Publishing transparency reports is a common practice for larger tech companies. Google and Microsoft, for example, share the number of requests they get from law enforcement and from governments for user data and if they disclosed customer data as part of those requests. Zoom, however, hasn’t published a transparency report, likely because it is a smaller company and holds less personal data.
Zoom has seen significant growth as workers, families, and even presidential campaigns have used the video conferencing software for virtual meetings due to the ongoing coronavirus pandemic.
Access Now argues that Zoom needs to publish a transparency report so that the public can be informed about how the company handles and protects user data. “The growing demand for your services makes Zoom a target for third parties, from law enforcement to malicious hackers, seeking personal data and sensitive information,” wrote Isedua Oribhabor, Access Now’s US policy analyst, and Peter Micek, Access Now’s general counsel, in the letter to Zoom. “Meanwhile, as people gather online, these assemblies will draw scrutiny from authorities looking to control the flow of information. This is why disclosing only privacy policies is not enough — it is necessary for Zoom to also disclose its policies and procedures protecting the data and accounts of everyone interacting with its services through a regular transparency report.”
Access Now is asking Zoom to share the following, according to the letter:
- The number of government requests for user data you receive by country, with compliance rates, and your procedures for responding to these requests;
- The circumstances when you provide user information to government authorities;
- Policies on notice to potentially affected users when their information has been requested or provided to government authorities, or exposed by breach, misuse, or abuse;
- Policies and practices affecting the security of data in transit and at rest, including on multi-factor authentication, encryption, and retention; and
Reached for comment, Zoom said it was considering the request, but declined to give further details. “We received the Access Now letter on Wednesday afternoon, and we are in the process of reviewing it,” the company said in a statement. “We take user privacy extremely seriously, and appreciate them reaching out on this very important topic.”
The company hasn’t had the best track record with security issues. Last July, a security researcher disclosed a zero-day vulnerability for Zoom on Macs that could let any website open a video-enabled call. In January, cybersecurity research company Check Point Research said it had found security flaws in Zoom that would have let hackers listen in on calls.
Update, March 19th 12:06PM ET: Updated with link to the open letter.