Zoom – reducing the risk of privacy breach

“Zoom – Just One Look and My Heart Went Boom”

Despite the fact that video conferencing is a very small part of Online Dispute Resolution (ODR) and how best to mediate online, Fat Larry’s 1980s hit seems to have been taken to heart by mediators who, anxious not to delay mediations due to the Covid-19 lockdown, have, after “just one look” fallen rapidly in love with the Zoom video conferencing platform.

Just as falling in love on first looks can often deceive, there are security issues with Zoom that may compromise the mediator’s professional duties of confidentiality and his or her privacy policy. A very detailed independent examination of the platform by a technology research group at the University of Toronto was published in April 2020 which concluded that Zoom should not be used for any confidential discussions, especially mentioning lawyers.

The criticisms have been largely accepted by Zoom who have said it will take until July before the problems have been dealt with. So concerned were they to fix the issues that they have put all product development ‘on ice’ until after the security problems have been fixed. Version 5.0 was issued on 27 April, which introduced some interim improvements including ‘end to end encryption’ (something they had previously claimed to have included but had not) and reset two settings as default to avoid users having to set them.

Whilst consideration should be given to using some of the dozens of other video conferencing platforms rather than Zoom, here are some practical tips to reduce the risk:

  1. Create unique IDs that are more difficult to guess. In addition, ensure that the meeting ID has a passcode on them.
  2. Ensure that if you are using a personal meeting ID (PMI), that it is secured with a PIN or passcode.
  3. Use Multi-Factor Authentication (MFA) on your Zoom account so that if a password is compromised, the attacker does not have access to your Zoom account.
  4. Enable a waiting room feature to screen individuals that are coming into your meeting room. Check you know all those in the waiting room to ensure no gatecrashers.This will prevent unknown individuals from joining your session. V5.0 now turns on the waiting room by default.
  5. Disable “Join Before Host”.
  6. Enable “Co-Host” so you can involve a co-mediator responsible solely for the satisfactory working of the technology.
  7. Disable “File Transfer”. This will prevent parties from inadvertently passing on a virus.
  8. Disable “Allow Removed Participants to Rejoin” so anyone in the meeting without authority cannot rejoin after being removed.
  9. Disable screen sharing at the outset and only allow that as and when required
  10. Make clear to all parties and their representatives that you are not an ICT expert and that, whilst you personally will not knowingly breach confidentiality, there remains, as with all online platforms, a risk that security breaches may occur.

In view of the Covid-19 emergency we are giving free access to our ODR training module Adapting Your Skills to the Online Environment, together with 15 tips when using web conferencing to mediate and the above 10 tips to reduce the risk of privacy breach when using Zoom.

To access the free module click here or go to the course site at odrtraining.com  and click the link shown on the home page.

Graham Ross is a lawyer/mediator specialising in resolving shareholder disputes and expert in the field of applying ICT to increase access to justice via ODR. He is lead tutor on the training courses on ODR for ADR professionals at odrtraining.com. Email g.ross@TheResolver.com. Twitter @mediationroom.

Image by Tumisu from Pixabay