaining a focus on security, and Willamette will continue to monitor their performance.