In the past decade Zoom emerged from a start up in a crowded video conferencing sector to be a firm “stand alone” solution adopted by businesses.
It was re-branded as a video conferencing solution and resold by large communcations companies with a multi billion dollar valuation.
In recent weeks and months its market share has shown meteoric growth on the back of a Pandemic. However, underlying problems that were being aired in 2019 by security and technology analysts and bloggers (before the growth curve accelerated) were thrown into sharp relief when mainstream media picked up the story about serious flaws and dubious practices, and marquee clients started to ban the use of the app.
Was Zoom always vulnerable? Was it inherently broken?
Early adopters were corporate users. Zoom was not attractive to the personal market which was was already cornered by Skype, and then by the likes of Google Hangouts, FaceTime, FaceBook Messenger, WhatsApp, and WeChat and Line in Asia.
Many users found the need to download a Zoom app slightly archaic; elsewhere communication tools were being embedded in all manner of productivity apps including Slack, Microsoft Teams, Evernote, and communcations between browsers (Google HangOut / Google Meet) was fast catching on (driven by a technology called Web Real Time Communications - WebRTC - which Zoom appeared to eschew).
Mass adoption was also slowed by Zoom’s clunky user interface that did not endear it to users and reports that it was difficult to use its more advanced features have not been uncommon.
Audio and video performance has lagged behind its web based cousins. And its pricing formula, that racks up charges based on increasing functionality and per host / per month pricing (with 50 minimum hosts) soon put companies wanting to adopt it plunging deep into their pockets to sustain a significant roll out.
Despite these negatives, Zoom has grown worldwide; from its beginning in 2013, to the present day, it claims to have amassed 10 million users (2019).
The Coronavirus outbreak has seen users surge to 200 million. WFH (Work From Home), remote teaching, and the a seismic shift in how companies operate remotely, has driven the usage of video conferencing in general and Zoom in particular.
How much of the growth is fuelled by the limited Free Version of the app has yet to be declared. (A very close friend declared she can use it free for 40 minutes, switch off, and then have another 40 minutes also free!)
With increased adoption came increased visibility and scrutiny and Zoom has found to be wanting.
While a small cadre of bloggers and technologist have been sniping at Zoom’s security flaws for a few years, the avalanche of criticism has now been accelerated by exposure in major media of issues which are not trivial.
The outcome of this public exposure has seen the banning of Zoom from major governmental and corporate institutions across the world - ranging from the Australian Defence Force to the German Ministry of Foreign Affairs, from NASA and SpaceX to New York City Public Schools. And this list has been topped of by a class action suit against the company by one of its major shareholders.
Over the past year, and certainly building in intensity over the past two months, there have been the allegations against Zoom? The list was not trivial:
Few people are aware that Zoom is also white labeled to major communications companies and branded as thus.
Zoom vulnerabilities also impact (to a greater or lesser extent) some video services offered by RingCentral, Telus Meetings, BT Cloud Phone Meetings, Office Suite HD Meeting, AT&T Video Meetings, BizConf, Huihui, UMeeting, Zhumu, Zoom CN, EarthLink Meeting Room, Video Conferencia Telmex, and Accession Meeting.
Zoom’s problems will not be cleared up in a few days. The issues that have been reported are not trivial - and now, with increasing scrutiny, more issues may come out of the woodwork .
However, Eric Yuan, Zoom’s CEO has gone public in a blog listing the actions taken by his company to deal with allegations (including the ones listed above) and has dealt in depth with many of the reported issues. “We moved too fast... and we had some missteps,” Yuan said in an interview with CNN’s Brian Stelter. “We’ve learned our lessons and we’ve taken a step back to focus on privacy and security.” see here
Zoom has announced “fixes” or “solutions” for some of the areas identified, and will - we assume - continue to do so.
This is an example of a CEO stepping into the fray and publicly taking charge - and being very visible and accountable. Just what a CEO should be in circumstances such as these - s kudos to him.
Whether the actions will be sufficient to quieten the critics and deliver a believable reassurance that the problems are solved is yet to be seen.
However, as I read through the recommendations in the CEO’s blog and related /referenced Zoom blogs, there is a lot of onus placed back on the user to solve the problem.
For example - to solve Zoombombing, you must learn how to generate random meeting ID’s and use the ‘Waiting Room” feature. And there’s a further long list of actions which helps you manage your room to exclude unwanted guests.
Having created a monster, Zoom wants its users to learn more and more complicated steps and actions to mitigate the problem. They want you to go deep down in the bowels of an app which is already known for being cumbersome and difficult to use to find tools and configurations which may solve some of the security problems identified. I would not be optimistic … users are not techies. Most users just want “plug and play” - switch it on and use it. The last thing they want (or even may be capable of) is following a series of cumbersome steps.
However, there are major design issues which are not trivial. And the issue getting most attention is something called "End - to - End" encryption. Your call goes via the internet, via servers, via networks…. this routing, which simple in concept is fiendishly difficult and torturous to secure. And with Zoom you are not encrypted all the way. And most pundits are doubtful that Zoom will crack this one anytime soon.
Interestingly, a conversation with our own techncial gurus in CoSMo revealed that they are one of the few teams in the world who have cracked this problem and their solution is being used by Symphony in the Fin-tech space and by (unnamed) government agencies. (Contact CoSMo).
Broken technically - certainly, there are many aspects of the underlying technology which will require much rectification. This work is not minor and it may be months or a year plus before we see results.
Broken integrity - there have clearly been some very dubious practices with regards to users data which have not been accidental. To regain trust that the application has a “fair set of rules” will need a major reset in the corporate mind and the ethos of the company.
Broken reputation - with marque clients banning the use of Zoom, with Senators calling for an enquiry, and with class action law suits being instigated by its own shareholders Zoom can hardly be described as untarnished. Damage limitation is - no doubt - on full throttle. Zoom has not yet suffered a “Ratner moment” but it will have to haul back to recover the 26 per cent loss in company value over the past ten days and invest heavily to build a reputation that is unsullied by its past actions.
The opinion in this article are the author's own and do not represent the opinions of any organisation.
Bill Lewis is a sought after Board advisor and counsel; he is also a renowned entrepreneur, technologist and workshop speaker. An experienced Corporate Executive and Non Executive Director advising Fortune 200 companies, Bill has served on the Boards of five companies, including the Global Board of a major system integrator. A prolific writer on technology, the digital age and entrepreneurship, he is the author of three acclaimed books: Midas and 1000 Cows, 100 Mistakes of a Start Up CEO, and 25 Kickass Lessons for the Budding Entrepreneur and numerous blogs and articles.