Zoom has completed its 90-day plan to address security and transparency issues and is now planning to issue a transparency report that details requests for information and create a framework for how the company responds to requests from governments.
In a blog post last week, CEO Eric Yuan detailed the dozens of security and transparency features the company issued since April 1 when Zoom announced a three-month plan to address issues revealed amid an uptick in use due to the coronavirus pandemic and remote work.
“During the first few months of 2020, the Zoom team worked around the clock to support the tremendous influx of new and different types of users on our platform,” Yuan wrote. “The sudden and increased demand on our systems was unlike anything most companies have ever experienced. As March came to a close, we realized that our singular mission to deliver frictionless video communications to hundreds of millions of daily meeting participants needed to include an equivalent focus on security and privacy – areas where we needed to do more.”
The company enacted a non-security feature freeze on April 1 that included enhanced encryption, a new security-focused user interface, secure defaults and other features.
“The 90-day program we rolled out that day refocused our company on 7 commitments that embedded security and privacy permanently in Zoom’s DNA,” Yuan wrote.
The transparency report will detail information requests related to data, records or content. Data for the second quarter will be provided in a report later this year, Yuan wrote. The company has created a guide for responding to those requests.
The company took other actions to address security and privacy issues, including:
- Enhanced encryption
- A new security-focused user interface
- Secure meeting defaults
- Third-party reviews
- A CISO advisory council of security experts and other security hires
- An improved bug bounty program
- Developing end-to-end encryption that has yet to roll out
Going forward, Yuan pledged to continue to keep security and privacy as top priorities even past the 90-day security plan.
“Privacy and security are ongoing priorities for Zoom, and this 90-day period – while fruitful – was just a first step. …Our core value as a company is to care, and we hope we have shown that through our actions over these past 90 days — and will continue to show it through future actions.”