Zoom could well be one of the few tech companies in the world right now to acknowledge — even apologize — for its problems. But what do you when the government deems you unsafe? We're about to find out.
You know, Zoom didn’t actually break cover just a few months ago. It’s been around since 2013, at least. Though, it’s only now that everyone’s seemingly talking about it. The timing may be not-so-good, but you can say, Zoom has finally arrived. For those still unaware, Zoom is a cloud-based video conferencing platform and while it was initially intended for enterprise customers, it’s somehow taken over the whole world by storm in the wake of the novel coronavirus outbreak.
“Zoom meetings” have suddenly become the talk of the town as more and more people are now forced to stay cooped up inside their homes to curb the spread of COVID-19. The response, in fact, has been so phenomenal that it’s surprised even Zoom itself. The video conferencing platform, that is available across Windows, macOS, Android and iOS, has shot up from an average of 10 million daily users to an astounding 200 million daily users in just three months, according to data released by the San Jose headquartered company.
What this essentially means is that people may have been picking it up over the conventional video conferencing lot — Skype, Teams and Hangouts. Wow!
There are many reasons why Zoom has achieved the literal cult status that it has in these unprecedented times. At its heart though, there’s only one reason why that is. “It just works,” Sameer Raje, who is India Head for Zoom tells Financial Express Online in an exclusive one-on-one over, well, a Zoom call. “If you click on Zoom, you can be absolutely confident that it will work. Plus, it’s so simple and easy to use.”
Low bandwidth be damned. “In a country like India, it’s extremely important that our product functions well despite packet loss (sometimes to the tune of up to a 40 percent) and standard fluctuating bandwidth issues to deliver a high quality video interaction. It does just that. That’s why there’s been a growing uptake in our service.”
India meets Zoom
Zoom may have been around for a while internationally, but it’s still very early days for Sameer and team in India. Zoom started its formal operations in India in September last year though Sameer “has been working personally behind the scenes for some time.” Zoom has an office in Mumbai and employs people in different functionalities. “And also we are hiring aggressively in line with what our global plans are. And we will continue to do that.”
But, why did it take so long for Zoom to set-up base in India? Was India not part of the plan initially? “India is definitely a big market and it was always on the planned agenda for Zoom, no doubt about that. But, India also brings with itself very different kinds of challenges — in terms of telecommunications, in terms of regulations, and also in terms of the geography. We had to be absolutely clear about what we want to do in India. And that’s the reason why it took us some time to commence our operations,” Sameer explains adding, “what works outside of India may not necessarily work in India.”
Zoom is still pretty much an enterprise-first solution — even in India. Even though it continues to amass “a new set of users making use of Zoom for a different set of use cases” each day.
“With the COVID-19 situation, two things happened. We started seeing a lot of deployment within the larger organizations for business continuity, planning purposes wherein they’ve been using Zoom for letting the employees work from home, remote access etc. On the other end, we also started seeing extremely small and medium mom and pop stores coming up and using the platform.”
Sameer won’t share any India-specific figures, only that the platform use has “gone up in all the segments.” While its free tier, that allows video conferencing with up to 100 participants for up to 40 minutes, plus a host of other features including virtual backgrounds and screen sharing, of course, would be pulling more users, Zoom also has a paid option that bumps up the participant count to 1,000 and there are virtually no time limits. There is still no dedicated India website though.
“We do sell in INR as well,” Sameer confirms. Zoom has tied up with telcos like Airtel to sell its product — while TATA Communications is its partner for infrastructure. “We also have certain AV integrators who are partner resellers taking our products to the market.”
Also Read Zoom responds to Govt of India’s advisory, says it takes user security extremely seriously
Zoom meets India
Zoom’s ease of use and host of benefits have catapulted it to fame around the world, including India. There’s a lot of good stuff happening here, and mostly it’s happening for free which is probably one of the biggest reasons why Zoom has picked up steam. But remember, there’s no such thing as a free lunch. So, what’s the catch? Well apparently, there are quite a few, something that Zoom CEO Eric Yuan has publicly acknowledged and apologized for, himself. The bigger concern is, as the platform is being subject to more and more intense scrutiny — since popularity also comes at a cost, obviously — more and more loopholes are also being discovered every other day. Some of them may be minor, some catastrophic.
Zoom is a privacy nightmare. There are no two ways about it. So much so that governments around the world are now sitting up and taking notice. Including the Government of India. The Ministry of Home Affairs has put out a detailed advisory for Zoom users in India, to safeguard their virtual meetings from prying eyes, deeming the video conferencing platform “unsafe.” While it hasn’t outrightly banned it for use — by individuals preferably for private use — in India, things aren’t exactly looking good for Zoom and its future prospects in the country.
“The MHA has a right to be concerned about the Indian users and we respect them for that. We are in touch with the MHA and even with some of the key ministries and departments to discuss this as well as showcase our technology to them. We feel that as we go ahead, this will definitely change,” Sameer says.
In the words of CEO Eric Yuan himself, Zoom did not know — or foresee — that “every person in the world would suddenly be working, studying, and socializing from home,” in a matter of weeks, and that they would all be using Zoom for video conferencing.
