Many teachers are using the ZOOM videoconferencing tool for their online classes, but there have been numerous complaints about ZOOM classes being hacked, and intruders interfering with the class or expressing inappropriate comments.
Consequently, the New York City Department of Education is forbidding teachers from using ZOOM.
New York City has banned the video conferencing platform Zoom in city schools weeks after thousands of teachers and students began using it for remote learning.
The education department received reports of issues that impact the security and privacy of the platform during the credentialing process, according to a document shared with principals that was obtained by Chalkbeat. “Based on the DOE’s review of those documented concerns, the DOE will no longer permit the use of Zoom at this time,” the memo said.
Instead, the guidance says, schools should switch to Microsoft Teams, which the education department suggests has similar functionality and is more secure.
The change is likely to cause headaches for schools and families, as the use of Zoom became widespread after the city shuttered school buildings on March 16 and moved over a million students to remote learning a week later.
Not all schools use Zoom, though many have since the platform offers a free version and is relatively simple to set up. Last month, the city’s Panel for Educational Policy met via Zoom, a meeting that included schools Chancellor Richard Carranza and other top officials.
But the platform has also caused problems for educators and has come under fire nationally for a range of security and privacy issues.
In some cases, students have taken to “Zoombombing” online classes, essentially logging into online classes uninvited and hijacking everyone’s screens with inappropriate images or audio. “Zoombombing is no joke. I don’t think we were ready for that,” Pat Finley, a co-principal at the Metropolitan Expeditionary Learning School in Queens, previously said.
Students have also sometimes flooded the platform’s chat function with inappropriate comments, disrupting virtual instruction.
Last week, New York Attorney General Letitia James raised concerns about the platform, including whether third parties could secretly access users’ webcams, reports that the company shares data with Facebook, and whether the company was following state requirements about safeguarding student data.
Diane Ravitch's blog 
Yes. This platform is easy to use and that is part of the problem. This is not the only one with problems, even if the school or district has a contract for the platform. TEAM is another one that many teachers are using. Both meet the teacher’s desire to have an online meeting place for an entire class, with each student present.
According to one tech report I read, Microsoft teams is designed for internal use and requires use of a Microsoft platform (Microsoft Office 365) for smooth operation. Zoom can be used no matter what your system is because it is web based and not dependent on proprietary software.
Just saw a long interview with Gates, from his home, about the pandemic. He managed to plug Teams over and over during the interview.
Never knew education decision makers in NY cared so much about student privacy.
(Not to say there aren’t issues regarding Zoom.
At my school, some intrepid high-school students managed to lay their hands on some teacher log-ins and to commandeer the printers in classrooms throughout our buildings. So, in the middle of class, the printer would fire up and start printing out inappropriate stuff. A relatively simple prank. This ad hoc distance learning stuff that’s going on now is an invitation to a lot of such nonsense. None of this was thought through.
And yes, about those packets. SARS-Cov2 persists on paper for 3-4 days.
Well, we lost 50 parents and 12 students due to Covid-19 transmission via packets sent home, but hey, the gerunds worksheets got done! So, all in all, an acceptable trade-off, right?
I trust you all who respond (well, most) – but where is this reported? That would be good to have and the circumstances of how they are distributing them and kids and adults got virusb
“Well, we lost 50 parents and 12 students due to Covid-19 transmission via packets sent home, but hey, the gerunds worksheets got done! So, all in all, an acceptable trade-off, right?”
time to hear these words and KNOW where we are with so much tech being pushed into our daily lives: None Of This Was Thought Through
It’s ironic that we now have to rely on tech during a real virus outbreak when computer viruses have been around because techies didn’t think about defensing against them.
We can view computer viruses as a few decades long experiments before a real virus outbreak.
For hackers, this is a dream come true: they can use the increased reliance on the Internet to come up with more computer viruses while they are sitting in their dark dungeons safely since they are the part of the populationwhich don’t go outside and don’t socialize.
This whole thing is just a small screen in the big picture: technologies have been developed much faster than their safety and moralistic impacts could be evaluated. Can we count on learning the lesson and slow down “progress” for the sake of humanity’s future?
