7.1 Zoom Meetings

A Zoom meeting is initiated by a designated individual, who we will refer to as the host. The host has the ability to configure meetings, notify participants, select meeting passwords, and control meeting functions while a meeting is in progress. The host’s configured policies (e.g., whether meeting participants may share their screens by default) are applied to the meeting. The host need not be present for the entire duration of a meeting: if “Join Before Host” is enabled, individuals can begin a meeting before the host joins. Similarly, a host can appoint one or more additional individuals as co-hosts and can leave the meeting under the control of a replacement host. Each Zoom meeting involves up to 1,000 participants. Meetings are identified externally by a short meeting identifier (the meeting ID), known to the Zoom infrastructure, which each participant must possess as a precondition for joining a meeting.

During meeting setup/scheduling, users can select enhanced or end-to-end encryption. This option cannot be changed once the meeting starts, and all participants receive a clear indication of the type of encryption during the meeting. Zoom meetings also feature several access control mechanisms, among which are: • A shared meeting password, which can be selected by the host at the time the meeting is configured. • A “Waiting Room” feature, in which the host (and replacement host) has the ability to manually approve entry of participants throughout the course of a live meeting. Participants are identified by a name of their choosing. • A mechanism by which meeting participants must register prior to the meeting. • A setting to limit attendees of a meeting to those who are signed-in and authenticated members of certain domains. We stress that these mechanisms are powered by the server, and might be circumvented by insiders.