Oxy’s digital infrastructure and portfolio of software tools have enabled the College to transition quickly to remote teaching, learning and working. Although these tools support continuity of instruction and operations during the pandemic, the virtualization of our campus entails new risks and challenges.
We hope to address any privacy concerns within the Oxy community and share our own insights, particularly in the wake of increased scrutiny on Zoom and other video conferencing platforms:
- NPR: Zoom Has A Dark Side — And An FBI Warning
- The Verge: Zoom adds new security and privacy measures to prevent Zoombombing
- Tom's Guide: Zoom privacy and security issues–Here's everything that's wrong (so far)
- Technical Overview and Analysis of Security Issues by Citizen Lab Research Group
The Academic Continuity Planning (ACP) team has created resources and recommendations to spread awareness of these issues and mitigate the risk of “Zoom-bombing” or other disruptive activities. Please consult the information provided below by the three video conferencing services offered at Oxy:
- Zoom CEO's Statement about Security and Privacy
- BlueJeans Security Message
- Google Hangouts Meet Security Information
All three companies offer encryption and employ other security protocols to protect their platforms. Due to valid concerns about Zoom’s encryption and data sharing protocols raised by Citizen Lab and other organizations, we welcome the opportunity to engage in dialogue with the community at large. If you feel that you require stronger privacy and confidentiality for your meetings than these services offer, we ask that you contact James Uhrich at firstname.lastname@example.org to discuss the best available options.
The settings below have been enabled for all Oxy Zoom meetings by default for all Zoom users. You may wish to disable some of these security features, depending on your purposes:
- Require a password when scheduling new meetings* (Locked)
- Require a password for instant meetings (Locked)
- Require a password for Personal Meeting ID (PMI) (Locked)
- Disabled embed password in meeting link for one-click join (Locked)
- Only meeting hosts can screen share by default (Optional)
- Disabled the Join Before Host option so the host must start the meeting before participants can enter (Optional)
- Enabled the Waiting Room option to admit participants** (Optional)
- Disabled Allow Removed Participants to Rejoin setting (Optional)
*Changing any settings in a meeting scheduled before April 5th will prompt Zoom to add a password without notifying the host or any participants. If you change any settings on a specific meeting, be sure to check what the new password is, change it if necessary, and share it with participants.
**Late arrivals or users who leave the meeting for any reason will have to be admitted or readmitted from the Waiting Room by the host.
The most important of these settings requires ALL meetings to have a password. All meeting attendees must enter the password to access the class/meeting for all meetings you schedule as of 04/05/2020. The password, which can be edited or simplified, will be included in the meeting invitation.
NOTE: We have not yet required passwords retroactively to all existing scheduled meetings, although we are exploring this option. If we do so, we will let you know and provide the appropriate instructions to share with your students and colleagues.
You can read more about these and other settings to better manage your Zoom sessions on our page about Zoom-Bombing.
BlueJeans and Google Hangouts Meet
BlueJeans and Google Hangouts Meet both require participants to authenticate via Oxy login before scheduling or joining a meeting. Authentication using Oxy credentials is one method that may reduce the risk of unwanted participants joining the meeting. Even with authentication, we strongly recommended refraining from sharing meeting links publicly.
Additional BlueJeans Information:
- When using BlueJeans, we strongly recommend requiring a participant code* (password generated by the system) for all meetings. This can be done when scheduling meetings in the BlueJeans web portal.
- BlueJeans has provided recommendations for securing meetings on their platform and for video conferencing in general.
*If you change passcode settings for your personal meeting or any previously scheduled meetings copy the new meeting URL (it will have the passcode included at the end) and send that to participants to be sure that they can connect into the meeting, especially if you have posted in the URL in Moodle or in a separate email. Meeting participants that have been invited directly from BlueJeans itself will have the updated link available from the BlueJeans invitation.
The best way to prevent Zoombombing and unwanted participants in any meeting is to limit access to meeting links only to invited participants. Do NOT share meeting links publicly, and discourage your meeting invitees from doing so. The addition of passwords (Zoom) and participant codes (BlueJeans) also significantly limits the risk of disruption.