“Now when these (non-enterprise) types of users start using an enterprise platform, they’re probably not aware about the best practices to safeguard themselves in the cyber world,” Sameer explains, adding “we have now embarked on a journey to guide them and train them independently.”
Surely, it won’t be easy to win back the trust of the Government of India — and end users — but Zoom is in the country for the long-term, Sameer says. “We have a lot of industry veterans who are Indians on the board. We have two data centers in India. We’ve partnered with local telcos. But, we understand, there’s still a lot more to be done.”
Is Zoom compromised — it’s complicated
Zoom could well be one of the few tech companies in the world right now to acknowledge — even apologize — for its problems as quickly as it has. But more importantly, it’s one of the few companies to have come up with a plan, as quickly, to fix its many privacy and security issues. One of the first bold steps that it has taken is to freeze the development of any more features, for 90 days. Zoom has been devoting all its resources to secure its platform first, instead.
The company is now rolling out Zoom 5.0, which it says is a “key milestone” in its 90-day plan to proactively identify, address, and enhance the security and privacy capabilities of its platform. The update brings with it a new security icon that ties most of its security features together and lets you change them directly from your title screen — from locking meetings to restricting screen sharing to reporting “Zoom bombers.” Speaking of which, Zoom is also now enabling passwords by default for most users — while highlighting “clearly” that passwords are necessary for all Zoom meetings. Zoom’s waiting room feature will also remain on by default for all, so a host can screen participants before allowing them into a meeting.
But even more importantly, Zoom is upgrading its encryption to standard AES 256-bit GCM, which is an improvement over the outgoing AES-256 ECB standard. This still isn’t the full-proof end-to-end encryption one would want from the service, but it’s a start. Curiously, Zoom had previously claimed all meetings were end-to-end encrypted, but as it turns out, its take on end-to-end encryption might be slightly different from what we’ve come to expect from the security protocol.
“If I am using a Zoom client and if you’re using a Zoom client, the meeting is encrypted. What people need to understand is that Zoom is a collaboration platform which means that you have to allow interactions through various modes. If there’s a PSTN (public switched telephone network) audio conferencing coming into a collaboration platform, there’s no way that from the Zoom cloud to the PSTN telephone that the audio will be encrypted. Is the meeting encrypted? Absolutely. If it’s going through a third-party video endpoint somewhere, the format of encryption may be different over there, so then it may not be encrypted,” Sameer explains.
And yet, there are reports of over 500,000 Zoom accounts being hacked and sold on the dark web.
“It’s a very unfortunate incident, but we really need to understand what’s really being sold on the dark web. Is the Zoom platform compromised? No, not at all. If I as an end-user don’t follow the standard laws or I don’t follow the basic etiquette of the cyber world, I’m going to use the same user ID and password, which I have used on ten other platforms on zoom as well, then I will be prone to a stuffing attack. That’s what has happened in this case.”
And it surely doesn’t help that Zoom’s own clients are allegedly hiring hackers to find flaws in their system. That in addition to cybercriminals trying to exploit its growing popularity — because, why let a pandemic go to waste.
“Miscreants have realized that because of the whole COVID-19 situation, there are a lot of people using this platform in an insecure manner. The entire world is moving to a virtual platform, and hackers are working on ways how to exploit it. Zoom becomes a preferred choice because of the kind of growth we’re seeing,” Sameer says, adding that “this makes us stronger to try and make our platform even more robust.”
So, all that’s happening has nothing to do with the fact that Zoom is technically not as private and secure as some of its other rivals? Is it not to blame for its many flaws? And mistakes?
“Obviously there were some missteps from our side,” Sameer says.
Some Zoom calls were until recently being ‘mistakenly’ routed through China — for non-China users.
“Yes, that was a mistake on our part. But, you need to understand that our infrastructure is such that when you join any meeting, if a free user also joins the meeting, it first goes to the US where we have a cluster of data centers and servers. If all the 17 data centers (there) are busy, only then will it (the data) have gone to China, which is a very remote possibility. It was a human error and we have made sure that this doesn’t get repeated,” Sameer says.
Zoom now allows all paying customers to explicitly choose which data center their calls are routed from. This includes both opt in as well as opt out options, although Zoom notes that users won’t be able to opt out of their default region. And, “data of free users outside of China will never be routed through China.”
The sudden surge in usage has uncovered unforeseen issues with the platform, while security researchers are helping it identify pre-existing ones. But at least, Zoom is not being defensive about its flaws. Even during an intense crisis, the company seems to be thinking about end-users.
“We are deeply focused on what we do and the message from our CEO to all our leadership is very simple, that few years down the line when somebody sits back and looks at the fact that what happened during the COVID-19 situation, we want to be remembered as a company that helped humanity. We are really not concerned about what the competition does or what they are into or how they stack up or how we rank. Our main focus right now is getting people together and helping them as much as we can.”
As for convincing the governments and the end-users, Zoom believes, “we will convince them because we are sure about the security of our platform. We are sure about the privacy of our users on our platform. We will convince them with facts and necessary documents. And once that is done, I am sure by doing the right things we will get our customers back.”