HPS Insights

Zoom: Managing Sudden Public Scrutiny And Lessons Learned For Future Zooms

August 12, 2020
20 min read
Tucker Warren
Lloyd Miller
Matisse Rogers

Findings:

  • With its unprecedented and fast-paced rise, Zoom is experiencing challenges familiar to large tech companies but doing so over the course of months rather than years. Rapid growth invites scrutiny, putting a reputational and regulatory target on the video conferencing company.
  • Zoom has encountered issues like privacy and security, harassment, and relations with China. Zoom will need to navigate these issues, and others, successfully or it will face more pointed criticism.
  • For future startups, including the “next” Zoom, using the roadmap of other tech firms can inform strategy, drive growth, and ensure long-term success. Zoom has the potential to become the next great tech example.

2020 may very well be the year of Zoom. The COVID-19 pandemic and resulting shutdown forced businesses online, many for the first time, and Zoom was ready to capitalize. The video conferencing service has become so ubiquitous its name is now a genericization for online meetings, just as Kleenex, Q-Tip, and Google went from upstarts to synonyms for tissues, cotton swabs, and search engines.

Some may think of tech companies as growth machines, doubling values year-over-year as they move fast and break things. But even the fastest growing startups take years, and often decades, to rise to the top.
With a great rise comes the attention, scrutiny, and problems often reserved for only the largest firms. Microsoft, Google, and Facebook have had decades of experience handling privacy, harassment, and censorship issues with social and geopolitical dynamics. Zoom, on the other hand, is experiencing these challenges over the course of weeks and months rather than years. This rapid growth invites considerable scrutiny, putting a reputational target on the company.

Zoom’s Rapid Rise Into Big Tech

The rise of Zoom is unprecedented. When Zoom IPO’d in 2019, few could have predicted experts would be floating the idea of a $59 billion market cap a year later. Putting its growth into context, Zoom priced its IPO at $36 per share on April 17, 2019, and has grown more than 7x since, to $264.88 as of August 4, 2020. No other major tech firm accomplished that feat in under ten years, and Facebook has never seen that level of growth.

Zoom Has Made The Most Of The Moment

“Among remote employees, Zoom users are most likely to report liking or loving their video conferencing software.”

— Owl Labs State of Video Conferencing 2019

Zoom was founded by a former Cisco Webex engineer who believed he could build a better video conferencing product—and by most accounts, he did. An Owl Labs report from last October on the “State of Video Conferencing” found Zoom to have one of the fastest setup times and user satisfaction rates of any video conferencing software, perfectly positioning it to capitalize on the moment.
In the age of remote work, lockdowns, and social distancing, Zoom has become an indispensable tool for everything from government hearings to weddings.

Media Scrutiny Leads To Washington Curiosity

When tech firms blossom into established players, they often have to deal with three core issues: privacy, harassment, and China. For example, in 2006, Microsoft was pushed to amend its privacy policy for shutting down blogs, largely due to censorship demands stemming from the Chinese government. In 2009, Google fell under widespread net privacy scrutiny after releasing “broadly phrased” guidelines. And “Facebook stalking,” the newfound and branded version of cyberstalking, became a buzzword in 2012.

Zoom is now experiencing many of the same kinds of controversies and regulatory scrutiny as established tech companies. This enhanced scrutiny is in part because of its accelerated growth over the last year. With growth comes attention and scrutiny, and soon, regulatory curiosity.

Not long after Zoom went public in 2019, the Electronic Privacy Information Center (EPIC) asked the FTC to look into Zoom over security and privacy concerns. However, there is no evidence that regulators took any action last year. A year later, as Zoom rocketed into the consciousness of every remote worker, legislators and regulators started paying more attention to Zoom.

Following a series of reports over Zoom’s privacy and security shortcomings—issues that may have been ignored if not for Zoom’s growth during the shutdown—several state Attorneys General began investigating Zoom. Senator Sherrod Brown (D-OH) asked the FTC to investigate Zoom, and while the FTC did not confirm any such investigation, they acknowledged that media scrutiny leads to investigations.

Addressing Regulatory Scrutiny

It’s fair to say the enhanced scrutiny of Zoom is connected to its rapid growth and consumer demand for the product. However, we must note the company has made missteps it has had to acknowledge and correct to reassure its users of the platform’s security and reliability. These missteps and others have led the FBI and the UK Ministry of Defense to issue public warnings concerning Zoom.

“Any time you see a press report of a significant privacy issue, a potential privacy violation of our authority, it is safe to assume that we either are investigating it already or shortly after that media release, we will investigate it.”

— FTC spokesperson when asked if the regulators were looking into Zoom

Privacy Concerns Require More Than A Policy Change

Privacy concerns are nothing new for tech firms, and a traditional response includes announcing a change in the privacy policy itself. After declaring in 2009 that “if you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place,” Eric Schmidt predicted in 2010 that the internet needs to take a path of “true transparency and no anonymity.” Google revised its privacy policy in 2012, enabling data to be shared across services, including third-party websites. The policy was met with additional backlash.

