Zoom CEO apologizes for having ‘fallen short’ on privacy and security

“We recognize that we have fallen short of the community’s — and our own — privacy and security expectations,” Eric Yuan said in a blog post on Wednesday. “For that, I am deeply sorry.” Zoom will stop adding new features for the next 90 days and instead focus solely on addressing privacy issues, Yuan said. The company will also release a transparency report, similar to the ones periodically shared by tech giants such as Facebook (FB), Google (GOOGL) and Twitter (TWTR), which details requests for data or content from government authorities. The coronavirus outbreak has seen millions of people ordered to stay in their homes flock to Zoom, which has garnered praise for its features and usability. Yuan said Zoom crossed 200 million daily meeting participants in the month of March.People have used the video conference app for everything from brunches and birthday parties to religious events and even a UK cabinet meeting. But the spike in popularity has led the company to quickly find itself dealing with many of the issues that have plagued larger online platforms, particularly around privacy. This week alone, Zoom has come under scrutiny from the New York Attorney General and the FBI, faced questions from security experts about the level of encryption on its platform, and been hit with two class action lawsuits over a feature (which it has since deactivated) that shared some user data with Facebook. The controversy has hit Zoom’s previously meteoric stock price, which had nearly doubled since the end of January but closed 11% lower on Thursday and has fallen around 24% this week. Yuan said Zoom was created mainly for “large institutions with full IT support” such as universities, government agencies and financial services companies. “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home,” he added. “We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate.” Zoom also apologized for its misleading claim that it offers “end-to-end encryption for all meetings,” which would mean that all content on its platform is visible only to participants. Some security experts expressed doubt about Zoom’s ability to provide that level of encryption, saying the type of encryption it provides would allow the company to access some information through its servers. Oded Gal, Zoom’s chief product officer, said in a blog post on Wednesday that Zoom does not decrypt any information if all participants of a meeting are on its app and if the meeting is not being recorded. Full encryption is not possible if any of the participants are dialed in from a phone or another external device. “While we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it,” Gal said.