Illustration by Jason Kowalski

Alarm over cybersecurity at Zoom University

Amidst a global pandemic, online education has become the new normal for many of us. In a matter of months, Zoom went from a relatively unknown platform to the classroom setting of choice for the reformed U.S. education system. As a result of  switching to online meetings, it is no surprise that Zoom was forced to rapidly implement new security policies and features. So the question stands: Should cybersecurity be another item on our long list of concerns?

Zoom has been no stranger to complaints of cybersecurity. Between “Zoombombing,” leaking the emails and names of thousands of users, using Chinese encryption keys that can be forcibly taken by their government and sending information to Facebook regardless of if you have an account, it is astonishing that the backlash has not been stronger. Despite the U.S. government cautioning against the use of Zoom in April, as well as SpaceX and Google banning it entirely, its widespread use might be seen as irresponsible. 

However, these concerns have been far from unaddressed. While the U.S. Senate Sergeant at Arms Michael C. Stenger recommended against using the free version, Zoom for Government has existed since April 2019. It claims to provide more security than the standard version. Zoom introduced waiting rooms and passcodes for calls to prevent Zoombombing, options to only allow people with a certain email domain to enter and created a way to report users. The company brought in a new chief information security officer and acquired Keybase which allowed them to provide end-to-end encryption. They have even worked individually with institutions like Harvard University to provide explicit and contractual guarantees on the privacy of users.

Here at Lewis & Clark, we are fortunate enough to have professors that specialize in such topics. I interviewed Professor of International Affairs and Chair of International Affairs Bob Mandel, who recently wrote a book on cybersecurity and the use of Zoom on college campuses. He noted that Zoom’s cybersecurity issues are not unique and that Zoom is not inherently more or less safe than its competitors. According to Mandel, the cybersecurity risk when using Zoom is not any higher, and every system has unique vulnerabilities. Despite governmental concerns, educational use is not going to create the same kind of risks. 

“The fact that on university campuses there may be people who are exploiting the vulnerabilities is not going to be a national security threat,” Mandel said. “It’s going to be more an issue with the student’s right to privacy, the student’s ability to know that comments they’ve made in class will not be used or taken out of context elsewhere, and faculty as well.” 

Ultimately, when it comes down to balancing student privacy and safety, Mandel said “All one can do, all any teacher can do, is find the best combination for what they’re doing while placing the needs of the students first.”

So should this matter to you? Maybe. It comes down to how much you value your privacy and security. If you do not care about the chance of your email getting leaked or being recorded in class, then you can probably carry on with nothing more than the usual level of existential anxiety. If you have concerns, you can always talk with our IT department and your teachers about what steps are being taken to keep us safe and what the policies are in case of a privacy breach. At the end of the day, the risks, while present, are very low and most of us are not in peril of having extremely sensitive information released. That said, we should understand the risks and make our own cost analysis about our online activity while we are attending Zoom “University.”

This article presents opinions held by the author, not those of The Pioneer Log and its editorial board.

Leave a Reply

Your email address will not be published.

AlphaOmega Captcha Classica  –  Enter Security Code