Following Zoom’s quick rise to prominence this spring, privacy advocates’ complaints were given more attention, many of which claimed that “Zoom’s default settings aren’t secure enough. Zoom now risks becoming a victim of its own success.”

Zoom responded to complaints by offering a premium service (end-to-end encryption) to all users, rewriting portions of its privacy policy to limit what content could be used for advertising, and launching a 90-day plan to bolster key privacy and security initiatives on April 8, with a regular cadence of updates on the Zoom blog. Upon conclusion of the 90-day plan, Zoom outlined the progress it had made on key “trust, safety, and privacy issues,” describing the plans’ successes and the company’s privacy-related endeavors moving forward.

Stopping Harassment Is A Multifront Battle

A problem common to platforms that allow people to virtually connect is platform abusers seeking to harass other users. When Facebook realized its platform could be used to harass users, it instituted user controls and then launched a Facebook Help center to address issues of user bullying, harassment, or attacks, ensuring that anyone who searches for help can get it.

Not long after the lockdowns began, a new phrase in video conference harassment was born: “Zoombombing.” This was made possible in part by Zoom’s default settings, which now drive people toward passwords and other security measures, but initially did not encourage a password to be set and allowed any participant to share their screen.

Zoom first published a guide on their blog addressing the issue, “How to Keep Uninvited Guests Out of Your Zoom Event.” It then adjusted settings for accounts used by schools and universities to be made “more private by default,” and froze all work on new features in April to prioritize privacy improvements, like making passwords for meetings enabled by default.

Acquiescing To China Is A Domestic Political Issue

It’s not easy to balance the freedom of speech enjoyed in the U.S. with the demands of an authoritarian regime like China. In 2006, Microsoft found itself in this situation when it shut down a blog run by a popular Beijing blogger. Microsoft chose transparency, implementing a user notification system for blogs that were shut down, and committed to only blocking content when served with “legally binding notice from the government indicating that the material violates local laws” or if the content violates its terms of service. When Facebook encountered a similar controversy a decade later, Mark Zuckerberg explained the platform’s involvement by asserting that “it’s better for Facebook to be a part of enabling conversation, even if it’s not yet the full conversation.” Facebook is still banned in mainland China.

In early June, Zoom suspended one account in Hong Kong and two in the United States after they tried to hold events related to the anniversary of China’s Tiananmen Square crackdown. This action drew immediate attention from U.S. lawmakers demanding Zoom explain itself and its relationship with China.

Zoom chose to clearly state its policy, even if it did not satisfy everyone, that it would not allow requests from China to impact anyone outside “mainland” China. Zoom also said it would outline much more robust and detailed policy in its transparency report, to be released later this year.

What’s Next For Zoom

Tech firms facing intense scrutiny while providing a medium for communication often face many more controversies than Zoom has encountered. We could expect Zoom to have to deal with issues like servicing disfavored government agencies, controversial individuals using or even promoting their platform, questions over diversity and inclusion both in their products and business, employee and labor strife, or other problems well known amongst big tech. With great power comes great responsibility—and accountability.

Zoom will almost certainly be called to testify before Congress at some point in the next year. Congressional testimony by executives can lead to deepening, rather than remediated, reputational concerns. The difference between the two outcomes is usually found in preparation. Executives must understand the uniqueness of the environment that is Washington, take it seriously, appreciate the level of media attention these moments can generate, and use hearings as opportunities to tell the company’s story.
Zoom can become a shining example of a business that seized the moment during a global pandemic by offering just what people needed, when they needed it. Or it can let its competitors, media reports, and lawmakers control the narrative, leading to massive and costly investigations. We’re betting on the former—but Zoom doesn’t have the luxury of time that Microsoft, Google, and Facebook had, placing it in the unprecedented position in which it finds itself today.

What About The Next Zoom?

It’s impossible to foresee all of the dynamics a future tech startup will deal with, especially given all that’s changing in the world around us. But we can glean the following things based on the rise and fall of others.
Given the U.S. relationship with China and its trajectory, figure out how you’re going to engage in China—and if and when you are—be prepared for major scrutiny about how you’re doing it.

  • The demand for protecting consumer’s privacy is high and growing. Place a premium on consumer privacy right from the start.
  • There are people out there who spend 24 hours a day, 7 days a week trying to hack your program. Invest in good, thoughtful security protocols early. You can always relax them later if that creates a more favorable consumer experience but it’s harder to build in additional layers of security in the midst of criticism and breaches.
  • Technology is a gateway to accessibility. Zoom makes employment and education attainable in unprecedented ways. Diversity and inclusion are intertwined with innovation — keep this top-of-mind as your company and products grow and consider jobs that can be done somewhere other than at headquarters.
  • As with your predecessors, mistakes will be made. What’s critical is how you handle them. If you’re quick to acknowledge, transparent in what you know, and genuine in your commitment to resolve it, that will go a long way in securing your business’ future.
  • Assume future success and engage with policymakers, regulators, consumer groups, and others who can cripple your business as if its future depends on it. If you haven’t done the work to establish those relationships, hear their feedback, and heed their counsel and you quickly find yourself the new kid on the block, you will have a lot of catching up to do in a very short amount of time.
More Insights