The coronavirus crisis has boosted its notoriety. Having become essential both for aperitifs and for telecommuting meetings, the Zoom videoconferencing platform has drawn criticism from the American authorities and has focused attention on its activities.
Listed on the Nasdaq, the Californian company has 2,700 employees, including fifteen in France. Its director for France, Loïc Rousseau, wanted to respond to the attacks during a long interview. Via Zoom, of course.
In just a few months, Zoom has grown, according to your figures, from 10 million daily users worldwide to 200 million. Weren't you overwhelmed by this success?
LOÏC ROUSSEAU . We are focused from the start of the coronavirus crisis on adapting service accessibility and integrating new traffic. We had seen the example of China, where part of social life was transferred to videoconferences, particularly with the closure of schools. Our founder, Eric Yuan, who is of Chinese origin, immediately took the measure of the event by increasing the network capacity with the creation of two additional data centers or "data centers".
He suspected that solutions like ours were going to gain momentum in this context, and that's why we had no problem bearing the load. Our specifications involved doubling the network capacity with low bandwidth to be accessible even in countries with a more fragile Internet network.
Speaking precisely of "data centers", are the video conservations on Zoom stored somewhere?
Newsletter - The essentials of the news
Every morning, the news seen by Le ParisienI'm registering
Your email address is collected by Le Parisien to allow you to receive our news and commercial offers. Find out more
The advantage of our platform is to connect users with one of our 17 closest data centers. This allows in particular to avoid latency. We do not store videos unless you record the conversation. Video data, which is encrypted with a protection key, only passes through these “data centers”. Our conditions of use comply with the legislation and the General Data Protection Regulation (GDPR) since the start of its application in 2018.
Your recent success has caught the attention of hackers looking for security holes in your platform. According to the American media Vice, hackers have sold two unknown vulnerabilities (“zero day”) for $ 500,000 in order to spy on conferences…
I have not yet seen this information pass. I think the following: for most companies, cybersecurity specialists, who are sometimes also hackers, contribute to the “bug bounty” circuit, that is to say the paid search for flaws in the system. This is then published in the press, but we often learn about our security vulnerabilities directly from the media without having been asked before to resolve them.
Security and respect for privacy are paramount to us. If a security breach is discovered, we will take the problem head on.
The platform has also been the victim of a phenomenon of unexpected intrusions into virtual meetings, dubbed “zoombombing” on social networks. What steps have you taken to end it?
Internally, we are rather talking about the generic term "meetingbombing", or intrusion into a meeting, because all our competitors are also affected by these malicious acts. We are just more visible at the moment with the explosion in the use of our services.
We have seen a boom in the number of consumer accounts, although it was originally a professional tool. You need know-how and good use, such as not giving your meeting code in public or setting up a waiting room and password to protect the meeting.
We urgently translated, especially into French, good practices and tutorials on YouTube. We have also updated the security settings which are easily activated. You have to appropriate the tool.
Another recent controversy concerns the sharing of data from users of the application with Facebook. Is it still relevant ?
We never shared any data, this was done without our knowledge. It was possible to log in with a Facebook account and, during this authentication procedure, data was collected. We have never collected or sold data ourselves. We resolved the problem within 24 hours after apologizing and making the necessary changes to stop sharing. To my knowledge, Facebook no longer has any way of retrieving personal information from our users.
Cybersecurity firm Cyble has announced that it has seen 530,000 Zoom accounts for sale on the Dark Web. How did you react ?
We learned about it on Wednesday and our new security chief, Alex Stamos (Editor's note: ex-Facebook) spoke of it frankly during our online public meeting. This is inherent in all software companies. Hackers combined easy-to-find email addresses with passwords stolen elsewhere to recover Zoom accounts.
These are free personal accounts that have not been used for several months and have not made the latest updates. They will be deactivated during the day.
The parliamentary mission, which hears the government by videoconference, calls on Zoom despite the risks and the controversies. Has a special device been put in place?
I guess the technical teams have been well trained. I know that the Elysée and the National Assembly have professional accounts for our platform. We had discussions two or three weeks ago and each time a local engineer demonstrated the proper use of the tool and its protection. In any case, we have not signed a global contract with the National Assembly.
We have no security problem on the network because several major players in the CAC 40 use us after having carefully studied our devices for protecting their video meetings. We were surprised and disappointed by this abnormal “bashing” when we are recognized and have the confidence of large global companies.
