Increasingly Popular Platform May Not Be Adequately Safeguarding Users' Data and Privacy

Text of Letter (PDF)

Washington, D.C. - United States Senators Elizabeth Warren (D-Mass.) and Edward J. Markey (D-Mass.) sent a letter to Zoom Communications Inc. requesting information on how the videoconferencing platform is protecting the safety and privacy of students who use its service. The senators' letter raises concerns about the platform's security and privacy practices and comes as schools across the country rapidly shift to remote education due to the coronavirus disease 2019 (COVID-19) pandemic.

"The platform is filling a critical need during the pandemic," the senators wrote in their letter. "But precisely because Zoom's technology has become such an invaluable -- and in many cases, required -- tool for learning and keeping students connected to their school communities during this crisis, we are concerned by recent reports that the platform may not be adequately safeguarding users' data and privacy."

Zoom has seen a rapid increase in users-including teachers and children at more than 90,000 schools who are using the platform to continue instruction-but as its popularity has grown, concerns about the company's security and privacy practices have emerged. Last month, the Federal Bureau of Investigation's Boston division warned that two high schools in Massachusetts have experienced hijackings of Zoom classes. Public reports have also revealed that Zoom was sharing users' data with Facebook without their knowledge, made misleading claims about whether its services were fully encrypted, and had vulnerabilities that could allow Mac users' cameras and microphones to be accessed by hackers.

While Zoom has committed to an independent security review, these vulnerabilities have led the New York City Department of Education to instruct schools to move away from using Zoom for remote instruction.

In their letter to Zoom Founder and CEO Eric Yuan, Senators Warren and Markey urged him to take all possible actions to protect the security of students' data and prevent these disturbing intrusions, including by publicly releasing an independent, comprehensive review of the platform's cybersecurity and privacy practices, and publicly reporting data on the frequency and nature of Zoom classroom intrusions.

"We appreciate your announced intention to address each of these issues, but it is alarming that Zoom allowed these security breaches to affect millions of users and did not identify or resolve them until they became public," the senators continued.

The senators asked for information on how Zoom is protecting student data as required by the Family Education Rights and Privacy Act and the Children's Online Privacy Protection Act, and requested a response to their inquiry by April 22, 2020.

###