New York’s attorney general and Zoom have reached an agreement over the videoconferencing company’s security practices. Attorney General Letitia James offered an update today on a letter she sent in late March, raising concerns after reports of offensive “Zoombombing” as well as other privacy and security issues on the platform. The update outlines steps Zoom is taking to improve its service and praises the company for its handling of criticism.
The agreement includes Zoom naming a head of security to run an operation that’s “reasonably designed” to keep user information secure and confidential. Zoom will also employ “reasonable encryption and security protocols,” provide channels for complaints, and explicitly ban “hatred against others based on race, religion, ethnicity, national origin, gender, or sexual orientation” in its terms of service.
Shortly before the deal was publicized, New York City’s Department of Education reversed a month-long ban on teachers using Zoom, saying the company was working to build specialized features for the classroom.
After exploding in popularity amid the COVID-19 pandemic, Zoom has had to quickly update its service after the discovery of serious privacy oversights and security vulnerabilities. James’ original letter was sent while the company was also weathering complaints from tech experts and ordinary users alike, including multiple lawsuits. Since then it’s rolled out new options, hired former Facebook security head Alex Stamos as an outside advisor, and as of this morning, acquired the encryption and security company Keybase to help develop end-to-end encrypted videoconferencing.
The attorney general’s new letter says Zoom “acted to quickly address the issues identified [in the initial letter], has worked cooperatively with the NYAG’s investigation, and has provided valuable services to schools, local governments and health care institutions to help address the unique circumstances of the global pandemic.”
In a statement, Zoom said it was pleased with the agreement, which it says “recognizes the substantial work that Zoom has completed as part of our 90-day security and privacy plan, including making a number of our pre-existing security features on by default and also introducing new security enhancements.”