7.9 Abuse Management and Reporting

If a user experiences abusive behavior and wishes to report it to Zoom’s Trust and Safety team, they simply upload the unencrypted data normally collected in an abuse report (e.g., a description of the abuse and some portion of the meeting content) to Zoom for review. This protocol is imperfect, since it potentially could allow a bad meeting participant to “frame” an honest meeting participant for abuse that didn’t happen. For the same reason, it allows an actual abuser to disavow uploaded evidence of their abuse. We think for now, the framing behavior is rare and only possible with access to good “deep fake” technology. Future refinements are possible. Participants could sign their outgoing video streams, and other participants will only allow meetings to proceed if all streams are appropriately signed. This change would defeat the two attacks above, but with major drawbacks: Performance: Signing and verifying individual UDP video streams is expensive in terms of bandwidth and computation. More research is required to make this change practical. Repudiation: Honest participants might not want an indelible record that they said something. They might understandably want to treat meetings as ephemeral in accordance with their standard data retention practices. Given these challenges, we will revisit our decisions at a later date as we gain more operational experience with the current proposal.