Zoom Urged To Divulge Gov't Data Demands In COVID-19 Era

Law360 (March 20, 2020, 10:54 PM EDT) -- As the coronavirus pandemic ramps up demand for remote conferencing services, an advocacy group is pushing Zoom Video Communications Inc. to release regular transparency reports detailing how it responds to requests by government authorities for access to users' data.

Since Google released its first semiannual accounting of global law enforcement demands for user information in 2010, nearly 70 other companies — including fellow industry heavyweights such as Facebook, Twitter, Verizon, Airbnb and Uber — have moved to publish similar transparency reports that shed light on the scope and scale of online surveillance, network disruptions and content governance.

In an open letter to Zoom's leadership Wednesday, advocacy group Access Now pressed the remote video and audio conferencing service provider to join these ranks as more consumers than ever flock to its offerings to stay in touch with co-workers, family and friends during the global coronavirus outbreak.

“The growing demand for Zoom’s services makes it a target for third parties, from law enforcement to malicious hackers, seeking personal data and sensitive information,” Peter Micek, Access Now’s general counsel, said in a statement. “This is why just disclosing privacy policies is not enough — it’s high time for Zoom to tell us how they protect our personal lives and professional activities from exploitation. This starts with a regular transparency report.”

Zoom has exploded in popularity in recent weeks, as the spread of the COVID-19 virus has forced more people to work and stay at home. Bernstein Research analysts have reported that Zoom — which was founded in 2011 and is headquartered in San Jose, California — has gained more users so far this year than in all of 2019, and "this trend is likely to continue as more people rely on video conferencing services to carry on in their work and lives," according to Access Now.

Therefore, it's "all the more imperative" that Zoom be up front with its users about how it responds to demands from authorities around the world to break encryption and hand over user data and about what steps it takes to minimize any outside interference, including the anticipated spike in authorities trying to control the flow of information as more people gather online, the advocacy group argued.

“Zoom is exactly the type of company that needs to issue a transparency report,” said Isedua Oribhabor, Access Now U.S. policy analyst. “Zoom sees into our bedrooms, offices, and living rooms. They are the means through which we work, learn, and stay connected to our loved ones. They therefore have a duty to ensure that they respect our human rights as we try to maintain daily life in the midst of this public health crisis.”

Access Now, which maintains a comprehensive index of transparency reports issued by companies around the world, has requested that Zoom disclose information about the number of government requests for user data it receives by country, how often it complies with these inquiries, its procedures for responding to these demands and the circumstances under which it providers user information to government authorities.

Zoom should also divulge its policies for providing notice to potentially affected users when their information has been requested by — or provided to — government authorities or exposed by a breach, misuse, or abuse; its stance on multi-factor authentication, encryption, retention and other issues that impact the security of data; and how its user content guidelines are being enforced.

Zoom said in a statement provided to Law360 that it has received the letter and is in the process of reviewing it.

"We take user privacy extremely seriously, and appreciate them reaching out on this very important topic," the company said.

Access Now's letter comes amid mounting concerns over how governments around the world are using personal data to combat the rapid spread of COVID-19, the disease caused by the novel coronavirus, and how hackers are exploiting vulnerabilities stemming from the widespread shift to remote working.

Cybersecurity attorneys say they are seeing a spike in data security incidents, as hackers take advantage of distracted workers and stretched-thin IT staff to gain access to corporate networks across a range of industries, including the legal profession.

Alarms have also been raised by lawmakers and others about reports that the federal government is considering using location data held by major tech companies to track the spread of COVID-19.

Tech giants such as Facebook, Microsoft and Google in recent years have become more open in divulging information about what data demands they're receiving from U.S. government officials, as well as more active and aggressive in publicly challenging these requests.

In a transparency report released late last year, Facebook said it received more requests from governments around the world for access to user data in the first half of 2019 than ever before, while insisting that it continues to push back on overbroad demands and doesn't provide officials with "back doors" to encrypted data.

"As we have said in prior reports, we always scrutinize every government request we receive for account data to make sure it is legally valid," Chris Sonderby, Facebook's vice president and deputy general counsel, said in a November blog post accompanying the release of the report. "This is true no matter which government makes the request. If a request appears to be deficient or overly broad, we push back, and will fight in court, if necessary."

--Additional reporting by Ben Kochman. Editing by Emily Kokoll.

This article has been updated to add a comment from Zoom.

For a reprint of this article, please contact reprints@law360.com.

View comments

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Beta
Ask a question!