A report in Chalkbeat says that the NYC Dept of Ed “has already created Microsoft accounts for all students.” Aie yie yie. Here we go.
So … we began with Google Hangouts, then told to stop and use ZOOM. At least our students were used to using their school gmail accounts and Google Classroom. Now we’re all going to expect parents and students to learn a completely unfamiliar and pathetically non user friendly platform promoted by he who hates public schools. Is there any intelligent life out there in the rarified air of the powers that be? Any?
ZORG: Third planet from Sun. Some signs of intelligent life among the field mice.
I AGREE WITH RL!! It’s hard enough trying to teach from home, and that’s not helped by the babyish cartoon bubbles that float in and out of my screen for no apparent reason in Microsoft Teams. It’s confusing and “pathetically non-user friendly”.
Answer to RL question: no. Nobody will say: we need to control tech development, nobody will control big tech companies to play with our kids’ data and education.
I use Zoom – as long as you are careful about your privacy/security settings, it works pretty well. I use it a lot for my non-school meetings – personal, business, and even church services. I think this is an overreaction to people not using it appropriately.
I, too, am usign Zoom for my middle school and university (undergrad and graduate) courses. I record each session and use the recommended log in with password and have seen no problems. I laid down the law regarding online behavior and have not had any problems.
I have been using Zoom for my classes for the last couple of weeks and I agree it works pretty well. My institution defaults to prevent non-hosts from sharing screens and the URL’s for my courses are not public. That probably helps.
This is a mistake. ZOOM is fixing the problem. Over reaction at the state level. Many schools are also using Google Classroom.
>
Dayna, yours is the first expert opinion I read which dismisses the security and design flaws in Zoom. All others I found thought, Zoom is particularly badly coded, and the company is badly reacting to security and political concerns.
Here is what one of the most respected experts is writing in the intro to his blog entry:
Over the past few weeks, Zoom’s use has exploded since it became the video conferencing platform of choice in today’s COVID-19 world. (My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom.) Over that same period, the company has been exposed for having both lousy privacy and lousy security. My goal here is to summarize all of the problems and talk about solutions and workarounds.
In general, Zoom’s problems fall into three broad buckets: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.
Privacy first: Zoom spies on its users for personal profit.
…
And that China connection is worrisome. Citizen Lab again:
Zoom, a Silicon Valley-based company, appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software. This arrangement is ostensibly an effort at labor arbitrage: Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities.
Or from Chinese programmers slipping backdoors into the code at the request of the government.
https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html
The Zoom blog in the WP article and the teacher tips are good (use new invitation log ins each time; use the waiting room, etc.)
There are two issues here:
Potential hacking …. that’s a major privacy concern.
ZOOMbombing –
That’s a practical concern on any platform – – and it can be intentional bullying / hate; intentional pranks, and accidental.
On the latter – most everyone is not used to having a kid on a computer for hours (too long but still) with the camera on and going about their day in the background.
The issue with ZOOM, TEAMS, and others is the teacher’s capacity to turn off the student cameras.
One-way video with two-way audio is sufficient for any read-aloud, experiment demonstration, or other lessons. Kids’ cameras do not need to be on. They can even sing together or and don’t need to see each other.
Maybe jumping into meets and zoom too hastily is a mistake. If we assume that it’s all being recorded, there will be ramifications that we have yet to recognize. I talked to CTU yesterday to be sure that they did not agree to any video conferencing as part of our remote learning requirements. I recommend Classroom and your phone and/or email. That’s it. Maybe DOE can hire teachers to make the software to meet the needs of 5 year olds to 14 year olds. Non-profit
This is another huge disruption to NYC schools and students, which are already reeling.
Isn’t social media wonderful? It used to take face to face (or telephone to telephone) to create a hysterical reaction to a perceived danger. What has happened to reasoned analysis and thoughtful responses? I would wager that most of the complaints are from people who have paid little attention to those annoying details of using a new toy that are a necessary part of implementation. In the “olden days,” my father put together a green house for my mother with less than full attention to the details. It blew away and broke apart because he neglected to stake it down per instructions.
