Video Conferencing Security

We hope to address any privacy concerns within the Oxy community and share our own insights, particularly in the wake of increased scrutiny on Zoom and other video conferencing platforms:

• NPR: Zoom Has A Dark Side — And An FBI Warning
• The Verge: Zoom adds new security and privacy measures to prevent Zoombombing
• Tom's Guide: Zoom privacy and security issues–Here's everything that's wrong (so far)
• Technical Overview and Analysis of Security Issues by Citizen Lab Research Group

The Academic Continuity Planning (ACP) team has created resources and recommendations to spread awareness of these issues and mitigate the risk of “Zoom-bombing” or other disruptive activities. Please consult the information provided below by the three video conferencing services offered at Oxy:

• Zoom CEO's Statement about Security and Privacy
• Google Hangouts Meet Security Information

All three companies offer encryption and employ other security protocols to protect their platforms. Due to valid concerns about Zoom’s encryption and data sharing protocols raised by Citizen Lab and other organizations, we welcome the opportunity to engage in dialogue with the community at large. If you feel that you require stronger privacy and confidentiality for your meetings than these services offer, we ask that you contact James Uhrich at uhrich@oxy.edu to discuss the best available options.

Measures taken to make video conferencing more secure at Oxy

Zoom

The settings below have been enabled for all Oxy Zoom meetings by default for all Zoom users. You may wish to disable some of these security features, depending on your purposes:

• Require a password when scheduling new meetings* (Locked)
• Require a password for instant meetings (Locked)
• Require a password for Personal Meeting ID (PMI) (Locked)
• Disabled embed password in meeting link for one-click join (Locked)
• Only meeting hosts can screen share by default (Optional)
• Disabled the Join Before Host option so the host must start the meeting before participants can enter (Optional)
• Enabled the Waiting Room option to admit participants** (Optional)
• Disabled Allow Removed Participants to Rejoin setting (Optional)

*Changing any settings in a meeting scheduled before April 5th will prompt Zoom to add a password without notifying the host or any participants. If you change any settings on a specific meeting, be sure to check what the new password is, change it if necessary, and share it with participants.

**Late arrivals or users who leave the meeting for any reason will have to be admitted or readmitted from the Waiting Room by the host.

The most important of these settings requires ALL meetings to have a password. All meeting attendees must enter the password to access the class/meeting for all meetings you schedule as of 04/05/2020. The password, which can be edited or simplified, will be included in the meeting invitation.

NOTE: We have not yet required passwords retroactively to all existing scheduled meetings, although we are exploring this option. If we do so, we will let you know and provide the appropriate instructions to share with your students and colleagues.

You can read more about these and other settings to better manage your Zoom sessions on our page about Zoom-Bombing.

Google Hangouts Meet

Google Hangouts Meet requires participants to authenticate via Oxy login before scheduling or joining a meeting. Authentication using Oxy credentials is one method that may reduce the risk of unwanted participants joining the meeting. Even with authentication, we strongly recommended refraining from sharing meeting links publicly.

Most Importantly

The best way to prevent Zoombombing and unwanted participants in any meeting is to limit access to meeting links only to invited participants. Do NOT share meeting links publicly, and discourage your meeting invitees from doing so. The addition of passwords also significantly limits the risk of disruption.