As Zoom bans spread over privacy concerns, vid-conf biz taps up Stamos as firefighter in totally-not-a-PR-stunt move

Video-conferencing company du jour Zoom is desperately trying to head off a mass exodus of users by announcing a new advisory board – and hiring former Facebook and Yahoo! CSO Alex Stamos as a troubleshooter.

In a roller-coaster few weeks for the tech upstart, it has seen its user base explode, thanks in large part to its superior user interface and experience over rivals. Millions upon millions of people working from home to avoid the global coronavirus pandemic, amid regional and national lockdowns, may have had something to do with that, too.

However, success has brought a spotlight on the conferencing biz, and highlighted failings in both its security and privacy.

Earlier this week, the government of Taiwan took the unusual step of announcing an outright ban on the platform over security concerns after Zoom connections were routed to servers in China. China refuses to acknowledge its neighbor Taiwan’s status as an independent nation and has repeatedly threatened to invade the island.

And Zoom has been developed in large part through three Chinese companies that experts fear may be subject to influence from the Chinese government.

On Wednesday, the German foreign ministry also banned Zoom, saying in an internal memo that security and data protection shortcomings made it too much of a risk. It noted, however, that because of its widespread use by others – including a UK cabinet meeting last week – its employees could use it on their private machines.

And in a week that the term zoombombing, where strangers and invited participants hijack meetings, entered common usage, the New York school system banned its use by teachers, saying it was shifting to Microsoft Teams.

After three videoconferencing incidents in Berkeley, California, a similar ban on Zoom was also instituted, though one that has also been extended to Google Meet yet not the Chocolate Factory's Classrooms app. In the first incident, an outsider shoehorned themselves into a Zoom meeting, and in the other two, students mucked about with conference calls.

"I am asking our teachers to stop using Zoom and Google Meet for online meetings while we look into whether we can truly assure student safety in this context," said Berkeley superintendent Brent Stephens.

"Teachers will continue providing instruction this week using tools such as Google Classroom and recorded lectures which do not have a live interaction component. We will keep you posted as we work toward a solution."

Zoom users are highly encouraged to set a password on their meetings, which is a default setting; to not share these credentials publicly, or miscreants will spot them; to use the waiting room feature to vet participants; and to control who can share what during conferences.

Business model

Prior to the widespread lockdowns, thanks to coronavirus, Zoom’s business model was reliant in part on exploiting its wealth of user data with the internet advertising world. At the end of March, it rewrote its privacy policy to insist, at least now, that it does not sell people's information, and will not use the content of people's calls to target them with ads.

Zoom also made knowingly misleading claims about offering end-to-end encryption when in fact it can, if it wishes, see the full content of conference calls.

Those issues sparked a lawsuit [PDF] in California this week claiming that the company "made materially false and misleading statements regarding the company’s business, operational and compliance policies," in particular over its "inadequate data privacy and security measures."

Soon after that bombshell, Zoom CEO Eric Yuan published a blog post on Wednesday in which he gave an update on his "90-day plan to bolster key privacy and security initiatives” which includes a new advisory board, a chief information security officer (CISO) council, and the hiring of Facebook and Yahoo!’s former CSO Alex Stamos as a consultant.

The CISO Council comprises a number of security officers from companies including HSBC, NTT Data, VMware, Netflix, Uber, Electronic Arts, and others, who will “act as advisors to me personally,” wrote Yuan.

Meanwhile, Stamos – who is best known for resigning from Yahoo! when it allowed US intelligence to search people's emails, and from Facebook reportedly after clashing with executives over concerns of Russian ads meddling with American politics – has “joined Zoom as an outside advisor.”

Stamos claimed the appointment came after a series of three tweets about Zoom’s situation and has written a self-congratulatory blog post about his appointment and Zoom’s wisdom in choosing to let him steer the company away from the rocks.

In reality, Stamos represents a perfect public relations score given his public profile for constructive criticism of his former employers.

The fact that Zoom has acted quickly to address concerns about its product’s underlying architecture and policies is a sign of strategic leadership from CEO Yuan. However, and call us cynical, we warn you that the changes are potentially temporary and easy to discard: privacy policies can be tweaked at any time in future, advisers can be heard but ignored, and so on, after the positive PR boost has dropped out of the news cycle.

Once zillions of people return to work, it is all too possible that Zoom’s moment passes and its user base drops back down to the previous level – it claimed it went from 10 million to 200 million daily users from December to March.

If, on the other hand, Zoom becomes a regular part of future global communication, and can count on many millions of people using, and paying for, its video conferencing beyond 2020, the new council and board are at least there to help shape the business in the right direction – for netizens.

In the meantime, Microsoft, Google, Apple and every other tech company that does collaborative software, especially video conferencing, is frantically trying to improve its user experience to compete with Zoom’s. ®