To Zoom or Not to Zoom?

06/24/2020



If you had never before heard of it, after the coronavirus forced everyone to stay at home, I’m sure you are now at least a little familiar with the videoconferencing tool called Zoom. It has become one of the most popular ways for companies to continue doing business-as-usual as best they can, and is even being used recreationally as a way for people to stay connected as they stay safe at home.

Far and away, Zoom has become the go-to app for lawyers, law firms and courts to communicate during COVID-19. However, as Zoom rose in popularity, reports of hackers immediately followed. The FBI warned consumers of “Zoom Bombing” incidents, which became so widely publicized that Zoom Chief Executive Eric Yuan was forced to address the matter, admitting  Zoom had “fallen short of the community’s – and our own – privacy and security expectations.” Yuan conceded that they “should have done something to enforce password and making room and double-check[ing] every Zoomer’s settings…” and now it appears as though they’ve been able to identify and remedy flaws in their programming to prevent these privacy concerns.

Still, these issues have lawyers and law firms questioning whether they should be using Zoom or not. ABA Formal Ethics Opinion 477 is essential as it relates to the security measures needed for electronic communication. In that opinion, the Committee determined that unencrypted communications are not always sufficient for client communications. Instead, lawyers must assess and then choose the most appropriate and sufficiently secure method of communicating and collaborating. ABA Formal Opinion 477 states specifically:

“[L]awyers must, on a case-by-case basis, constantly analyze how they communicate electronically about client matters, applying the Comment [18] factors to determine what effort is reasonable.”

End-to-end encryption is a system of communication where the only people who can read the messages are the people communicating. And according to a recent article, Zoom does not offer end-to-end encryption in a technical sense, despite their assertions to the contrary. Instead, Zoom admits: “Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection.”

Therefore, the security issues presently make Zoom problematic from an ethical and security standpoint for lawyers and law firms. In other words, we must always be mindful of videoconferencing tools. Before choosing which software to utilize, it is vital that law firms do thorough research about the security and privacy of the software to ensure that confidentiality is protected. While Zoom is widespread and quickly becoming a household name, law firms and attorneys must identify trusted software that has property security and encryption measures through thorough vetting.