Zoom CEO Eric Yuan Pledges to Address Security Shortcomings in ‘The Next 90 Days’

April 20, 2020— When a Zoom user had his question read out during the “Ask Eric Anything” webinar on Wednesday, Zoom CEO Eric Yuan listened intently.

“Will Zoom be adding more emojis to its social features anytime soon?” the user asked.

Yuan disappointed the user immediately. “We’re not going to allocate any new features to that,” he said. Yuan then made it clear that for “the next 90 days,” Zoom will be “incredibly focused on enhancing our privacy and security.”

The “Ask Eric Anything” webinar, a weekly series in which Zoom users tune in to ask questions about Americans’ go-to video conferencing technology during the pandemic, launched in response to widespread privacy failings by the company’s flagship communications technology.

Almost as quickly as the company name became a verb, “zoombombing” entered the national lexicon to describe the act of anonymous trolls entering a Zoom meeting a neglected URL and posting pornographic, racist, or generally inappropriate material.

In fact, Zoom announced over the webinar several updates in an effort to assuage users— and shareholders— about concerns surrounding privacy. The first thing the company announced was a new hire.

Alex Stamos, the director of the Stanford Internet Observatory and former chief security officer of Facebook, announced on the webinar that he is “Zoom’s new outside advisor.”

“I want to apply my skills to the problem we are facing,” Stamos said. He called Zoom “a critical part of the lives of hundreds of millions of people” and identified education as the “most interesting area” in which Zoom can benefit society.

Defending Zoom against complaints of ‘Zoomboming’

Stamos took the time to defend Zoom from its blemishes in the press. “Every single company… will face” the problem of security failings and claimed that “there’s never been a company that’s had to scale this quickly.”

Stamos related how Zoom is taking active steps to stop the bleeding by “proactively locking” the “bad actors” before they can compromise an account.

Stamos suggested that much of the cause of Zoombombing rests on the manager of a meeting. Resultingly, he implored users to avoid making a “mistake” by using “the same password” that they use for other accounts

“Go get a password manager,” Stamos recommended.

Stamos also expressed optimism on the webinar. He said that Americans are “very versatile and when we find a problem, we find a solution.”

Zoom also announced a new feature rolling out sometime this weekend. In addition to Zoombombing, the company has also been sharply criticized for keeping one of its many data servers in China, a country with which the U.S. has privacy disagreements and with which the U.S.-based Zoom has ties.

Occasionally, Yuan admitted, Americans’ data would be sent to China when other data centers were offline, which hypothetically left them vulnerable to data harvesting by the Chinese.

In response, Oded Gal, chief product officer of Zoom, announced that by April 25, the Chinese server will be deactivated automatically for all users that have not explicitly opted to have their data routed to it.

In addition, Zoom has hired a new cybersecurity team called Luta Security to help catch bugs before users do. Luta Security is headed by Katie Moussouris, who worked on similar “bug bounty” programs for Microsoft and the Pentagon.

The CEO expressed faith in these changes. Yuan says he has “much more high confidence now.”

The question is whether this high confidence will transfer to Zoom’s users and shareholders.