To Zoom or Not to Zoom Dashboard Dashboard

Writers have flocked to Zoom to keep writers’ rooms going during the COVID-19 pandemic, but is the popular video conferencing app secure enough to be trusted?

When social distancing restrictions were enacted last month in the wake of the COVID-19 outbreak, writers, along with millions of others, added a new verb to their everyday vocabulary: to Zoom. The popular video conferencing app has become a favorite of TV-digital writers as they endeavor to keep writers’ rooms going during the pandemic. Zoom’s ease of use and collaborative features, like whiteboards and annotation, make it ideal for creative virtual meetings.

Zoom’s skyrocketing prominence, however, has led to the coining of another term: “Zoom-bombing,” or the ability of online trolls to hack into public events to share offensive material. The practice prompted the FBI to issue a warning and offer steps to mitigate teleconference hijacking threats. In fact, Zoom-bombing is only one of a host of problems with the software—from security flaws to data privacy concerns—that have been exposed in recent weeks, as detailed by this CNET timeline. Private Zoom calls can be found on the open Internet, and a recent report says that a half million Zoom accounts are being sold on the dark web and hacker forums. Zoom’s security issues are so serious that many schools, organizations, corporations, and government entities have banned its use. “Zoom is a security and privacy disaster, but until now had managed to avoid public accountability because it was relatively obscure. Now that it's in the spotlight, it's all coming out,” Bruce Schneier, a cybersecurity expert and fellow at Harvard’s Kennedy School, wrote on his blog.

Zoom Video Communications CEO Eric Yuan told the Wall Street Journal that the explosion in its usage during the pandemic—a twentyfold increase—exposed issues that he said the company is working diligently to address. On April 8, the service added an onscreen “Security” icon that helps augment some of its default security features and allows hosts to quickly respond to Zoom-bombers by locking the meeting or removing participants.

As the company continues to make these adjustments, however, the question remains: Should writers continue to entrust Zoom with the sacrosanct confidentiality of writers’ rooms? Some alternatives to consider include:

• BlueJeans: BlueJeans offers an encrypted video conferencing service that’s secure enough to be HIPAA (Health Insurance Portability and Accountability Act) compliant for telehealth visits.
• FaceTime: FaceTime is one of the few group video chat options that offers end-to-end encryption, which means not even Apple can decrypt the data. The downside is it’s only available on Apple devices and lacks some of Zoom’s functionality.
• Google Meet: Google banned the use of Zoom for its employees and issued a blog post about how its competing product blocks trolls' efforts to crash meetings by using a 25-character string (compared to Zoom’s 9 to 11 digit) video conference meeting ID.
• Jitsi Meet: Many privacy advocates recommend this free, “hop-to-hop” encrypted video conferencing app. It’s open source, which means outside parties can check its security.
• Microsoft Teams: “Teams enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest,” according to Microsoft. This security guide details how it handles all levels of threats.
• Signal: Signal is end-to-end encrypted and also open source, but it doesn’t support group video conferencing, so it’s best for one-on-one conversations.

Using another service, however, won’t necessarily prevent a breach. Cyber security concerns are now an unfortunate omnipresent reality of working under quarantine, and sometimes it’s necessary to sacrifice ease-of-use or other functions for the sake of privacy. Oftentimes, hacks happen because users aren’t familiar with an app’s security settings. Writers who wish to keep Zooming should attempt to educate themselves on the risks involved and observe the service’s best practices to make meetings more secure.

The bottom line, though, is that most writers are not security experts and should be spending more time breaking stories than fretting over whether their video conferences have end-to-end encryption. Better that they consult with their studio or network’s IT administrators and let them worry about protecting their meetings so writers can go back to doing what they do best.