The videoconferencing app Zoom has come under fresh high-level scrutiny as its popularity soars during the coronavirus pandemic.
New York’s attorney general has written to the firm raising concerns over its ability to cope with the rise in users.
Zoom is now being used by millions of people for work and leisure, as lockdowns are imposed in many countries.
But its data security and privacy measures have been questioned.
The letter from the office of New York Attorney General Letitia James asked Zoom whether it had reviewed its security measures since its popularity surged. It also pointed out that in the past the app had been slow to address issues.
In response to a request from the BBC for comment, a company spokesperson said: “Zoom takes its users’ privacy, security, and trust extremely seriously.
“During the Covid-19 pandemic, we are working around-the-clock to ensure that hospitals, universities, schools, and other businesses across the world can stay connected and operational. We appreciate the New York Attorney General’s engagement on these issues and are happy to provide her with the requested information,” it added.
Users have flocked to Zoom as governments around the world ordered large parts of their populations to stay at home to slow the spread of the virus. It is now ranked as the number two and number one app in the UK and US, respectively.
Zoom has had security flaws in the past, including a vulnerability which allowed an attacker to remove attendees from meetings, spoof messages from users and hijack shared screens. Another saw Mac users forced into calls without their knowledge.
It also doesn’t offer end-to-end encryption, according to online news publication The Intercept. This is encryption that should mean no-one other than participants can see a meeting.
Zoom told it: “Currently, it is not possible to enable E2E encryption for Zoom video meetings.” This means Zoom can access the video and audio of meetings, it reported.
Because Zoom uses email domains to identify users who may be in the same company, the service will sometimes allow small internet service providers’ customers to see each others’ private data, reported Vice’s tech website Motherboard.
The company told Motherboard that it regularly updates a list of private email providers to avoid this.
Zoom has also been criticised for its “attendee tracking” feature, which, when enabled, lets the host of the Zoom call check if participants are clicking away from the main Zoom window during a call.
More recently, the UK Prime Minister Boris Johnson last week tweeted a picture of himself chairing a Cabinet meeting using Zoom, leading to questions about how secure it was.
The company has pushed back at those concerns, telling the BBC: “Globally, 2,000 institutions ranging from the world’s largest financial services companies to leading telecommunications providers, government agencies, universities, healthcare and telemedicine practices have done exhaustive security reviews of our user, network and data centre layers confidently selecting Zoom for complete deployment.”
“We are in close communication with the UK Ministry of Defence and National Cyber Security Centre and are focused on providing the documentation they need.”