(NOTE: I wrote this yesterday. Since then, New York schools have stopped using Zoom because of this concern and Zoom is going to change some settings as of Monday to make bombing harder.)
Remember that time you went to a meeting of the local Planning Board, only to see a teenager jump on the table, make rude noises and expose himself?
No? In the era of online governance, it’s probably a matter of time.
Just ask the Vermont Senate Committee on Agriculture, which had an online hearing disrupted Thursday by a vandal who, in the words of news site VTDigger, “screen-shared pornographic videos before reaching into his pants.” Happily, no further details were provided.
I’m sure the esteemed legislative body won’t be the last such victim.
As the Monitor and others have reported, many local government agencies are scrambling to use the suddenly popular program Zoom to host multi-person government meetings. Many of these agencies, particularly in small towns, have little experience with group video conferencing (by which I mean “none”) and not much technical expertise among staffers, making them vulnerable to vandals.
Zoom is pretty easy to use once you figure out minor details like where your laptop camera is pointing, but as its usage has soared – it has gone from 10 million users to 200 million within a week or two – the software’s weaknesses have become apparent. Security issues that nobody cared about and privacy practices that nobody looked into have been thrust into the more glaring of spotlights, and it hasn’t been pretty.
In particular, it’s easy to break into a video conference unless certain actions are taken which aren’t obvious to the newbie user, and are complicated if you’re holding a public hearing.
The cutesy term for such vandalism is “Zoom bombing,” a play on “photo bombing” or jumping into somebody else’s picture as it is being taken.
Zoom bombing is spreading like crazy among the bored riff-raff that ruin so much of the online experience. On Twitter and Reddit and Discord and other online gathering places, folks are swapping meeting IDs so vandals can break into random Zoom conferences. There are also reports that automated tools called “war dialer” have been developed to guess meeting codes, the Zoom bombing equivalent of the telephone dialing systems that badger us with spam calls.
The Better Business Bureau has some excellent suggestions for making life harder for the vandals, like only letting hosts share their screens, or using unique IDs for every session. However, they add a level of complexity that newcomers might find taxing (“Navigate to Personal > Settings > In Meeting (Basic) and look for Screen sharing” is a typical bit of advice).
Worse, some of them are incompatible with local governance, such as not widely sharing the Meeting ID. Widely sharing contact information is the whole point of a public meeting, after all.
Vulnerability to vandals isn’t the only problem with Zoom. It is less secure than originally thought – no end-to-end encryption – and there have been media reports of some unexplained data exchanges with overseas servers. That’s why the government and many corporations have forbid its use, fearing the loss of secrets.
Zoom also has sold user data with Facebook, raising huge privacy concerns. And some pretty alarming bugs have been found, including one that lets hackers completely take over a Mac that is running the app, controlling its camera among other things.
None of this means that governments should abandon video conferencing, of course. That’s the only way to keep the public informed when we’re all huddled in our homes and, frankly, we probably should have been doing more of it all along.
But it does mean that you just might find more excitement than expected next time you check on the Zoning Board of Adjustment. Especially if you see somebody reach into their pants.