The security and privacy concerns are quite real and many are not simply a result of “people who have paid little attention to those annoying details of using a new toy”
This article mentions some of the issues that have been discovered. I suspect there will be more.
https://www.tomsguide.com/news/zoom-security-privacy-woes
Thanks, SDP. Fortunately, the problems seem to be easy fixes mostly since several have already been fixed. Too fast a transition from in-house company stuff to more public venues with issues they had not anticipated seems to be the major reason for problems.
I spent a good part of my career as a software developer and will just say that security and privacy issues should have been a top priority for Zoom, particularly for the online class application.
Some of the issues might be easy fixes (and might already have been addressed) but the folks at Zoom won’t get any slack from me because many of the problems should have been anticipated and dealt with before it was loosed on schools.
Also, I really have to wonder how many more problems lurk under the surface. The problems we have seen are an indication of their development process (or lack thereof)
I think people have become so used to dealing with software that is like Swiss cheese with regard to security and privacy (MS windows) that they are too willing to give companies a pass when it happens.
One thing is good , though. Zoom has attracted the attention of computer security experts who are undoubtedly probing it’s weaknesses at this very moment.
It is likely that they will discover more, though we may not hear about them . They may just quietly report them to Zoom so they an be fixed with a “patch of the day” like MS Windows.
While I appreciate the concerns about Zoom (I have those same concerns), Microsoft Teams is glitchy and not particularly user friendly. I cringe at the thought of having to use it. It’s certainly not a panacea.
“Microsoft Teams is glitchy and not particularly user friendly.”
What a surprise.😀
Most of the stuff MIcrosoft makes is more like a canaworms than a panacea.
Let’s not forget that Chalkbeat is supported by Gates and it’s often recommended to use MS Teams instead of Zoom, as if it was more secure. Were there any cases where the security features offered by Zoom didn’t work against Zoombombing? In K-12, disallowing screen sharing (which can be lifted individually) and using the waiting room (from where only those students can “come in” to the classroom the teacher allows) should work fine.
No doubt, if an attacker steals the email which contained the zoom meeting invitation, or breaks into the student’s email account, the bombing can happen. But this simply indicates that online teaching is way less secure than brick and mortar one, since all online meeting platforms are vulnerable to hackers.
I add that zoombombing is just one of the problems with Zoom. See my link to Bruce Schneier’s post about Zoom.
Here is what Bruce Schneier, the most wellknown and respected computer security expert, writes about Zoom’s security and privacy problems. Not good…
Over the past few weeks, Zoom’s use has exploded since it became the video conferencing platform of choice in today’s COVID-19 world. (My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom.) Over that same period, the company has been exposed for having both lousy privacy and lousy security. My goal here is to summarize all of the problems and talk about solutions and workarounds.
In general, Zoom’s problems fall into three broad buckets: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.
…
there is no one at the company who knows anything about cryptography.
…
And that China connection is worrisome. Citizen Lab again:
Zoom, a Silicon Valley-based company, appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software. This arrangement is ostensibly an effort at labor arbitrage: Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities.
….
The New York Attorney General is investigating the company. Security researchers are combing through the software, looking for other things Zoom is doing and not telling anyone about. There are more stories waiting to be discovered.
…
Zoom is a security and privacy disaster, but until now had managed to avoid public accountability because it was relatively obscure. Now that it’s in the spotlight, it’s all coming out.
Schenier uses the words “awful”, “malicious”, “disaster”, “lying” to describe the Zoom company’s actions both in coding and company management.
https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html
“awful”, “malicious”, “disaster”, “lying”
When is he going to get to the critical adjectives?😀
Does anyone know for sure whether the NYC DOE was using the free version of Zoom or the one that businesses generally use? I think there are three levels.
As far as I can tell, the “security” of Zoom doesn’t really depend on whether you are suing the free or nonfree versions. For starters, meeting invitations should not be posted publicly. Instead, they should be sent out to the invited participants in email.
I’m a little late to this discussion, but does anyone know if the NYC DOE was using the free version of Zoom? As I understand it there are three levels and only the lowest security level is free.