Zoom, the popular videoconferencing software, has come to an agreement with the New York Attorney General’s office to address security issues after the state had raised concerns about the company in March.
New York Attorney General Letitia James sent a letter to Zoom asking about whether it implemented additional security measures as it exploded in popularity because of the coronavirus pandemic.
The letter came as a host of other concerns were being raised about the software.
Specifically, the letter asked if “existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network,” according to the New York Times.
The letter pointed to “Zoombombing,” where people online would disrupt videoconferences by joining uninvited and sharing graphic images or shouting racist slurs.
On Thursday, the New York Attorney General’s office said it had come to an agreement with Zoom. As part of it, Zoom agreed to beef up a data security program, conduct risk assessments and software code reviews to stop potential hackers, enhance encryption, and put together enhanced privacy controls for free and education accounts.
“Our lives have inexorably changed over the past two months, and while Zoom has provided an invaluable service, it unacceptably did so without critical security protections,” James said in a statement. “This agreement puts protections in place so that Zoom users have control over their privacy and security, and so that workplaces, schools, religious institutions, and consumers don’t have to worry while participating in a video call.”
Zoom has responded to a number of criticisms brought up against it in recent weeks.
The company announced on Thursday that it acquired Keybase, an encryption and security service, to help make end-to-end encryption available for paid accounts.
Advocacy groups had called on the company to make end-to-end encryption on by default for videoconferences after it apologized for misrepresenting that it offered the feature for years.
Zoom said there was a “discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.”