On Thursday, inquiries by The New York Times prompted Zoom to begin removing a feature that allowed people to access LinkedIn profile data about other users without their knowledge.
In addition to fears about improper encryption, users have raised concerns about the chat feature, with “private” conversations being recorded and saved in the meetings’ minutes.
Ms Falk said video and tele-conferencing services could be highly beneficial but warned “they can also pose new risks to privacy”.
“[My office] is considering any privacy impacts arising with the increased use of these technologies and whether any regulatory action is required.
“Organisations that shift to using new mediums for doing business need to replicate, as far as possible, privacy and security measures that would apply in their regular environment.”
A Zoom spokesperson said a meeting host is only able to record private chats which they participate in; hosts cannot see private messages between non-host attendees of Zoom meetings. However, experts say the feature still poses a threat to privacy, as hosts could later share the data with others or upload it to the cloud.
E-Safety Commissioner Julie Inman Grant said the booming popularity of videoconferencing
platforms including Zoom, Skype and Houseparty meant it was important users took steps to protect their privacy.
“Nude gatecrashing, cyber flashing and other forms of online abuse can happen on any video conferencing service providing instantaneous interactivity but not all platforms have incorporated ‘safety by design’ into these services.
“Often, default settings on these kinds of services may not be set with your privacy or security in mind, so it’s important to adjust your settings accordingly to ensure your account is secure as possible.
“We also encourage users to read up on the terms and conditions of these services, so they understand what kind of data is being collected about them and how it is being used, as well as the mechanism for reporting any abuse.”
Ryan Calo, a law professor and co-founder of the Tech Policy Lab at the University of Washington, said Zoom was undergoing “an enormous stress test” because of the coronavirus, which exposed the weaknesses of its default settings. “You can change the settings, you can add password protection. But from a privacy and security perspective it’s not user friendly,” he said.
Australian security researcher Troy Hunt defended Zoom, saying it was “copping the short end of the stick” due to its meteoric rise and the privacy risks were relatively minimal.
“I honestly can’t see any evidence to suggest that its privacy or security policies are any worse than WebEx or Skype or anything else,” he said.
A US-based Zoom spokesperson affirmed a statement the company had given to Forbes magazine about private chats.
“If a host chooses to record a Zoom meeting to the cloud, only chats sent publicly (to everyone in the meeting) are saved,” it said.
“[But] if a host chooses to record a Zoom meeting locally, then chats sent publicly, as well as any private chat exchanges that the host who chose to record the meeting participated in during session, are saved.”
with David Estcourt
Michael Koziol is deputy editor of The Sun-Herald, based in Sydney.