After Spike In Zoom Sessions, And Zoombombings, Company And Authorities Get Down To Business

April 19, 2021

By Anand Vasu

Last week, San Jose-based videoconferencing platform Zoom made a big announcement, which it labeled, “On Academic Freedom for our Higher Education Users.” The crux of the statement was that in the case of Zoom meetings and webinars hosted by a higher education institution, the company’s Trust and Safety team would only act on reports alleging content-related violations of prescribed Community Standards or Terms of Service that originated from the meeting’s host or the account’s owners or administrators, except in three cases. If Zoom determined that there was a legal or regulatory risk to the company if it did not act; or an abuse report alleged an immediate threat to the physical safety of any person; or the meeting or webinar was unrelated to the institution’s academics or operations.

This release came in the aftermath of criticism Zoom received for canceling a university-organized event last fall in which Leila Khaled, a member of the Popular Front for the Liberation of Palestine (PFLP), was scheduled to speak. Subsequently, Zoom reportedly began conversations with academicians and their legal representatives on how to balance university-blessed free speech and academic freedom with their terms of service. The PFLP has been designated a terrorist organization by the United States, European Union, Japan, Canada and Australia. 

Zoom’s Trust and Safety program has had an interesting, controversial, and somewhat high-profile year with a sharp rise in virtual conferences after global lockdowns because of the coronavirus pandemic, especially with a large number of children being online, and Zoombombers, also called Zoom-raiders, hijacking and disrupting virtual meetings by posting material that is obscene, racist, sexist, homophobic, Islamophobic, or antisemitic. Some of the material is downright violent, and criminal.

In June last year, Motherboard detailed how a 60-person meeting of a German economic thinktank was interrupted by a user called “Christoph H,” who played a video depicting what appeared to be a four-year-old child being raped. The shocked virtual hosts reportedly took a few seconds to kick out the man and resume the conference, when another mystery caller dialed in and shared another rape video on screen. They ended the meeting. 

In April 2020, Zoom stated it had more than 300 million daily meeting participants. A month later, in May 2020, the FBI issued a rather dire release. It stated that over the past few months, FBI agents had received more than 195 reports of incidents throughout the United States and in other countries in which a Zoom participant was able to broadcast a video depicting child sexual abuse material (CSAM). The release stated that “the FBI considers this activity to be a violent crime, as every time child sexual abuse material is viewed, the depicted child is re-victimized. Furthermore, anyone who inadvertently sees child sexual abuse material depicted during a virtual event is potentially a victim as well.”

The abuse isn’t just on Zoom, but with the popularity of the platform soaring, Zoom has had little choice but to take serious note. In October 2020, the Chicago Tribune reported on how an 18-year-old local man, out on bond for a gun case, inadvertently livestreamed himself sexually assaulting a 7-year-old first grader during a remote learning class, reportedly on a Google e-learning platform. The first-grader’s teacher immediately reported the incident to authorities and the man was later arrested.

While the child sexual abuse material and depictions are the most egregious, there have been other issues. In September 2020, for instance, the U.S. Department of Justice announced that a University of Houston student, Ibraheem Ahmed Al Bayati, had been charged with “making threats or conveying false information to destroy by means of fire or explosives and making a threat over interstate commerce.” On Sept. 2, 19-year-old Al Bayati, identifying himself as Abu Qital al Jihadi al Mansur, joined a UH student lecture via Zoom. Shortly thereafter, he allegedly interrupted and said “what does any of this have to do with the fact that UH is about to get bombed in a few days?” According to the criminal complaint, he then uttered an Arabic a phrase that means the “Islamic State will remain,” held up his index finger, and repeated the phrase before exiting the conference call.

The Anti-Defamation League reported that by Feb. 25, 2021, at least 30 instances of Zoombombing had disrupted Black History Month events in the U.S. with violent imagery and racist slurs.  February is traditionally celebrated as Black History Month each year. The attackers went after all sorts of events, from film screenings to poetry competitions and panel discussions. The ADL stated that the events were often coordinated on platforms like 4chan, where “anonymous users openly coordinated and encouraged some of the targeted attacks throughout February, sharing Zoom links for Black History Month events and suggesting strategies for when and how to disrupt scheduled speakers.”

What Exactly Is Zoombombing?

Simply put, it is the process in which unauthorized individuals gain access to a Zoom meeting and then disrupt it. The disruption can come in various forms: Individuals turning on and off their cameras in order to slow things down, shouting slogans, or racial slurs or abuse, or the sharing of offensive or abusive content through screen sharing, with images or video calculated to go after the gathering in question. In some cases, the number of attackers simultaneously joining a Zoom meeting could be so high that it would become impossible for the intended participants to even comprehend what was on their screens.

On Sunday, April 18, the Seattle Times recalled one such occurrence in detail. On February 9, Seattle University senior and Black Student Union President Adilia Watson hosted a movie screening for around a dozen students as part of the Black History Month. Soon after the Zoom session began, hijackers took over the meeting, calling the participants “monkeys” and using other methods to disrupt proceedings. Efforts to remove the attackers were unsuccessful and eventually the meeting was shut down. Watson recalled that “it felt like terrorism.”

“Hijackers” have got into other special interest Zoom sessions, such as Covid-19 response events and Asian interest groups. While Zoombombing is believed to have begun as merely a prank, it is now being used by sophisticated groups that hack into sessions.

While there are protocols in place to minimize Zoombombing risks, such as password protecting meetings and permission settings in place to authorize users to enter, these are by no means foolproof or practical, especially with large gatherings. What has become a larger concern is how to legislate against these attacks. In many cases, the Zoombombings are not thought to be serious enough for victims to report them, in others it is unclear who has jurisdiction to follow up.

On March 9, the Metropolitan King County Council in Washington, one of the largest counties in the United States, by population, passed an ordinance that made it illegal to Zoombomb or record mental health and recovery video teleconferences without the participants’ consent. This ordinance allows victims of Zoombombing to file civil suits against their attackers seeking compensation for mental pain and suffering and legal fees.

It’s worth recalling that Zoom has had its share of teething troubles when it grew suddenly, and also security lapses that have been exploited.

In the middle of 2020 Zoom came under criticism for working with the FBI. It was widely assumed that working with law enforcement would mean more monitoring and perhaps even surveillance of users and their behavior on Zoom. However, when it became clear that Zoom was encrypting it’s free and premium services, these fears were allayed.

The company also made it clear what they were attempting to do. “We plan to provide end-to-end encryption to users for whom we can verify identity, thereby limiting harm to these vulnerable groups,” Zoom said in June 2020. “Free users sign up with an email address, which does not provide enough information to verify identity. Zoom does not proactively monitor meeting content, and we do not share information with law enforcement except in circumstances like child sex abuse. We do not have backdoors where participants can enter meetings without being visible to others.”