All Harvard Zoom Meetings To Require Password, Restrict Screen Sharing Beginning Wednesday

Amid nationwide reports of so-called “Zoombombing,” Harvard University Information Technology will activate password protection by default on all Harvard meetings held over Zoom beginning Wednesday.

HUIT will also restrict the ability to share one’s screen with other meeting participants to the host by default, HUIT spokesperson Tim Bailey wrote in an emailed statement.

The novel coronavirus pandemic has forced work and teaching at Harvard online — much of it to the videoconferencing platform Zoom. As the number of Zoom users across the world has skyrocketed, the company has faced criticism over its privacy and cybersecurity features.

Companies and schools nationwide have faced incidents of so-called “Zoombombing,” in which uninvited individuals enter a meeting and share inappropriate or hateful material through Zoom’s audio or screen-sharing functions.

In response, Zoom and even the FBI have encouraged users to make meetings private by requiring a password or enabling a waiting room setting to vet attendees before they enter the meeting. In a March 20 blog post, the company provided tutorials on its privacy features and encouraged users not to share meeting links publically or on social media.

Out of more 73,000 meetings conducted across the University thus far, HUIT has received two reports of “unauthorized access,” according to Bailey. He wrote that the “enhanced security features” HUIT will activate Wednesday are intended to increase the privacy and security of Zoom meetings and classes.

“As the University has transitioned to virtual learning, privacy and security remain of the utmost importance to HUIT,” Bailey wrote. “We have, and will continue to, work with Zoom to address any concerns regarding this critical tool for remote teaching and learning.”

“We are pleased with Zoom’s response so far, including quickly fixing reported vulnerabilities,” he added.

Though Harvard affiliates use the application through a University subscription, Zoom announced that, as of Saturday, the same security measures Harvard is implementing have been made standard for individual users on free accounts.

The company has faced scrutiny for a number of other security issues in recent weeks. Vice News first reported on March 26 that Zoom was sharing some user data with Facebook, a practice the company said it ended the next day. The company also removed a feature that allowed meeting hosts to track the attention of attendees and admitted it had incorrectly suggested in the past that its app used end-to-end encryption.

Zoom Founder and CEO Eric S. Yuan wrote in an April 1 blog post that he was “deeply sorry” for the security lapses, adding that an influx of users amid the pandemic had allowed the company to uncover “unforeseen issues.” He outlined a number of steps the company was taking to improve cybersecurity.

“We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home,” Yuan wrote. “We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.”

“We recognize that we have fallen short of the community’s – and our own – privacy and security expectations,” Yuan added.

—Staff writer James S. Bikales can be reached at james.bikales@thecrimson.com. Follow him on Twitter @jamepdx.