Do You Know What Information Zoom Has About Your Communications?
Mediators, arbitrators, litigators, and parties are rightly concerned about the confidentiality of communications. Mediators rely on the mediation confidentiality protections in the California Evidence Code, sections 1119 et seq, and litigators and arbitrators rely on confidentiality agreements. Today, many of us are using online videoconferencing platforms to communicate, and we also seek assurances that those platforms preserve confidentiality. The widespread use of Zoom led to concerns about how Zoom communications were encrypted, and also led to the use of passwords and waiting rooms to protect participants from unwanted intruders. And it is common at the beginning of Zoom conferences, if not earlier, to insist that participants agree that they will not take screen snapshots, or record Zoom video or chat.
But what information does Zoom preserve that might be reached by a government agency or a subpoena?
There are several online sources that are helpful in answering this question:
First and foremost, the Zoom Government Requests Guide is the place to go. The Guide discusses types of data Zoom has, data retention practices, preservation requests, U.S. and international government requests for user information, notification to users of requests for user or meeting information, details that must be included in information requests, production of documents, user consent, emergency requests, and expert witness testimony and authentication of records.
Zoom provides the following high-level summary of types of data it has: "We obtain data that users provide to us, as well as data that our system collects. We may also obtain some data from visitors to our marketing websites. . . .We have not built a mechanism to decrypt live meetings for any purpose, including lawful intercept, and we do not have the means to insert our employees or others into meetings without that person being visible as a participant. As such, we do not collect or maintain information related to meeting content unless requested by the meeting host, for example, to record and store the meeting in our cloud. Zoom does not sell user data and we have no intention of selling user data going forward."
Zoom's information about data it has should be read together with its Privacy Statement.
Our takeaway is that metadata may be kept by Zoom, as well as video, audio, and chat recording that the user decides to store in the cloud. The limitations to accessing such information are set forth in greater detail in the Guide.
Second, in addition to the policies described on the Zoom website, take a look at the Stored Communications Act, 18 U.S.C. sections 2701-2712. This is a law that addresses voluntary and compelled disclosure of "stored wire and electronic communications and transactional records" held by third-party internet service providers.
Third, here are some articles still available online, at the time of this post, that are relevant to understanding the accessibility of Zoom's data:
- Dan Zelenko, Nimi Aviad, John Davis, Rukiya Mohamed and Bridget Carr, Anticipate Gov't Subpoenas of Your Zoom Recordings, April 23, 2020, Law360
- Suhauna Hussain, Is Zoom safe to use? Here's what you need to know, April 13, 2020, Los Angeles Times
- Nico Grant and Candy Cheng, Zoom Says Subpoena Is Needed to Work with Law Enforcement, June 5, 2020, Los Angeles Times