Remotely Held Classes and Zoom

Date: Tuesday, April 7, 2020
To: DEANS AND DIRECTORS
From: Clay Shirky, Vice Provost for Educational Technologies; Maria Suarez, Global University Chief Information Security Officer; Ben Maddox, Chief Instructional Technology Officer

In the aftermath of some recent questions and concern about Zoom, many faculty have been contacting IT, the Provost’s Office, and doubtless people in your office. This memo outlines the issues and some common misconceptions, as well as our response about why NYU believes it can safely and effectively carry on with Zoom.

Feel free to share it widely.

We break the issues into three categories, below:

• Privacy and Security
• Responses to intruders in Zoom sessions "Zoombombing"
• Faculty training

The key points are:

• Several recent media reports have overstated the risks from Zoom.
• Where issues do exist, they almost all involve the free product, which has a different and more permissive set of defaults than the version NYU licenses.
• Our Information Technology Division (IT) is in close and daily contact with Zoom engineers and management.
• In the cases where security issues have surfaced, Zoom has fixed them effectively and expeditiously.

When NYU moved to Zoom, we took two years to evaluate the product and set sensible defaults for NYU. We are confident that even under enormous new load and scrutiny, Zoom remains a stable and secure platform for NYU’s videoconferencing needs.

Privacy and Security

Our experience has been that Zoom has had surprisingly few issues with securing their platform for their university clients, and that when there have been real issues, Zoom has fixed them quickly. Moreover, few of the issues raised in the media would affect NYU.

Among specific reports

• Reports of Zoom-related Privacy Issues: Recent reports have raised concerns regarding the security and privacy of Zoom, including the decisions by the NYC Dept of Education. Zoom users in the NYC public school system were using a mixture of free and paid versions. In contrast, NYU maintains security settings for a single, university-wide instance of Zoom, and requires NYU users to authenticate.
• Unsecured videos: The recent suggestion that stored Zoom videos are unsecured is misleading: this only applies to videos users download from Zoom and re-upload elsewhere, and does not affect videos stored with Zoom.
• Archiving of private chats: The recent suggestion that private chats in Zoom are being archived is misleading: in fact, the only chats that may be archived are chats the user themselves participates in. Private chats between two meeting participants are not archived by the host.
• Mistaken assumptions related to email: The observation that Zoom sometimes mistakes users of small email providers for members of the same company only applies to the free version of the product.

Responses to Zoombombing

As noted above, a specific issue that has emerged is “zoombombing,” an unauthorized entry into a Zoom meeting.

NYU has experienced few issues with Zoombombing. There are a number of solutions that can reduce the likelihood to near zero. Our IT Division has created a page with information to address a number of questions, including Zoombombing: www.nyu.edu/it/zoom/security. And any deans or faculty members with questions can send them to security@nyu.edu.

Faculty Training

We understand faculty concerns here. Zoom has gone from optional to critical in the span of a few weeks, and if something were to go wrong, it would have serious consequences. Zoom offers more secure settings which faculty can personalize to accommodate a range of academic and administrative needs. Faculty should be reassured by the following:

• Faculty can get support from their school’s instructional technologist, or from IT, at askIT@nyu.edu. We have a considerable body of experience in assisting faculty with Zoom and offer training sessions daily.
• NYU is a long-standing institutional client of Zoom. We are in daily contact with their engineers and management. When NYU flags a security issue, Zoom addresses it promptly.
• The single most effective thing NYU faculty can do to minimize difficulty with the platform is to always log in to Zoom via nyu.zoom.us before starting a class or meeting. That way they will be assured of operating with the default settings NYU has specified.
• If you need to install the Zoom client, visit nyu.zoom.us/test. If you have the client already, it will pop up. If you do not, it will offer to install the NYU-approved version. (If you are in doubt, uninstall Zoom and re-install with this method.)
• Where faculty are expressing concern, it would be enormously helpful to know if they are reporting a) an issue that is affecting them? or b) something they have seen elsewhere? and, if b), what the source was?

Notwithstanding the reports raising questions about Zoom, so far our experience has been pretty positive and absent major problems. Over 99% of our courses are being held successfully. It has been an effective tool for NYU during remote instruction.