Universities must be aware of the privacy and security issues with Zoom and online learning

This is a graphic design of the word “opinion” in a speech bubble. The background is purple and there are various shapes surrounding the speech bubble.

By
 in

Zoom, the video conferencing app that’s officially supported by USC and hosting most USC lectures as a result of the coronavirus pandemic, has come under fire over the past few weeks due to security and privacy concerns. The wave of scrutiny has resulted in a class-action lawsuit, inquiries from the New York attorney general, and letters from U.S. senators in regards to how the app shares user data with third parties and partakes in other shady privacy practices. 

On top of these security concerns, “Zoombombers” have begun to interrupt and disrupt meetings and classes. In response, the company has rolled out extra security measures; starting April 5, Zoom now requires a password to join a meeting using the meeting ID. USC’s Chief Information Officer Douglas Shook also responded by sharing a resource page with strategies to prevent “Zoombombing.” 

In this case, the University did act appropriately, but the large cause of these issues in the first place was faculty not receiving proper instruction onin how to use the included security tools with the platform — the memos and resource page from ITS are a step forward in the right direction.

Meanwhile, the Pentagon, the U.S. Senate, Google and school leaders from New York City to Las Vegas have announced they’re moving to the more secure Zoom Government or discontinuing their use of Zoom due to security, privacy and harassment concerns. Schools, companies and other institutions have begun to switch to other alternatives, such as Microsoft Teams, Google Hangouts, Cisco WebEx and BlueJeans, which USC also officially licenses.

So why is USC still using Zoom as its primary video conferencing tool?

Zoom’s privacy policies have been highlighted as being vaguely worded and having notable omissions. In short, the issue seems to be one of transparency. Students are able to access a list with the contact information of more than 24,000 people registered with Zoom through USC and nearly 40 “Zoom Rooms” by accessing the contacts tab on the app. This is a grave privacy concern, and hopefully USC ITS will disable this access if possible, as it may be maliciously utilized.

Additionally, moving to virtual classes has highlighted who has access to fast internet, working computers and a safe — and quiet — space to work from. Financial inequities in the classroom are therefore put on full display when we virtually invite people into our homes, whether through live video meetings like Zoom or otherwise. 

Time zone differences and other pressures may affect the extent to which students can participate in synchronous learning — education that happens in real-time, like a lecture. Many professors have moved toward asynchronous learning, with less reliance on live lectures and more reliance on Blackboard discussions and the like. Many have also made lectures non-mandatory for students unable to attend a live lecture due to time-zone constraints or other reasons while expanding asynchronous learning opportunities for students to engage with the course material. 

Moreover, Zoom meetings and live lectures should only be a secondary option for faculty, as asynchronous learning opportunities are more effective than synchronous learning plans, which are teacher-centric rather than student-centric by their very nature. The best version of all, however, is offering a balance between the two while ensuring privacy and security.

But USC cannot depend solely on a platform that has the best technological measures to maintain the security and privacy of students, faculty and staff. It is up to the University to facilitate an environment wherein faculty and staff are sensitized to issues of privacy and security in this virtual environment. 

USC ITS has been proactive in issuing memos to minimize the risk of information being compromised. On USC’s COVID-19 resource page and on the ITS website, numerous resources and tips are provided to instruct students, faculty and staff to protect themselves amid this uncertainty. Even measures such as using complex passwords and waiting rooms — which ITS has since made mandatory — can help prevent unwelcome intruders.

Regardless, the University must encourage and ensure that students, faculty and staff have access to platforms that balance usefulness with privacy and security. Zoom, based on the above, might not be that choice.