By now, I am sure you have seen the headlines around Zoom's users' latest security concerns:
- Elon Musk's SpaceX bans Zoom over privacy concerns - memo
- Zoom's sudden spike in popularity is revealing its privacy (and porn) problems
- Zoom Video Under Scrutiny for Data Privacy and Security Practices
- Zoom faces a privacy and security backlash as it surges in popularity
- Zoom User Warning: This Is How Attackers Could Steal Windows Passwords
Due to COVID-19, Zoom, CounterPath and others in the industry have seen a spike in usage. Overnight, workers were told to work at home - many of them without the proper tools. Whenever this happens, it creates chaos and an opportunity for users to become the targets of wrongdoing.
As our VP of Product Management, Damian Wallace, says: there is a very big difference between “do it right now!” and “do it right, now.” With the rush to work at home, so many organizations have had to choose the “now” over the “right”, and hope that their chosen vendor is doing security right.
I recall a meeting I had with an executive at Skype back in the summer of 2009. At the time, we were discussing SIP related to JoltID infringement issues (before the Microsoft acquisition). I was very impressed with Skype’s approach to protect their customers’ data and their "end-to-end" security. I remarked to the gentleman something to the effect of: "It sounds like you are bulletproof!" Without hesitation, he replied, "Nothing is 100 percent safe when it comes to potential end-to-end security vulnerabilities." I was far from a security expert, and that statement made me pause and consider the implications. It was one of those moments where a subject matter expert accelerated my understanding with just a few words. So, to that end, I am not surprised that we now see security issues with Zoom, as it grows in popularity. In some ways, it was inevitable.
As for CounterPath, our UC solutions are fully encrypted to and from the CounterPath collaboration server. This includes the voice, video streams, messaging and file transfers. We do not store video conferences or allow third-party endpoints to connect to our services.
By design, we do not allow guests to automatically have screensharing ability, which prevents “Conference Bombing”. “Conference Bombing” is where mischievous people, who are all at home now with nothing better to do, find open conferences and share pornographic or other inappropriate material in a conference.
What does shock me, and frankly is not acceptable, is the other story that has emerged about Zoom's practice of sharing information with third parties.
In particular, Zoom is dealing with a lawsuit to stop the company from sharing its customers' data and is currently being sued for allegedly sharing user data with Facebook. The company has published a blog post around its privacy policy, however it has neglected to address the Facebook data-sharing issue.
This issue is more significant than Zoom getting hacked. A company needs to take care of its users' personal information. At CounterPath, we are proud to do this. We do not store individual customer data that is not required to provide our services. That data we do store is encrypted, and wherever possible anonymized. We do not share data with third parties for marketing or technical purposes. We also do not store recorded calls on our servers, those files are saved in our users' hard drives or Dropbox accounts.
How a company approaches its security and privacy policy is essential. To say a company complies with regulatory privacy mandates is simply not enough. Its culture and DNA needs to put customer data privacy policies first.
At CounterPath, we have always been committed to keeping our customers' data private, never sharing it with third parties. This is one of our core values and is standard among our Bria Solo, Bria Teams, and Bria Enterprise solutions. If you are interested in a secure solution for your enterprise, reach out to one of our CounterPath Channel Partners or contact our sales team today.
