The move to Zoom meetings, online courts and the other online, at-home work for lawyers has created a range of new issues, not the least being what lawyers’ online meetings sees them wearing and – but even more disconcerting – security issues involving problems with confidential information and privacy that should concern lawyers.
The federal judiciary authorised the use of video audio access during thee pandemic and urisdictions from the UK to Australia have implemented similar rulings.
Zoom recently indicated that free users of the platform will no longer have encrypted calls in a move that is dressed up as one of security compliance but is more likely a marketing move by Zoom.
The convenience of such technology has been great. But so too has been the embarrassment and uber-casualness that has intruded upon the supposed formality of meetings – and the security risks have also been laid bare.
No Pants Problems
Broward Circuit Chief Judge Jack Tuter, for instance, issued a message for all those lawyers in virtual court:
We can see you and whatever else is going on in front of your web cam. What he said about inappropriate scenes he’s seen in court hearings held via video conference is one of the leading quotes from the week in South Florida business and legal news.
One attorney appeared on the livestream wearing a business suit without any pants — a faux pas he inadvertently gave away by crossing his legs.
Zoom Security Issues Exposed
But on-air issues aside, there are some key questions that need to be asked by lawyers using Zoom. Despite the popularity and general ease of use of Zoom, the security issues presently make Zoom a problem from both an ethical and security standpoint for lawyers and law firms.
Among the key issues:
- Lack of end-to-end encryption is an issue that is quite common for video conferencing services, but something that needs to be taken into account. End-to-end encryption is a system of communication where the only people who can read the messages are the people communicating.
- Ensuring that Zoom accounts, email addresses, social media accounts, host keys and other key data is not hijacked or found on the dark web.
- “Zoombombing,” or hackers joining Zoom meetings and disrupting them by posting offensive content and cases where hackers have takencontrol of webcam and microphone access during Zoom meetings.
- Personal accounts (including Zoom accounts) and corporate accounts being found on forums used by criminals.
- Zoom had been sending data of registered and non-registered users to third parties such as Facebook, where options were offered on the Zoom site to log in via those platforms.
- Surreptitious access to LinkedIn profile data of both registered and non-registered users had been allowed.
- Risks of malware being installed on computers remains an issue.
- Zoom meeting organizers having the ability to monitor whether participants are paying attention on calls
Many users have been woefully unaware of who has access to their personal information and the extent of data collected by Zoom. A number of major companies and governments have now banned Zoom use due to the privacy and security concerns, and the company is facing class action lawsuits arising from these issues.
In response to the security concerns and backlash over security concerns, Zoom Chief Executive Eric Yuan said that Zoom has “fallen short of the community’s – and our own – privacy and security expectations.” Zoom also claims to have corrected security flaws recently identified by security research. Still, they have conceded that they “should have done something to enforce password and making room and double-check[ing] every Zoomer’s settings…”
Zoom appears not to have been designed for secure business use. The CEO himself has acknowledged that Zoom has prioritized usability over security, but that that would be changing in light of the concerns recently highlighted over the company’s security issues.
The privacy problems that have arisen with Zoom serve as an important reminder to lawyers that all digital tools need to be checked to make sure that the security concerns are addressed and that confidentiality and privacy obligations are adhered to.
Key Advice For Lawyers Using Zoom
Some tips for protecting privacy and security while using Zoom include:
- Do not forget that a Zoom account is like any other online account. Don’t abandon standard protective measures when signing up for accounts, such as using strong passwords and two-factor authentication.
- Registered users get a personal meeting ID for scheduled Zoom meetings. Avoid making this ID public, as anyone who has it will likely be able to join a meeting.
- Hosts of calls should enable Waiting Room (which should be a default setting now), allowing the host to approve each person who tries to join a call.
- Protect videoconferencing calls with passwords.
- Only download Zoom (and other video conferencing apps) directly from the company’s website, or, for mobile devices, from Apple’s App Store or Google Play. The number of fake video conferencing apps has rapidly increased recently, and with that comes the increased risk of malicious software infecting computers and networks.
Please fact check “Zoom recently indicated that free users of the platform will no longer have encrypted calls …”
Zoom currently has AES 256 GCM Encryption for both free and paid users. This is the highest level of encryption across any of the major competitors, with MS Teams being the only one that also has AES 256 GCM.
When Zoom moves to full End-to-End encryption for paid users, free users will still have AES 256 GCM.