Vassar's latest email on Zoom should not be seen a response to an incident but a cover-up to mask Vassar's negligence when it comes to handling the data of students and employees.

While CIS would love for you to think that they "found out" about this, Zoom's history of shady privacy & security practices is not new nor surprising. Any person with a access to a search engine who is capable of looking up" zoom security" will find what I'm talking about.

Their latest e-mail acknowledges a security vulnerability in Zoom but fails to mention that Zoom has been continuously misleading the public about the type of encryption the use ( https://theintercept.com/2020/03/31/zoom-meeting-encryption/) and that THEY exploited a vulnerability in macOS during the install process-

-which pushed Apple to release an update fixing it. You heard this right, Zoom used a system vulnerability as a "feature" instead of reporting it to Apple. ( https://www.macrumors.com/2019/07/16/apple-second-automatic-zoom-vulnerability-patch/) The latter incident was before Vassar even switched to remote learning.

Any competent security person will tell you this is a red flag. That this is sloppy behavior. The incidents only kept increasing. I've heard about a new Zoom bug or flaw almost every day for the past week. You know what I didn't hear? A single statement from CIS about this.

Despite it's shady history, Zoom was forced on the Vassar student and faculty body. We were all forced to share our faces and voices through Zoom to pass our courses. It's almost as if CIS did not bother to lookup Zoom's history or they simply did not care

They will tell you they had to act fast but that's no excuse. Times of crisis require us to be more careful and considerate and does not grant CIS the right to compromise on security and privacy.

Well, what's the alternative? Frankly that's neither my job not yours. These kind of decisions are made by higher-ups at CIS. Given they're paid 6 figures to think about these problems, it's their responsibility to be finding solutions.

And if compromises have to be made, we need to be included in the conversations. Tell people what their choices are. Why did we use Zoom and not Team or Hangouts? What are the privacy policies of the companies? What features do they offer? How can we test them?

CIS is always trying to up its security. They are constantly locking down their firewall, battling rogue APs (so students can't have routers), and enforcing stronger password requirements. However, all this seems to be people-facing and to protect-

-from individual, and not corporate actors. What you end up with is a facade, a performance of security and privacy with no real protection whatsoever.

Also, if you're interesting if finding out more about Zoom's shady history, check out this thread https://twitter.com/dhh/status/1244997990382596096